My colleague George Ou recently wrote that the U.S. banking system needs to abandon its Shared Public Key system (PIN numbers known by both the bank and its members) and adopt a Public Key Cryptography (PKC) system in its place. By using smart cards with PKC’s combination of Public and Private Keys, George argues that banks could make security much stronger and easier to administer in case of theft (a bank could simply revoke the certificate on a stolen smart card to render it useless).
As George points out, Europe is quickly moving to smart cards (and Asia is on the way too). Is it time for the U.S. to follow? I think it will probably take strong demand from consumers or a crisis to light a fire under the banking industry. Maybe the recent theft of PIN numbers will be the catalyst, but I think it will still take an outcry from consumers. So if you want smart cards sooner than later, let your bank’s customer service department know about it.
By the way, in his article George also mentions the possibility that smart cards could potentially become an all-in-one card with your ATM, credit card, and other access data all centralized in one uber-smart card. While I am fascinated by the ease of use that would create, I also must admit that I am scared to death of having all my private data and financial access info centralized, unless there was a strong biometric authentication component tied in as well. And even then, the paranoid side of me would have its hackles up. Am I too skeptical?