The basic affordances underlying credit cards are backward: “Here's my wallet -- go ahead and take what you think you need.”
Carrying a computer (i.e. phone) running a user agent can vastly improve the interaction. Something like:
1. Transmit an identifier from user agent to merchant via radio, barcode, or some other method.
2. Merchant's system asks user agent (either directly or through a service such as the user's bank) for a dollar amount.
3. User agent asks the user: "do you accept this charge? yes/no"
At no point is the merchant given a piece of information that allows them to charge whatever amount they want. The transaction isn't complete before the user approves the amount on their own device.
It's kind of amazing we haven't switched to something along these lines already.
I can already hear someone asking "Is it PCI Compliant?".
Unfortunately payment technology, and monetary exchange in general is so valuable that frozen accidents stay because implementing something better would be detrimental to an incumbent's revenue stream.
Every month, your card company sends you a list of charges. If any of them are illegitimate, you tell the company, and don't pay, and they investigate. That's basically the same as your proposal. Your credit card number is like a public key, if you will.
Checks are worse. They pay out immediately without asking for approval.
No, it isn't the same. I don't want to wait until the end of the month. The information about this transaction is freshest in my mind at the exact hour and minute I enter into it.
I want a notification on my phone immediately:
"(Merchant X) requests a payment of ($Y). Do you accept this charge?
( ) yes
( ) no
[ ] Auto-apply this answer to future requests from this merchant"
The notion that I shoudn't, by default, have a role in approving each and every transaction before it goes through is a holdover from the days when I didn't have an always-connected computer in my pocket.
If I never approve it in the first place, there's no wrong that needs to be righted, no fraud that needs to be investigated. I just got some spam asking for money. I marked it as spam to keep from being flooded in the future by the same spammer, and that's it.
Carrying a computer (i.e. phone) running a user agent can vastly improve the interaction. Something like:
1. Transmit an identifier from user agent to merchant via radio, barcode, or some other method.
2. Merchant's system asks user agent (either directly or through a service such as the user's bank) for a dollar amount.
3. User agent asks the user: "do you accept this charge? yes/no"
At no point is the merchant given a piece of information that allows them to charge whatever amount they want. The transaction isn't complete before the user approves the amount on their own device.
It's kind of amazing we haven't switched to something along these lines already.