The Basic Error is in giving the merchant your credit card number. You are spreading that number all over Boston and the thugs are gonna grab it and help themselves. The only surprising thing is that this doesn't happen more often. All that a thug needs is a Merchant Account with PCI and he can start using all the Credit Card numbers he wants to buy on the black market forums. Run off a few million bucks and head for Bulgaria. AK-47s are on sale there this week only ( tee hee ) .
Corrected Thinking: DO NOT GIVE OUT YOUR CARD NUMBER. Smart Card Technology -- or your iPhone can make this possible. Instead of you giving the merchant your account number the merchant should send an invoice to your Smart Card -- or to the PCI App in your iPhone Your Smart Card -- or the PCI App in your iPhone -- could then encrypt the invoice together with authorization for payment and forward this cipher text back to the merchant's Point of Sale Terminal (POST). The merchant would NOT be able to decrypt this cipher text as it would be encrypted to the PCI: to the financial institution that issued your SmartCard. The POST would forward the cipher text to the PCI. The PCI would decrypt the cipher text and verify your signature. On approval PCI would forward a paid copy of the invoice back to the POST and an EFT credit to the Merchant's account and an equal EFT debit to your account. The POST prints the paid invoice and off you go with your new egg beater and don't forget the receipt ( called the paid invoice here ) . -- /MIKE
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
