Why do cards reveal the secret?

All things considered, card as a payment method is still king, but a backward one. In particular, it does not make sense that your card reveals a sensitive code for anyone to copy and use without your permission. By "code" I mean account number, expiry date and CVV.

[I could not find anything online suggesting that card networks are working on a solution to remove the visible code on cards. SEO around the topic is bonked out on security advice. Please do let me know if there is actually some plans on this topic that I am missing.]

Considering that we don’t need the code for physical payments anymore (thanks to NFC and chip authorization) and we could use alternative authorization methods online, why are we still using a code? What are the alternatives?

Why cards are lame

Credits cards were invented in the 1950s. We all know it is a terrible foundation for the digital economy and the modern world. There are a lot of reasons why cards are lame:

• Cards are prone to fraud. Using a credit card online or at restaurants is a bit like sharing your bank password with strangers each time you make payment. In the US, it is quite common to see your credit card disappear for a few minutes to authorize a payment.  In 2021 alone there have been approximately $8 billion in fraudulent charges. Not only is fraud bad for the card owner, but also for the merchant. 

• Cards are easy to misplace or lose. Losing a card is a pain, but doing so while traveling is a disaster. In order to avoid such misfortune, one has to travel with a backup card or extra cash. Arguably an even worse scenario is having canceled your card assuming it to be lost forever, only to find it in your back pocket a day or two later.

• Typing out card details can be infuriating. We have all been there. You are trying to make an online payment on your desktop or mobile browser and you have typed out your card details, only to get it wrong.

• Cards are plastic. There are over 2.8 billion plastic cards in circulation. There are strong movements to reduce the usage of straws and plastic bags. Perhaps we need to impose the same pressure on physical cards.

• Cards expire. While this only happens every 4 or so years, it can be a major inconvenience to wait for a new card to arrive. This is especially problematic while traveling. It is particularly annoying to update subscriptions with new card information.

• Cards can't do peer-to-peer payments. If I can use my card to pay merchants, why can't I use my card to pay a friend? 

• Card processing fees are expensive. Merchants pay a hefty fee to accept card payments. The fee is split between multiple intermediaries and also helps to buffer expected fraud in the model. For example, Stripe charges 2.9% + $0.30 per transaction. To put that in context, if your business is doing a $1 million annual turnover, that means you are paying over $30K in payment processing fees. 

Why cards are cool

It is only fair to also consider what makes cards great and understand why it is such a dominant payment method:

• Compact and lightweight. It is easy to carry your card in your wallet or back pocket.

• No electronics. You don’t need a device or internet connection to make a payment (except for the merchant of course).

• Global reach. It is the most convenient and universal payment method even across borders.

• It works. The card infrastructure can handle crazy volumes and is nearly 100% reliable. It rarely happens that the card network is experiencing outages.

Is there a better alternative?

Cards serve as a messaging and authorization layer between the origination and destination accounts between different institutions when conducting a payment. Cards don’t hold the actual balance.

An alternative authorization layer could be biometrics (eyes, face, voice), mobile device, or browser session. It is likely that cards will continue to be a dominating payment method, but it should be done better. It is not a good idea for cards to expose sensitive human-readable information that can be compromised at any point.

Instead, physical cards should only use chips and NFC authorization for in-person payments, while online payments should be authorized with in-app app or browser sessions. Card networks could introduce a standard for online checkout that simply requests your bank’s name and your email address. You then get a pop-up or link to authorize the payment. 

Bitcoin inspired a generation of innovators building on an open and distributed ledger system. The payment happens directly on the underlying ledger without needing a messaging layer between institutions running separate account balances. Transacting directly on the underlying ledger system without a messaging layer will likely become a dominant alternative for online payments in particular. The main reason for this will be the reduction in merchant fees by eliminating the messaging layer. The downside of direct payments is that the consumer can’t force a refund, but a more cost-effective escrow solution could be a solution here.

While distributed ledger technologies are making major strides as a superior payment alternative, a missing piece is offering credit directly on these networks, in the same way, banks do with cards. On a technical level, this is feasible, but the association of credit with cards is a deeply entrenched cultural phenomenon.

---

In summary, cards aren’t going away any time soon, but they should be done better. It is likely that cards will be less relevant for online payments over time. Considering that we are all carrying our phones and watches, we will likely move away completely from cards altogether.