Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Credit Card Includes Display and Keypad

Posted by samzenpus on from the looking-at-plastic dept.

First time accepted submitter pev writes "A new credit card released in Singapore includes a screen and keyboard in order to generate one-time passwords for your online banking. From the article: 'The card has touch-sensitive buttons and the ability to create a "one-time password" - doing away with the need for a separate device sometimes needed to log in to online banking. Future versions of the card could display added information such as the remaining balance.' Lets hope they've put more thought into the implementation than with chip and pin."

22 of 118 comments (clear)

  1. What am i missing? by ArturoBandini77 · · Score: 2

    Don't one-time-pasword exists just in case you loose your card???
    With these cards, it's like writing your PIN in the back of the card itself...

    1. Re:What am i missing? by Fjandr · · Score: 5, Informative

      No, they're to prevent the used of the information on the card without the card itself. These basically replace the CVV on the back of the card for determining that the user actually has it in their possession.

    2. Re:What am i missing? by Bomazi · · Score: 5, Informative

      What they did here is integrate a secure terminal like this one directly on the card.

      These terminals are used for online banking. Every time you log in, you receive a different challenge. You then insert the card into the terminal and enter both the pin and the challenge and get the response back. Then you enter the response in the browser.

      The goal of the system is to provide two-factors authentication. You need both something you have (the card) and something you know (the PIN).

      The reason you need a secure terminal is that typing the PIN directly on the computer would allow a keylogger to steal it.

      Overall it is a pretty solid system.

    3. Re:What am i missing? by heypete · · Score: 2

      Indeed. PostFinance (a bank in Switzerland where I have an account as I'm a grad student there) has those exact same terminals. It's pretty slick.

      Only disadvantage: they only allow one card to be linked to one's account for online access, even if it's a joint account. In my case, my wife has access to it because she does most of the financial stuff, but it's annoying. Naturally, we both have bank cards and can access the account via ATMs and the like, but only her card can be used for logging into the website.

    4. Re:What am i missing? by DZign · · Score: 4, Interesting

      I saw these (or a similar type) last year here in Belgium when I was part of a test panel/opinion group.

      Basically it was all possible types of payment systems thrown together in one card.

      It had the debit card system we have here (Maestro / Bancontact), but at the same time you could use it as a credit card too (Visa / Mastercard). Most people in the group found this a good idea as all had multiple cards in their wallet.

      As you can see it has the keypad type thing for extra authentication on the internet so you don't need an extra device for it. Nice, but less useful. Not everyone had a need for it, and we didn't get technical details about how secure it was or how it worked.

      It also had some kind of contact-less system we don't have yet in Belgium but they said it was used in France. Small payments you could just make by holding your card above a reader, no need to enter a pin. As we don't know this, most found it insecure.

      It also wasn't known if you could deactivate certain things or always had all features - like only use the debit/credit card combination but not the touchless thing.

      I remember one disadvantage: the 'buttons' you had to push to generate the nr were difficult to operate. Had to push hard in exactly the right spot. Don't think elderly people could get along with it.

      Technically I was impressed with this card for having battery electronics and lcd in it, as it was very thin and still flexible.

      --
      Learn about pinball machines on www.flippers.be
    5. Re:What am i missing? by mcgrew · · Score: 2

      Don't one-time-pasword exists just in case you loose your card???

      I assume by "loose" you mean "set your card free," as in giving it to your girlfriend. Seems a one time password would work if you only wanted to let her use it once. Nice idea, I like it!

      --
      Free Martian Whores!
    6. Re:What am i missing? by xelah · · Score: 2

      There are tighter rules concerning the CVV. Merchants are never allowed to store, and don't need it to process refunds or continuing payments. Possibly it's not on the swipe, either, I'm not sure. So you could obtain the 16 digits from a stolen merchant database/backup or a sneaky swipe under the table, but not the CVV. That's the theory, anyway. It's never seemed like the strongest security measure on earth....

    7. Re:What am i missing? by Golddess · · Score: 2

      Meanwhile, some places don't seem to require the CVV number ever.

      --
      "I'm not sure I like the fugnutish tone you used in your post!" -RogL (608926)-
  2. similar to Sweden, where all banking is electronic by acidfast7 · · Score: 5, Interesting

    No personal checks in Sweden, so all person-to-person transfers are done in cash. However, banks won't take huge piles of money ... say anything over €500 ... so all of the those transfers are done electronically. When I sold my used bike, we met and did the transfer electronically at a cafe via mobile phones. The biggest difference was that you had to the put the credit card into a device that looks like a calculator and enter a number from the banking website into the card-inserted device. The number returned is that entered into the web to authenticate the transfer. This just does it all on one credit card, which is GREAT.

  3. Re:similar to Sweden, where all banking is electro by acidfast7 · · Score: 2

    Looks like this for those interested ...

  4. Re:similar to Sweden, where all banking is electro by acidfast7 · · Score: 4, Interesting

    They are advanced. Everything is electronic. All train tickets, most plane tickets, and most subway tickets can just be done with the mobile phone (no paper needed).

    They're REALLY pushing for a cashless society and making significant progress. Everyone is paid on the same day (25th of the month) after all.

    To be honest, it's much more of a hassle in Germany and a total nightmare in the US, compared to the simplicity in Stockholm. Once you get up and running, it's super easy.

  5. Re:similar to Sweden, where all banking is electro by acidfast7 · · Score: 2

    You give him/her 400SEK in cash (€40) or he gives you an invoice with his/her banking info and you just transfer it. He'll just email/SMS you the invoice. Pretty simple. We ran into significant problems trying to deposit 25000SEK (€2500) in cash into an account after selling a few items. The police became involved because they thought it might be part of a money laundering scheme (the money can't be tracked once it's in the open.)

  6. I had one of these in the 1980s... by Aphrika · · Score: 2

    ...all the rage it was. I could do maths and stuff on it and everything. Fitted in my wallet and was credit card sized and 1mm thick...

    So why the big fanfare about sticking electronics in a card again, 30 years later?

    1. Re:I had one of these in the 1980s... by TheRaven64 · · Score: 2

      I'm not sure about the one in TFA, but one of the big differences in the prototype that I saw was that it used eInk instead of a traditional LCD for the display. This means that the battery life is a whole lot better. That, combined with improvements in battery technology means that it's possible to create one that will last for longer than the lifetime of a credit card and be able to create cryptographic tokens for this entire time. Oh, and I think you're misremembering the thickness of the 'credit card sized' calculators in the '80s. They were at least 2-3 times the thickness of a normal card. This is exactly the same size, and so works with magnetic strip and chip-and-pin readers as well.

      --
      I am TheRaven on Soylent News
  7. Re:similar to Sweden, where all banking is electro by rapiddescent · · Score: 4, Informative

    Yes, we have the same thing here in the UK.

    it's called CAP, Chip Authentication Programme. I was the designer of the system that used by a big UK bank. It requires a self powered sleeve reader (that looks alike a calulator) and it's an open standard so that all EMV cards can use any branded reader device (they don't tell you that). Some of the readers have a "MENU" button and you can read off the transaction counter etc on your card. A handy way to tell if someone close has been using the card while you're not looking. if you do muck around with your card, be careful. I changed my PIN to be 6 digits on some test gear and ended up having to get a new bank card because the UK ATM network is hard coded to 4 digits. EMV cards support 6 digits.

  8. Re:similar to Sweden, where all banking is electro by Viol8 · · Score: 2

    "I changed my PIN to be 6 digits on some test gear and ended up having to get a new bank card because the UK ATM network is hard coded to 4 digits."

    Why couldn't you use the test gear to change it back to 4 digits , or once its set to 6 digits is it fixed at that and can't be reverted?

  9. Instant Failure. by Lumpy · · Score: 2

    Show me how durable that thing is by putting it in a overstuffed wallet that is then used by a construction worker who bends over and plops down 90 times a day.

    I remember the SecurID credit cards. I had to replace them 3 times a year from cracked LCD screens or cracked boards.

    --
    Do not look at laser with remaining good eye.
  10. SmartDisplayer by cocotoni · · Score: 3, Informative

    Basically we have "news" of a product by SmartDisplayer, that they have been producing for the last 7 years, already implemented by some 30 banks, used by Visa in some markets, which I have been using with the in-house TOATH authentication systems for the last four years. So where's the news? Slow news day?

  11. LCD? by ArcadeMan · · Score: 2

    Why choose LCD over e-ink?

    --
    Get free satoshi (Bitcoin) and Dogecoins
  12. Re:physical keys by TheRaven64 · · Score: 2

    Why would I want to carry one of these gadgets around when I already have a smartphone which can do the same job?

    You answered this question in your first paragraph. A mobile phone application runs on a general purpose OS (which, unless its an iPhone or a Google-branded Android phone, probably has a load of old and buggy libraries and kernel because your carrier doesn't push out updates sufficiently competently). Even if the app itself is perfectly written, the TCB contains a whole load of other stuff that really shouldn't be trusted - you install one malicious app by mistake (or visit one malicious web page with a browser that has a known exploit that is fixed upstream but the fix never pushed to you) and your bank account is compromised.

    In contrast, the device on the card is running a simple OS, has no network communication, and is basically impossible to trojan without physical access and disassembly.

    By the way, we have the Singapore banking regulator to thank for a number of things, including two-factor authentication for online banking. They were the ones that insisted that it had to be provided by all banks doing business in Singapore, and the big banks decided that it was cheaper to roll it out worldwide than have a single system for Singapore. They also have very strict rules (and impose fines for violations) regarding security and disclosure.

    --
    I am TheRaven on Soylent News
  13. Re:similar to Sweden, where all banking is electro by compro01 · · Score: 2

    spending 30 seconds writing a cheque.

    Plus 5 minutes to deposit said cheque, then a few days waiting for said cheque to clear before your balance reflects reality again.

    --
    upon the advice of my lawyer, i have no sig at this time
  14. Re:similar to Sweden, where all banking is electro by Indigo · · Score: 2

    I'm sorry, did you just say the police got involved because you had to deposit a measly couple thou in cash?? That one thing pretty much negates any other advantage the Swedish system may have. No offense, but that's just insane.