Here’s an idea.
Credit/debit card transactions are now verified online (that is to say, contact is made with some centralised authorising authority).
Here’s how to stop fraud. I don’t even need a chip-and-pin terminal to do it. However, I do need a mobile phone.
I tell the bank/credit card company my mobile phone number. They send me a text whenever authorisation is requested. I send them a text back with a secret code (a bit like a PIN) in it.
Even better; make use of my fancy smart phone so the authorisation is done over the Internet.
Even without all the mobile phone stuff, they could at least email me every time a transaction takes place with details of the transaction. Pretty quickly I would know if someone was using my card/account without my authorisation and could ring them up and cancel it. This could be done right now, and if you buy online it almost is. The small change is that it is the card company rather than the retailer that sends you the email (or an additional email). This already happens with PayPal and Google Checkout and is very useful.
Note: the phone itself is not the key — so even if that is stolen along with the cards, it doesn’t help the thief. The phone is merely a channel to communicate with me that has been preapproved by me.
(There is the small problem of modern phones having an ‘outbox’ in which they keep all sent messages, but that’s got to be trivial to get over).
Let’s hope that one day this blog entry stops some bastard from getting a patent on this (if they haven’t already).