How many PIN codes you can remember?

Hi Antti,

Your last line is the most pertinant, "who will watch the watchers" is always the biggest question.

I think that the concept that you are describing has been envisaged by many security start-ups. The problem is critical mass for one solution to become the dominant one - in a market where the entry price for new ideas and software is "free".

In my world, one the major reasons the adoption of eBilling is so low is that people can't remember a different username and password for each eBilling website. We advocate the use of encrypted attachments sent by email - effectively using the users inbox as one factor and a shared secret as another. Security architects understand that it's not perfect but it's very practical.

regards

Michael Wright - CEO | Striata

Michael,

thanks for comments. Idea itself is good but it has to run by trusted third party, where banks, mobile operators, credit card companies and finally customers trust. No start up firm get that reputation. Only company I could think to handle this job is SWIFT.

What comes to eBilling, I have a problem when some of my eBills are in emails as PDF form, some are online portal and some are inside my online bank, which is handy as long as I don't change bank.

What would be nice to use e-invoice to order something. Then I would be verified same method as Mastercard/ Visa are using when shopping with 3D- security level and then I would be billed with my e-invoice. That e-invoice then would come to service I would like to get all e-Bills. That could be email account, that could be my home online bank or one portal. 

The interesting thing about what you describe is that you wish to have flexibility in the format of your eBills. Your personal choice could be an internet banking portal - yet someone else may wish to use their inbox.

What this requires is the adoption of an eBilling address space - something that has been the topic of discussion in eBilling and e-Invoicing circles for a while.

Using a dedicated email address for your ebills would allow you to route these type of communications to a specific inbox. Billers can email the documents (probably in multi-layered PDF fromat) very simply.

At the same time you may decide to route some bills to your internet banking bill manager - by giving the biller a dedicated email address for your banking portal (i.e. accountnumber@bankname.com). Again these bills can be emailed to that address (or transfered in bulk by FTP) in multi-layered PDF and the bank can read the XML data and display the bills appropriately.

Consumer eBilling needs to find the address space that will work in all situations and that can start now and scale as people move from paper to electronic document delivery.

Michael Wright - CEO - Striata

Micheal, you are correct. End user should always decide where they get their bills. If you compare to current paper world, all my bills drop to same mail box every day. I don't have to fetch my bills from different places, like today it is required among e-bills.

E-bill address, which I can always remember should be nice. Your idea with account number@bankname.com is one option. Nordic SEPA based way too long account is just too complicated, even it goes straight thru to my online bank. For this reason I have been thinking to create PIN code, which is linked to my account or my email address. Giving this PIN code to merchant then would give me access to receive my bills to the place I would like to get and pay. Is it my email box or my online bank, that is up to me where I get my bills.