There are no passwords transmitted in the banking system at the level you're talking about. Your PIN is never transmitted whether you're using credit card fund capture, ACH for debit purposes across banks, or on-us transfers within banks. Your web password is entirely irrelevant to all of this.
If things worked the way you think they do, I'd agree they're broken--but they don't work that way!
I'm not talking about a web password. (And I obviously know more about what I'm talking about than that— come on.)
When I pay with a credit card, every piece of information used for the transaction (Name, card number, whatever else) is stored on the magnetic stripe of the card. That set of information — the information needed to convince my bank to send you money — is what I'm referring to as my "password", and that password is given by me to the merchant for every single credit card transaction.
I'll admit I don't know how the debit infrastructure works, but I do know that I must enter my PIN on a pad owned by the merchant. That is transmission, and it's completely out of my control.
Aside from naming, how does the system not work the way I think it does?
It's not out of your control. Just don't use it if you don't like it.
I really don't see the problem that you're talking about. When you pay with a credit card, nothing happens with your bank at all. You pay your bill by check or on-line 20 to 30 days later, and only then does your bank get involved because you told it to. When you pay with a debit card, your bank is informed that you have authorized a fixed amount to be withdrawn. You could also do that through a bank web site or by writing a check, which has your account number on it. Not that much different, really.
"When you pay with a debit card, your bank is informed that you have authorized a fixed amount to be withdrawn."
See that passive voice hiding the problem: The bank is informed by the payee that I've authorized the transaction. I think it would make more sense for me (as the owner of the money) to do that.
It is a huge problem hidden by the fact that we have been getting around it for so long. These are the worst sort of problems to recognize because their cost doesn't manifest directly (merchants steal money) but in various costs incurred to prevent it.
- Consumers are picky about who they give their cc to online. They sometimes buy from second best sources due to these concerns. This also favours the established players at the expense of innovation.
- Banks/CC companies always favour consumers and always chargeback merchants for alleged fraud. This means merchants are careful who they sell to. They spend resources vetting clients (I had a client that sold phones who called every client to confirm orders - this is not abnormal). They don't sell to marginal customers (the margin is often 'outside the country'). This hurts merchants and consumers.
- Banks/CC companies spend lots of resources dealing with & preventing fraud. This manifests in higher processing fees & higher interest rates. This hurts consumers and merchants.
If things worked the way you think they do, I'd agree they're broken--but they don't work that way!