Slashdot Mirror
Credit Cards That Think They Are Gadgets
holy_calamity writes "Pittsburgh startup Dynamics Inc has unveiled gadget-like credit cards with buttons, lights and even displays built into the same space as a conventional card. One card has two buttons on the front, which, when pressed, rewrite the data on the card's magnetic stripe, allowing it to act as multiple bank or credit cards in one. Another has several buttons and a display in place of the card's number. Only after entering a PIN is the magnetic stripe populated and the full card number revealed, and after a short time both go blank again for security."
I wonder how long it'll be until somebody builds onboard biometrics into one of these things.
Though this seems like a much safer alternative to today's credit/debit cards, although like TFA says, what will this really do for security? How long until a flaw is discovered or it is cracked?
So I'm guessing you wrote that just so you could get in an early comment.
Or are you really concerned about security on an item which literally has all of its information printed right on its surface which you hand to strangers and gets stored in a third party database. Oh and I forgot that most of the printing is actually raised so it can be recorded with a simple piece of paper and a crayon.
You are worried that something could be less secure than THAT? Well I suppose adding a speaker for blind cashiers might be a bit less secure...
Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
I wonder how long it'll be until somebody builds onboard biometrics into one of these things.
Screw that, I'm waiting for these guys to port Quake to a credit card.
AS TFA points out, there are 16 million credit card readers out there. Instead of making them all RFID readers, just use the existing infrastructure. And this would potentially reduce the size of your wallet, not increase it, by allowing you to carry just one programmable card instead of many.
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
I know chip&pin isn't perfect, but it'd be a step in the right direction..
I just went on vacation and had no problem with my cards until the end, when someone cloned one of my cards and "swiped" it nearly ten days after I'd last used the card in that particular city.
Curiously the card was never out of my sight. They carried a machine to the table in restaurants and swipe on the spot, as is common in Europe.
Then, when my genius bank thought there might be fraud, they called me on my land line at home. This despite having told them my travel plans and they knew I wouldn't be home for another 24 hours. Since I didn't get back to them soon enough they let the fraudulent charges go through -- one of them for over $2000 -- and I had to deal with it the hard way when I got home.
Cards that will populate the mag-strip with transaction-specific codes each time. So you can type the code in, the guy at the restaurant can pick up the card with your ticket, and swipe it once.
But if he tries to scan the stripe and clone the card, the number he gets is useless, because it is transaction specific.
I would envision each CC being allocated a block of 200 random CC numbers, to be used in sequence, when it is printed, 200 random initial CVV2 numbers, and 1000 random CVV2 offsets in the form of a number between 0 and 999. For each transaction, pick a number, with no number re-used until 199 more transactions have been made.
Each time a number is used, the CVV2 is to be the initial CVV2 number plus the next CVV2 offset, modulo 999. CVV2 offsets are not re-used until 999 more transactions have been made.
Each time a number is used, the CC company can determine it is valid and compute exactly the right CC and CVV2 numbers that should be used by the next 10 transactions.
Unless there is delayed processing involved, they can also know to reject any number other than those 10.
Even if there is delayed transaction processing involved, the CC company can know a code 199 transactions ago is "too old", because there have been transactions made since then that are too old.
There should also be a way to enter a special PIN to generate a 'vendor specific' code that can be used for multiple transactions.
Possibly assigning card users larger pools of numbers, so expiration dates, and dollar limits can be encoded using the CC# and CVV2.
If multiple failures are detected with a CC# (e.g. someone tries to clone one number and try it with multiple CVVs), then that CC# is retired permanently, and the CC company sends the customer a new file to flash their credit card's memory with.
Because in Japan the companies are far more tightly integrated, and it's much easier for NTT to work with JR East on what they want to do, and decree to handset makers that their next products will include the functionality. In the US, for instance, it's virtually guaranteed we'd have massive infighting and incompatibilities as vendors fought for dominance over all others. Verizon would work in some places, AT&T in others, and unless you bought your phone from them you couldn't use it at all.
Basically, there's a whole bunch of bullshit in the States that prevent solutions like Japan has from working.
swipe a card and clone it
And how this is different from what we have now?
As parent indicated, biometrics is the weakest of these, as if someone is able to 'break the code' you have no way of changing your fingerprints, etc. The best approach is a combination of having and knowing, such as an ATM card which a thief can't use without knowing the PIN, or a building access card that requires you to punch in a code. If you lose your card, no big deal, just issue a new one and assign it a new code just in case.
Because cell phones are buggy pieces of shit, and I wouldn't trust them with my credit card number and PIN for anything. Especially as they become more and more tied to the web.
Turbine just generates a non-reversible key from fingerprints. It does nothing to help you out if your fingerprint data gets out. Like by touching a car door.
I used my chip card at a store once, and they guy was like "Hi Steve!", and I was like "Er hi?", and the merchant was like "Your name is stored on the chip and when I plug it in, your name pops up on my screen!", he seemed so happy I didn't want to tell him that it is also printed on the card as well, that you can see what your eyeballs.