I find the idea of using a credit card on the Internet insane. It is
like giving an unknown vendor a pile of blank cheques. It is so odd
it is still so common.
Likewise. All of those big data breaches in the news, with compromised
credit card numbers and credit monitoring for the afflicted. Where's the
sense in this? Vendors should not be receiving, let alone storing, a
secret authentication token that can be used to impersonate one of their
customers.
There is no excuse for this. We've had public-key cryptography since we've
had a public, mainstream internet and since before we've had serious
ecommerce. We know how to design authentication schemes that don't rely on
shared secrets, where someone can prove they know a private number without
revealing that number, and thereby prove they are authorized to release
funds from a particular account or whatever.
So where is the online equivalent of the personal cheque, complete with
unforgeable digital signature and drawn on any of a number of
internet-savvy banks? All we have are credit card numbers, which have
virtually no security, and such sorry excuses for "internet banks" as
Paypal. And it shows no sign of changing anytime soon.
I credit it to inertia. Merchant transactions have been mainly cash,
debit, and credit from time immemorial. The former doesn't work on the net
and the authentication for the latter involves shared secrets. This worked
okay when vendor databases of customer credit card info consisted of big
paper ledgers, or private computer databases with no connection to the
internet, and there was also no real way to fraudulently use a credit card
number without physically cloning a card, raising the bar for such misuse.
But now that bar has been lowered since you can use just the
number, without a physical card, to order your heart's desire from
amazon.com and its ilk.
We need ways to transfer money where vendor has to identify himself,
and you give him one-time access to a fixed amount. Paypal is pretty
good except that most sites don't take it.
Paypal is pretty awful. I agree with most of the rest, except why should
the vendor have to identify himself? Well, I guess it depends on what you
mean by "identify". Digital signatures on electronic "cheques" and similar
instruments allow the possibility of vendor and buyer having pseudonymity,
with the ability to build up a reputation for the pseudonymous identity
but also the ability to abandon it in the future for whatever reason. Of
course, those with little or no history would be treated with some
suspicion, and might be asked to pay up front or put up collateral for
some things, versus someone with an established reputation as a
non-cheater. On the vendor side, customers might prefer to shop elsewhere
than a vendor with no, or a bad, reputation.
But that's as it should be. Reputation should count for more than
marketing gloss, and maybe someday soon it will again, but it should be
possible to start over, too.
As for relating all of this to Java, well, Java has some nice
cryptographic algorithms, including public-key ones, in its standard
library, and is being used heavily server-side these days, so it's a
natural language choice for implementing some of these futuristic new
payment systems for the 'net.
