Of course, the credit-card issuer/processor had better have their security act together. But the number of possible points of failure or compromise goes down dramatically with the process proposed above, and this approach could certainly serve as a bridge until the many years required to fully cut over to smart cards pass. And, gee, we may even find that smart cards - and perhaps even POS terminals and cards of any form - aren't really required at all, replaced by the customer's own smartphone and keys known only to the owner of the device.
Source: Network World
Sign up for CIO Asia eNewsletters.