Journal zogger's Journal: "Burst transactions" for security 1
I was reading tha long security thread today and reading about all the various key dongles and different passwords and so on to make online banking secure and I thought of an idea that could possibly alleviate all that stuff, something I will call a "burst transaction". This is a variation on spies using "burst transmission" when sending off their secret code jazz over the radio. The entire message is coded, encrypted, then compressed and released as a fraction of a second "burst". This makes it harder to intercept, decoy, and keeps the spies location possibly more secure.
How this works for financial transactions is adding this "third layer" of authentication, which is you *proving* that you are you, and for the bank *proving* they are them, so there is no man in the middle possibility. Ok this part is easy-peasy, you walk into the bank, in person, and that's as about as secure as it will ever get with banking. It's not perfect, but the best we have now hands down,nothing else comes remotely close. The problem with that is, people are reluctant to carry a lot of cash around, and they want to do most of their business online, and not go to the bank all the time. OK swell, but you *still* could do both, if the system was set up for an opt-in combination bank/merchant/customer financial digits "authority escrow" system.
During a one month time frame, say you have direct deposit of your pay and pay bills automatically with direct withdrawal, some of them, your car and house note, utilities, etc, and you make additional purchases from here or there with your card or online, etc, all these transactions are noted as "initiated" and they go through, but not all the way, they are all *held in escrow* until once a month you MUST physically go to the bank, you stand right there, get a printout with all your transactions, and check them off as legit/non legit. At this time, if all legit, you thumb print it, get photoed at the counter, etc, you have proven you are you to the bank's satisfaction and obviously you are IN the real bank not some "phish" bank, so everyone is happy so they mash a key and poof, a "burst" of last stop third factor authentication has now occurred and now all your transactions of the previous month are recorded as fully complete and out of escrow holding.
Merchants and other banks are authorized to record just the escrow notification as an asset, so they can maintain liquidity throughout the month and not worry about various day to day arbitrage and interest rates, etc, those are handled normally as they are now, just with a one month dealy as an escrow account, but they still *accrue*. So that's a wash, no change. Discrepancies in the transaction statement are handled the same way we do them now, either you the consumer have been a thief and "uttered" a bad check, or lost track of your finances and now must pay overdraft fees(the stupid tax), or some transaction you see you didn't do is flagged as bogus, like "sorry, no way in hell did I buy those spinner hubcaps and..what's this? A case of champagne for all those strippers over in fraudsville, east elbownia,nope, haven't even been out of the country this year, all verifiable" whatever, along those lines.
The way we have it now is exactly the opposite, the transactions go immediately through completely (AFAIK anyway), then you have to try and sort out any messes that might have happened. There's no reason for that, especially dealing in electronic digits, which is what this whole deal is about, just transfers of digits here and there between banks and merchants mostly. This new way gives you all the modern convenience of not having to tote the cash, being able to do all your stuff online as much as you want, or in person with your card, plus ALSO all the nonmodern security we had in the past always having to go to the bank and then pay cash for everything face to face, but now there's no real harm ever "completed" because you physically *must* be there to finalize an entire month's stuff, and there's banks all over, they offer courtesy services if you can't get to "your" bank for some reason. No approval by either party, the bank or you, and now you can fix stuff *before* it hits permanent record and wealth transfers around. Everyone is safe until that last step when final physical security is accomplished, not a penny has really been transferred yet, just an escrow account record of the penny..
This is sort of a two step "money" idea, you have pre money transactions, then the "burst" post-money "now it really is money" step.
DOA (Score:1)
Based on the moronic idea (for people, not for businesses) of debit cards having caught on, I don't think consumers care enough to swing the balance of power back a bit to favoring (and protecting) them.