Paying with plastic: Good, bad, and pipe dreams

I really dislike credit cards. I have a VISA card—it's technically more like a debit card than a credit card in that money is withdrawn directly from my account, et cetera, but it's functionally identical to a credit card—but it makes me profoundly uneasy, because the security is so terrible. It's true that if your credit card is stolen and used, you'll probably be refunded (never had to deal with it), but this is definitely a hassle. What I want is a card that I can trust never to leave me to jump through any such hoops, and a VISA card definitely isn't it, because if someone stole my VISA card, they could buy whatever they like online, and make virtually unlimited purchases (up to my card's financial limits, of course!) in virtually any store. (“Virtually”, here, because cashiers are supposed to verify the signature, but how often do cashiers do that? And if they did, how hard would a forgery be? In Sweden, they usually either ask for photo identification or require you to enter your PIN, but even there, this can't be relied on.) True, they can't take out cash from ATMs without my PIN, but that's a small comfort.

Debit cards proper—like my Interac card—are better, because my card is useless without my PIN, so I'm not nearly as fearful of having that stolen. It still does have disadvantages, though—cards can get bent and damaged pretty easily, and there's the minor but very, very frequent frustration of non-standard card readers. If I walk up to the clerk in any given store, I don't know whether I'm supposed to hand it to the cashier or swipe it myself. If I'm to swipe it, the unit either has a slot on top, in which case I don't know whether the magnetic stripe should face me or away from me, or it has a slot on the right, in which case I don't know whether the stripe should face left or right. I then have to hit a few buttons—OK, select account, and so forth—whose locations are not standardised, so that I either can't use muscle memory or, as in my case, I have muscle memory from where I use the card most often and therefore hit the wrong buttons when I go elsewhere.

One swipey thing I own that I really do like, although not financially related, is my transponder key fob. It looks a little like this. Mine is hexagonal, about an inch across, maybe 3 mm thick, and unlocks the doors in the computer science building that I'm authorised to open when I swipe it across a reader outside. It sits on my key ring, where it's more quickly and easily available to me than my wallet, and is very sturdy. What I wish is that my bank would give me a transponder key fob, and that stores would have transponder fob readers as well as, or preferably instead of, card readers.

Convenience and sturdiness are two reasons. (Also, it doesn't matter which way I swipe it, so I don't have to figure out directions. And I can't see handing over my key ring to any cashiers, so “the customer does the swiping” would have to become a standard.) Another is that the fob is about the length of, and a bit wider than, the outer joint on my thumb. What this tells me is that this gadget is the perfect candidate for biometric verification. I want a fob with a thumbprint reader. Note—oh ye privacy nuts—that I wouldn't need to give any biometric information to my bank; I'd just need my print imprinted on the fob itself. The fob itself could then contain electronic identification in the same fashion as our current credit and debit cards, which would only be transferred if the biometric information is valid. For better security, this could be combined with a PIN, resulting in a financial gadget that you couldn't steal money out of even if you stole both the fob and the little note with the PIN I keep in my pocket. (OK, bad example. I don't keep such a note either in my pocket or anywhere else. But wouldn't you sleep easier knowing that your grandma's money is now safe?) To make things even better, your fob could track the transactions you authorise, so that if someone attempts to defraud you (by charging more money to the electronic information your fob gave to their reader after you'd authorised them), your bank could check your fob and verify that you actually made no such payments.

It occurs to me that one of the issues I have with credit cards, that of internet security, wouldn't be addressed by this at all. I can think of two reasonable solutions to this. One is a system that at least some banks use—my very good friend sheepykins's bank offers an online service that generates a one-time credit card number for online payments. This is kind of neat, but to me it seems more like a “clever hack” than a real solution—How do we give our customers some protection whilst working within a poor system? What I would much prefer is a “push” rather than “pull” payment system: Chapters/eBay/whatever gives me an account number (deposit only), I manually transfer the money from my bank's site, and there it goes. Or: Charging to my account only puts a request on my account, which I have to authorise in order for the money to go through. Yes, it would be an extra step in online shopping (per confirmation, at least—I could batch them up and authorise multiple transactions at the same time), but I'd be happier knowing that no one can take my money without my explicit say-so.