When you pay with a credit card, you have to provide your credit card number and sometimes some other information to a vendor (like the 3 digit code and/or zip code). This extra info is seen as a “security” step, but YOU JUST GAVE IT TO THE VENDOR!! You literally gave the vendor all the information they need in order to spend YOUR money from your credit card. How freaking crazy is that?
Similarly, to make an ACH transfer, literally all you need to do is give them your account number and routing number. There’s no authentication. You don’t need to authorize the transfer. Once again, in order to pay a vendor, you give them all the information they need to take your money.
The equivalent in crypto would be that if your wallet’s address was all that was required to steal your money. Like, in order to pay somebody, you just give them your wallet address and they initiate a transaction to take some amount of crypto, and you have to trust that they will only take what you agreed upon and nothing more. Can you imagine if that were the case?
This is why crypto is hands down the biggest improvement to the security of financial transactions ever. Because of the use of asymmetric encryption (i.e. your public/private key), you can authorize a transaction without giving anyone else information they could use maliciously. For the life of me, I can’t figure out why we ever thought it was a good idea to develop a system in traditional finance where this is not the case.
This same mentality needs to be applied not just to payments, but all forms of authorization intended to prove that the one initiating an action is the correct individual. The biggest example I can think of is with things requiring social security numbers. Want to take out a loan? Ok, we need your SSN. Oh, but wait, now that you gave us your SSN, WE CAN IMPERRSONATE YOU!!! Again, absolutely bonkers. Instead, we should have the ability to register key-pairs with the government so that your public key is literally a matter of public record and you can use it to authenticate anything you would ever want. When you want to take out a loan, all you need to do is make sure your keys are loaded onto your device (encrypted with a PIN or biometrics), and then you can provide a cryptographic signature to prove you are who you say you are. If your keys are ever compromised, you can simply provide ID and revoke your key-pair and generate new ones.
This would solve so many problems in society, and crypto is the first technology to actually show how effective it would be. Just don’t lose your keys.
