A friend asks why haven’t online debit cards been enabled to work over the Internet?
Good question! My guess is that it’s because the various online debit networks (“Star”, “NYCE”, etc.) have requirements in their operating rules which specify that PIN’s must be encrypted in HARDWARE from the point of sale. No one wants to even think about trying to deploy secure hardware devices to attached to remote shopper PC’s.
NYCE had an initiative a few years back called SafeDebit — it involved providing consumers with a small, credit card-sized CD-ROM to use as a secure token on the consumer’s PC. SafeDebit failed to get any traction.
On the other hand, many banks appear to have considered this security question with respect to their online banking sites — and allow consumers to logon to those sites (via 128-bit SSL encrypted sessions) using their account PIN.
Does anyone have a good answer to this question?