circulating denominations (part 4)

… and wallet distributions.

This is part of the Toronto visit series.

“Do you have change for $5?”
“I can only give you one loonie and two lizes”
“What?”
Dumps coins on counter.
“Oh…”

(Canada has no bills under $5 and circulates the $1 and $2 coins.)

Before playing with Canadian money, I had thought that a $2 denomination, whether coin or bill, would be a great idea. But the problem I encountered here was that I was just unable to get very many $1 coins when the $2 coin was also widely circulating. This makes sense, because each transaction at most ends up giving you one additional $1 coin if done optimally. But if you had to always pay odd dollar-amount fees like the $3 streetcar fares, then you need many $1 coins which you don’t have. Compare this to the US system, where you get lots of $1 bills from daily transactions — up to four $1 bills in a transaction ($0-$4 in change). It surprised me that the latter situation is more flexible, because I did not take into account the dynamic effects that repeated transactions have.
(Read the article)

remote payment security

Credit cards. Epitome of security by obscurity? It isn’t even much obscurity. Whoever gets a hold of a card or makes a mental image of it can pretty much do anything until the account is suspended. I guess banks run fraud-detection algorithms, but still they, and therefore we, absorb the cost of fraud. Fighting fraud: it’s what Paypal says it spends its R&D dollars on.

Credit card number, name, billing address, expiration date are informational, so I don’t know how they have come to be used as “secrets” for a secure transaction. Seems like a terrible idea. Then there is the 3-digit CVV code. Would somebody mind explaining its utility to me? How does 3 more digits prevent fraud? (They are on the card just like the front-side numbers and they also must be disclosed during a transaction.)

There exists technology, but little infrastructure, for authenticating and trusting the remote host (or person — phone orders are even worse). For online transactions, banks have come up with at least two augmentations to the standard procedure to try to plug the hole. One involves password verification directly with the bank’s web site. Another is to issue single-use credit card numbers. Four soundbites ensue: Inelegant! Ad hoc! Not standardized! Unsatisfactory!

But this is moving in the right direction.

Many are grossly concerned with computer security and wireless channel security. Some are paranoid to the degree that nothing short of provably secure is acceptable for transmitting a few worthless bits that in reality nobody cares about. But we seem to settle for the foundational insecurity that underlies any kind of current remote payment using credit cards. Apparently managed insecurity is accepted, even if it deals with money, about which people should actually care. That’s a strange social phenomenon.