Hacker News new | past | comments | ask | show | jobs | submit login

>but it simply isn't possible

The credit rating agencies could establish reasonably secure channels directly to consumers (passwords would be a start, dedicated tokens would be best), and require explicit authorization through the secure channel for new lines of credit. No account system is perfect, but it'd be a hell of a lot harder to break than "prove your knowledge of full name, address, DOB, and SSN" which are shared and stored all over the place, and bound to leak.

The financial industry or the government (probably at the financial industry's behest) could sign/distribute cryptographic identities along with plastic ones. Opening a new account could require a signature from a signed certificate.

Banks could send prompts to your smartphone asking you to approve/reject ACH and even credit card transactions, ala Venmo. Or you could sign them from a device you control, as with Bitcoin. (Instead, when we get cryptographic signing for payments at all, we get cards which sign all transactions presented to them by devices the consumer doesn't control, without verifying the cardholder's intent except through the merchant's terminal, whose UI could be lying. And we're still stuck with shared secrets for online payments).

A lot is possible, the financial industry has simply chosen to put consumers (and itself) through the hassle and expense of cleaning up after fraud because it's cheaper than a serious attempt at an authentication system.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact