Many smaller sites don’t store your credit card number, re-directing you to a payment processing site or to Paypal. But the big companies like Amazon thrive on being able to charge you with a single click, and would wilt if they always had to make the customer type in a huge number, a date, an extra security code, a name, an address, etc. So the little guy poses less of a risk for credit card theft but a breach at a big company – say Sony – is a risk. Isn’t there a better way?

Unlike passwords they can’t hash the data, it needs to be in plain text so it can be transmitted to a third party, the credit card company. However, why does the credit card company need to receive the actual card number? Couldn’t they receive a Sony-specific identifier that equates to the user’s credit card?

When you go to check at Sony’s online store they should first ask you how you would like to pay. Lets say you click on Visa. Sony would then take you to a Visa page ( where you either log in, create an account, or just type in your credit card info without signing in. Visa would then securely pass back a token to Sony while also redirecting the user back to the Sony checkout process. This token could be a salted hash of the credit card, or another unique identifier, but in either case it must be unique, must only apply to that credit card, and only to Sony. Then Sony completes the transaction, using that secure token from Visa to process the payment. When the user returns for another purchase they can select that “saved” credit card, and Sony will re-use the token for the processing. Sony only saves the token and an identifier, such as the last four digits of the card.

The benefits are huge:

  • Visa will accept that particular token from Sony only.
  • Sony can’t loose the credit card info because they don’t have it.
  • If the user has an account with they can deauthorize the token given to Sony.
  • If the user’s info such as billing address changes, the token can automatically be invalidated, requiring re-approval. This helps protect the user and prevent incorrect shipping addresses.

It is similar to the little guys’ access to your payment information, except the big players are able to charge again without user intervention. The process is very similar to OAuth, which usually authorizes access to a user’s site info to a third party, such as a twitter feed having access to your twitter account (actually I believe the identical rules apply, with the exception of not requiring an account on the payment company’s site).

This fixes the Sony breach of credit card data, putting all our eggs in fully capable hands of Visa and Mastercard… Wait… What am I proposing here? Back to the drawing board…