A few years ago, at the DefCon 18 PCI panel, I chuckled as James Arlen sardonically explained to the crowd that the only worthwhile solution to the current credit card security issue was to scrap the current system and start fresh. It wasn't that I didn't agree with James, I think most in information security can agree that the current system is flawed enough to warrant such an extreme approach. I simply thought that there was such a slim chance of the payment brands ever considering such an approach that it was pointless to discuss. Perhaps I was wrong.
The modern payment system, born in the 50's and 60's predated e-commerce by decades. It wasn't until the advent of high-speed Internet access that breaches became commonplace. In the early 2000's, it became obvious that this system was quite vulnerable.
Today, I stumbled upon the Royal Canadian Mint's new MintChip system. In Canada, where debit cards are already free of the five big payment brands' logos, something like MintChip has a chance. From what little information is available, it seems there are hardware and software components to this solution. In fact, it seems the only information available is in the open because the Mint is having a contest to spur MintChip application development.
Indulge me while I fantasize a bit.
If MintChip is successful, there is a chance it could replace credit cards as a dominant form of payment. There is every chance for success also. It will take advantage of the latest technology. It seems well designed and thought out, and finally, has government backing. This is no startup. This is a revolution against an insecure payment system that costs Canadian citizens time and money with every breach. What about visitors and tourists? In addition to changing out your currency for Canadian dollars, you could potentially purchase pre-filled MintChips, like buying a pre-paid phone or gift card. Just look at the slick website, the convincing video, and they even have rainbows and unicorns on the 404 page.
Whew, I had to get that out.
It's all very pretty and hopeful, but in reality, there are a few issues here. First, I'm not Canadian, and realistically, I can only get so excited about a new payment system that has very little chance of popping up in the states any time in my pre-geriatric lifetime. Second, though they've made resources available for developers to come up with apps, it is clear from reading over the site and through the forum posts that there is precious little detail about how this system works. Without some transparency on how this system works from end-to-end, we really won't know if it is better than the credit card payment system in place today.
If you have any other information or opinions on MintChip, I'd be interested to hear about it.
The information that you have shared is completely unique and interesting. This mechanism is the safest one out of all, its we people who makes mistakes not the programs.
ReplyDeletePDF signature