Thursday, May 14, 2009

Can credit cards kill spam?

In a world where every IP number has the potential to pose a new threat to your valuable data and bandwidth it is surely time to ask the question "Is the Net secure enough"?

Although it is very much up to individuals to secure their own computers, software and networks, a certain degree of responsibility also has to be taken by those who design and implement the protocols and infrastructure on which the internet is based.

A good example of what happens when insecure infrastructure proliferates is spam.

I an ideal world, email would only be available to authenticated users with known bonafides. However, because the SMTP protocol and the service it provides was designed and implemented in a pre-spam era, we now pay the price in almost immeasurable volumes of junk email.

Despite the best attempts of many, email has yet to be replaced as the primary communications vehicle of the internet.

Sure, there's instant-messaging (which gets its own share of spam) and twitter but nothing replaces email from the perspective of ubiquity, flexibility and simplicity.

So it's clear that security requires sacrifice.

We can't kill spam until we can reliably and effectively authenticate users but such authentication is inevitably complex, expensive, cumbersome and therefore carries its own price.

However there are some interesting options appearing in the authentication world and at the forefront appears to be good old Visa, "the credit card that's accepted in more places..." bla bla.

You see, a lack of adequate authentication has also plagued the credit card industry for a long time now and it seems they've decided to get serious about reducing fraud and the resulting losses.

In this BBC story there are details of there new "interactive" smart credit card and I'm wondering if this might not be a great way to de-spam email as well.

Why not require each email session to start with a user's credit card number and the unique session-code that it produces?

Spammers sure as beans aren't going to use their own cards because one of the caveats of using the system is that you'd be charged (say $0.10 per message) if you decided to spam.

How would they charge you?

Simple -- you've just handed over your credit card and a valid session-code!

And no spammer could use stolen credit card details because they wouldn't have the unique session identifier code that these new cards spit out.

Presumably, if this code wasn't generated until the owner keyed in their PIN then even a physically stolen card would be useless in the hands of a fraudster or spammer.

Who knows, perhaps Visa has unknowingly come up with the answer to the spam problem.

No comments:

Post a Comment