Wednesday, 10 October 2012

Public key, private key banking

Money, made easy
I was standing in the queue to pay at M&S food yesterday and noticed a leaflet for their new current account. 'The only trouble with switching current accounts is,' I thought, 'it's a pain.' And despite all supposed efforts to make it easier, particularly for business, this remains the case. All the more so now most of our payments are done electronically, so a change of account means getting the finance department of every client/customer to change their systems. And we know how good finance departments are at making changes.

Yet we can switch mobile phone company, transfer our number and zingo! Calls still keep coming in. As long as you have your own URL, the same goes for email address - I've changed ISP twice, but my email address hasn't altered since 1994. So why can't bank accounts be like this?

What we need is to model bank account access on the public key, private key encryption mechanism. In this clever security system, you have a public key that you merrily give to anyone and everyone freely that enables encryption - but you need a separate key that only you know to do the decryption.

My bank equivalent would be that you have a public account number that stays with you for life and that you can let everyone and anyone know. You can stick it in large letters on your website. And that is all that is needed to pay into your bank account. It is bank independent - it's just for you. So when you move banks, anyone paying you still pays to the same public account number and it reaches your new bank. Simples.

Paying out is a different matter. In my scheme you would have a private key to enable money to go out of your account, and that key would only be shared with one individual - the payee. You would have a different key for each relationship between you and a payee (you wouldn't need to see this, it could all be covered by the software, just as the public key/private key is online). If it was a one-off payment you could include the amount in the key - if it's a direct debit or equivalent it would specify the duration. No one else could use it.

With these in place you have two things. The ability to switch bank accounts without informing everyone of a change of details, and much better security. What's not to like? Would the banks do it? I doubt it. But I can dream...

No comments:

Post a Comment