>But now we're moving on to personal computers, and for some reason if I want to pay someone I still need to give them my bank account details.
For what it's worth, paying bills in Europe works with the Giro system (http://en.wikipedia.org/wiki/Giro) which is the opposite of the US system. When a company wants me to pay a bill, they give me their giro number and an invoice number, and I deposit money in their giro account. They never get to know my bank account number, and I never get to know theirs.
I just came home from eating out, and the restaurant had a portable chip&pin reader, which is increasingly common. The waiter enters the amount in the reader, gives it to me, I insert my card, enter additional tip, enter my pin code, press ok, take my card, and hand the thing back to the waiter. We both get a receipt, and the restaurant gets my money without ever knowing my card details. It sort of solves the underlying problem.
the restaurant gets my money without ever knowing my card details
It's still their hardware.
I think what Cushman wants is for the merchant to present the customer with a QR Code, the customer scans this with their device and registers a transaction with their bank (possibly adding tip, etc). There are at several ways for the merchant to confirm the payment including notification from their bank, notification from the customer's bank, and notification from the customer's bank returned to the customer's phone (which the merchant could trivially scan and authenticate).
But yes, there is still an attack vector there, and I agree that the best solution is one where the business owner gives me payment details, I complete the transaction using my own hardware, and they verify it using theirs.
I have a hard time seeing a solution built on smartphones gaining widespread adoption though.
That's true, but I think that's the smaller problem. Owning and using hardware built for fraud (presumably banks ordinarily provide merchants with the real ones) would be a serious crime that only outright criminals commit. With credit cards you need to worry about the marginal criminals.
For what it's worth, paying bills in Europe works with the Giro system (http://en.wikipedia.org/wiki/Giro) which is the opposite of the US system. When a company wants me to pay a bill, they give me their giro number and an invoice number, and I deposit money in their giro account. They never get to know my bank account number, and I never get to know theirs.
I just came home from eating out, and the restaurant had a portable chip&pin reader, which is increasingly common. The waiter enters the amount in the reader, gives it to me, I insert my card, enter additional tip, enter my pin code, press ok, take my card, and hand the thing back to the waiter. We both get a receipt, and the restaurant gets my money without ever knowing my card details. It sort of solves the underlying problem.