PGP and "Smart" Cards
Mike Acker
Mike_Acker at charter.net
Tue May 10 11:54:59 CEST 2011
The Basic Error is in giving the merchant your credit card number.
You are spreading that number all over Boston and the thugs are gonna grab it and
help themselves. The only surprising thing is that this doesn't happen more
often. All that a thug needs is a Merchant Account with PCI and he can start
using all the Credit Card numbers he wants to buy on the black market forums.
Run off a few million bucks and head for Bulgaria. AK-47s are on sale there this
week only ( tee hee ) .
Corrected Thinking: DO NOT GIVE OUT YOUR CARD NUMBER.
Smart Card Technology -- or your iPhone can make this possible.
Instead of you giving the merchant your account number the merchant should send
an invoice to your Smart Card -- or to the PCI App in your iPhone
Your Smart Card -- or the PCI App in your iPhone -- could then encrypt the
invoice together with authorization for payment and forward this cipher text back
to the merchant's Point of Sale Terminal (POST). The merchant would NOT be able
to decrypt this cipher text as it would be encrypted to the PCI: to the financial
institution that issued your SmartCard. The POST would forward the cipher text
to the PCI. The PCI would decrypt the cipher text and verify your signature. On
approval PCI would forward a paid copy of the invoice back to the POST and an EFT
credit to the Merchant's account and an equal EFT debit to your account. The
POST prints the paid invoice and off you go with your new egg beater and don't
forget the receipt ( called the paid invoice here ) .
--
/MIKE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110510/6101de9a/attachment-0001.pgp>
More information about the Gnupg-users
mailing list