http://www.securityfocus.com/news/11491The article has some interesting pros and cons for it, but the gist is that a group of retailers want to only store enough information to verify the purchase but not the full credit card used in a purchase. Naturally, the focus is on the various data breakins, immense number of cards being stolen all over the place, and how each store's security is one more point of failure. Since people don't use one credit card per store, it means your credit card's security is as secure as the
worst place storing it. And since businesses keep all the information needed to make a transaction in the same place, if one place is broken, then you need a new card.
Now, I was on the retail end of this. I had to secure a system to handle credit cards and I remember how much I had to store. And I really, really didn't want to store it. But, I had to because Visa/Master Card basically said I did. At the time, that is. I ended up doing a encryption key for the data I did have to store, but I always worried that my little web front end, that handled almost 10 transactions a year, would be the one someone broke into. Computer security is a lot harder than most people think.
If this does go through, it means that the main points of vulnerability would be the credit card companies themselves and those who insist on keeping everything. It at least makes those places less of a target for stealing cards.
Either that or find a new way of handling credit cards.
