There's an interesting piece over on the Heise Security newswire about Visa pondering a move to one-time TANs - transaction authentication numbers - for online cardholder not present transactions.
The idea is to soup up a Visa card with a simple keyboard so that it can generate its own TAN every time you want to buy something online.
Since each TAN is only `good' for a single transaction and, presumably, for a certain period of time (e.g. an hour) the idea is to add a degree of security to the transaction.
Except that, by incorporating the TAN generation system into the card itself, am I along on thinking that the system is flawed - i.e. if you steal someone's card, you can generate your own TANs!
TANs are quite common with online banking services in Europe, but are still quite rare in the UK.
The big question, of course, is whether consumers will accept them.
Myself, I have my doubts...
