> Once you try to buy something online, you're outside the scope of your physical card.
A built-in LCD gives you a single-use credit card number. (Such a product already exists, though a Windows-only PC app.)
> If you want to spend $25 to get an RSA token to provide a code every time you purchase something, I don't see anything wrong with that service being offered to you.
And yet the service is offered by no one, and I don't think anyone has yet tried and failed.
> Again, I don't see how a two-factor system would prevent this
A number is good for one transaction, like a gift card code. In the case of my proposed scheme, it is effectively a PGP message signed with your private key, containing the transaction amount, recipient, and a serial number. The bank shall not process any attempted transaction which is not signed by an account holder's key or contains a duplicate serial number.
A built-in LCD gives you a single-use credit card number. (Such a product already exists, though a Windows-only PC app.)
> If you want to spend $25 to get an RSA token to provide a code every time you purchase something, I don't see anything wrong with that service being offered to you.
And yet the service is offered by no one, and I don't think anyone has yet tried and failed.
> Again, I don't see how a two-factor system would prevent this
A number is good for one transaction, like a gift card code. In the case of my proposed scheme, it is effectively a PGP message signed with your private key, containing the transaction amount, recipient, and a serial number. The bank shall not process any attempted transaction which is not signed by an account holder's key or contains a duplicate serial number.