Slashdot Mirror
Credit Cards That Think They Are Gadgets
holy_calamity writes "Pittsburgh startup Dynamics Inc has unveiled gadget-like credit cards with buttons, lights and even displays built into the same space as a conventional card. One card has two buttons on the front, which, when pressed, rewrite the data on the card's magnetic stripe, allowing it to act as multiple bank or credit cards in one. Another has several buttons and a display in place of the card's number. Only after entering a PIN is the magnetic stripe populated and the full card number revealed, and after a short time both go blank again for security."
I wonder how long it'll be until somebody builds onboard biometrics into one of these things.
You mean, digital passwords you can never change? Sounds secure...
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
purchase? Though this seems like a much safer alternative to today's credit/debit cards, although like TFA says, what will this really do for security? How long until a flaw is discovered or it is cracked?
boop, boop, boop ... your money's now gone.
bank bailouts enter the digital age.
Why don't they just tie this shit into your cell phone instead? They already have something similar in Japan with swipe phones for the JR line.
Why does every company have to try and put another gadget in your pocket. They should just integrate better with existing gadgets so I don't have to wear fucking cargo pants and have a wallet that is 3 feet big.
Perhaps finally we have here a magnetic strip that isn't prone to being stripped of its information?
"His name was James Damore."
Scammers will love these, they'll find a flaw where they can reprogram any name and card number, swipe a card and clone it.
Pretty soon, our credit cards will even make Julienne fries!
I wonder how long a card like this will last in an average wallet, perhaps facing demagnetization, wear and tear, and other issues of being in a pocket and constantly jostled around.
However, it it can handle that, this could be a great thing to have, as not just a credit card, but as an authentication device. Punch your PIN, punch a challenge phrase, give the vendor the response, and that will do a lot to minimize credit card fraud.
Of course, skimmers with cameras will still be an issue -- just videotape the person typing on the card and not the PINpad, and if it uses an active cryptographic handshake, run a MITM attack.
I wonder how long it'll be until somebody builds onboard biometrics into one of these things.
Screw that, I'm waiting for these guys to port Quake to a credit card.
I wonder how long it'll be until somebody builds onboard biometrics into one of these things.
About 5 years ago.
They already had this system working PERFECTLY in monopoly. Hasbro should sue.
God, I just wish that they would put a simple on/off switch on/in them ...
I know chip&pin isn't perfect, but it'd be a step in the right direction..
I just went on vacation and had no problem with my cards until the end, when someone cloned one of my cards and "swiped" it nearly ten days after I'd last used the card in that particular city.
Curiously the card was never out of my sight. They carried a machine to the table in restaurants and swipe on the spot, as is common in Europe.
Then, when my genius bank thought there might be fraud, they called me on my land line at home. This despite having told them my travel plans and they knew I wouldn't be home for another 24 hours. Since I didn't get back to them soon enough they let the fraudulent charges go through -- one of them for over $2000 -- and I had to deal with it the hard way when I got home.
Cards that will populate the mag-strip with transaction-specific codes each time. So you can type the code in, the guy at the restaurant can pick up the card with your ticket, and swipe it once.
But if he tries to scan the stripe and clone the card, the number he gets is useless, because it is transaction specific.
I would envision each CC being allocated a block of 200 random CC numbers, to be used in sequence, when it is printed, 200 random initial CVV2 numbers, and 1000 random CVV2 offsets in the form of a number between 0 and 999. For each transaction, pick a number, with no number re-used until 199 more transactions have been made.
Each time a number is used, the CVV2 is to be the initial CVV2 number plus the next CVV2 offset, modulo 999. CVV2 offsets are not re-used until 999 more transactions have been made.
Each time a number is used, the CC company can determine it is valid and compute exactly the right CC and CVV2 numbers that should be used by the next 10 transactions.
Unless there is delayed processing involved, they can also know to reject any number other than those 10.
Even if there is delayed transaction processing involved, the CC company can know a code 199 transactions ago is "too old", because there have been transactions made since then that are too old.
There should also be a way to enter a special PIN to generate a 'vendor specific' code that can be used for multiple transactions.
Possibly assigning card users larger pools of numbers, so expiration dates, and dollar limits can be encoded using the CC# and CVV2.
If multiple failures are detected with a CC# (e.g. someone tries to clone one number and try it with multiple CVVs), then that CC# is retired permanently, and the CC company sends the customer a new file to flash their credit card's memory with.
A major corporation that someone I know has worked for used to use what looked like a very thick credit card to log into what I believe was a VPN. You would input a PIN on the front, and it would display a code that would be valid for 30 seconds or so for logging into the VPN that it calculated itself, based on the current time and PIN. I think this card was made by RSA, now I think the same company uses a slightly different system.
You mean, people read titles?
This could make a long-time dream come true for me. I use one-time use numbers online but in brick-and-morter transactions (like paying at a restaurant), I still have to give my real credit card number. Perhaps these cards could be made to generate a one-time use number. Then, when I'm paying at the grocery store, they get one number while the pizza place gets a second number. I'm sure there would be some security hurdles to clear but it is a promising development.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Don't buy any thing that you cannot afford. Use cash to pay for everything you can. I hate people who use plastic be it credit cards or debit cards for individual purchase of less than 10 dollars. If you cannot have at least 10 bucks in your wallet at all times then you do not deserve to call yourself an adult.
It often takes more time to use a debit card than using cash especially when the store's machines are acting up. Also consider that it costs a store money per transaction so you are actually being a jerk if you use our debit card for small purchases.
Jesus was a compassionate social conservative who called individuals to sin no more.
That would be an essential requirement to replace plastic.
Open Standards Portal
Can it be programed to remind you of your PIN?
Smivs on the intertubes!
When I get my credit card stolen, I'll lose a $20 gadget instead of giving the thieves access to my $0.20 bank account or my credit card with fraud protection where I simply click "Report" on any charges that weren't mine (and I have something like a week to report it stolen, so even if I don't notice it immediately I'm still not liable)?
Also, this in no way stops credit card skimmers at ATMs, gas stations, etc., nor RFID readers.
The positive thing I see about this is the ability to program multiple cards into one card. I kinda like that. Even compared to putting it in my cell phone. If it's cold enough out, I'll have my cell phone buried deep and answer with my headphones (either corded or bluetooth), especially since it's a touchscreen and I'll be damned if I'm gonna take my cell phone out *and* take-off my gloves. Having 1 credit card that I could keep in an outer pocket, alone (so as not to be a target), would be nice.
Also, if I'm at a restaurant, I really don't want to hand my waitress my cell phone to take back to the back...
No trespassing. Violators will be shot. Survivors will be shot again.
You don't see a lot of Nigerian CC Theives pickpocketing cards
... DIRECTLY FROM YOUR SCHOOL RECORDS
Credit Card Fraud is not due to Physically Stealing the Card. Maybe back in the 1960's when people were using 3 piece paper receipts that had to be run through a manual stamper this card could have made sense but it is a waste of time to try to protect accounts this way.
Does anyone remember TJMax had a few million card numbers stolen
There are about 20 big hacks where millions of card numbers were stolen.
In addition some people use their cards with un-reputable merchants
The idea of putting a password on your card is bogus when most thieves never need physical access to your card to steal from you...
And this does nothing about companies that release personal data about you and your account to their "AFFILIATES"
Or the fact that every college and High School sells your personal data to list companies. THATS RIGHT
Name address, birth date, parents names and more
The card is one more level of stupid
however it may protect you from your kid ordering crap off tv.
If they are doing all of this, and a main issue begging to be solved is credit card number theft, why not just add one simple layer of security? Have the security 3-4 digit PIN on the card change every 5 minutes or so? Similar to how SecureID works. If the ID given does not match the current, previous, or next one on the credit card computer the transaction fails. I would also make the security pin longer to prevent random guesses from working. Add an exponentially increasing lock-out period for failed attempts (and maybe send an email and/or phone message warning after a couple fails) and that should do the trick.
Even if the numbers/strip are obscured without a PIN the finger smudges on the card over the commonly used numbers will make the PIN a trivial matter to guess. What is the point of this security? Would you not call in the card missing/stolen just because it has better security?
This is a great idea let's do it! Maybe the card will run Windows too for even better security - far out!!! Put ie6 on it too so I can surf the web in complete safety from active exploits.
Because cell phones are buggy pieces of shit, and I wouldn't trust them with my credit card number and PIN for anything. Especially as they become more and more tied to the web.
Another way to do this is use something like Visa CodeSure which gives you the ability to enter a PIN on the card so that dynamic passcodes can be created. Commercially available now too.
http://www.visaeurope.com/en/about_us/innovation/visa_codesure.aspx
Avantslash - View Slashdot cleanly on your mobile phone.
- EMV cards are actually gadgets. Very limited, no blinky lights and such, but has a CPU, encryption is performed on the card, and it doesn't need a mag stripe. Many don't ever get swiped.
- Mag stripes will be obsolete not long from now. Already, if you travel to Europe, many retailers refuse US cards without a chip, even though the terminal will read the stripe. It's all about risk shifting. Anything the issuers can do to avoid risk is good for them, so they want to shift risk to merchants or card holders. Merchants want to shift risk also. Guess who doesn't have any good ways to shift the risk elsewhere... Yup, customers. So European merchants hate mag stripes, and won't accept signature transactions if they can help it.
EMV adoption in the US is slow. Costs.
deleting the extra space after periods so i can stay relevant, yeah.
This is all just a way to make you pay for more and more. Card companies/Banks have to write off fraud, usually, and they hate doing this, so every new card gimmick that comes along will be aimed at making fraud more your problem and less theirs.
But it will also be used to make you pay for everything big companies won't. Let's create an example: Say you walk into Walmart and buy a pair of Calvin Klein jeans. You pay for the Jeans at the checkout. However, Walmart never pays the supplier, Calvin Klein (or the distributor). Thanks to all these shared records, the databases can track everything and one day you get a bill from Calvin Klein for the jeans you purchased at Walmart.
Sounds implausible right? I'm right now fighting with Direct TV for services I purchased through Verizon. Verizon didn't pay Direct TV, so Direct TV is billing me instead, even though I paid Verizon. I never got a Direct TV bill before this one. I was never their customer (directly), I was a Verizon customer. And yet here I am, stuck with the bill.
Trust me, my above example at Walmart may be implausible now, but 5 years from now it'll be commonplace to see the average joes being shafted at both ends by large companies. This card is one more step towards that end.
If telephones are outlawed, then only outlaws will have telephones.
The most useful change in credit cards would be giving buyers a stack of one time passwords, each one issued to the vendor tied to the specific parties and dollar amount of the transaction, with a short expiration date.
The best way to do it would be a smartphone app that took a token from the vendor, the vendor's ID (another onetime string from a vendor pool of onetime ID#s), encrypted it with the dollar amount and a onetime ID# from the buyer's pool, and sent it over the network to the credit corp. The credit corp would decrypt it and credit the vendor's account. That way no ID info is shared that can be reused.
If they want to make a physical credit card that does those things once connected to a network (like a chipcard), great. Let them put a fingerprint sensor and PIN on the card, along with a display of the available credit remaining and outstanding balance to date. But the one time passwords are by far the most value to deliver to the consumer, and therefore to the vendor, too.
--
make install -not war
As long as merchants still pay for credit card fraud, where is the business case and incentive for the card issuers to adopt this technology as they are currently laying off the risk and the benefits for adopting do not accrue to them while they incur all the costs of adoption? As a consumer, I would purchase this just to collapse all my mag-stripe cards (not just credit/debit) to one card that was secured with a PIN that I could change myself, if it could be sold that way.
What if the US did away with cash, and instead we started using credits like scifi? Well at first you'd think you'd carry a credit card around, and maybe a device to transfer credits from one to another with an indicator of how many transfer so no one cheats? Then I figured the device could be on the card itself, and two cards interact in a certain method.
Wouldn't it be great to be able to look over how a politician obtains and spends his money? Public officials should lose their privacy while they're in office and all their money transactions should be able to be scrutinized.
Illegal sales like drugs would be more difficult to do because if someone gets caught by the police, the police could then scan the offender's device and see all of his contacts.
Of course you automatically upload to the IRS every tax season at least and FBI maybe more. I'm thinking with cell phone capabilities, it could auto network.
I guess there are a lot of downsides to this too that I'm not seeing, but since it has some good points its worth at least idly talking about. What are some downsides we'd have if we moved to an all credit system? I guess one would be the worry that the government could seize your money with a few clicks. Or maybe two would be hackers.
God spoke to me.
College-Pages.com - Online Colleges, Degrees, and Programs
cash, credit, or bioscan?
Magnetic stripe huh? ...2008.
I think I haven't used that part of my card ever. This was issued in
It's secure chips and online verification all the way in scnadinavia now. Helpfully, it is hard to overrun your bank account with a debit card this way. I wonder if this was deployed for my or the banks safety?
Bot Assisted Blogging
According to an article I read, Walmart currently doesn't actually take ownership of their inventory until it is sold. That's right...they don't pay the manufacturer until they've already sold the item.
Brilliant way to leverage market dominance into increased interest earnings by holding onto their money a while longer.
We'll finally be able to "swipe" the card for tipping at the strip club now?
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
On a keypad that is used to enter only a single combination, wear patterns can leak information. That's one advantage the ATM's keypad has over one on your personal card.
An advantage of entering the PIN on the card's keypad, on the other hand, is that it cannot be gleaned by a fake ATM machine.
'Populate the magstripe' - er, how's that done in accordance with international Standards for machine-readability of encoded digits on each track? And who cares, when the only half-good security nowadays is on a chip which is already there?
Am glad I'm down to 1 credit card.
"Give me your wallet... and your eye" is not a phrase I'd like to hear.
Would some of the credit card companies go for something like this? I would guess they like having a piece of plastic in your wallet that you might look at on a fairly constant basis. Free advertising and a reminder to charge more on card XYZ.
I once read that is the reason that credit cards have a 2 or 3 year expiration date. They could last longer and they know they could save money shipping and producing, but the card refresh is a chance to get the card in front of you again in the hopes that you will use it more.
I hope that someday we will be able to put away our fears and prejudices and just laugh at people. - Jack Handey
But does it run Linux?
Not with retail stores at least; you don't have to pay Calvin Klein because you never signed a contract with them. The only reason you have to pay Walmart is due to shoplifting laws, not contract law. Conversely, you signed a contract with Verizon and that presumably contained a contract with DirectTV as well buried in fine print, in another document they never sent you but you could've mailed to ask for, or was contained in those 'terms which we may change at our discretion without notifying you'.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
and they don't like anthropomorphizing either.
1. CASH is always the same speed.
Think of those times when you were in a hurry and you were stuck behind some someone who enters in the wrong pin or chooses the wrong bank account type when they were buying items that cost less than 20 bucks. What if there was a network error? Had they used cash, you would have been out of there long before they finally got the transaction to work.
2. Cash is accepted everywhere.
Not every place accepts Visa or Mastercard and a lot of places do not accept Amex. Some places do not accept debit cards for logistical reasons (ferries, planes and many taxis). Cash is generally accepted everywhere.
3. Cash does not carry a per transaction fee when traveling in a foreign country.
Most credit cards charge a fee per transaction on top of their poor currency exchange fees which is why I take cash with me when I travel to Europe, the States or Japan. In fact, Japan is still very much a cash based society outside of their PASMO/SUICIA system for convenience stores and trains/transit. Don't expect your North American credit or debit card to work over there.
4. Cash is easily transferable between people.
You can lend/give cash to anyone but you cannot do the same with a credit/debit card.
Jesus was a compassionate social conservative who called individuals to sin no more.
oh...no there's not. Why, again?
Think of it this way: it's just like with a computer
College-Pages.com - Online Colleges, Degrees, and Programs
we had been brought as consultants to small client/server startup that wanted to do payment transactions on their server ... the startup had also invented this technology they called "SSL" they wanted to use; the result is now frequently called "electronic commerce"
somewhat as a result, in the mid-90s, we were asked to participate in the x9a10 financial standard working group which had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments (aka debit, credit, stored-value, gift-card, face-to-face, point-of-sale, internet, high-value, low-value, contact, contactless, wireless, transit turnstyle, aka *ALL*) which resulted in the x9.59 financial transaction standard. Part of the standard was slightly tweaking the existing paradigm to eliminate skimming, evesdropping, data breach and other similar threats involving harvesting "static" data for performing fraudulent transactions (did nothing to prevent such activities, just eliminated threat that such activities could use the information for performing fraudulent transactions). Part of x9.59 is format agnostic and allowing authentication proportional to risk (i.e. possibly single-factor for low-value ... and exact some components also doing various levels of multi-factor authentication for higher values).
The cost for such components could be deployed in such away that the aggregate, overall infrastructure expense is less than current paradigm ... and has sufficient integrity that the cost to compromise would always be higher than any expected resulting fraud (standard is also format agnostic).
Part of the issue is in the current infrastructure, major portion of existing fraud is born by merchants (in the form of various fees and other charges). Raising the bar on existing retail payment fraud would likely drive the crooks to switching to attacks involving opening new accounts (rather than attacks on existing accounts) ... including using "synthetic ids" (no actual corresponding person) ... which would shift all of the burden to the financial institutions.
> I wonder how long it'll be until somebody builds onboard biometrics into one of these things.
We did it more than 5 years ago. Our company failed because the product was priced too high for the market. Our cost to PRODUCE it was an order of magnitude higher than current dumb cards.
At least for RFID, this would be much more fun:
http://www.reddit.com/r/reddit.com/comments/cyeiz/reddit_i_present_to_you_my_superfun_idea_for_rfid/
"I think it would be a good idea" Gandhi, on Western Civilisation
Well, I remember hearing about the first ones being used as lock picks.
I see even classic Slashdot is now pretty much unusable on dial up anymore.