Yahoo News had this AP story (via) yesterday which reports that VeriSign is teaming up with at least one major bank to offer debit cards with single-use disposable passwords.
This particular security feature is long-overdue for debit cards. It has been possible to use single-use passwords for online credit card purchases for a number of years. In the AP story, VeriSign claims that the reason this hasn’t been implemented sooner is that consumers would need to carry a password-generating device much like the SecurID token that is common in corporate offices. Their new product basically just shrinks the electronics required to the point where they can fit in the corner of a standard plastic debit card.
I hope this becomes standard issue very quickly. My wife and I have both had to replace our debit cards over and over again because of security breaches — I think Bridget had to replace her card four times last year, and I had to replace mine two or three times. Single-use passwords would reduce the need to replace thousands of cards every time there’s a breach, and would alleviate the bother on the consumer’s end of having automated payments based on a debit card number break each time the cards are replaced.
I just wish it wasn’t VeriSign. They’re evil.
