An End to Passwords for Visa and MasterCard is coming.

OK, so what if someone doesn't have the cash to buy all those gadgets used to verify?  Is this going to become another part of the web enhanced techno that squeezes out folks that don't have the disposable income to have i phone - level accoutrements (etc.)? Oye.

There will be alternatives for those without biometric devices, I'm sure.

I hope they never require those stupid wrist bands.  If they think I'd wear a plastic or rubber band around my wrist, they would be wrong.

don't worry, the chip implant will not only be free but mandatory.

Those systems didn't actually work anyway (even if you don't do it, the sale goes through); back before I switched cards, their javascript would always break and it never made a bit of difference. Their sole purpose seems to be just to prevent folks from being able to falsely claim the charge was fraudulent and get it refunded.

Why do you say those systems didn't work? I logon with my fingerprint...

They could use a retina print verified with normal nystagmus and arterial pulsations. 

Like I said--

Unless they've fixed it in the few years since I used a Visa on NewEgg (only site that I ever had do it), you could just close your browser when the verification came up for all the difference it made; the charge went through either way. It flat out didn't do anything but annoy customers. And that's not even getting into the other issues with it (like it looks like a phishing attempt, desensitizing people to real phishing attempts; it allows on-the-fly password reset with only your birthday and info on the card; etc.).

Tacking on biometrics to a system that is fundamentally broken is not the way to improve security.

The way I read it, it will supplant the current system...not be tacked on.

Ultimately, unless it becomes a standard part of the actual transaction (not an optional tack-on or a third-party popup), it is still going to keep a lot of the same issues. And I don't have much confidence in the card companies to address those issues as quite frankly, they don't really concern them. Their objective is not security--it's to shift liability. So as long as there is something they can point to to make someone else bear the cost of fraud, they're happy.

If they actually cared about preventing fraud, we would have had chip-and-pin at POS terminals in the US years ago. The reason that never happened is because they can make retailers bear the cost of fraud, so they have no reason to require or subsidize better security.

Scammers will just get their biometric readings, which they can then use to fool the system.  Anything that turns into data can be faked with said data, a biometric is no different from a four digit pin once the thief has it.

The actual solution to the problem is our jackass law enforcement running them in instead of playing traffic monitor all day, and our worthless prosecutorial system throwing the book at them when they do.

Fraud isn't prosecuted for shit.  You can rob a bank for 20 grand and the FBI is all over your ass before you even get out, but if you scam them out of 20 grand with fake ID they wont even bother to show up.  A couple hundred bucks on someone's plastic isn't even small time.  Unless you scam the DA or something, no one will show up even if you have a few grand in internet purchases delivered to your home address.

Chip and pin are certainly fine in the non-virtual world...but online, not really possible to those of us walking around w/o card readers on us. I think that 3D will fix what may or may not be broken since it's very much in their interest to do so.

Yes, the chip-and-pin comment was just an example of their priorities. But in regards to online purchases, they both have some of the same issues. Namely, they both require a hardware purchase by the consumer, and as psychoak pointed out, they both require data from an untrusted client (subject to forgery and other attacks).

Indeed regarding the equipment...as for the rest, if it relied on a second step involving what I noted in reply #6...however, it's all rather a pita.

Until some enterprising culprits cut your finger off, and pluck your eye to gain access... or at the ATM - make you do it knife/gun point?

The point about nystagmus and arterial pulsations, Elana is that one would have to be alive for them to be used...

Online banking in Oz uses SMS codes to your mobile to verify new account debits/changes....works just fine...;)

Quoting Jafo, reply 16

Online banking in Oz uses SMS codes to your mobile to verify new account debits/changes....works just fine...

End of Jafo's quote

Until somebody swipes yer phone!  Which can and does happen.

I recall reading about a Sydney woman whose phone was stolen... a couple of hours later her bank account was emptied and several online accounts from which she made purchases were compromised, booking up some rather large bills to her accounts.

Smart people don't do their banking and purchasing from a cell phone that isn't even password protected and operates, unencrypted, on easily intercepted wireless frequencies.

And that will be me.  I don't even do email via Mobile...;)

Don't have to be stupid or careless to get your phone hacked/unlocked these days.

At the insistence of her husband, the woman in question had security measures in place for that very event - her phone being stolen - yet the thieves still managed to crack the unlock code and the encryption used to protect her data.

You don't have to.  Various email accounts are synched these days, meaning that whatever you do on your home PC with regard to email is also on your phone.  The smart thing is not to synch accounts over your devices.  I don't, well not with the important ones.  The email account I use for purchases and the like is on just my home PC... and I NEVER do phone banking or do any debit card transactions over the phone.  All my phone has on it are a few apps and a contacts list.... and there's nothing much in there, unless they wanna ring somebody who could talk under water with a mouthful of marbles.

No it ain't....like I said, I do NOT do email on my Mobile...I haven't even set it up....never will....simply because I get too much of it on a daily basis.

Calls....photos....text....and the odd Google search.

That's it.

That's what I said....

The reason... no matter how secure you think your phone is [lock codes and all that crap] if some hacker fech wants to access it they CAN and WILL do.

The best way I see of avoiding all of this is to not use the technology.............but then I'm a old fart and can easily get away with doing that, I also take a lot of naps during the day to make sure I'm not too tired when I go to bed.          

Seriously though as others have said above, no matter what actions and protections you take with using the technology of today someone will be right there to get around it and get access to your information.  At some point in time each and everyone of us will be attacked, as it were.  Get over it, use the technology intelligently and go about your day.

That's about the strength of it.  I'm sure hackers and people of dubious intent sit around trying to devise ways to circumvent security protocols before they're even invented/implemented.  It'd go something like this: "Well if they come up with this then we'll do that... and if they do that, then we'll do this."

The fact is, modern technology is open to a multitude of abuses and nobody is safe - corporations and gov't agencies with the best encryptions available have even been hacked - so it seems the more simple you keep it the safer you're likely to be.  That isn't to say one shouldn't take precautions, but rather that it is safer not to synch one's personal and/or sensitive data across [particularly wireless] devices.  In other words, use your phone as a phone and not a multi-function computing device.

Before all this hi tech world, the thieves, swindlers and grifters had to actually meet you face to face to rob you.  Now, they can get you when you are just doing day to day activities, from almost anywhere in the world.  Paying cash is getting more attractive all the time.  I dread the day when all currency goes digital.