Slashdot Mirror

← Back to Stories (view on slashdot.org)

Credit Cards That Think They Are Gadgets

Posted by Soulskill on from the why-is-my-wallet-beeping dept.

holy_calamity writes "Pittsburgh startup Dynamics Inc has unveiled gadget-like credit cards with buttons, lights and even displays built into the same space as a conventional card. One card has two buttons on the front, which, when pressed, rewrite the data on the card's magnetic stripe, allowing it to act as multiple bank or credit cards in one. Another has several buttons and a display in place of the card's number. Only after entering a PIN is the magnetic stripe populated and the full card number revealed, and after a short time both go blank again for security." I wonder how long it'll be until somebody builds onboard biometrics into one of these things.

4 of 239 comments (clear)

  1. I'm waiting for transaction-specific codes by mysidia · · Score: 5, Interesting

    Cards that will populate the mag-strip with transaction-specific codes each time. So you can type the code in, the guy at the restaurant can pick up the card with your ticket, and swipe it once.

    But if he tries to scan the stripe and clone the card, the number he gets is useless, because it is transaction specific.

    I would envision each CC being allocated a block of 200 random CC numbers, to be used in sequence, when it is printed, 200 random initial CVV2 numbers, and 1000 random CVV2 offsets in the form of a number between 0 and 999. For each transaction, pick a number, with no number re-used until 199 more transactions have been made.

    Each time a number is used, the CVV2 is to be the initial CVV2 number plus the next CVV2 offset, modulo 999. CVV2 offsets are not re-used until 999 more transactions have been made.

    Each time a number is used, the CC company can determine it is valid and compute exactly the right CC and CVV2 numbers that should be used by the next 10 transactions.

    Unless there is delayed processing involved, they can also know to reject any number other than those 10.

    Even if there is delayed transaction processing involved, the CC company can know a code 199 transactions ago is "too old", because there have been transactions made since then that are too old.

    There should also be a way to enter a special PIN to generate a 'vendor specific' code that can be used for multiple transactions.

    Possibly assigning card users larger pools of numbers, so expiration dates, and dollar limits can be encoded using the CC# and CVV2.

    If multiple failures are detected with a CC# (e.g. someone tries to clone one number and try it with multiple CVVs), then that CC# is retired permanently, and the CC company sends the customer a new file to flash their credit card's memory with.

    1. Re:I'm waiting for transaction-specific codes by dj245 · · Score: 3, Interesting

      I experienced table-top POS terminals during a recent trip to Nova Scotia. Apparently they are very popular there, and the waitress couldn't believe that I had never seen one in the US. The biggest problem is that in Europe, tipping is not expected or required. In the US, you can write the tip and walk away without the waitress watching you. If they go to table-top POS terminals like I saw in Canada, then you need to tip in front of your server. As an American, it was not very comfortable, although I suppose it is more profitable for the waitstaff. As an aside, when I was younger, tipping was commonly 10% and 15% for good service. Now my coworkers give me a hard time if I give any less than 20%. I think its time that we pay servers more and do away with the tip. The hidden cost of tipping is starting to be a substantial part of the restaurant bill.

      --
      Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
  2. Something similar by dsavi · · Score: 3, Interesting

    A major corporation that someone I know has worked for used to use what looked like a very thick credit card to log into what I believe was a VPN. You would input a PIN on the front, and it would display a code that would be valid for 30 seconds or so for logging into the VPN that it calculated itself, based on the current time and PIN. I think this card was made by RSA, now I think the same company uses a slightly different system.

  3. No thanks by pavon · · Score: 4, Interesting

    Because cell phones are buggy pieces of shit, and I wouldn't trust them with my credit card number and PIN for anything. Especially as they become more and more tied to the web.