Even as a tech person, I am indifferent. I’ve adapted to a world where cards get stolen, so I never use debit, review my statements, and have spending notifications turned on for my phone. I have the apps so I can instantly lock my card. I have already learned to live in a financial castle.

It is obviously not great, but an additional breach has little marginal impact on my life.

The real question is why online credit card payments still involve using the whole card number, as opposed to some message signed by the card's private key authorizing certain spending limits for a retailer.

That’s exactly what we have in the Netherlands — there is a system where you can go to check out, using iDeal.

It gives you a QR code at checkout, which you can scan with a banking app on your phone. It shows on your phone the amount you’re sending, and to whom, with a button to approve or deny.

You can also set it up as a recurring payment in the app and say “authorize this same payment automatically in the future, up to €xyz amount”. Then you can see a list of all of your authorized recurring payments, and cancel or change them any time from the bank app.

It’s a great system!

Yet another example of NL's actual understanding of the public and common good

I miss thee dearly!

Online retailers almost surely do better by allowing easy use of credit cards by even the least technical 5% of Americans than they would from a lower fraud system that required a moderate or higher level of technical acumen to operate.

Suppose I'm at a computer ready to buy a PS5 on BestBuy's site. What's the complexity now vs under a proposed private-key system? What's the loss in conversion rate on the latter?

I'm not sure exactly what that might look like, but if you look at crypto wallets for example, you could have a browser extension (or something like Apple Pay) that's able to custody the private key and sign transactions. Once you have it set up, it would be much easier than entering a CC number.

Then offer both until the general public learns. The savvy can use the more secure system and the rest can upgrade when they're feeling brave.

Apple Pay is a virtual number all the time, and Amex with Google Chrome is or can do it too

baby steps, significant ones, but an incomplete solution

Because smart card readers aren't very common on home computers.

It’s a weird skeuomorphism that online payments are even related to physical cards. It should just be through your online banking account.

It's just a legacy pattern. Online credit card payments predate online banking. The whole model for US card payments online was created as an extensions of the way credit cards were used to pay via mail or telephone.

>so I never use debit, review my statements,

Even the most Joe of Joe Averages should be doing that, honestly.

The primary reason to use credit cards over debit is for the fraud protection, and reviewing monthly statements is just something everyone should do.