Please Replace Credit Cards
seanmonstar.comI have a better solution: keep everything exactly as it is now, but have credit card companies accept that the system is slightly susceptible to fraud, and consequently have them take the hit if your card gets stolen. The customer (people who buy things and merchants who take cards) shouldn't ever lose out if they're victims of a crime.
Currently credit card companies charge (some) users to have a card, charge all merchants a fee and a percentage, and take none of the risk. That's the thing that ought to change.
They do take the hit. Under the Fair Credit Billing Act, your responsibility for unauthorized charges is $50, and if you report it before any unauthorized charges are made, then it's $0.
Things are not the same here in the UK. Since we got chip and pin cards the onus is on the cardholder - it is assumed that you didn't keep your pin secure.
When you say "I have a better solution", then it's very easy to believe that you mean it to be taken in the context of the original essay. In this case, the essay's author is located in the US, talking about credit card payments in the US. HN is also based in the US, and I am a US citizen, so the larger context is also US based.
Since you didn't mean it that way, perhaps you could mention that you're switching contexts?
In any case, according to my limited understanding, the UK regulatory landscape changed with the Financial Services Authority (FSA) Payment Services Regulations 2009.
The relevant rule is at http://www.fca.org.uk/static/fca/documents/fsa-psd-approach-... :
> If the payment service provider can show that the payer has acted fraudulently, or has intentionally, or with gross negligence, not complied with their obligations regarding the security of the payment instrument, the payer will be liable for all losses. To avoid doubt, it is not sufficient for the payment service provider to assert that the customer ‘must have’ divulged the personalised security features of the payment instrument, and to effectively require the customer to prove that he did not. The burden of proof lies with the payment service provider and if a claim that a transaction is unauthorised is rejected, the rejection must be supported by sufficient evidence to prove that the customer is guilty of fraud, gross negligence or intentional breach and the reason for the rejection must be explained to the customer.
Has it changed since then? According to http://en.wikipedia.org/wiki/Chip_and_PIN it hasn't.
And what about online shopping, where you just typed in your card number into a site?
There an "online pin" system called 3DSecure (also known as Verified By Visa) that uses a system of tokens passed by JavaScript to present the user with a form that's held on their bank's servers. Implementing it is optional for the merchant, but if they choose not to then they're accountable for any fraud. If they do then liability is passed to the customer.
It's all very favourable to the credit card companies.