To Pay With Your Credit Card, Please Speak Up

prostoalex writes "It's reasonable easy for a thief to steal the social security number and bank account information (which is printed on a check) as well as an address. The next generation of financial tools are fighting this problem. Business Week talks about voice verification in future debit and credit cards. "Here's how it works: A special sensor on the credit card stores its owner's previously recorded voiceprint in digital form. When the owner receives a new card, he or she speaks a password into the sensor on the card. If the voiceprint matches, the card is activated.""

so..

[Turn-X+Alphonse]

So you speak to activate it.. and if you get a cold or have an accident and can't talk?

Re:so..

you would activate it the same way as you would have before anyone offered a form of voice activation?

Re:so..

[climbon321]

That is what I have always wondered about voice recognition for security. I could see it being much more of a problem if you needed to speak every time you wanted to make a purchace, but if you get a cold you can just wait a day or two, and I'm sure they can handle the small percentage of the population that is mute in a different manner.

Re:so..

[saned]

Forget about being unable to speak...! If this speech recognition is as good as any of my cell phones' then you'll keep repeating 4, 5 or more times, until this chip recognizes your voice, or worst case, blocks itself until the next day for security purposes...

YMMV
-P@

Re:so..

[rokzy]

now I only read the summary, but it seems you didn't bother even doing that. it talks about ACTIVATING your card (i.e. once), not using it 24-7.

maybe you jusk freaked out because you're one of those 'tards who insists on using a card for every single purchase and worried you'd have to interupt your worthless mobile phone conversation to pay for your 35p packet of low-fat crisps.

Re:so..

[DevNull+Ogre]

The need for a side channel to serve the voice challenged population presents a (possibly huge) problem. If somebody who legitimately cannot speak can activate a credit card without speaking, then so can the bad guys. That side channel will also need to be secure.

Could it be done properly (so that the bad guys can't get around the system)? Probably. Will it? Probably not. And, like so much so-called security, we'll end up inconvenienced in exchange for little or no benefit.

Not that it should need saying, but security systems such as this will need to cater to everybody, not just those of us with voices.

Re:so..

[r_jensen11]

...or get hit in the Jewels. I don't really know many people that would be able to speak properly after that for a long time....

Re:so..

[rokzy]

read the first sentence of the summary.

THAT's why.

Re:so..

[zoloto]

My voice is my passport *cough*, verify me. *click-click... BAM!*

Re:so..

[antdude]

Or worse, speech (and hearing) impediments like mine. :(

Re:so..

[Dun+Malg]

Why would they even post this story if it was only about activating your card?

From the damn /. blurb: "When the owner receives a new card, he or she speaks a password into the sensor on the card. If the voiceprint matches, the card is activated."" Why? To prevent identity theft, rather than pickpocketing. A lost or stolen card can be deactivated with one phone call. Someone getting a card in your name and having it sento to their PO box isn't going to ring any bells till after they've run up a few thousand dollars in charges.

Did you mention 'tards'?

Yes, 'tard.

Re:so..

I guess Brundlefly will just have to use cash...

Re:so..

[cly]

So you need hands to type ... what if you had an accident?

You use something else, or get someone to help.

Not a reason to get rid of keyboards.

Re:so..

What about the Mimes. Someone please think about the Mimes!!

Re:so..

Then the identiry theif who has your card will pretend to have a cold, and use that way, too.

It is useless to ad a "more secure" way of authenticating people when the older, less secure way is still in use.

Like when MS send LANMan hashes along with the more secure NT hashes. (Someone correct me/fill in the details, please. Long day. Too tired.)

Re:so..

THANK Y0U F0R THE W0NDERFUL M0D, THAT PR0VES THAT I MUST BE RIGHT!

Re:so..

[willpall]

So you speak to activate it.. and if you get a cold or have an accident and can't talk?

In the first instance, you wait until you're over your cold, then activate the credit card. A little hassle, but what are the chances of this occuring? Not only do you have to have a cold when the card arrives, but that cold has to be bad enough to very significantly alter your voice.

If you've had the type of accident where you cannot speak, then you have bigger things to worry about than activating your friggin' credit card.

A good way to get around the above two possible inconveniences is to use a noise other than your voice to make the audible signature. Maybe the sound of you knocking on the desk or better yet, the DTMF tones of your favorite password.

Re:so..

[Aeiri]

The need for a side channel to serve the voice challenged population presents a (possibly huge) problem. If somebody who legitimately cannot speak can activate a credit card without speaking, then so can the bad guys. That side channel will also need to be secure.

MAYBE this is stupid question, but isn't that the way it is now?

Just continue on doing what you are doing, shredding documents with sensitive information. Dumpster diving wouldn't be as prominent if everyone had a voice recognition credit card.

Re:so..

[tonsofpcs]

No, it cannot be done. Any security that can be made can be broken.

Re:so..

Well voices are composed of very complex sounds, with some of the most characteristic coming from the vocal chords. I'd have to imagine that as long as you have your vocal chords and can pass air over them, you're good to go.

Re:so..

[Meagermanx]

Stephen Hawking.

Nuff said.

Re:so..

There is no benefit to this. Voice recognition technology as authentication simply does not work. It was a fun novelty when it first debuted 5 years ago. But it doesn't work. Delaying and preventing purchases while making the transaction no more secure than the written signature is not something which can be accepted.

Re:so..

[Meagermanx]

No, that definitely means they can't get their own cars and drive around...

Re:so..

[Stephen+Samuel]

but if you get a cold you can just wait a day or two,

And if you want to buy a cold remedy? ... and you're out of town? .... Trying to check into a hotel after your 'code' bloomed on your 12hour flight?

I know one person who was in town for a weekend course. One side effect of the course was that, by Sunday afternoon, he had shed so much stress that his (voice activated) cell phone no longer recognized his commands. If that had been a credit card, he might not have been able to pay his way home. As it was, he was simply reduced to punching buttons to dial his friends and family.

Re:so..

[poopdeville]

He could have one too. Only my Speak'n'Say would trivially break this.

Re:so..

..but that is not the point. The point is to make it as hard as possible to breach the security af the credit card. The guy who said something about mute people.. well let this security be an option, then it is only mute people who will be easy to rob (who cares about their say anyway)

Re:so..

What are the chances that you'll actually have a cold or an accident on the same day you receive a new card? I can't see how this would be a huge concern. The risk that a few people might be inconvenienced now and then seems to be outweighed by the added security that this technology offers.

Re:so..

[PacketScan]

no talkie no laundry

Re:so..

[Eloking]

Seriously, that thing is scaring me. I mean, we can't be sure that I'll be 100% effective, wich mean that sometime it'll simply "not" work. I personally had my own "bad" experience in voice recognition in some FPS game ; "some shooting" Oh DAMN no more bullets, switch weapon!! huh? switch! switch!! SWITCH!!!!!!!! (to be continued) Am I'm not the sort of guy that lose temper easilly. I tell you, I saw some yelling house coming and the market are lousy enough already. And what'll happen for the people that cannot talk, we'll have guide dog for mute people now?

Re:so..

[jcuffe]

What the hell was he like before? For it to make that much of a difference, I'm picturing someone who's one meeting short of an aneurysm.

Re:so..

[cayenne8]

"maybe you jusk freaked out because you're one of those 'tards who insists on using a card for every single purchase"

Why do you call people who use credit cards for everything retards?

I pretty much use mine for everything (amex mostly)...I just feel more comfortable doing that than carrying around large sums of cash. And, usually, it seesm with me, if I've got cash in my pocket...I'm more apt to spend it.

Also, it is just convenient....I don't have to worry about making a trip to find one of my banks money machines (I can't stand paying ATM fees going to other banks' ATM's)...payments to me are direct deposit....so, I rarely need to go to a bank branch.

And I pay it off every month...just like cash...just without the hassle...

Re:so..

Better hope Rich Little doesn't steal your credit card.

Re:so..

[rokzy]

because I've worked on checkouts and I know what they're often like.

like the 'tard girl I served once who was buying two apples and wanted to pay with two separate card transactions because one was for a friend and she couldn't work out how much her friend would owe her otherwise.

in my experience, anyone paying for a transaction of less than 1 pound with a card is doing so because they're too retarded to be allowed to carry coins (probably for fear of eating them). YMMV.

Re:so..

[cayenne8]

Well, I'm just uncomforatable carrying around large sums of cash. You flash a roll of $$'s, and you are making yourself a target for a mugging...or worse. Although I really have given thought to using cash more often....for an anonymity (sp?)....I still worry about letting people know I've got lots of cash on me at any given time.

I mean, for example, here in New Orleans/Metairie, they've had people waiting in store parking lots, looking for elderly women wearing expensive jewelry, and following them home and mugging, and at times killing them...due to them thinking they had money at home, and they knew they had jewelry. The police here are warning women NOT to wear jewelry. I'd think flashing a roll of cash would present the same type danger....

Re:so..

[Stephen+Samuel]

No.. Not so freaky.. but a little bit more stressed than many people. People exhibit stress in different ways. In his case, it affected his voice. I've seen the Landmark Forum affect people physically in many ways. Usually if there's a noticable physical response, it's in a person's face, but I know at least one person who just quietly stopped having ulcers (it was a while before she realized it).

Re:so..

[jcuffe]

I think I could benefit from something like that.

Re:so..

[Stephen+Samuel]

The company's called Landmark Education. I think they have courses in most regions (if not most major cities).

Re:so..

[LurkerXXX]

Don't flash a roll of cash. Pull out individual bills from a wallet. Unless someone is standing over your shoulder, they can't tell if you have one or twenty bills left in your wallet.

Re:so..

[x_terminat_or_3]

Watch out for Landmark.

It is considered a secte in many countries.

Re:so..

[Stephen+Samuel]

It's a company, not a religion....

In other news: Voice file thefts on the rise...

Where are all those Bill Gate sound files when I need them? :-)

Re:In other news: Voice file thefts on the rise...

At the tone, please repeat the following phrase:

"a cancer that devours intellectual property"

Re:In other news: Voice file thefts on the rise...

Hrmm... I'm missing those files since when I changed my voice passphrase to "format c".

I personally think this is their best idea so far.

[peculiarmethod]

I somehow get the feeling that wives, girlfriends, and daughters the world over will not like this one bit.

oh good! Cause that *CANT* be beaten

[np_bernstein]

where did I put that tape recorder again?

Re:oh good! Cause that *CANT* be beaten

[aussie_a]

Checkout Chick: Why are you using a tape-recorder to say your password?
Thief: Errr.... I have a cold. Yeah, that's it. A cold.

Re:oh good! Cause that *CANT* be beaten

[JanneM]

Checkout Chick: Why are you using a tape-recorder to say your password?
Thief: Errr.... I have a cold. Yeah, that's it. A cold.

Checkout Chick: Ok, like it's my problem or anything anyhow. Please enjoy all your new, easily resold wide-screen tv's.

Re:oh good! Cause that *CANT* be beaten

[Ogerman]

I have but one comment:

Hello.. my.. name.. is.. Werner Brandes.. my.. voice.. is.. my.. passport.. verify.. me?

Re:oh good! Cause that *CANT* be beaten

Please enjoy all your new, easily resold wide-screen tv's.

The tv's what? Box? Instruction manual? Remote control?

Re:oh good! Cause that *CANT* be beaten

[identity0]

Or another scene from Sneakers:

"Damnit, the machine isn't accepting my card. What do I do?"
(pause on phone)
"Are you sure? Okay."

*Kicks down card reader*

"It worked!"

Re:oh good! Cause that *CANT* be beaten

[0x000000]

In the closet, behind the dead body of that old granny you killed when you needed cash for new computer parts!

Re:oh good! Cause that *CANT* be beaten

[Lord_Dweomer]

Mugger: Say your password in to the mic or I'll kill you.

Re:oh good! Cause that *CANT* be beaten

Well actually it was a keypad locked door, but we won't split hairs.

Re:oh good! Cause that *CANT* be beaten

LIZ
Oh, no, not at all, it's lovely. And, um,
there's this one word... I've always loved
the sound of this word...

BRANDES
Well?

LIZ
Oh, no! Oh, no, you wouldn't... no...

BRANDES
No, I would, what?

LIZ
Never mind, no.

BRANDES
No, what? Please. What?

LIZ
I would really... like to hear you say the
word... "passport"...

Re:oh good! Cause that *CANT* be beaten

What is that FROM other than Sneakers? I'm positive I've heard it before in a movie and I've never seen Sneakers.

Cracked in 4 seconds

Step 1:
Build card reader for voice print
Step 2:
Download voice print to your MP3 player
Step 3:
PROFIT!

Re:Cracked in 4 seconds

[GrassMunk]

even better Step 1) Order credit card from a NEW cc company instead of the original issuer. Create new voice print in the seperate CC's co. computer. Done and done.

yeah

[indiefusion]

It's great until someone hears you speak the password, and they say it a thousand times until the card screws up and thinks it's right.

Credit Card pranking is over then?

[saskboy]

Zug.com has a funny prank, that was listed on /. the other month, about someone signing his credit card receipts with phony names or pictures.

I tried it, it's no problem, just sign all of your bills "It's Me", no one cares.

Re:Credit Card pranking is over then?

Actually, some of my friends and I decided to go out of town and shoot guns the other day (why yes, we ARE americans!), and we ended up stopping at a small rural store to buy ammo for my friend's rifle. I decided since we were already there, I'd get a 6-pack of mountain dew. Well, apparently the concept of Visa cards is somewhat unique way out there. They had a *5 dollar* minimum purchase, which is almost unheard of here, so I went back and got a 12-pack AND bought my friend a 2 liter pepsi. Clever...now I was paying $7....

Anyway, the clerk freaked out when she saw my card, insisting it wasn't signed. That's crap, of course, but it has worn off a bit. So I suggested she hand the card back to me so I could sign it. This makes sense, right? It's my card, I have a right to sign the stupid thing.

She started screaming at me, yelling that this was about her "safeguarding ME!"

Oh, yes? Which me was that? Was she protecting the innocent customer by making my life hard? Or protecting me, a "credit card thief"?

But noooo, this lady was convinced I was commiting some kind of crime. I ended up just showing ID, but not before I let her (and everyone else in the store) know how incredibly stupid it was.

The worst part of it is, illogical nutcases like her are maybe 1% of the population. I *never* need to show ID or sign for things in the city. I just slide my card and leave.

So 99% of the time my money is not safe at all, and the other 1% I'm just being inconvienced by a broken system that confuses people in downtown Hicksville.

Re:Credit Card pranking is over then?

[Lapsed+Catholic]

The link you posted is part II of that "series". It's an escalation of an earlier series of credit card pranks. I don't know if it was featured here or not.

Slightly OT, but the best prank on that site is the p-p-p-powerbook!

Re:Credit Card pranking is over then?

Dudes, I hate to burst your bubble, but this ain't new. Back in the early 70's, when I had a college job in the accounting office at a May Company store (remember them), a day NEVER went by where I saw at least one check signed with a cartoon character name. We just passed them on to the bank and lo and behold, the bank paid the checks.

You're right, no one cares.

Re:Credit Card pranking is over then?

[boomka]

I read the powerbook prank story.
What I find disturbing is the outcome of the prank.
Scammer sending him virus and DoS-ing his website is alright, but then in a short while Jeff himself disappears completely, noone can find him, his email and websites all go down, what the hell?

I mean we all know that playing with scammers might get dangerous, so why don't the guys who do this check up on each other to make sure they are fine? I mean, from the way it looks it might be that scammer arranged for Jeff to be killed or something.

Re:Credit Card pranking is over then?

That part about him disappearing concerned me too, but I find it unlikely they had the resources to hire his death. It's more likely he just realized after the DoSing that he should lay low, and not be seen online or actually face a hit man.

Re:Credit Card pranking is over then?

"That's crap, of course, but it has worn off a bit. So I suggested she hand the card back to me so I could sign it. This makes sense, right? It's my card, I have a right to sign the stupid thing."

If she can't see the original signature, how does she know it's your card? Of course a smart thief would sign the cardholders name with their own handwriting before going into the store, but her logic was correct.

"She started screaming at me, yelling that this was about her "safeguarding ME!""

By not serving someone with a potentially stolen credit card she has potentially prevented a cc thief from withdrawing money from the legitimate cc holders account. She could not verify you were the legitimate cc owner.

It sounds like a very frustrating scenario, but ultimately her logic makes sense.

Re:Credit Card pranking is over then?

It sounds like a very frustrating scenario, but ultimately her logic makes sense.

No it doesn't. And it wasn't frusterating, it was just annoying. Here are the problems:

1) They aren't willing to accept a small transaction fee, so I had to spend much more than I had originally intended to.

2) My signature is clearly visible. The woman was either a fricking idiot or totally blind.

3) It is *my* card. I have every right to sign my own card. If the policy is to accept cards without ID, than my signed card is definitely valid and legit on every level.

and most importantly, 4) I was never "safeguarded" on any level. Any bozo can use my card anywhere once they steal it. Throwing a fit doesn't help anyone. And yelling at a customer is unacceptable. If I hadn't been with friends, I would have showed her my ID and left without buying. When I'm paying money, I want to be treated as a customer, not a thief.

No offense, but I think you are part of the annoying 1% I mentioned.

Re:Credit Card pranking is over then?

I'm not part of the 1% (I agree that "99% of the time my money is not safe at all, and the other 1% I'm just being inconvienced by a broken system"), but if she couldn't see the signature her actions made sense.

Got to be better than the system here

[Realistic_Dragon]

...where you type your PIN into a small box attached to the cash register.

Because, as we all know, typing your PIN into someone elses computer system is by far the best way to keep it confidential.

ATMs are at least owned by the bank and significantly harder to tamper with in a non-obvious way.

Re:Got to be better than the system here

[r_jensen11]

ATMs are at least owned by the bank and significantly harder to tamper with in a non-obvious way. Sorry to damage your sense of security, but at the bank I work at, we don't actually own the ATM outside. Sure, it has our name on it, but we contract the ATM out to another company. So we actually don't have access to the ATM, only the ATM company does, not the bank. Sorry mate

Re:Got to be better than the system here

[MartinB]

In most smaller retailers, the terminals (including the keypads) are provided by the banks' merchant services division.

For the rest, they have to be certified equipment, from authorised suppliers, and be tested on site and approved before rollout by your merchant services provider. Aquirer Acceptance Testing is by no means a walk in the path - it's a rigorous process.

If you have unapproved equipment, then you don't escape the liability shift, and are now liable (in the UK anyway - different countries in Europe have different timetables for this) for every credit card fraud on your premises. Have a nice day.

IIRC, merchant services providers do ongoing testing/verification. I wouldn't like to be you if you're found to have tampered with equipment.

Re:Got to be better than the system here

If you're that paranoid, pay with cash. Seriously, credit cards are made for people who have a healthy sense of perspective and understand the balance between risk and comfort. Obviously, they're not made for you.

Re:Got to be better than the system here

[Lenolium]

I have written software for the credit card terminals.

The pin pad is the only device in that chain that is secured at all. The pin pad is tested, and has to meet very, very tough standards. Your pin is not stored on the device, and the credit card terminal cannot get the actual pin number from the pin pad. All that comes from the pin pad is a big pile of "garbage" that is some sequentially ordered 3DES encrypted data that at one time resembled your PIN number. This block of encrypted data cannot be retransmitted, and if it is, it will be denied.

During our testing phase with the terminal (not the PIN pad, we just bought those from someone else), the other programmer that was working on the code messed up some offsets and was not giving the correct PIN data to the test site. This got right past the testing, because even the merchant services test system cannot decrypt the data that comes out of the PIN pads. The rest of your data (including the entire contents of your magnetic strip, which in no way shape or form contain your pin number), is just sent across the wire in plaintext via 2400 bps modems. There was also no security testing of our terminal at all, and there is not even a requirement that credit card numbers aren't stored.

So, the moral of this story is this: If there is one thing to trust in the whole credit card processing world, it is this: Your PIN is the most secure part, unless the PIN pad has been tampered with (aka, has a new set of buttons over the old set of buttons, or a camera to capture your finger movements, because opening up a PIN pad will destroy the key stored on the pad, and will render it useless) that part is secure.

Re:Got to be better than the system here

[Cthefuture]

There are also smartcards that let you enter the PIN directly on the card itself. Everything is internal, the CPU on the card does all the work. All it needs is a power source.

Re:Got to be better than the system here

[Blastercorps]

This assumes that the merchant USES those fancy secure boxes. Any business could buy/make pads that record PINs and I'll bet no customer would ever even check.

Re:Got to be better than the system here

[adolf]

So. The card number is always plaintext? What about for debit card transactions, when my ATM card acts like it is a Visa?

Because, I mean, I realize that an ATM-only card is useless without a PIN, but a Visa is very useful with only the card number, expiration date, and cardholder name (all of which are in the magstripe).

Please tell me that credit card transactions are handled differently from ATM transactions, that at least some of the information is encrypted somehow.

Thank you.

Re:Got to be better than the system here

[Lenolium]

(Sorry for the late reply, hopefully you will get this)

Well, the fancy/secure boxes are what are REQUIRED in order to process debit cards. In order to verify your pin, you have to send that exact block of 3DES encrypted pin data along with the rest of the debit card information. The pin is encrypted at the pin-pad level, and has an encryption key stored on it by the same people that keep the internal credit/debit-card network of banks secure. If your pin pad isn't certified by them, they won't put their key on your pad, and your pad will be totally useless.

I hope that this clears that up for you.

Re:Got to be better than the system here

[Lenolium]

Nope, no encryption other than your PIN.

Everything, including your card number, expiration date, and cardholder name are sent in both deliminated formats, and in the raw data from the magstripe, are sent in plain text over the modem connection to the merchant banking datacenter. But that's not what I would be worrying about if I were you, because the store also prints out that information on a reciept that they store in their cash regisiter, and some clerk could just take that little slip of paper home with him and noone would be the wiser, and that my friend, is probably the weakest link in the chain.

They are also experimenting with TCP/IP data over the internet, but I never got any specs for that, so I can't tell you how secure that is.

Re:I personally think this is their best idea so f

[eexlebots]

Or pubescent boys with unmonitored internet connections, heh.

Sneakers, anyone?

[Filberts]

"My name is Werner Brandis. My voice is my (credit card) passport. Verify me."

Enter Ben Kingsley, Robert Redford, stage left.

Re:Sneakers, anyone?

[OmgTEHMATRICKS]

Damnit! you beat me!

Re:Sneakers, anyone?

Heh heh, Uplink...

Re:Sneakers, anyone?

[Filberts]

Yeah, "luckily" I got to the cliche about 75 seconds before another 15 people posted variations on the same damn quote. I give you credit for not feeling obligated to repeat it. Thanks.

Re:Sneakers, anyone?

[OmgTEHMATRICKS]

You're welcome :)

Re:Sneakers, anyone?

[Filberts]

Unbelievable. I posted this *before* all the other similar comments, and then get modded down for being redundant. I don't know why I ever post a comment.

Re:Sneakers, anyone?

Quit whining, the political infighting on slashdot is no worse than the Vatican's.

Why does a SSN need to be attached?

[rattler14]

No really, I'm am really curious. I admit, I wear a tin-foiled hat with pride, but I've recieved some pretty BS responses from banks when asked this question.

The worst response? "You need it on your account for your protection". Oh really? Until, I don't know, 1 of the 100 forms my SSN is one gets scanned and posted somewhere on the internet.

And for those that think it can't happen, some dipshit made a family tree of all of my family across the country and posted it on the internet... 1 out of 10 (out of ~600 people... this tree goes back pretty far) has a SSN posted and it's now in google's cache.

So I ask again... why is a SSN required for a bank account? What about those people withouth SSNs?

Re:Why does a SSN need to be attached?

[gellenburg]

As someone who's heavily into Ellenburg Genealogy, I also post SSNs.

Of the dead.

Of course, it's not like the information isn't publicly available from the Social Security DEATH Index.

Odds are... this is what that other guy is doing, too.

I figure, if someone wants to use my dead mom's SSN let 'em. This is going to affect me HOW?

Now, with regards to the SSNs of any of my living relatives that's a different story. It's not like I go asking my brothers all the time, "Hey! What's your SSN?"

Re:Why does a SSN need to be attached?

[anthony_dipierro]

So I ask again... why is a SSN required for a bank account?

If the bank pays you interest, then this is needed so that you can be sent a 1099-INT. But the real reason is usually so that they can check your credit. Almost all banks who give you a checking account, for instance, use the Chex system. Obviously just about any credit card company is going to check your credit.

What about those people withouth SSNs?

They're going to have a tough time getting a bank account. Maybe you could get a savings account, with either no interest or with backup withholding, and with no ATM card, but anything other than that is probably impossible to get unless you're rich.

Re:Why does a SSN need to be attached?

I once knew a guy who lost his credit after an exterminator stumbled onto his dead wifes Social Security Card and drivers license. He started receiving bills in her name almost 10 years after her death. Even the SSNs of dead people are vulnerable to identity fraud.

Re:Why does a SSN need to be attached?

[corngrower]

Basically so big brother can watch for illegal activities, like money laundering. Large transactions throw up a red flag to government officials. I believe banks are required to report these to the government. I'm not sure what the trigger amount is.

Re:Why does a SSN need to be attached?

[RealAlaskan]

Large transactions throw up a red flag to government officials. I believe banks are required to report these to the government. I'm not sure what the trigger amount is.

$10,000, OR a series of smaller transactions which a bank thinks a regulator MIGHT think could eventually add up to $10,000. In other words, any two transactions that make the teller think: ``Ooh, that's a lot of cash.''

Re:Why does a SSN need to be attached?

[DraKKon]

It's for when you get overdrawn by a few hundred and skip town. That SSN now has a black mark on it. But if you are a smart criminal, you use someone elses ssn to get the account and so on.

So in all fairness.. this only hurts the honest people. So yea, banks don't need a SSN.

Re:Why does a SSN need to be attached?

What about those people withouth SSNs?

They get what's called a "Tax ID" which is similar.

Re:Why does a SSN need to be attached?

[keep-the-sci-in-scif]

Well, it's required by law; specifically it's a provison in the USA PATRIOT Act. Any financial institution doing business in the United States is required to collect your SSN if you are a US Citizen (living in the US or abroad). Your SSN is bounced against fincen.gov and can be placed by the bank into the SAR (Suspicious Activity Report) http://www.fincen.gov/reg_sar.html This was all created because of the terroist bull3hit but now it's used for any 'suspicious' activity. And, just like those people who can't fly anymore without a cavity search due to their name matching a 'person of interest', this can really screw your finances up...

Re:Why does a SSN need to be attached?

The real question is, why is the SSN such an important part of ID theft? The Social Security Number is to keep track of your income and taxes so that (a) the IRS feels good that you're paying all your taxes, and (b) when you retire, they know how much to pay you back, or so the theory goes.

If someone gets a hold of your SSN, the wrost that should happen is that the IRS demands that you pay taxes on income you never made. OK the IRS is scary and all, but this whole bullshit about people stealing your SSN and then buying stuff under your name totally stinks. It sounds like some credit institutions are using the SSN as your password, and that's just plain stupid.

You should be able to publish your phone number, your SSN, and even your DL number without fear of getting your ID stolen.

Re:Why does a SSN need to be attached?

[hobbesmaster]

Really? I'd expect that transactions of that size would not be that uncommon - for example when you purchase a house. If "the government" really is reported all this information than I'd imagine that it wouldn't be of much use simply due to the massive volume.

Re:Why does a SSN need to be attached?

People already listed the major reasons:

1) Interest bearing accounts need to be reportable to the IRS. So your SSN (also referred to as your Tax ID Number) is required by law.

2) They need to do background checks on you if you want to open a checking account. This is the same reason your landlord needs your SSN before you sign a lease - to protect him/her self...not you at all.

Many financial institutions also like to "cross sell" other pre-qualifed offerings, such as Auto loans, HELOCs, credit cards, etc. And in order to pre-qualify you for other offerings, they need an SSN to once again, do background checks on you.

Lastly, at minimum, they're now required by law to check your identity when opening ANY account I believe. This is sometimes called an "OFAC" check, to basically see if you're a terrorist or not.

Re:Why does a SSN need to be attached?

When you buy a house, there is already a government investigation process to determine if you are a terrorist or other unsavory character.

I'm sure they'd put it in different words, but I know the process exists.

Here's a clicky link:

The 'Patriot' Search

Re:Why does a SSN need to be attached?

[dqbiggerfam]

After they get the report, they probably don't look at the person that just put a large deposit down on a house, but at he person taht does it regularly.

Re:Why does a SSN need to be attached?

[Capt+James+McCarthy]

You earn interest on accounts. That's taxable income which is tied to your SSN. You earn income of any type you are supposed to pay for the social programs the US offers, thus -> Social Security Number. It's all about tracking the taxes. It's just that the SSN has become a 'all in one' tracking/verifiation mechanism for which it was never orginally intended.

Re:Why does a SSN need to be attached?

[Politburo]

That doesn't make sense. Credit is determined on an individual basis only. You don't have a joint credit rating if you are married. If he was receiving bills in her name, they could only put negative marks on her credit report, not his. Something's not right in your story.

Re:Why does a SSN need to be attached?

[srleffler]

Actually the 'tax ID number' (TIN) is something slightly different. People who are not eligible to get a SSN but who are subject to U.S. tax are issued a TIN. The most common example would be foreign citizens who are not authorized to work in the U.S. but who have investments in the U.S. and pay U.S. income tax on those investments.

Re:Why does a SSN need to be attached?

You can blame the Patriot Act for this if you want but I can vouch that banks have been required to report suspicious activity since at least the late 1980's. I used to work in a bank and I had to file these reports.

Re:Why does a SSN need to be attached?

[timmyf2371]

I don't know how it works in your country, however in the UK if two individuals are financially linked, which marriage does to two people on a legal basis, then this is also taken into account in a credit report as it quite rightly should do.

even lower tech

[mbkennel]

Step 1: steal identity and get credit card mailed to oneself, shameless thief.

Step 2: record your voice onto some shmoe's card.

Step 3: PROFIT!

Re:even lower tech

steal identity and get credit card mailed to oneself, shameless thief.

That's just the thing a stupid thief would do. Oops, you've just given the cops your address.

C'mon, any smart thief knows to send the credit card to the address of the victim, and just steal it from his mailbox.

Re:even lower tech

[russint]

Step 1: Steal credit card and get a fake id
Step 2: Go to store, point at throat, wave the fake id
Step 3: w0000t new stuff!

Re:even lower tech

speak on phone and get your voice print tracked and fbi knock on door soon after card stops working.....

Heh...

[Eythian]

"My voice is my credit card. Pay for me"

Re:Heh...

[Caspian]

What is the quote "My voice is my password. Verify me." (or "Authenticate me" or whatever...) a reference to?

Re:Heh...

[mrzaph0d]

Werner Brandes -

http://imdb.com/title/tt0105435/

My voice is my password

Verify me.

And in other news...

Cough syrup sales have plummeted into oblivion.

Seriously what the fuck? Haven't these guys ever heard about fingerprints? Or maybe just NOT printing so much sensitive information on checks in the first place?

Puberty

[edtstu]

Any kids who were given a credit card by their parents at the age of 13 or 14 are screwed once they hit puberty at 15 and 16. They will have to have loose recognition to compensate for their rapid voice fluctuations.

Re:Puberty

[datafr0g]

13 or year olds with Credit Cards?!
Aren't CC holders supposed to be 18 years or older?

Re:Puberty

[edtstu]

Many credit card companies have programs where the parents can open a line of credit for one or more of their children. In effect they put their name on the line for their children.

Re:Puberty

[Haydn+Fenton]

I thought (in the UK anyway), you can get debit cards at 16+, (might be younger, I got mine at 16 but I'm sure I remember friends having them) and credit cards at 18+. The difference being debit cards have stricter limits on how much can be spent\withdrawn in one day, and most have no overdraft, whereas credit cards tend to be much more loose.

Re:Puberty

[schleyfox]

been through puberty recently? voice changes usually occur by age 14 or so, although there are some late bloomers. Also the majority of the hormonal imbalances happen around the 12 or 13 year mark and things begin to stabilize a bit more around 15 or 16, just begins though. also I fail to see how the female kids would be screwed by this. It seems to target young males more.

Re:Puberty

[edtstu]

It was a joke. Your overanalysis killed it.

Re:Puberty

[Anubis350]

actually, the difference between credit and debit is far more significant than what you mentioned, and therefore I'm guessing you've never had a debit card.

debit cards are tied to your checking account and make a direct withdrawal from the account when used, there is no line of credit involved (though sometimes you can use a debit card as a credit card). The limit on the card is a combination of a limit you set up with the bank, the banks overdraw rules, and the amount of money in your checking account.

A credit card uses a line of credit, depending on the type either limited by your credit history, assets, or a combination of the two. You then have to pay back the amount spent, either in interest inflated payments or in a quik lump sum to avoid the interest.

Re:Puberty

[Haydn+Fenton]

Ah, I understand now, and the stuff about CC's seems to make sense when combined with what I already knew about them.
Btw, I've never had a credit card, had my debit card for yrs though :p.

Re:Puberty

[GWTPict]

Nah, it was DOA.

Hello? Hello?

I am the cardowner.
My voice is my passport.
Verify me.

HAL would say...

I'm sorry Dave, but you can't afford that $600 video card...

so record it...

[diegocgteleline.es]

Record the voice, learn to imitate the voice of somebody? Damn, I'm going to start trying to mimc the voice of Bill Gates

And what will happen when you're cold and your voice is not the same? In fact, teenagers would not be able to use it from one year to another :P

Re:so record it...

[zoloto]

teenagers shouldn't have credit cards. fucking monsters.

too lazy to RTFA so someone explain...

[reiggin]

what are the mutes to do?

Re:too lazy to RTFA so someone explain...

Play midi files?

Re:too lazy to RTFA so someone explain...

[aussie_a]

OMG, what do blind people do with having to sign their name?

Re:too lazy to RTFA so someone explain...

[JanneM]

OMG, what do blind people do with having to sign their name?

They have a problem with their eyes, not their hands. They sign their name.

Re:too lazy to RTFA so someone explain...

They're going to be pretty pissed once they find out Stephen Hawking charged $5000 on their card for some new spinners on his wheelchair.

Re:too lazy to RTFA so someone explain...

They would need the optical sign language scanner option. DUH!

Password? Phrase would be better...

[pithraul]

...like "How much?!".

Re:Password? Phrase would be better...

[lottameez]

Then their would be all kinds of "designer phrases" - "Back off Jack!" or "You May Call Me The Smurf-King" or something equally ringer-tone intelligent

Gah

[Neil+Blender]

I'd rather those 'financial tools' be working on fingerprint or some other biometric authentication. I'd hate to have to talk to my card everytime I use it. Oh well, I use cash mostly anyway.

That's all fine and dandy, but...

[Bananatree3]

what happens if the card's battery runs out?

Re:That's all fine and dandy, but...

Take it to Radio Shack. The little ladies there can replace your battery in a flash. ...Oh, wait, "flash". Does the card have a flash memory that would not require a "battery"?

I would be real impressed...

[Lead+Butthead]

Considering that voice recognization is still rather unreliable (particularly when people get excited and such) I would think it's a bad idea until reliablity improves.

It would be rather sad trying to pay for caugh drops with ATM/CC but unable to do so because the sore throat is causing your voice print to shift.

SSN on check?

[SunFan]

I sincerly hope you don't have your SSN on your checks! All I have is my name and home address--if someone needs to complain, write me a letter.

Re:SSN on check?

[corngrower]

Exactly. Having your SSN on your checks is a very, very bad idea. You're just asking for identity theft. If you're one of those few who've been foolish enough to do this, my advice is to get new checks without the SSN on them ASAP, and destroy your existing checks.

Re:SSN on check?

[JimBobJoe]

I had relatives in Virginia who used to have their SSNs on their checks. It wasn't until the mid 90s (as I recall) that Virginia allowed individuals to have their driver's licenses issued with an ID number that was different from their SSN. (Don't know why Virginia took forever, but someone needs to track down the moron legislator who made the SSN the license ID number and give them a sharp kick in the ass.)

At any rate, in order to facilitate check usage, they put their driver's license number right onto the check, hence it was the SSN.

I would be really surprised if they still had SSNs on their checks. In the defense of my aunt and uncle, they both spent many years in the US Armed Forces, where the SSN is thrown around and printed on documents very freely (and also quite stupidly...I think that's something being corrected...any military peeps out there who can confirm on this?) So they were accustomed to their SSN being overused.

Re:SSN on check?

[Eivind]

Actually that's not the moronic idea. The moronic idea is that assuming there is some sort of security in knowing someones SSN.

There's SSNs in Norway. There's nothing secret about them. Knowing one does *not* make it much easier to impersonate someone or otherwise misuse their identity. (neither does knowing the "mothers maiden name") by the way. My SSN is 230776-50712 and my mothers maiden name is Skogstad. Doesn't tell you anything, other than my date of birth (first 6 digits in SSN) and that I'm male (middle digit in the end of the SSN is odd)

Hello?

[alexburke]

"Hello, my name is Alexander Burke. My voice is my passport. Verify me."

Next stop: the Sony Store! :)

Does anybody remember LAUGHTER?

[Lapsed+Catholic]

There was a /. article a few years ago about a biometric password scheme that remembered how you laughed. It became a running joke at work, where we have someone with a very distinctive laugh. We figured a scheme like that would become annoying really fast.

Coworker A: huh huh huh... huh huh huh... it's not letting me in... huh huh huh... oh wait I think I changed it... huhhuhuhhuhuh huhhuhhuhuh... huhhuhuhhhuh... no, that doesn't work either huh huh huh...

Coworker B: Here, I'll log in for you. hahahahah!

Coworker A: Huh huh huh thanks!

Re:Does anybody remember LAUGHTER?

Looks like a Beavis and Butthead script to me.

Re:Does anybody remember LAUGHTER?

[dr_dank]

Allow me to make a minor adjustment

Coworker B: Here, I'll log in for you. hahahahah!

Coworker A: Huh huh huh, you said log.

Re:Does anybody remember LAUGHTER?

[way2trivial]

but then what happens if you lose your sense of humor?

we're doomed

[bogaboga]

For some of us, who live in romote America (USA), and still use old telephone lines, which are on many cases not as clear as the "standard", are doomed if we are to attempt transact business on the telephone. Imagine trying to identify yourself with that crackling sound in the background...What shall we do?

Working in the wrong direction

[theguywhosaid]

Rather than working to make it harder to use a stolen credit card, companies should work at making it easier to find somebody using a stolen credit card. Maybe start requesting that stores associate a purchase with a time and a checkout lane, which could lead to accessing security camera archives once a purchase is claimed fraudulent by the account holder. I am sure there are more possibilities.

Re:Working in the wrong direction

[Neil+Blender]

Rather than working to make it harder to use a stolen credit card, companies should work at making it easier to find somebody using a stolen credit card. Maybe start requesting that stores associate a purchase with a time and a checkout lane, which could lead to accessing security camera archives once a purchase is claimed fraudulent by the account holder. I am sure there are more possibilities.

Oh, man, I'd love to see a story about that posted on Slashdot. The comments. The comments! It would be hours of fun.

Re:Working in the wrong direction

[anthony_dipierro]

Maybe start requesting that stores associate a purchase with a time and a checkout lane, which could lead to accessing security camera archives once a purchase is claimed fraudulent by the account holder.

It's already in the store's best interest to do this. When a charge is disputed, the burden of proof is on the retailer to prove that the charge was not in fact fraudulent.

Re:Working in the wrong direction

[wombert]

Right. Because what the store and the defrauded buyer really want is to spend a few months figuring out who screwed with them and tracking them down.

Most folks would rather avoid the aggravation by preventing as much fraud as possible up front - rather than letting the fraud happen and then tracking the scattered scammers afterward.

Re:Working in the wrong direction

Oh yes! Big brother issues aside, I can just see how beneficial this system would be. I mean, we can just let the thieves loose, tape them, collect the evidence, track them down, arrest them, take them to court, and finally throw a portion of them in jail for a few months, let them loose again, ... That shouldn't tie up too many resources now, should it?

Re:Working in the wrong direction

[theguywhosaid]

1) joe sixpack and walmart dont find criminals, thats why there are police officers and FBI agents and whatnot.

2) every last measure like this will be thwarted. the best way to reduce fraud is to reduce the number of people committing fraud.

3) "most folks" do not want to do anything more than swipe their card and go. extra authentication does two things:

a) slow down checkout lines

b) create an artifical market for the authentication technology

Re:Working in the wrong direction

[griblik]

Ok, start the fun - they do this in england :)

My GF had a new card stolen from her mail, and only noticed 3 days later when her account was empty. The police went to the store where the largest purchase was made and caught the thieves from the CCTV footage.

I'm going with the 'public place, CCTV warnings all over, you should expect your privacy to be compromised, especially since you're on someone else's property' position.

Flame on :)

Slightly on-topic (sorry, I had to), some form of card initialisation would have prevented this happening. It was the fact that the card worked straight out of the envelope that allowed the scumbags to spend the money.

Re:Working in the wrong direction

The protection in place for new cards varies according to a risk/ hassle trade-off.

If you live in a really nice part of town, where mail theft is very rare, putting the card in an opaque envelope with the right name on it will almost certainly result in it being delivered. No extra security provisions are in place, and the bank covers you in the event of theft. You simply open the envelope & begin using the card.

OTOH as the area you live in worsens, or mail theft is noted as more common in your postal district, the bank will use more security measures. Perhaps the card will insist on being "authorised" by telephone, or will work only with a new PIN that travels separately. In nastier areas it may travel as "disguised mail", a packet without the bank's name on, that appears superficially to be a bill - the card is hidden in bulky paperwork. At the most extreme, if you quality for a good credit card but live in a really bad area they will replace your postal delivery with a secure courier, who will want to see proof of ID.

My card expired recently, I called the bank to find out why I didn't get a replacement and that's when they walked me through the options. "Sir, your card was sent two weeks ago. That card is probably just lost somewhere, and I'll invalidate it right now, but since you live in shared accomodation in the inner city, we'll be sending the replacement either by courier or as disguised mail..."

Why not SMS?

[md17]

I would prefer that the Visa or Mastercard system sends me a SMS that I reply to in order to authorize the payment.

Re:Why not SMS?

[01000011011101000111]

Problem there is that then when the theif steals your bag (with phone inside) he has *everything* he needs to run up a *HUGE* cc bill... Phones and banks shouldn't mix,

Re:Why not SMS?

[Pyr05x]

Me: Hi mobile phone shop, i'd like to buy this new mobile phone please, my old one is dead and no longer works.

Mobile Phone Shop Person: OK, Cash or Credit?

Me: Credit

Mobile Phone Shop Person: Sure, enter your card here. Now we'll just wait for VISA to SMS you for authorisation....

Me: errr.... *leaves*

Re:Why not SMS?

[varjag]

SMS delivery is not guarenteed service, albeit it can get pretty reliable in practice.

Overcomplicated solution to a simple problem

[zerofoo]

The credit card industry could eliminate 90% of the fraud that occurs simply by requiring a PIN number for every transaction. Bank cards have required this for years - so the infrastructure is already in place.

The bottom line is that credit card companies don't have any reason to change the status quo - the costs of fraud are usually pushed onto insurance companies and customers. The "bad-debt" numbers that credit card companies publish really do not hurt them as much as you think (until this week, bankruptcy hurt them worse than fraud).

-ted

Re:Overcomplicated solution to a simple problem

[Exousia]

But once you give someone your PIN on the phone, then your PIN is "in the wild" and subject to the security and honor of the seller. A more robust way to handle all of this is for card holders to have a way of assigning a unique one-time PIN (OTPIN) for each transaction, whether a check, credit card, or debit card. (For checks, you just write the OTPIN on the check.) The seller would not be able to debit the account without a valid OTPIN given to them by the buyer. Buyers would be able to go to a web site (among other methods) and create OTPINs on demand, which they could give sellers when needed. If someone tried to debit the account again with an OTPIN that's been used before, it would not be honored, and would send or post a notification to the buyer. Mistakes could be ironed out easily, and fraud would be detected easily.

Re:Overcomplicated solution to a simple problem

[zerofoo]

Not a bad idea, but probably still too complicated for "joe-sixpack".

A static PIN that is changeable via the web (when the user needs to) is probably good enough.

-ted

Global infrastructure problems

[Che+Guevarra]

I guess it just depends on your location and the available infrastructure for delivering verifiable voice communications. What happens when I'm vacationing in Figi and can't get my funds transfered because the bad connection is destroying the biometric signature of my voice?

Just dont try to get money....

[voudras]

when your sick.

Re:I personally think this is their best idea so f

Leave the daughters out of that. Mine has two degrees, a well paying job and does not need to "borrow" my credit cards.

All well and good but were analog creatures

To much inherent loss of quality in going from digital (the stored file in its perfection) to analog (us attempting to replicate what we said).... so how close would this really work what would the "margins" be?

Too bad if you have throat cancer

[ta+bu+shi+da+yu]

It's discrimination I tell ya!

Re:Too bad if you have throat cancer

I'm with you. Those damned insensitive clods!!

Re:I personally think this is their best idea so f

Plus she hooks on the side.

Paypal Authentication

[SuperSanta]

I hate to admit it - because, you know, all the fraudulent things that have happened to people with PayPal and eBay - but I have to say that PayPal is starting to do things well.

Require you to put in your work phone number and then an automated system phones it and asks you to authenticate what is onscreen by touchpad. Atleast with this method of authentication the hackers have to spoof more than one method of communication and would leave a rather sizeable paper trail of changing account data.

Not like reading the extra 3 digits off your card into a computer system so that someone else can steal those digits and reuse 'em.

This post started out with better ambitions. Stupid boob tube, oh how you distract me!

One problem

[Novacat19]

What if you go through puberty and your voice changes?

Disappointing

[The+Bungi]

I would have thought they'd go with the breath options, like Alien3. Pshhhtt into the sensor and in you go.

Of course there'd be a black market in little spray bottles with 100% CERTIFIED GENERIC SPIT THAT WORKS WITH ALL DECODERS!!1! Kinda like cable boxes.

And then there's the question of digitizing that, of course.

Pshhhht. Psshhhht...

I Want Biometric Choice!

[Doug+Dante]

I'd like to have a credit card that will only allow a single charge based on something that program into it.

For example, it has a module on which I've stored my thumbprint (the module will only verify my print. It won't give out the data). I strobe it and a unique credit card number appears which is only good for that transaction.

Or perhaps I can write my own custom module which requires me to tap out a randomly generated five character sequence that it displays in Morris code accurately in less than 10 seconds - with a lockdown mode if I fail.

Or perhaps it uses my voice and my spouse's voice.

I would just like a smart module on which I can run my own software that makes a "go" / "no go" decision to generate a mechanism to allow one and only one credit card charge.

And, American Express, if you're listening, I'm willing to pay for it.

Rich Little

[Evil+Butters]

I guess this could be good news for Rich Little!

You know what word I love?

Passport. (Sorry, couldn't resist.)

You are all missing the beauty of my plan

Once you have the voice print its in your computer.You simply get a reprogramable magnetic card, store the numbers for each card you "procure" along with the voice print in a data base. Then you return the card so as to make the consumer think he is safe. I hope you all can see where the rest of this goes. I'm not typing any more because they are watching me.

Re:I personally think this is their best idea so f

[chucks86]

Congratulations, you're the exception.

There's your problem:

[haggar]

Still using checks. I like you yankees, I really do (strange for an european these days), but I know that checks are a common way of payment in the US, and I honestly don't understand this. Checks are a horrible throwback from the past and should have never crossed the millennium time barrier.

I am sure there's a logical explanation why you're still doing this - I just don't really see it.

(the other thing I never figured out, is: the US dollar is the most forged currency in the world, and yet, it's also one of the easiest to forge, what with all the banknote denominations being of the same color etc.)

Re:There's your problem:

[Hal+The+Computer]

There's a reason the americans don't change their currency. It is the gold standard in underdeveloped countries. From dictators in Africa with safes full of hundred dollar bills to ordinary people in parts of latin america who want "dollars". If you changed it, how are you planning on telling the millions of people in the world with dollar bills from the past few decades. That's also why they're all the same boring colour.

Re:There's your problem:

[haggar]

I have heard this argument before, and I don't buy it: in every country where US dollars have a certain value, there is a bank that will replace the banknotes. Or at least, there is a neighboring country with such a bank. There must be, otherwise there is no way that the little green pieces of paper would have a certain value.

Therefore, replacing the bills with something more advanced and harder to forge, is possible albeit not simple.

Re:There's your problem:

[rk]

First, If you call all us US folks "yanks" that's okay... but there are huge swaths of folks in this country (mostly in the southeast) that calling them a "yankee" will get you in a whole heap of trouble. Word to the wise if you ever visit. ;-)

Secondly, checks are really on their way out here, too. I draw exactly two checks a month. One's the electric company and I do that on the web, so does that even count? The other is my water company, which is a tiny little mom and pop operation with about 700 customers. I actually have to mail that! Luddites.

You can almost directly correlate my good credit rating with electronic payment options and the ubiquity of the internet for managing finances. I just had to wait for these chuckleheads to wake up and deploy things that think the way I think.

Read Schneier on Two-Factor Authentication

[Catamaran]

Bruce Schneier discusses identity theft and more in his latest news letter.

Phishers

[chucks86]

What good will this do to people that have their credit card information stolen and used online?

Again

My voice is my passport. Verify me.

508 Compliance

[ubrgeek]

Should any of the credit card companies that want to use this type of technology hope to have the cards used by the federal government, they'll need to make sure that the card is 508 compliant http://www.section508.gov/ and that would take into account someone who could not speak.

Re:508 Compliance

[millermj]

I was thinking more like "Awnold". You know, the guy from Cawleefoneeuh. (yeah; okay, off topic, couldn't resist)

Re:508 Compliance

[millermj]

Good point. Section 508 compliance makes a number of biometric methods unfeasable. A fingerprint or retinal scan has the same problem.

Not that biometrics are the best way to validate identity anyway. You think things are bad when someone steals your password or PIN, just wait 'til someone finds a way to duplicate the data from your voice print, retinal scan, or fingerprint.

Pin numbers and passwords are 508-friendly and can easily be changed if stolen. Can't change your voice (without surgery, anyway).

Biometrics DO NOT WORK

[initialE]

It's been proven over and again that biometrics are a poor form of authentication that can easily be beaten. Not only are you unable to protect it (try not leaving your fingerprints everywhere, or not speaking to someone so they can't get your voice recording, or maybe even not shedding your hair so you don't leave any DNA traces), you're also unable to change it, and it's made doubly dangerous because of the way people seem to think it's effective. So maybe they should stop beating that dead horse around...

First things first

[houghi]

Start with a picture of the cardholder on the card. Some banks already do that. So unless you have a serious change in how you look, a person can SEE if you are the person on the photo or not.

Unfortunatly that means that the wife will have to have her [SHOCKING] own card. Yes this would mean going to the bank to have your picture taken. It also means it costs money and as long as the cost of theft are below the cost of security, they will gladly pay up to whomever is stealing from them.

Re:First things first

[JimBobJoe]

Start with a picture of the cardholder on the card. Some banks already do that.

And yet it goes nowhere. There's a myriad of reasons for this, but one of the biggest is that it makes little difference. Very little credit card fraud is perpetrated by people who are using someone else's physical card. The main security system on that fraud is purchase pattern/auditing systems and the ability to kill off the card.

Most credit card fraud is online and/or via altered cards (like with the criminal's name and if you really insist, face, but the magnetic stripe with completely different information.)

Having said that, the photographs on credit cards started off as a service to the card holder so that they could have an extra form of ID on them. (I have a 1967 advertisement from an Ohio bank that offered a Mastercard with a polaroid photo...so that check cashing would be easier. In time, I believe the credit card companies did not want people using their cards for check cashing purposes. I also remember Citibank advertisements from the early 1990s offering their cards with photos for the same reason...second form of ID.)

But for the bank, it's a costly pain in the ass (as you noted) and with little benefit for the bank (especially since it prevents little fraud.) Today the photocards are basically sold as a false security benefit in the competitive credit card industry. I believe that cards will be less likely to have photos in the future..

Re:First things first

Unfortunatly that means that the wife will have to have her [SHOCKING] own card.

Is this another USA thing? I've never been anywhere else in the world where people lend out their credit cards.

I doubt a photo would significantly impede wives from buying with their husbands' credit cards. After all, the credit cards already have MR Fred Smith on them - what, do the shop assistants assume that a lot of people dress in drag to make credit card purchases?

Re:First things first

[bluGill]

Don't forget that at one time not all states required a photo on drivers licenses. I know one person who (20+ years ago) had to have here photo visa card with her all the time because her drivers license didn't have a photo. (It was optional in that state for some people and she met the requirements so they didn't even try to get her in for a photo) Her school checked photo Id for tests, so her Id was her Visa. Write a check and the clerk needs a photo id - Visa again.

If you need to present two forms of id you are otherwise in trouble. Nearly everyone (In the US anyway) has a drivers license, but what else is Id? A photo credit card counts. A passport counts as two, but few people have one.

Otherwise you are right, photos are not of much use on your credit card. When they are of use it isn't for security though, it is for id in general.

Re:First things first

[assassinator42]

How about storing photos on a network, and then having the face associated with the credit card number being used shown on the screen? But that would only work for in person, clerk assisted buying. I suppose they could use face recognition at gas stations. You could print out some unique encoded picture and take a picture of yourself holding it for online purchases. Of course, hardly anyone would do that. This voice authentication thing does seem best for over the phone purchases.

Re:First things first

[JimBobJoe]

Actually I just didn't get around to making that point. 1967 was the year Ohio passed the mandatory photo license law (didn't actually hit until 1974...so yes, photos on credit cards were useful for general ID.

Something to ponder is that there was developing a system of privately issued photo ID, which the states than took over for themselves by adding the license photos. The need for privately issued ID disappeared afterwards.

Things could be very different otherwise.

Re:First things first

[sfontain]

I can't even figure how many of my college buddies used to get into bars with friends' photo driver's licenses just be wearing their hair the same way as the person in the photo and putting on glasses. The photo is better than nothing, yes. But it still doesn't completely solve the problem.

Only Slightly Effective

[SpottedKuh]

So, I read the article, and was left wondering how this new measure could do more than marginally dent the problem of credit card fraud. For those who didn't feel like reading the article, it basically outlines two potential uses for voice biometrics:

1. Identifying people who phone a bank (ie. for phone services or ordering a credit card)
2. When people first receive a credit card, they speak to it to activate it

But, here's what this type of biometrics fails to address:

From TFA, "Over-the-phone fraud already affects 12% of all banks offering e-payment services." 12%? That's it? Of all the banks offering electronic/phone services, only 12% have ever been affected by over-the-phone fraud, which this new technology is supposed to help prevent? That makes me think that most credit card frauds are being conducted another way.

Point two: This type of biometrics does nothing to protect consumers if their card or card number are stolen after their card is activated. Continuing from my above comment about how most frauds actually happen, I'd wager good money that most credit card frauds do not occur from cards being stolen from the mail before they're activated; rather, I'm guessing that most frauds happen because the little numbers on someone's card are stolen.

They need to rethink their manner of usage if they want this new biometric scheme to be anything more than a headache (I mean, how many different things could go wrong with a voice-recognition chip embedded in a little card?). I mean, a voice-authentication system is definately a better scheme than asking someone what their birthday is, but there has to be a more effective way of using it than this.

Mutes aren't necessarily silent

Mutes can still produce a series of poping sounds with their mouth that is pretty hard to replicate.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Won't help with online fraud

[wheelbarrow]

This will not help with online fraud. Most fraud online is the result of 'card not present' fraud where the 16 digit number is typed in by a human.

helpdesk will suck

[wardk]

can't even imagine the gajillion ways this is going to fubar. Just glad I won't be manning any of their helpdesks.

Online, counterfit

[Repton]

Hmm, won't do anything to stop people with your card details spending online (or through mail order / telephone order).

Also not clear if it will prevent counterfiting, where someone swipes your card through a magnetic stripe reader. Get a blank card, copy the magstripe data onto it, and record your own voice print...

How would I pay for stuff online?

Minimum system requirements:

To use our card you must have a sound card, microphone, video camera to see that it is really you sending your voice down the line...

Well.....

How do I make a forum? I want me and my fellow trolls to have a land of our own, free from the oppressive candy-ass mods of /.

Will not..

So it's a second factor. It will not stop
man-in-the-middle, and virus writers now
need to remember to record audio along with
the key logger.

But, it raises the bar, so it's a good
thing, overall.

Re:I personally think this is their best idea so f

I'm one more exception. My daughter earns 4 times what I earn. Education, man, that's where it's at! You need to make sure your children have a good education, leading to a good job, so they can support you when you get old!

Pedantic Ass Alert

that it displays in Morris code accurately in less than 10 second

Morse code. Not "Morris" code. It's the "Morris Worm" and "Morse Code."

Re:Pedantic Ass Alert

I was rather hoping it involved Morris Dancing in some way.

I can't stand the rain...

[DumbSwede]

I use to work at Wolfram Research and when they moved into their new building the building was protected after hours by a voice activated entry device. This was about 14 years ago. Anyway the device worked reasonably well except when it was raining. There was no awning or other overhang, so in driving rain when you would really like to get in - well you just couldn't. The idea was to be a cost saver by not having to issue individual cards. Oh yeah they ripped the thing out after about a two months. One of the employees (I don't remember who) took it as a challenge to slowly modify his voice entry phrase to something else slowly day by day, by slowing morphing one phoneme at a time into something else. I wish I had a list of phrases he changed from and to, but I don't.

This was good technology applied in a bad way. As one of more than one way of activating a card this would be a good thing. Thieves are a skittish lot, even if they could sign for card use or use a stolen PIN, the fact they would be expected to voice activate the card first would deter them, not wishing to draw undue attention to themselves.

Even 14 years ago this technology had a extremely low false positive rate misidentifying someone as someone else. Even 25 years ago I seem to remember this technology being not being prone to misidentification, though more finicky and with a much smaller vocabulary (like 10 words).

Re:I can't stand the rain...

[heir2chaos]

Yeah, I had a friend who had a voice activated Clarion AutoPC(Car radio). While talking in the car, sometimes the radio would respond to things that we would say, when obviously we didn't say any of the phrases that should have triggered it. Whe then made it a game to come up with alternate phrases to get the radio to respond. Some of my favorites were.

Hot Ho Pee Pee - AutoPC
Butt hymen Spit? - What time is it?

What about when you get sick?

[dygital]

Not all times our voice is the same. We all know we need to go to the pharmacy and get some meds in the middle of the night.

How will it be for people who can't speak into the card when they are sick.

This treads between usability, since I foresee a lot of problems. How about this; use a PIN for ALL credit and Debit transaction. Must be greater than 5 digits. Thats more security, but something we have adapted to use.

Wouldn't this be more dangerous?

[cadu]

I mean...they're doing all these measures to ensure their...oops...your money will be kept safe...but how about danger situations like a kidnapping? one could be easily forced to say the "magical word" and activate the CC for toasting all its credits.... So in fact this system doesn't addresses the real world situations...... tell the burglar you've got a cold and you're dead :D

Re:Wouldn't this be more dangerous?

[imemyself]

That happened here in Wichita several years ago. Several people were abducted, forced to take money out of their bank accounts via ATM and then killed. The killers are now on death row. :)

Re:Wouldn't this be more dangerous?

[cadu]

Seee....this "technology" is only made to protect their fucking dollars :D there's no point in making a technology that is made to bring chaos and endanger even more people /;/

What's wrong with just putting a damn photo on it?

[Leibel]

I don't understand Credit Card companies' reluctance to put photos on their cards. They only need one photo of each person, then anyone can immediately identify if the card is in the hands of the rightful owner. Not good for internet/phone transactions, but far better than a simple signature that is rarely checked these days.

Almost Useless

[eskwayrd]

This scheme eliminates theft involving new credit cards ordered when the card owner already has a voice print on file.

It does nothing if the owner's voice print is not on file, which means it protects none of the current card owners. If I steal your bank statement and order a new card, the bank will have to ask for a voice print. If I get there first, I get to activate any future cards in your name, not you.

The sensor on the credit card must be a joke. The card itself is a token representing the account. If you speak to the card and it says 'activated' (or not), what difference does that make? None unless the card can magically contact the bank... current card swipe readers aren't going to be able to determine activated status, and there no place to speak the activated status in a web form.

If the sensor is not a joke, it can only be a technique to make credit cards expensive to produce so banks can have an additional revenue stream, or, a way to increase their security budgets so that when a scam is perpetrated, they will have fresh FUD to say the scam is worth 200% more damage than for cards without the sensor.

Can we get.....

Can we get some editors that have a decent understandng of grammar please?

It's reasonable easy for a thief to steal the social security number...

I can only shake my head and wonder...

Voice recognition... still a pipe dream.

[jeffkjo1]

Voice recognition is still not there. From stuff I've read rather recently, voice recognition stuff still can't understand southern accents. I'm not talking about deep dixie, or Louisiana, either.
President Clinton's voice is too southern for todays voice recognition software to accurately recognize.

Re:Voice recognition... still a pipe dream.

[thegnu]

I had a good laugh with my ex-boss, who's Texan. Damn if he has the slightest bit to say about Dragon NaturallySpeaking, because it is a sunuvabitch to him.

I guess that's what you get when you call a knife a "nahf"

Re:Voice recognition... still a pipe dream.

[rcpitt]

I'm guessing that what you say really doesn't matter so much as that you say the same thing each time and the system recognizes the resonances and attributes of the sound that are shaped by your various body cavities and your vocal chords.

In other words, this is really just another form of biometrics.

Of course the fact that you have a gallon of phlegm in your lungs, a hoarse voice from barfing and fever induced hiccups today because you've just caught avian flu may make paying for your medical visit a bit problematic.

I'm picturing 2001 now.

[rrkap]

"Open the pod bay doors HAL."

"I'm sorry, Dave, you have reached your credit limit."

But, hey, I've had too much coffee today.

Re:I personally think this is their best idea so f

[patricksevenlee]

I somehow get the feeling that wives, girlfriends, and daughters the world over will not like this one bit.

That shouldn't be a problem here.

How long is the power supply good for?

How long does the power supply last? You do realise this requires a power supply and *you*, the end user, will pay more for this new 'feature'?
How much larger is this going to make the dimensions of the credit card? You do realise that this will add 'mass' to a credit card and *you*, the end user, will pay more for this new 'feature'?
How much will this add to the weight of a credit card? You do realise that this will add weight to a credit card and *you*, the end user, will pay more for this new 'feature'?
When will businesses be upgrading the card reading hardware to adapt to these new cards? You do realise that businesses will charge more for this new 'feature'?

I can't help but wonder if inflation is caused by the 'toys' that make us more lazy and less responsible.

Re:I personally think this is their best idea so f

And they'll be smart enough to realise it's not worth it!

Re:I personally think this is their best idea so f

and you need to make sure they have it by the age of 10 so they don't pinch your money during their teenage years

"Use the PIN, Luke"

[Zendar]

Why the heck don't they just enforce the use of the CC PIN, like with debit cards? They already exist so the implementation would be pretty easy. IMO, this would cut down on fruad about 90%. They also use this method in Europe to success. Us Americans are too lazy these days. I have "Please ask me for my ID" on all my credit cards and I'm lucky if only 10% of clerks ask for it. I *do* like how some (most) gas stations ask for the billing ZIP code when using a cc nowadays.

What a waste.

[shaitand]

I don't know about you, but I loan out cards on a regular basis to trusted individuals. That is the entire reason for having a signiture line on the back. You do know that the signiture line indicates if you want ID to be required to use your card right?

They need to fix checks not Credit/Debit transactions. On every check is all the information needed to perform check-by-phone transactions. I have been scammed this way twice (both times by credit card companies who wanted to use my account to pay someone elses bill). I have called around and NO bank verifies these transactions at all. Sometimes a signiture file is included by those are not verified either.

When I say not verified I don't just mean there is no manual verification, I mean there is no verification at all, every check-by-phone transaction is automatically accepted. So the next time you are about to write a check, remember that you are giving the individual the ability to take any sum out of your account at any time with no security measures.

Re:What a waste.

[Lord+Bitman]

really? I could have sworn that signature agreed to the terms printed on the card below, reading "...by signing this, agrees to all terms..."

Re:What's wrong with just putting a damn photo on

[corngrower]

Unless the proper infrastructure is put in place to photograph people who have in fact verified their identity through other means, adding a picture to the credit card would not increase the security of the card. Otherwise someone could easily send a picture claiming to be someone else if this weren't done.

So, to provide enhanced security with a picture would cost a lot of money. It's not the cost of putting the picture on the card, it's the cost of verifying that the picture matches who the card says it is.

Insecure System?

[CyborgWarrior]

I'm no expert, but this seems like the insecure way to do it. If you have hardware in the card to activate it, then anyone who steals the card can have as much time as they need to tamper with / hack that hardware to make it work. In fact... why not just bypass the system altogether and make it always active??

However, I do like the idea of using voiceprints as verifications. In fact, other biometric systems would probably work just as well (fingerprints, retina scan, whatever). But DO NOT STORE THIS INFORMATION ON THE CARD! Store it in a central database and associate it with the magnetic ID of the card, then use it similar to the PIN system currently implemented, just requiring the PIN equivalent for every transaction.

There have been comments made that "wives, girlfriends, etc. won't like this very much", so why not add a set of biometrics that are valid for the card. This way you can both have multiple ID's for yourself (if you have a cold and voice isn't working, then use your fingerprints, etc.), as well as biometrics for other people you trust to use this card. In this age of streaming media / Internet / computers all over this can definitely be done.

Just my thoughts.....

Re:Insecure System?

I too think it's an insecure system. The pure scientists who invent each technological innovation are geniuses, but the implementers of such technologies are invariably idiots, i.e. businessmen who don't know their ass from their elbow.

The sole advantage of biometric identification technologies resides in the fact that only you carry your body with you everwhere you go. Voice recognition provides no such security in the context of the cards.

How easy it is to get a recording of anyone's voice with a telephone call or by other means. The foolishness of this initiative is pathetic, but would be funny if it weren't for the context. It reminds me of the Dr Seuss poem about a waterfall high on a mountain:

... great for tooth-brushing beneath
if you happen to be up that way with your teeth

This system is stupid and won't work.

That's been done for years...

[dfenstrate]

start requesting that stores associate a purchase with a time and a checkout lane,

As a former retail worker I can tell you that store number, date, time, register, and cashier number have been printed on receipts for several years, if not a decade or two. They may not be in an easily recognized format, but you didn't think all those meaningless numbers at the top and bottom of your reciepts were actually random, did you?

As for tying it into the security cameras & keeping tapes long enough to review days or weeks later....that's another matter.

Re:What's wrong with just putting a damn photo on

[Leibel]

Well of course the proper infrastructure needs to be put in place. Not like the current system of having a credit card mailed to you so you can sign it (as it is in Australia). A signature / voice / anything needs to be secure when the card is made/signed/etc. A photo could be stored on record and built into the card, unlike signatures etc.

Sinus Surgery

[jgman]

I recently underwent a tonsellectomy and various sinus surgeries. One noticable side effect, at least to my friends and family, is that my voice has changed. Many co-workers who I have called for years on a daily basis have needed several weeks to recognize my voice.

A minor concern, but I guess I would likely need to retrain any voice programs at this point in time. I do know that my cell phone auto dialer is not working anymore, but then again, it was never a very reliable voice dial to begin with...

it's all digital....

[urlgrey]

This doesn't seem to be any added protection to me. Here's why:
Voices would it seem need to be encoded into digital format to be useful. I.e. you do a match on the numberic voiceprint stored in the card vs that stored in a database.

Oh poo. There's a database involved somewhere--that also means that merchants will want to capture and store those fingerprints to prevent chargebacks.

Double poo. There's a second set of databases involved--ones which are often guarded willy-nilly (if at all).

Maybe I'm missing something, but this seems to me to be a non-starter.

Re:it's all digital....

[urlgrey]

sorry for the bold. I'm really not sure how that happened. :-(

Note to self: preview. preview! :-\

Great idea that will never happen

[TheGadgetGeek]

The issue isn't the technology. There is a lot of technology out there that really can secure credit card transactions.

First off, the card issuers (credit card co. and banks) will never spend the per card costs to implement such a "smart card". I mean we still don't have any of the euro style smartcard tech in the US and that's been around for years...

Merchants (and online operators) will never spend the money to implement the types of point of sale terminals and online tech required for such a system.

Chalk this one up to a wishful thinking...

By the way, the current "big deal" at a card technology conference held recently was "Contactless Transactions". Don't even bother taking the card out of your wallet walk up to the cash register, wave your wallet at the sensor and keep walking...

In our "get it now" society, we will never stand patiently in line while a little old lady keeps repeating "my voice is my password" over and over into a microphone. Just think back to paying for your groceries with a check and two forms of ID...

Incidentally, a newer technology that addes a signature verification into the mag stripe is one I personally like...

~The Gadget Geek.

Amputated fingers and other biometric consequences

[dpbsmith]

There has already been a case of carjackers cutting off the owner's finger in order to obtain access to a biometrically secured Mercedes.

The whole idea that a "key" that is a part of your body is somehow more secure than a manufactured gadget you carry with you has more emotional than logical appeal.

I don't have a cell phone...

[Rufus88]

... you insensitive clod.

Really, I don't.

Re:I don't have a cell phone...

[Anne+Thwacks]

Well borrow one from a third world kid - most have two or three - just because they dont have 3 mega pixel cameras doesnt mean they cant send SMS messages.

Re:Hmmmm...

Wait until your voice returns to normal, retard.

Jerks...

I'm a MUTE you Insensitive CLOD!

Fingerprints don't work well, maybe this is better

[klipsch_gmx]

Problems with fingerprint scanners are legendary, especially when your fingerprint is so easy to collect, glasses, ATM's, a handshake. There was a study not long ago on Slashdot that showed that about 90% of fingerprint scanners can be fooled by things like gelatine.

And you think the retailers would want to buy a big expensive foolproof machine for every shop in the world or just something cheap that can read a fingerprint?

It was hard enough moving them over to what we in the UK call Chip-and-PIN where we've done away (or are going to do away) with signatures and use a four digit code. That's been years in the making and still not completely functional. I can still say "Oh, I haven't been sent a number for that card yet" and they let you sign for the transaction, much like previously.

I'm not sure that a voice recognition system would be best. No, I still say the best system for things like credit cards etc. is to have some sort of graphical. When you swipe the card, the owners picture appears for verification (sent direct from the credit card company, maybe chosen from a few random photographs from different angles, clothing etc.) Much more big brother, I know.

If the person in front of you does not look like the owner, you refuse the transaction. Put this on top of things like Chip-and-PIN and signatures and you've got it made. Only an CC company insider could realistically beat it and then they would be accountable (I would hope that every account created had a traceback history for which staff member created it, one that is unwriteable after creation.).

If the retailer tries to run a stolen credit card through to make a few fake transactions, and presses Yes to ID the photo, there's always the Chip-and-PIN to fall back on that he must know. But it means you can't stroll in just any shop with a stolen credit card and take someone else's money.

Really simple to verify

[imboboage0]

Yes it would be a pain in the ass. If you don't want it to be, use cash. If biometrics ARE used, don't store information on the card. They should just put a photo on the card and also ask for ID. Combine that with a 7 digit PIN, and you're pretty safe. Not to mention, this can be used in conjunction with other forms of verification, including biometrics. Still, the most secure way to spend money is with cash. The singe most effective way to make sure nobody steals your identity, credit card, or anything of the sort is to be a homeless unemployed bum.

Old Fashioned Way...

[L0k11]

I recently switched banks and got a visa card - instead of having my card sent to me I actually had to go into the branch, show photo ID and sign for the card.

How is this inconvenient? I had to go into the branch to open the account anyway, going back a week later to pick up my card wasn't that bad.

Before thinking of expensive new ideas like this people should really sit back and think do people really need this technology?

Re:Old Fashioned Way...

[cHiphead]

open a bank of america account online. its 100% online and snail mail for the card(s). you even have 30 days for the intial deposit, which can be done using the card they mail you. no in-person banking or form signing required.

tsk, tsk

it was an electronic keypad, not a card reader

Re:tsk, tsk

[REggert]

And he kicked in the door, not the keypad.

Same Old, Same Old

[darkfrog]

blah... (same time last year!)... http://slashdot.org/articles/04/04/24/1845221.shtm l

Laser mics?

If you found you could mic someone from arcoss the street and make $10,000+ would it be worth it?

I still don't see the security

[gDeleteMe]

I'd say a vast majority of credit fraud is committed without actually stealing the card, just the information on the magstrip. So I guess instead of the shady waiter just swiping your card through his personal magstrip reader before charging your order, it becomes standard for people to have to talk to their cards before the shady waiter swipes your card through his personal magstrip reader before charging your order. Advancement+!!!

Obligatory Star Trek Quote

OOO! Can my Voice print be the same as Picard's??

Picard: Four Seven Alpha Tango.

No, addresses are quite often changed

How about this, off the top of my head:

You are Joe Sucker, 123 Mainstreet, Plain, KS.

Bob Bad has your info. (SSN, Mother's name, etc.) He just opens an account in the name of Joe Sucker to 456 Girlfriend St, Somewhere, NY.

Now he has a card that is in Joe Sucker's credit report, and Joe doesn't even know he has it! The Girlfreind can deny she every got a card, if she even sees Bob Bad anymore, etc.

Trust me, I clean crap out of my credit report all the time.

It's a good thing...

[jvollmer]

that Mel Blanc is dead - he could own my ass!

Now all I have to worry about is Maurice LaMarche.

worried people

[LuxFX]

I think it's a bad idea to consider the word/phrase you speak for the card to ID your voice a 'password' -- or even to limit it to a single word. People are more familiar with the concept of passwords than voice identification, and you're going to wind up with a lot of people that are worried about others listening into their transaction, trying to overhear their password.

Very dumb idea

[Zey]

"Your purchase of cough medicine has been declined."

Am I the only one that doesn't care?

[DJHeini]

The more annoying security they add to cards, the less likely I am to use my credit card for things like lunch at Wendy's. Right now I use my card for almost everything I can just because it's convenient and I get cash back. I don't care if someone steals my card, since all I have to do is call the card company and it's cancelled, and all my cards have zero liability anyways. Safer than carrying cash around even without all these new security features.

Doctor Who Reference

[Feneric]

Reminds me of the old quote by Borusa:

There's nothing more useless than a lock with a voice print.

that he ironically used to key a lock with a voice print...

emergency room

hope you never have to pre-pay at the emergency room with one of those for a severe throat injury.

I don't speak

Most of the time, I do not speak, I use a LightWriter with a DECtalk voice. Personally, I'd rather my financial security didn't involve depending on a widely available device such as a DECtalk synthesizer.

But, so long as it requires the card and the credit card company is responsible for fraud, I don't really care.

As a victim of cc fraud

I have a low trust of banks.

Re:so.. Background noise?

[Freaky+Spook]

What about background noise in a busy shopping centre or something?? Hows it going to cope with that. Being in a line at the supermarket I can't even use voice tags on my phone.

.. with a gun at my head...

.. with a gun at my head I will say anything that will match my voiceprint.

Next "secure" idea, please...

Ever read Asimov?

[FatherBash]

Yet another SciFi idea coming to
fruition

From Prelude to
Foundation:

"You rich Outworlders have credit
tiles, right? Just hand them over""

No."

"No point in saying no.
We'll just take them."

"You can't take them without killing me or hurting me and
they won't work without my voiceprint. My normal voiceprint."

Re:internet fraud

[wesw02]

more and more credit card fraud comes over the internet since no ID is needed, or pin (if debit), all you need is the card and a P.O. Box (or home address if you dare)

Only one thing to say

[jurt1235]

The movie "ST: First contact"
Data stopping the self destruction sequence by using the voice of the captain.
Or in nowadays terms: This call may be recorded for fraud purposes

So no more cough medicine on credit card ..

[cheros]

.. or any other medication for conditions that alter the sound of your voice.

Yawn. Move along, just another dotcom idea lying on teh floor, nothing to see..

Re:So no more cough medicine on credit card ..

[Arimus]

Not only medicine... imagine trying to pay for a meal after a few tall one's.... sorry waiter I can't pay for this meal as my card won't recongize my drunken slurring

(Or will we need two cards, one for sober one for being rat arsed?)

Does Linus have alot of money?

[damgx]

Man I already have the first victim.

"Hi, my name is Linux Torvalds and I pronounce it Linux!"

Muhaaaa

Yeah sure, thats great.

[t_allardyce]

I've got a new one: how about the new card gets sent to your local bank, you get off your ass, walk down there and show some ID. If anyone else tries to get your card they'll be on CCTV. Seriously these days fucking idiots seem to sit round tables and come up with technological solutions that sound like something an 8 year old say.

How to steal 1 Billion Dollars...

Hello... this is... Linus Torvalds... and... my... password is... Linux

The end of gadget shopping as I know it

[pellenys]

If I get a cold, or feel generally dodgy, then my first impulse is to go out and buy a gadget to make me feel better. Geek comfort shopping. So this is a marvellous idea. Make sure that the voice recognition has no tolerance whatsoever, and then it may force me to to stay in bed and get better. Of course then there's online gadget shopping to fall back on so maybe my idea is flawed. Pah.

Siblings

[FirienFirien]

Around 6 or 7 years ago, my older brother had a voice-recognition password on his computer; it was neat and funky, and very futuristic. Then I found out that I could pitch my voice lower and get in after a couple of tries. Granted, the software standard at the time probably wasn't up to what we'd be looking at here, but it's still a consideration.

biometrics for identification are a bad idea

so, once someone has your figure print profile, or your voice profile, what do you do exactly? change them?

Re:I personally think this is their best idea so f

[Quill_28]

Yes, but how much is her credit cards jacked up?

Re:Other things can happen besides catching a cold

[AgentSmith]

That little weasel would not know a voice activated phone if it bit him in the ass and tried to link him to the Matr. . . oh wait. Said too much. Mr. sigjuice

Am I funny, or am I offtopic? You decide.

Actually, voice activated cards. Let us setup the scenario.
I am at the supermarket at the checkout line.
I have to voice activate my card out loud before I tell the cashier kid with the vacant stare that I'm going to pay debit/credit. So now every drooling meathead within earshot knows my password. Nice security! Unless I can activate my card using sotto voce, or sublingually this card is very useless. Also, this applies even double when making a late night ATM withdrawal with some scumbag trying to scope my PIN number. He already knows my voice password!

OH DEAR GOD NO!

[way2trivial]

I work with verifones.
tranz terminals? 380-s?

pinpads attach with an rj-11 phone jack.

yer telling me- it's totally secure to use that cabled pinpad? because criminal orginizations cannot possibly make a compatible pinpad, that dumps the numbers pressed? or hey, make a damn keystroke logger equivelent for the rj-11 jack-- unplug pinpad, insert dongle, insert rj-11-

start collecting pins.....

Re:OH DEAR GOD NO!

[Lenolium]

Throw a keylogger on that RJ-11 jack all you want, go nuts. All you get out of the pin pad is encrypted data. That is how they are built, so that even if the verifone/tranz terminal is totally in the hands of a hacker, your pin number is still safe.

Now, on the other hand, a fake membrane keyboard placed over the real membrane keyboard could capture keys very easily.

Building a compatible pinpad however, is impossible, because you need the secret 3DES key used to encrypt the pin pad data, along with a unique pad and transaction counter so that your device would look legitimate to the verifying party. That 3DES key is pretty well kept a secret, so the better way to do it would be to place a fake pinpad where the customer can see it, and as a clerk, manually type in the pin as the customer types it. And one step easier would be to just write down the number that the customer is typing.

Wouldn't this be a perfect use

[mandrake*rpgdx]

For thumb-print recognition? Either way, how does this stop someone from using the credit card on a webpage?

Could someone record me?

[BigDogCH]

Couldn't the next person in line record my voice, and then be able to use that to bypass this?

RTFP

[mandrake*rpgdx]

He said that it wasn't secure because of false pinpads, but the data being sent is the most secure. And he's right- I've worked on Hypercom's ICE series of terminals, and the pinpad is the only really secure piece of data being sent out from the terminal itself.

Preaproved credit card offers will kill it

[Bubblehead]

Remember that there was a time where pictures on credit cards were en vogue? That was a great way to prevent fraud when using a card in person. I was wondering why the credit card companies didn't make it mandatory (they should like it, as it would keep abuse rates down). Turned out they hated it, and making it mandatory was a big no-no. Why? Because it would have complicated to process of sending out preapproved credit card offers, especially if the customer would have been required to send them a photo back.

Likewise, I don't think this idea will take off, for the same reasons. The banks prefer to use heuristics and statistics, and live with a small fraud rate, rather than loosing potential customers.

So many reasons this is not going to work.

[rhymez0r]

There are a dozen reasons this wont work.

First and foremost, the technology required to pull this off is significant - I've yet to see really good voice recognition. What if you are in a loud location?

It can be cracked quite easily. The whole "Warner Brandes" thing (which many have posted).

Mutes have credit cards. Doesn't work for everyone. As soon as you have someone who is a mute needing a card, it means there's a way to avoid the voice print - which means that it's just a question of figuring out how to do this. "Hello Citibank? My wife lost her voice in a car accident...."

The issue of central repository is huge - and all you've done is moved the data that is key. Right now, it's the SSN thats key. If you make this voice based, I'm sure that it'll be digital in nature, which means that the headline five years from now would read '20,000 digital voice prints stolen from...'... Whoops. The only true way to get around this is with a handshake mechanism - data that is stored at the credit card companies but is utterly useless without verification from outside. Here's a better solution: When you submit a credit card application, you tie a home phone number or a cellular phone number to the card. Every time a transaction is made an automated call is placed to your home phone or to your cell phone (i.e. via SMS works too). You have to authorize the charge by either replying to SMS or through the home line by responding. Changing these phone numbers is not allowed without cancelling the previous card and associating a new card to a new number. Any time a phone change occurs, a manual verification should be performed. The card company calls the old number on file (or SMS's the cell or calls the cell) to confirm. This stops theives in their tracks from just rerouting calls. This is your first line of defense towards noticing something is amiss. If you've lost your cell phone and you've changed home numbers, you'll still notice when the card stops working. Yes, theives could call your credit card company and get a new card but that card would be mailed to your existing address and your old card would become inactive immediately - alerting you to trouble. What about vacations where you might not have a cell phone or access to your home phone? Simple - you call the credit card company prior to your trip and inform them of the length and location of your trip. Charges made during that time frame and only from that general location (i.e. "The Cayman Islands") will be allowed. When you return the regular authentication mechanisms apply. What about moving addresses? This becomes tricky -especially if you've changed numbers, states, etc. In this case, I think the best course of action is to simply cancel the existing card and apply for a new card but with one twist - the application must be filled out at a regional bank and cannot be mailed in or completed over the phone or over the internet. Why? A few reasons - It's one thing to know someone's SSN, it's another thing to have falsified SSN documents. It's one thing to know someone's license information, its another to have falsified drivers licenses. It becomes much more difficult to commit a crime in this way - also because now, instead of some random guy behind a computer, this guy has to go to whatever supposed state you are moving to and show up in person, with falsified documents, on a bank camera system. Is this a bit more of a pain for you and I? Yes. But how often do you change or get new credit cards? The final check? And this is one is a tricky one to keep secure but there must be a way. The credit card companies should all cross reference their databases of phone numbers and addresses. For example, if transunion detects that you have different numbers on file for two credit cards, it should be legally required to notify you in writing. I would also propose that you should be able to "lock" a card into a geographic area. For example, say you have three cards - an AMex, a Mastercard and a Visa. You use the Visa when you travel and for online purchases, but you never use the Amex or mastercard. You should be able to lock the amex and mastercard to only accept charges from, say, a 150 mile radius of your primary city. Any charges made to that card outside of that radius will be denied.

Marvellous!

[McFadden]

I'm gonna be the first to subject Stephen Hawking to identity theft. He must be worth a few bucks by now.

Now where did I put that Microsoft Speech API manual?

McF

terrific idea. no, really. great.

[untaken_name]

"Hello, my name is Werner Brandes. My voice is my passport. Verify me."

now everyone's mobile phone can record sound. computers are cheap and powerful, audio editing software is freely available. It might even be easier to record someone's voice than to guess their pin. I suppose biometrics are inevitable, given our fascination with "security" and hollywood's propensity for using biometrics in movies....but for goodness' sake, please keep the pin, and have the biometric stuff supplement it. Seriously.

What different does it make?

Is there a digital copy of your voice laying around waiting for hacker to steal just like the way they steal the password/ss#? What make this any better??? voice can be recorded anyway doesn't it?

As a stutterer, I hate the idea

[a-aiyar]

The subject pretty much expresses my opinion. Many stutterers, including myself, seldom stutter during normal speech. But place us in any sort of stressful situation (eg. speech on demand), and I'll be darned if the stuttering doesn't start up.

Classic situations - responding to a business phone call isn't a problem. Initiating a phone call to a business sucks.

I fear that voice fingerprinting, where one has to verify one's identity in a time-limited manner is going to be hell for us.

I'm sure the 1% of humans who stutter (to whatever degree) would prefer retinal scans!!

Audio Passwords... Interesting.

[Apparently+someone]

NOW I get Deniro! He was a audio Black Hat!

Annoying Recorded Phone Service Program: "In order to complete your purchase, we have instituted new measures to protect you against fraud. Please state your passphrase. You will be verified in a matter of moments. Thank you. Please state passphrase now..."

"Are you talkin' ta me?"

Phone: "Please re-state your passphrase, the system could not verify your identity. You may try, now..."

"Are YOU talkin' ta me?"

Phone: "We're sorry, the passphrase you entered is invalid for verification purposes. Please restate passphrase, now..."

"Are you talkin' ta ME?"

Phone: "..."

"Are you TALKIN' ta ME?"

Phone: "Thank you, passphrase verified. We are now able to process your order. Thank you for your purchase. Good bye."

I'm skeptical.

[gordguide]

This is not a Credit Card authentication system. This is a credit card dis-authentication system. And it will only annoy your real, loyal, existing customers when it locks them out, and it will lock some out. Guaranteed.

Tried voice recognition passwords. Even when they work really well, they don't work that well. In fact, the better they work, the worse they work.

What I mean by that is they can get them to recognize a distinct voice pattern; you can demonstrate it to a bunch of execs in a boardroom and it will work. You could sell them on it.

Where it doesn't work is separating your voice pattern from everything that isn't your voice pattern. As long as the background noise of the boardroom is more-or-less constant and similar, and the demo is brief, your little presentation will go off without a hitch.

Use it in the real world where you actually have an application for the technology, and you get failure. I would bet that if the boardroom demo was in two parts, with recording execs voice just before Christmas (winter, heater noise, outdoor sounds travels faster in dense air, etc) and the first proof of login just before Memorial Day, it would fail miserably.

It's not so much that sounds present when you authenticate will cause a lockout. It's that whatever background existed when you record the first pattern (used for subsequent comparisons) had damn well be there for the life of the system, and any new sounds when you authenticate will cause a failure.

Radio on, truck drive by, jet overhead, daytime vs nightime, winter vs summer, whatever. The all have a distinct but essentially random background. Voice recognition expects all this stuff to be the same. Forever.

The better it gets at pattern recognition, the worse it gets at background rejection. Chasing one problem leads to many others, and that's basically the whole history of VR technology right there.

I don't see it improving, although it might be possible. It's too unpredictable, basically, to invest in as far as I'm concerned. What if there was an easier way by the time you get it solid? What if there were 30 easier ways?

From the looks of things, VRT won't be solid anytime soon, so pencil in a lot of room for competing technology, and keep in mind by the time VR works, stuff that is unheard of now may have matured by then.

Bummer.

[Moofie]

Too bad it only works if your name is Werner Brandesson.

My voice is my passport. Verify me.