In the US, at least, it's largely a matter of incentives.
By law, consumers are liable for at most $50 if their credit card info is used fraudulently by someone else.
Credit card companies validate transactions against statistical models in an attempt to head off anything suspicious. EDIT: Thanks for reminding me of this, nialo.
But often, it's the merchants who bear the cost of a fraudulent transaction. They have the least power to encourage more secure alternatives, because everyone already expects to be able to buy online with a credit card.
Card companies in the US do have something similar to the system you mention called 3-D Secure[1], but it hasn't gained wide traction. The interface is implemented so badly and inconsistently that it looks like a phishing scam. But more fundamentally, consumers have no incentive to use it, since it shifts more liability onto them.
This is now compulsory for all online transactions in India. Lot of people complain about this saying its one extra step, but for me I don't mind losing a bit of usability if it can add one extra safety net.
By law, consumers are liable for at most $50 if their credit card info is used fraudulently by someone else.
Credit card companies validate transactions against statistical models in an attempt to head off anything suspicious. EDIT: Thanks for reminding me of this, nialo.
But often, it's the merchants who bear the cost of a fraudulent transaction. They have the least power to encourage more secure alternatives, because everyone already expects to be able to buy online with a credit card.
Card companies in the US do have something similar to the system you mention called 3-D Secure[1], but it hasn't gained wide traction. The interface is implemented so badly and inconsistently that it looks like a phishing scam. But more fundamentally, consumers have no incentive to use it, since it shifts more liability onto them.
[1] http://en.wikipedia.org/wiki/3-D_Secure