Agree with #2 but for #1 I like the idea of a one-time code being send to your cell phone.
There is a major bank out there which uses a defective process to require you to enter information from one of their issued cards. That scheme is fatally flawed and a poster child for what not to do.
Originally Posted by
reft
I doubt that banks and airlines are reading this, but in case they are, or anyone else in a position of influence is, two helpful solutions to fraud would be:
1) One time password solutions
Ebay and Paypal offer this today via a hardware fob, with a bypass in case you have an issue. I think they charge you $5 or $10 for the fob. The Fastmail email service offers you the option of a hardware key or a number of pre-generated one-time passwords. I think some banks may have implemented the RSA solution.
2) Account Privilege Levels
Instead of one password and set of access rights, let me have two or maybe three. One read-only password and privilege level for balance queries, another higher one for moving money around, making changes or generating a one time CC number; in the case of FF programs, redemption or changing an existing flight booking. Possibly a 3rd rarely used for certain events such as fraud prevention override.