

Why is our payment card data being hijacked? It’s people – not PCI - cyphersanctus
http://venturebeat.com/2014/03/02/why-is-our-payment-card-data-being-hijacked-its-people-not-pci/

======
mschuster91
What I don't get is why CC payments cannot be done in a OAuth-like manner.

For RL payments, the card would, supplied with the correct PIN, generate an
OAuth token that allows the merchant's processor (and ONLY it!) to withdraw
money from the card onto ONLY the merchant's account.

For online payments, the customer would be redirected to a central,
MasterCard/Visa/foo supplied site, once again giving out access tokens valid
only for a specific destination account, as well as optionally locked
money/time limits for recurring withdrawals.

