I woke up this morning with a text alert from my credit card company -- about $5,000 in fraudulent transactions. I wasn't angry. After all, this is bound to happen with credit cards. Together, we went through a list of transactions to figure out which were real and which were fake. Of course, I'm not the only one using the card -- there is my wife. So I loop her into the call so we can triangulate. After a half-hour, a new card is on the way.
The whole time, I couldn't help but marvel that the massive worldwide effort to roll out the infrastructure for EMV chips still falls well short preventing fraud. Just think about how big this effort was: replacing all credit/debit cards, converting merchants to chip readers, educating the masses on the new process. In the end, all it did was prevent in-person fraud. It did nothing to prevent the fraudulent online transactions I was staring at before I'd even had a cup of coffee.
When I thought about it, that makes total sense. What information do I need to buy anything online?
- Name
- Card #
- Expiration Date
- Zip Code (in the U.S.)
- CVC code ( the code on the back of the card)
And who has this information? Everyone I've ever done business with online. Sure, many of them don't keep the info -- they just pass it along to a processor like PayPal. But many do, to make it easier for repeat customers who don't want to type all that information in again. So all it takes is for any one of those businesses to get hacked and my credit card is now available for just about anyone to use. (I think a lot of the intermediaries processing the various steps of each credit card payment also have this information.)
With cryptocurrencies, there is one rule above all others: "If you don't control your private keys, you don't control your crypto." If you store your bitcoin or crypto on an exchange or a web wallet, you are trusting a third party to secure your keys. If they get hacked (hello, Mt Gox), you could very well lose all of your money.
And yet, that simple refrain is not how the rest of the world works. We are not our own banks. All of our money is with trusted third parties (banks, credit card companies, PayPal, governments, etc...). The current system assumes fraud is a given, necessary part of doing business.
The future doesn't.
The future won't solve someone directly cheating me (not actually giving me the product I paid for), but it will ensure the basic mechanics of a transaction are trustless and don't need all the intermediaries. We will finally have an authentic version of cash on the internet.