Comment by jokethrowaway
3 years ago
If each card were a public/private keypair, you could sign a message authorising a payment of X amount at current time, in zero knowledge, without leaking your secret (the credit card number) in every transaction.
Add two factor authentication, if you want, but fix the underlying giant issue first.
This would be more secure than what I proposed, but requires changes that are out of the control of the credit card companies.
For the card to sign the transaction, you need to add some kind of card interface to the users device. Maybe this is what happens with chip cards when you use it at a shop with a card terminal.