Slashdot Mirror
AmEx To Offer "Disposable" Credit Card Numbers
A reader writes "American Express is going to allow card holders to access one-time use card numbers for purchases online. Not only could this cut down online credit card fraud but it might lead to anonymous purchases. " I'm not sure this gets us closer to totally anonymous purchasing, but it does mean that you can take more steps to protect yourself in online purchasing - now only one megacorp (Amex) could have your records!
(you know, the one where the governemnt has monitoring tools like Echelon and Carnivore)
Anyhow, in hypothetical bigbrotherland, when you get cash from an ATM, it's trivial to include a reader into the ATM that will grab the unique, prominent serial numbers on the bills it gives you (in nice, clear, easy-to-OCR type donchaknow), and correltaes that money to you, a specific individual.
Now you spend this twenty (yuppiebuck) at the market/gun club/peepmall and, being a twenty, it will most likely not be given as change to another customer, but will go straight into the deposit pouch that the store gives to their bank at the end of the day/week.
The bank scans the money, correlates the serial numbers again, sees the path of the bill, and generates reasonable probabilities of the path it took through the system.
Do this for a while and you get statistical certainties on cashflows, who spends what where, telling more about a person's cash habits than an FBI interview would.
I've no idea if the system exists currently, but it's preposterous to think that cash is really anonymous, because cash literally isn't anonymous as long as it has a serial number. It may be anonymous enough for a given purchase, but in the aggregate it tells a great deal about you.
Kevin Fox
Kevin Fox
This may sound like a good idea, but it has its drawbacks.
The first drawback is granularity.
The second drawback is non-rechargability. If recharging devices were available, people would start stealing those and recharging their cards at will. To make this impossible, one has to provide each card with a sort of "shadow bank account" and have the recharger communicate with some central authority. Then, you could desable known stolen rechargers.
The third and worst drawbacks is that if it's an electronic device, you can fake it. I spent some time in 1996 assembling a microcontroller-based board that could pretend it was a German phonecard. No one would introduce a payment card that could be faked this way. In order to stop this, one has to introduce either advanced secret card signing algorithms, which are sure to either leak out or be faked sooner or later, or use shadow accounting like with the German GeldKarte ("money card"). Again, anonymity and non-traceability can no longer be guaranteed, and the advantage will be gone.
A very good introduction how the German GeldKarte payment card system works can be found here. I'm sorry that it's all in German, but the system is specific to Germany, so most people wouldn't bother to translate it. You can try the fish, though. An English introduction can be found at Manni's page
.As a state gets corrupt, its laws multiply; the most corrupt states have the most numerous laws. (Tacitus, Annales 3:27)
VISA and AmEx have been kicking around ideas to do something equivalent to one time password cryptocards. This is a simple version of the same idea, without all the fancy hardware. If it works, expect the idea to take off with all the major card issuers.
What will probably happen later on is, you will be given an electronic card, with a special token embedded in the circuitry. When you want to use your credit card number online, instead you push a button and a small display tells you the cryptographically hashed version of the card, valuable for a single use over the next hour or so.
The hash function combines a real time clock value, the token, and a counter for each use.
The servers will have a copy of your token, know the time, and keep a local counter. Then the server can compare the crypto hash of your card. If they match, the transaction is authorised. Then later the billing department matches up your hashed number with the real number, and you see the charge show up on your bill.
There are a ton of other little details which the crypto card industry has worked out, but the system mostly works. Too bad this neat methodology will be patented to death, so only the big boys can play with it.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
I felt pretty safe buying online too -- Until somebody somewhere hijacked my card number, and I suddenly had over a $1000 worth of speakers and stereo equipment show up on my bill. No, I did not have to pay for it, and even if they caught the person who did it (a pretty good bet, since the moron also used it to pay his cell phone bill), I wouldn't know for sure that it was from an online purchase becuase they don't release any information about the investigation. But it makes you feel quite vulnerable, and does a lot to make you a little more cynical about tossing your card number around (it was an AmEx, by the way). So, I'm all for this because my security concerns are based on more than artificial worries.
Buying online is probably safer than buying in person. If you take the normal precautions (secure site that is known) you are almost guarenteed safety. Compare this with a restaurant. You eat your meal and give you card to Joe Waiter to carry away and do whatever he wants. No one steals credit cards off the internet, because it is hundreds of times easier to talk to your buddy who works at Denny's and ask him to get you some credit card receipts. People use stolen credit card numbers on the Net, they don't get them there...
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
(1) Turn off computer
(2) Go to retail outlets
(3) Pay cash
As if the IP number shortage wasn't enough, now we're going to run out of AMEX numbers too. AMEXv6 anyone?
I just hope they didn't issue all the AMEX card numbers starting with 18 to MIT!
They were testing this stuff earlier this year at several tech expos. I received a card worth (I think) worth $50 for sitting there and answering a few questions. They could have just as easily emailed me the numbers and said here ya go, use it online instead of giving me a piece of plastic that was worthless after just one usage.
:-)
Hmm...looking through my wallet I still got it...I probably still have a dollar or two on this card if anyone wants it
3790 112994 91001
good 02/00 thru 11/01
Blah...to be honest, I really wish I had more of these things. Much easier than carrying cash, and I don't have to worry thieves getting access to my Debit Card (long since gave up the credit thing...) and depleting my account and waiting the 8 months for my lousy bank to redebit the 2 grand the fuckers stole and charged up 4 days after reporting it stolen.
grumble grumble...
clif
What Do the Numbers on My Credit Card Mean?
Although phone, gas and department stores have their own numbering systems, ANSI Standard X4.13-1983 is the system used by most national credit card systems. Here are what some of the numbers mean:
________________
They're - They are
Their - Belonging to them
I don't want free as in beer. I just want free beer.
What is this guy talking about? Offshore accounts are legal.. if used for legal purposes.
But anonymous and undeclared accounts are NOT legal. Also, any financial transaction over a certain threshold is illegal for a US citizen, period, unless the appropriate form is submitted to government by the financial institution. It seems to me that this technology can be very easily applied by anyone who gets a merchant account to achieve near-complete financial impenetrability for money transfers, aka "laundering".
And its not like these credit cards are going to be regulated any different then normal credit card
In theory no. But in reality, I believe that the technology as described allows for very easily circumvention of existing financial regulations.