What's crazy is that we've had public key encryption for over 40 years, and we're still publishing magic numbers on little pieces of plastic that give whoever sees them the power to take all our money without our consent.
That’s very US centric. In every other place except America, credit card issuers mandate the use EMV’s and pin codes.
How does that chip work online? As far as I know, CCs around the world still depend on numbers.
For what it’s worth, in the US, chip is pretty much everywhere. Main difference is that it’s chip and signature vs chip and pin. I wish we’d switch to pins as well, but it’s not like it’s the dark ages or anything.
It's called 3D Secure and requires a PIN to verify transaction(typically with SMS), or a security device provided by bank.
Except that 3D Secure is opt-in by the merchant. All you need to do is find a web store that is more than 2 years old and you can use stolen/skimmed cards all day long.
Not for long, it will be mandatory in the EU from the end of the year under the PSD2 regulations (though the deadline has moved back into 2021 for some countries, including the UK which is adopting them despite Brexit).
Issuers will start to decline card transactions for any merchants that submit payments that haven't gone through 3DS.
Hell yeah! Now we just need to get banks to stop using SMS 2FA and embrace an open 2FA standard like TOTP and our money (!!) will finally be almost as secure as our Facebook accounts have been for 5 years...
My bank once gave me a one time pad :)