Slashdot Mirror

← Back to Stories (view on slashdot.org)

High-Tech Card Rolled Out By French Banks Replaces CSC Number Every Sixty Minutes To Prevent Fraud (popularmechanics.com)

Posted by msmash on from the we-win dept.

French digital security firm Oberthur Technologies has come up with a method for making stolen cards useless after an hour. Called the Motion Code, the card replaces the fixed, three-digit Card Security Code (CSC) that sits next to your signature with a miniature display that shows a new number every 60 minutes. From a PopularScience report:In order to combat the rise of online credit card theft, several French banks are partnering with security company Oberthur Technologies to create a credit card with a security code that is constantly changing so that within an hour, a stolen number will be useless. Online credit card fraud is a rapidly growing problem. Thieves can steal your credit card info in a number of ways, such as hacking various consumer websites, or phishing, where they trick you into handing over your information yourself. Once they have your credit card numbers, thieves can go on a spending spree until you or your bank notice, and by the time that happens you can wind up with thousands of dollars in debt. Many banks try and combat this problem by flagging suspicious transactions, but this is an imperfect system that can miss real fraud and accidentally catch legitimate use. Now, two French banks, Societe Generale and Groupe BPCE, are introducing a new system to prevent fraud.

2 of 76 comments (clear)

  1. Re:recurring? by Anonymous Coward · · Score: 3, Informative

    Generally:

    a) You place the order with the rotating CSC
    b) A hold is placed on your account for the amount of the purchase and an opaque transaction ID is returned to the merchant
    c) When the merchant fulfills the order, the opaque transaction ID returned in step (b) is used to change the "hold" into an actual transfer of money from cardholder to merchant.

    That's how it works today with static CVV/CVV2 numbers, anyway.

  2. Re:As Some Who Worked in PCI... by omnichad · · Score: 3, Informative

    a lot of vendors still don't process transactions until the evening.

    The CVV is used at the authorization stage, not the capture stage. They'd already have an authorization - and the CVV would be valid that moment.

    And if the restaurant is PCI compliant, wouldn't it be far better (and less effort / security risk) to store the authorization token than to store the 16-digit card number and CVV anyway?