Another way of thinking online payment

I was reading an interesting post about encryption and it made me feel a need to respond on what is said about credit cards.


Very soon after I joined es-discuss, I read some messages by Mark S. Miller. Soon enough, I watched his infoQ talk. This talk introduces the notion of object capabilities. This talk and this concept blew my mind. “Modularity increases my security?”. And he also shows the problem (and a solution) of distributed secure currency. Any “smart” idea I’ll write in this post are actually more or less already in this part of the talk.

Unrelatedly, I watched a talk by Douglas Crockford which suggested people to go watch The Lazy Programmer’s Guide to Secure Computing by Marc Stiegler which strongly emphasis POLA. I did and took the same sort of mind-blowing shower. I will learn later that Marc Stiegler and Mark Miller have been working together.

This led me to start reading Mark Miller’s thesis (haven’t finished yet, but still working on it) and to watch some other talks. It also led me to read about petnames, rich sharing, website passwords, web introducer and many other interesting things.

There are years of serious research poorly summurized in the links above. I highly encourage to read and watch all of this, but I admit it takes a lot of time to.

Thousands of credit cards numbers stolen during the Sony Playstation network hack

People have given their credit card number to Sony. Sony got hacked. People were annoyed. Who is to blame? Sony for its flawed security? Let’s take another look at the problem.

I want to pay…

I want to pay online. I want to buy one item once or pay regularly (like in a monthly payment to Sony). What option am I given? Giving my credit card number. And this is a terrible idea!

…but not to give my credit card number!?

When I send my credit card number and any “secret” written on the card, I do not allow for a one-time payment (or regular) to one company for a given amount of money I choose. Rather, I give the authority to anyone reading my info to do a payment of any amount directed to anyone, anytime. And that’s a source of insecurity.

Another way of thinking online payment

Here is how payment could happen: I go to my bank website, I have a form where I choose the amount I want to pay, who I want to pay to and to which frequency (one time, once a month, etc.). The two last fields are optional. In exchange, the bank gives me a secret (a URL for instance). I share this secret with who I want to pay. End of story.

Of course, this is just an example crafted in 2 minutes that could probably be improved.

“Oh fuck! Sony is getting hacked again!”

So, In my imaginary world, Sony (or anyone, it’s not about Sony as you’ve understood) does not have access to my credit card number, but only to a secret allowing a payment only to it at a frequency that I chose and to an amount that I chose as well. Sony gets hacked? WHATEVER!

We could imagine extensions where I could tell my bank “such secret has been compromised. Please stop paying through it”, “regenerate a secret for the same parameters”, etc.


As Ben Adida mentions in his blog post, encryption is not the final answer to security. His analysis of how encryption may get in the way of social features is interesting.

I wrote this post to show that security without encryption can exist, even for payments. Object capabilities seems to have a huge misknown and underused potential to achieve this form of security.

In the particular case I described, it’s not here because it requires cooperation from banks. I’m looking forward to see banks implementing this!


7 thoughts on “Another way of thinking online payment

  1. “I go to my bank website, I have a form where I choose the amount I want to pay, who I want to pay to and to which frequency (one time, once a month, etc.).”

    This already exists. It is called a “transfer payment”.

      • Well, it is not possible to use transfer payments on all websites. But it already exists, so there is no need to invent something new, that was my point. The only thing to do is to make sure people can choose transfer payment as well as other means of payment.

        I have already bought computer stuff on a French site using tranfer payment rather than my credit card. The only drawback is that, even if your money disappears from your bank account in the blink of an eye, it takes 2 or 3 days to reach the website’s bank account. And said website waits until they get the money to send you what you bought. So if you’re in a hurry, that kinda sucks.

        Someone could obviously manage to get my login and password for my bank website, but that would not allow them to buy stuff using a transfer payment : every time I want to perform this kind of operation, a confirmation code is sent to my cell phone, and I must enter it on the website to proceed. This is a great system. Well, obviously, I wonder how it works if you do not own a cell phone.

  2. This already exists in the Netherlands, using iDeal

    For instance, on the online gaming store Steam, when you are in the Netherlands you can choose to pay using iDeal. You are then forwarded to page by iDeal where you can choose your bank. After chosing your bank, you are forwarded to your banks internet banking page where you login the same way you normally log into your internet banking. After that you approve the transaction, and you are redirected back to ideal, which in turn redirects you bank to the steam store, and the payment is complete.

    This way no credit card is used at all, and no login (or other important) data is shared with the webstore, and not even with iDeal, because it simply makes you login to your internet banking, on your banks website. So steam (or any other store) or even iDeal can get hacked all they want, no important data would ever be leaked

  3. A friend of mine also reported that with her bank, she can generate fake credit card number. So if the website gets hacked, it can’t use this number.
    Yet, this is rare in my experience.

  4. “Transfer payment” has been the defacto standard for making any recurring payment in Germany for decades. Of course, in these globalized times, more and more German vendors are forced by their customers to also accept credit cards.

  5. The system Wander describes also exists in France. Atos “SIPS” solution enables it so I guess others do too. And it works with most of the main french banks. But I don’t know of any international system.

    “security without encryption can exist”
    That’s only true for the encryption of the data you store.
    I wouldn’t type my credit card information on the bank site either if the connection wasn’t encrypted.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s