American Express Seeks To Swap Card Numbers For Secure Tokens

jfruh writes: One of the fundamental problems of the electronic payment business is that it's by and large based on the fundamentally insecure infrastructure of the credit card system, where anyone who has your 16-digit card number can make purchases on your account. American Express is trying to improve its security by moving towards the use of unique tokens for online purchases.

Finally..

[Midnight_Falcon]

With OTP and related two-factor authentication technology becoming so widely available, one would have hoped that credit cards would implement some type of solution either using OTPs instead of cards, or augmenting them with OTPs. Millions of dollars in fraud prevention, "credit monitoring" and other such services would be saved by simply using solid cryptographic systems for the payment networks.

PCI compliance would probably be a lot less of a headache as well...

anyone who has your 16-digit card number

[xxxJonBoyxxx]

>> anyone who has your 16-digit card number can make purchases on your account

Wasn't CCV (the extra 3-digit number on the card) supposed to fix that? (https://www.dcporder.com/ccv.htm) Oh wait...intermediates started storing THAT too.

So yeah...bring it on!

Re:They had a one-time-use number program years ag

[sunking2]

Because it's a pain and people are lazy.

Re:Evolution of payments

[Phreakiture]

• Merchant advises me of the total.
• I give him cash equal to or greater than the total.
• He gives me change equal to the difference between the total and what I gave him.

Now, if you want an electronic approach, how about this:

• Merchant advises me of the total.
• I take a device, could be a card, could be a phone, whatever, and authorize an amount. Optionally, this may (i.e. should) involve the entry of a passcode of some sort. This should be entered into my device, not the POS terminal.
• I connect the device to the POS terminal (could be a plug, slot, wireless, NFC, whatever - not important).
• The POS terminal assembles a transaction record consisting of time, date, merchant ID, terminal ID, amount, sequence number. It passes this to my device.
• If the POS terminal and my device agree on the amount, my device will add my account number to the transaction record, and then cryptographically sign the record.
• The signed transaction record is passed back to the POS terminal and sent to the processor.

If the amounts don't match, no signature, preventing overcharges. If the transaction is replayed, the merchant ID, terminal ID and sequence number collectively will function as a transaction ID and it will be recognized as a dupe. If any of the transaction details are altered, the signature doesn't match. If the vendor tries to do two transactions at once, the device won't sign both without me reauthorizing. If the vendor wants or needs to validate off-line, the signature can be checked using the device's certificate, the signature of which can be checked with a cached CA cert.

Now, because this approach is agnostic as to whether the device is a card, dongle, phone or whatever, and whether it plugs in, taps or even just flashes a QR code on a screen, I can see the approach being adapted to both bricks-and-mortar and on-line purchases. The only thing I can think of that we do with our credit cards now that might be tricky in this system would be recurrent payments, but those could be handled by pre-authorizing a year's worth of transactions or something similar.