Slashdot Mirror

← Back to Stories (view on slashdot.org)

American Express Seeks To Swap Card Numbers For Secure Tokens

Posted by Soulskill on from the teaching-an-old-dog-old-tricks dept.

jfruh writes: One of the fundamental problems of the electronic payment business is that it's by and large based on the fundamentally insecure infrastructure of the credit card system, where anyone who has your 16-digit card number can make purchases on your account. American Express is trying to improve its security by moving towards the use of unique tokens for online purchases.

5 of 130 comments (clear)

  1. anyone who has your 16-digit card number by xxxJonBoyxxx · · Score: 4, Insightful

    >> anyone who has your 16-digit card number can make purchases on your account

    Wasn't CCV (the extra 3-digit number on the card) supposed to fix that? (https://www.dcporder.com/ccv.htm) Oh wait...intermediates started storing THAT too.

    So yeah...bring it on!

    1. Re:anyone who has your 16-digit card number by Mordok-DestroyerOfWo · · Score: 5, Funny

      Actually CVV values are located in the track data which only proves you either have a copy of the card or the original. The second "fix" was CVV2 values which are printed on the back of the cards. This was to prove the card is in the hands of the person, but if that number has been comprised (which is darn easy) then all bets are off.

      AMEX uses a 4 digit value printed on the front of the card.

      In a few years once somebody figures out how to implement a 5 digit value on the back of a card, our worries will be over!

      --
      "Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
  2. Token by Impy+the+Impiuos+Imp · · Score: 4, Funny

    Triumph the Insult Comic Dog: "So, have you ever actually talked to a girl without giving her your secure unique token first?"

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  3. Re:Finally.. by Midnight_Falcon · · Score: 4, Informative
    If you're going to troll at least you give the benefit of the doubt on acronyms. OTP = One Time Password ...NOT one time pad.

    Here's a reference so you can avoid further confusion and undeserved insult: http://en.wikipedia.org/wiki/O...

  4. Re:Get rid of numbers by Andy+Dodd · · Score: 5, Interesting

    You just described EMV, which all retailers will be effectively required to accept by October 2015 in the US. (It's not completely mandated, but the fraud liability shift effectively mandates it. After Oct. 1 2015, *retailers* will be fully liable for magstripe fraud.)

    EMV is widespread in Europe, it's been slowed down due to political bullshit from MCX in the USA.

    --
    retrorocket.o not found, launch anyway?