Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Credit Cards That Think They Are Gadgets

Soulskill posted about 4 years ago | from the why-is-my-wallet-beeping dept.

Handhelds 239

holy_calamity writes "Pittsburgh startup Dynamics Inc has unveiled gadget-like credit cards with buttons, lights and even displays built into the same space as a conventional card. One card has two buttons on the front, which, when pressed, rewrite the data on the card's magnetic stripe, allowing it to act as multiple bank or credit cards in one. Another has several buttons and a display in place of the card's number. Only after entering a PIN is the magnetic stripe populated and the full card number revealed, and after a short time both go blank again for security." I wonder how long it'll be until somebody builds onboard biometrics into one of these things.

cancel ×

239 comments

Sorry! There are no comments related to the filter you selected.

Biometrics? (3, Insightful)

spun (1352) | about 4 years ago | (#33612510)

You mean, digital passwords you can never change? Sounds secure...

Re:Biometrics? (1)

snowraver1 (1052510) | about 4 years ago | (#33612592)

Why could it not be changed? Chip and pin cards store the pin on the chip, and they can be changed.

Re:Biometrics? (3, Funny)

Anonymous Coward | about 4 years ago | (#33612638)

Did you ever tried to change your fingerprints?

Re:Biometrics? (2, Insightful)

Prune (557140) | about 4 years ago | (#33612994)

Revocable biometrics exist, and you don't have to chop off your fingertips either: for example, http://www.turbine-project.eu/ [turbine-project.eu] or http://vast.uccs.edu/biodistmet.html [uccs.edu] or http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=4318487 [ieee.org] and so on By the way, not to be a grammar nazi, just informative: did you ever tried -> did you ever try

Re:Biometrics? (4, Insightful)

Zerth (26112) | about 4 years ago | (#33613118)

Turbine just generates a non-reversible key from fingerprints. It does nothing to help you out if your fingerprint data gets out. Like by touching a car door.

Re:Biometrics? (1)

Prune (557140) | about 4 years ago | (#33613286)

There are two separate issues, physical and electronic compromises. Compromising the database is a much bigger problem and more likely scenario than compromising the actual physical feature. The schemes mentioned above solve the electronic issue. Physical security of oneself is fairly reasonable, and if compromised then one should switch to a different biometric ID or a password. Of course, I always believe the option has to be there to use a password. But revocable biometric IDs can still be useful for most cases where there has not been reason to suspect a physical compromise--these would be rare occurrences.

Re:Biometrics? (1)

Prune (557140) | about 4 years ago | (#33613338)

Think of it this way: it's just like with a computer--if physical security is breached, all bets are off regardless of what crypto you're using. Your whole hard drive can be encrypted with TrueCrypt, but there was an article posted here (months ago I think) where they can spray the RAM with a freeze spray as they cut power to the machine and then recover the plain text keys because there's still some charge. Protecting yourself from say retina scans by wearing glasses is a pain, so what we need for biometrics to be more reasonable is some biometric that is easy to conceal without effort. I'm thinking something along the lines of remote but near field EEG which can be affected by thinking along, without having to type in a password.

Re:Biometrics? (1)

jeffmeden (135043) | about 4 years ago | (#33613456)

<Insert mythbusters episode reference here>

The current (and foreseeable future) crop of biometric systems are very difficult to "attack" by using lifted fingerprints due to the way they read the fingerprint from your skin. Creating a real-skin (or functional equivalent) duplicate is probably somewhere near the order of difficulty of brute-forcing a password for commonly accepted (read: flawed) password mechanisms. So; worry about one worry about the other, I guess.

Re:Biometrics? (-1, Troll)

Zixaphir (845917) | about 4 years ago | (#33613288)

Actually, the correct term in this instance would be "have you ever tried". "Did you ever try" would imply he had previously suggested you change your fingerprints.

~A real grammar nazi.

Re:Biometrics? (1)

snowraver1 (1052510) | about 4 years ago | (#33612668)

I didn't read the post title... I thought that this comment was referring to the part where you can enter a pin to make the mag strip work. My bad...

What is this? (0)

nullifi (1085947) | about 4 years ago | (#33612744)

You mean, people read titles?

Re:Biometrics? (0)

Anonymous Coward | about 4 years ago | (#33612826)

Were sorry Sir :
Your a victim of Identify theft 24 times with the same card.

Re:Biometrics? (5, Insightful)

slshwtw (1903272) | about 4 years ago | (#33612948)

Three kinds of security:
  • something you are (biometrics)
  • something you have (card)
  • something you know (pin)

As parent indicated, biometrics is the weakest of these, as if someone is able to 'break the code' you have no way of changing your fingerprints, etc. The best approach is a combination of having and knowing, such as an ATM card which a thief can't use without knowing the PIN, or a building access card that requires you to punch in a code. If you lose your card, no big deal, just issue a new one and assign it a new code just in case.

Re:Biometrics? (3, Insightful)

toastar (573882) | about 4 years ago | (#33613034)

Biometrics is also the weakest against the guy with a gun at the ATM scenario, You fingerprint is still there if he blows your brains out, Your Pin not so much

Re:Biometrics? (3, Insightful)

profplump (309017) | about 4 years ago | (#33613250)

Please don't conflate "biometerics as a stand-alone authenticator" with "biometrics as a second authentication factor". It's pretty reasonably to combine a physical token with biometrics, because you *can* deactivate/replace/rekey the physical token pretty easily. It's important that the authentication system includes some revokable factor, and ideally you'd also have a PIN or other knowledge-based authentication token, but physical + biometric is not a bad start, and can form a perfectly usable, revokable system.

And it's certainly not a bad system compared to the current "physical only" authentication currently in place.

Your fingerprints can't be changed, but they can't be as trivially reproduced as a password either. I agree, someone *could* steal your fingerprints and reproduce them in some useable way, though it would take a higher level sophistication than simply stealing your card or copying your password. And if someone stole your fingerprints and your card you could simply deactivate the stolen card and have a new one issued. The person with your fingerprints would then have a copy of your fingerprints and a useless credit card dongle. He'd need to steal your physical credit card all over again in order to use make use of his copy of your fingerprints.

First (1)

genican1 (1150855) | about 4 years ago | (#33612532)

purchase? Though this seems like a much safer alternative to today's credit/debit cards, although like TFA says, what will this really do for security? How long until a flaw is discovered or it is cracked?

Re:First (5, Insightful)

IndustrialComplex (975015) | about 4 years ago | (#33612576)

Though this seems like a much safer alternative to today's credit/debit cards, although like TFA says, what will this really do for security? How long until a flaw is discovered or it is cracked?

So I'm guessing you wrote that just so you could get in an early comment.

Or are you really concerned about security on an item which literally has all of its information printed right on its surface which you hand to strangers and gets stored in a third party database. Oh and I forgot that most of the printing is actually raised so it can be recorded with a simple piece of paper and a crayon.

You are worried that something could be less secure than THAT? Well I suppose adding a speaker for blind cashiers might be a bit less secure...

Re:First (4, Funny)

DarthVain (724186) | about 4 years ago | (#33613376)

I used my chip card at a store once, and they guy was like "Hi Steve!", and I was like "Er hi?", and the merchant was like "Your name is stored on the chip and when I plug it in, your name pops up on my screen!", he seemed so happy I didn't want to tell him that it is also printed on the card as well, that you can see what your eyeballs.

Re:First (1)

zombieChan51 (1862028) | about 4 years ago | (#33612654)

That's how the life cycle go, try to make something more secured, people will find exploit, product no long secure, loop back to beginning.

Re:First (1)

g0bshiTe (596213) | about 4 years ago | (#33612880)

I already have a flaw for the biometrics. Remove thumb or finger of person you swiped the card from.

Re:First (2, Interesting)

DrgnDancer (137700) | about 4 years ago | (#33613244)

It's pretty much infinitely more secure than what we have now. Here's my suggestion to improve it further. You enter your pin, and rather than displaying your static credit card number, it displays a static identifier combined with an RSA style changing number. So say, the first 10 digits of the "card number" is a static identifier, then the last 6 digits are a code based on a shared secret between the card and your bank, changing every 5 minutes say. The magnetic strip can also have the same system. So if you enter the pin, then you can either swipe the card or enter the displayed number into a online system. Your card is approved based on the currently active code. 5 minutes later, that code is no longer valid so if someone gets the card database it doesn't matter.

Downside of course is that it will break any kind of storing your card number for monthly payments or stuff like Amazons One-click. It would be very secure though.

Re:First (0)

Anonymous Coward | about 4 years ago | (#33613500)

I'd rather a 30 minute or hour clock on it - some of the inefficient online checkout things would invalidate it by the time the sale finishes.

boop, boop, boop ... your money's now gone. (0)

fkx (453233) | about 4 years ago | (#33612554)

boop, boop, boop ... your money's now gone.

bank bailouts enter the digital age.

Erm (3, Funny)

iONiUM (530420) | about 4 years ago | (#33612568)

Why don't they just tie this shit into your cell phone instead? They already have something similar in Japan with swipe phones for the JR line.

Why does every company have to try and put another gadget in your pocket. They should just integrate better with existing gadgets so I don't have to wear fucking cargo pants and have a wallet that is 3 feet big.

Re:Erm (3, Funny)

swanzilla (1458281) | about 4 years ago | (#33612632)

They should just integrate better with existing gadgets so I don't have to wear fucking cargo pants and have a wallet that is 3 feet big.

That ain't a wallet. This is a wallet...

Re:Erm (0)

Anonymous Coward | about 4 years ago | (#33612970)

No, that's a spoon.

Re:Erm (1)

HAKdragon (193605) | about 4 years ago | (#33613126)

My spoon is too big.

Re:Erm (1)

el3mentary (1349033) | about 4 years ago | (#33613240)

I see you've played wallet-y spooney before

Re:Erm (3, Funny)

tekrat (242117) | about 4 years ago | (#33612634)

That's also why, when women hit you with their purse, the injury is now fatal.

Re:Erm (1)

antiparadigm (544353) | about 4 years ago | (#33612652)

Have to agree with ya there, iONiUM... Seriously, one more electronic device?

It would be nice if you could manually put your credit card info in there yourself so you only have 1 card to use and based on what button combo you want, it can take that profile. But you know it will only work for a specific bank, and you would end up with multiple digital CCs.

Re:Erm (0)

Anonymous Coward | about 4 years ago | (#33612658)

This is the same size and shape as a normal credit/debit card and it can work as multiple credit cards. How is it going to take up more space in your pocket?

Re:Erm (4, Informative)

oodaloop (1229816) | about 4 years ago | (#33612684)

AS TFA points out, there are 16 million credit card readers out there. Instead of making them all RFID readers, just use the existing infrastructure. And this would potentially reduce the size of your wallet, not increase it, by allowing you to carry just one programmable card instead of many.

Re:Erm (0)

Anonymous Coward | about 4 years ago | (#33612712)

Co-stanza!

Re:Erm (4, Insightful)

Microlith (54737) | about 4 years ago | (#33612732)

Why don't they just tie this shit into your cell phone instead? They already have something similar in Japan with swipe phones for the JR line.

Because in Japan the companies are far more tightly integrated, and it's much easier for NTT to work with JR East on what they want to do, and decree to handset makers that their next products will include the functionality. In the US, for instance, it's virtually guaranteed we'd have massive infighting and incompatibilities as vendors fought for dominance over all others. Verizon would work in some places, AT&T in others, and unless you bought your phone from them you couldn't use it at all.

Basically, there's a whole bunch of bullshit in the States that prevent solutions like Japan has from working.

Re:Erm (1)

D Ninja (825055) | about 4 years ago | (#33612944)

I don't have to wear fucking cargo pants and have a wallet that is 3 feet big.

...that's no wallet...

Re:Erm (1)

snspdaarf (1314399) | about 4 years ago | (#33613392)

...it's a suitcase!

No thanks (4, Interesting)

pavon (30274) | about 4 years ago | (#33612966)

Because cell phones are buggy pieces of shit, and I wouldn't trust them with my credit card number and PIN for anything. Especially as they become more and more tied to the web.

Re:Erm (1)

strokerace (912726) | about 4 years ago | (#33613168)

They should just integrate better with existing gadgets so I don't have to wear fucking cargo pants and have a wallet that is 3 feet big.

Right and let's be honest: "No one's gotten a hand job in cargo shorts since 'nam." -Superbad

Re:Erm (0)

Anonymous Coward | about 4 years ago | (#33613474)

This is integration, with your credit card.

Re:Erm (1)

Ksevio (865461) | about 4 years ago | (#33613494)

I used to have a payment tag from citi that was just a sticker that could go on my phone. I used that to pay for things for a while until they "upgraded" my card to one that had it built in. Apparently they can't issue a separate tag for this card, so when I requested a new one, they just sent me a new card, then when I called customer support, they told me that could, but just sent a new card....

Anyways, it's possible to have just the rfid chip on your phone without having to interact with it, but it's not supported by many cards/merchants.

Re:Erm (0)

Anonymous Coward | about 4 years ago | (#33613508)

... then pack it in one chip, and embed it in your skull.

Magnetic Strips Suck (1)

Rockoon (1252108) | about 4 years ago | (#33612588)

Perhaps finally we have here a magnetic strip that isn't prone to being stripped of its information?

The main use (3, Insightful)

wirelessdreamer (1136477) | about 4 years ago | (#33612602)

Scammers will love these, they'll find a flaw where they can reprogram any name and card number, swipe a card and clone it.

Re:The main use (5, Insightful)

Anonymous Coward | about 4 years ago | (#33612770)

swipe a card and clone it

And how this is different from what we have now?

It Slices, It Dices... (1)

rakuen (1230808) | about 4 years ago | (#33612604)

Pretty soon, our credit cards will even make Julienne fries!

Re:It Slices, It Dices... (0)

Anonymous Coward | about 4 years ago | (#33612938)

It will not break! It will not...

*card snaps in half*

It broke.

Sorry, could resist finishing the quote.

I can see some ideas for this... (1)

mlts (1038732) | about 4 years ago | (#33612616)

I wonder how long a card like this will last in an average wallet, perhaps facing demagnetization, wear and tear, and other issues of being in a pocket and constantly jostled around.

However, it it can handle that, this could be a great thing to have, as not just a credit card, but as an authentication device. Punch your PIN, punch a challenge phrase, give the vendor the response, and that will do a lot to minimize credit card fraud.

Of course, skimmers with cameras will still be an issue -- just videotape the person typing on the card and not the PINpad, and if it uses an active cryptographic handshake, run a MITM attack.

Re:I can see some ideas for this... (1)

Bigjeff5 (1143585) | about 4 years ago | (#33612786)

And that's different from a normal credit card how?

These things are even more flexible and durable than credit cards. There is no reason to expect these cards will be more susceptible to demagnetization than the magnetic strip of any other card.

The electronics are in the plastic, it makes them pretty darn durable.

Punch your PIN, punch a challenge phrase, give the vendor the response, and that will do a lot to minimize credit card fraud.

Not really, most card theft these days happens in mass thefts of data, not individual credit card thefts.

biometrics? bah (5, Funny)

TheCreeep (794716) | about 4 years ago | (#33612618)

I wonder how long it'll be until somebody builds onboard biometrics into one of these things.

Screw that, I'm waiting for these guys to port Quake to a credit card.

on-card biometrics (0)

Anonymous Coward | about 4 years ago | (#33612666)

I wonder how long it'll be until somebody builds onboard biometrics into one of these things.

About 5 years ago.

Stop plagarizing (0)

Anonymous Coward | about 4 years ago | (#33612678)

They already had this system working PERFECTLY in monopoly. Hasbro should sue.

Near-field credit/identity cards. (0)

Anonymous Coward | about 4 years ago | (#33612716)

God, I just wish that they would put a simple on/off switch on/in them ...

How about just universal chip&pin? (4, Informative)

Anonymous Coward | about 4 years ago | (#33612722)

I know chip&pin isn't perfect, but it'd be a step in the right direction..

I just went on vacation and had no problem with my cards until the end, when someone cloned one of my cards and "swiped" it nearly ten days after I'd last used the card in that particular city.

Curiously the card was never out of my sight. They carried a machine to the table in restaurants and swipe on the spot, as is common in Europe.

Then, when my genius bank thought there might be fraud, they called me on my land line at home. This despite having told them my travel plans and they knew I wouldn't be home for another 24 hours. Since I didn't get back to them soon enough they let the fraudulent charges go through -- one of them for over $2000 -- and I had to deal with it the hard way when I got home.

Re:How about just universal chip&pin? (1)

Intron (870560) | about 4 years ago | (#33612832)

I know chip&pin isn't perfect, but it'd be a step in the right direction..

I just went on vacation and had no problem with my cards until the end, when someone cloned one of my cards and "swiped" it nearly ten days after I'd last used the card in that particular city.

Curiously the card was never out of my sight. They carried a machine to the table in restaurants and swipe on the spot, as is common in Europe.

Then, when my genius bank thought there might be fraud, they called me on my land line at home. This despite having told them my travel plans and they knew I wouldn't be home for another 24 hours. Since I didn't get back to them soon enough they let the fraudulent charges go through -- one of them for over $2000 -- and I had to deal with it the hard way when I got home.

You tell your bank your travel plans?

Re:How about just universal chip&pin? (4, Informative)

Dog-Cow (21281) | about 4 years ago | (#33612914)

It's not uncommon. It's done to prevent charges at the destination from being rejected due to automated fraud prevention.

Re:How about just universal chip&pin? (1)

Intron (870560) | about 4 years ago | (#33613048)

How do you do it? Call the CC 800 number? If so, what prevents me from calling and saying I'm you and that I'm in Milan?

Re:How about just universal chip&pin? (0)

Anonymous Coward | about 4 years ago | (#33613174)

If you've ever called your bank you'd know the answer to this!

Re:How about just universal chip&pin? (0)

Anonymous Coward | about 4 years ago | (#33613194)

I imagine it would involve the half-dozen authentication questions they ask whenever you call the bank. Or failing that, require the person to report their vacation in person?

Re:How about just universal chip&pin? (0)

Anonymous Coward | about 4 years ago | (#33613398)

Generally they require this from a phone number associated with the account - i.e. the billing phone number. If they call from your house saying you are in Milan, that might be an issue. Even verifying the billing phone number is enough of a barrier to prevent 95% of that sort of thing.

Re:How about just universal chip&pin? (2, Interesting)

freeweed (309734) | about 4 years ago | (#33613448)

How do you do it? Call the CC 800 number?

Basically, yes. Talk to a CSR at the CC company.

If so, what prevents me from calling and saying I'm you and that I'm in Milan?

The same way you're prevented from calling the CC company and changing my address, or calling my bank and wire transferring money into your account, or 300 other nasty things you could think up. They do have *some* security on your account that way - they ask you enough personal information that they're satisfied it's you.

You don't travel much and/or own a credit card, do you? This has been routine practice for decades.

Re:How about just universal chip&pin? (0)

Anonymous Coward | about 4 years ago | (#33612930)

I know chip&pin isn't perfect, but it'd be a step in the right direction..

I just went on vacation and had no problem with my cards until the end, when someone cloned one of my cards and "swiped" it nearly ten days after I'd last used the card in that particular city.

Curiously the card was never out of my sight. They carried a machine to the table in restaurants and swipe on the spot, as is common in Europe.

Then, when my genius bank thought there might be fraud, they called me on my land line at home. This despite having told them my travel plans and they knew I wouldn't be home for another 24 hours. Since I didn't get back to them soon enough they let the fraudulent charges go through -- one of them for over $2000 -- and I had to deal with it the hard way when I got home.

You tell your bank your travel plans?

Yes, when I'm traveling overseas and I want charges on my card to be accepted by my bank. Otherwise I risk having them reject the charge.

It can be annoying when I forget. When that happens, then I use one of my other cards from my other bank; but their fees are higher.

I do see this as a feature.

Re:How about just universal chip&pin? (0)

Anonymous Coward | about 4 years ago | (#33613164)

My bank calls me on my cellphone every time I use my card while traveling
1st call to verify, usually withing the hour, if I dont respond, the card gets blocked till I call back

Re:How about just universal chip&pin? (1)

MozeeToby (1163751) | about 4 years ago | (#33613352)

If you want to use your bank issued cards you do. Sudden transactions thousands of miles away from your home area is a huge red flag for theft prevention algorithms. If they can't get a hold of you to verify the transaction (and if you're on vacation they probably won't be able to) they will cancel your card or at least put a hold on it until they can talk to you directly.

Re:How about just universal chip&pin? (0)

Anonymous Coward | about 4 years ago | (#33613036)

When I first saw this post it started out looking like another one of those "corepirate Illuminati nazi, lights coming up all over" posts due to the lower case and the & use

I'm waiting for transaction-specific codes (5, Interesting)

mysidia (191772) | about 4 years ago | (#33612724)

Cards that will populate the mag-strip with transaction-specific codes each time. So you can type the code in, the guy at the restaurant can pick up the card with your ticket, and swipe it once.

But if he tries to scan the stripe and clone the card, the number he gets is useless, because it is transaction specific.

I would envision each CC being allocated a block of 200 random CC numbers, to be used in sequence, when it is printed, 200 random initial CVV2 numbers, and 1000 random CVV2 offsets in the form of a number between 0 and 999. For each transaction, pick a number, with no number re-used until 199 more transactions have been made.

Each time a number is used, the CVV2 is to be the initial CVV2 number plus the next CVV2 offset, modulo 999. CVV2 offsets are not re-used until 999 more transactions have been made.

Each time a number is used, the CC company can determine it is valid and compute exactly the right CC and CVV2 numbers that should be used by the next 10 transactions.

Unless there is delayed processing involved, they can also know to reject any number other than those 10.

Even if there is delayed transaction processing involved, the CC company can know a code 199 transactions ago is "too old", because there have been transactions made since then that are too old.

There should also be a way to enter a special PIN to generate a 'vendor specific' code that can be used for multiple transactions.

Possibly assigning card users larger pools of numbers, so expiration dates, and dollar limits can be encoded using the CC# and CVV2.

If multiple failures are detected with a CC# (e.g. someone tries to clone one number and try it with multiple CVVs), then that CC# is retired permanently, and the CC company sends the customer a new file to flash their credit card's memory with.

Re:I'm waiting for transaction-specific codes (4, Informative)

Mr_Silver (213637) | about 4 years ago | (#33613150)

Cards that will populate the mag-strip with transaction-specific codes each time. So you can type the code in, the guy at the restaurant can pick up the card with your ticket, and swipe it once.

It's called Dynamic Magstripe and is available now. One example of it is here [cardlab.com] .

In Europe, they are solving this problem by moving away from magstripe to chip-and-pin. This is for two reasons, you don't give your PIN out to anyone else and because the card never leaves your sight.

For example, when you pay for food at a restaurant, the server physically brings you the Point Of Sale terminal for you to insert your card, confirm the price and enter your PIN. This means that it's impossible for them to run off and make a copy of the card without you seeing it happen.

(I was in the US recently and did not like the fact that my credit card disappeared from my sight when I went to pay for the bill)

Re:I'm waiting for transaction-specific codes (1)

slshwtw (1903272) | about 4 years ago | (#33613162)

Some providers offer "virtual" credit card numbers [citicards.com] (scroll down halfway) for online transactions - pretty useful when dealing with merchants you don't trust 100%.

Something similar (3, Interesting)

dsavi (1540343) | about 4 years ago | (#33612730)

A major corporation that someone I know has worked for used to use what looked like a very thick credit card to log into what I believe was a VPN. You would input a PIN on the front, and it would display a code that would be valid for 30 seconds or so for logging into the VPN that it calculated itself, based on the current time and PIN. I think this card was made by RSA, now I think the same company uses a slightly different system.

Re:Something similar (1)

Demonantis (1340557) | about 4 years ago | (#33613054)

The company I work for uses the same system. I think it has been around for years. WOW uses it now if you want the service. The concept is that the server and the card use the same algorithm to create the password which is time and parameter dependent. It changes every 30 seconds so a hacker can't brute force the password from the server.

What I think is neat is that they have managed to put the magnetizing mechanism in the card now. Imagine placing your credit card on the degausser at the market and instead of having to get a new card you just push a button and the card works again. No more getting a new one. Plus all the other possible things mentioned in the article.

Re:Something similar (3, Informative)

rickb928 (945187) | about 4 years ago | (#33613078)

SecureID I think. Mine is the size of a care remote. The thin ones broke a lot. Old technology, but effective.

Re:Something similar (1)

freeweed (309734) | about 4 years ago | (#33613478)

RSA's product is indeed SecureID. Several other companies produce similar products. I carry several on my keychain for various purposes, it's a pain in the ass. Thankfully the batteries last 3-5 years on them so at least you're not always replacing the damn things.

Re:Something similar (1)

toastar (573882) | about 4 years ago | (#33613122)

Kinda like the Battle.net authenticator

Re:Something similar (1)

natehoy (1608657) | about 4 years ago | (#33613132)

Our company uses RSA SecureID units on our VPN, and I've used them in the past for other companies.

In our case, you don't actually enter a PIN into the unit - it displays a 6-digit number that changes every 60 seconds, and that number is part of your password (but not all of it - you have an 8-character code you have to choose yourself that forms the other part of your password). The main computer at work uses the same algorithm as the SecureID card to rotate numbers, so the password is always changing but always in sync.

I've never heard of an RSA unit that actually has you key in a PIN to access the rotating code. Generally the PIN is presented as part of the password along with the rotating code. Seems to me that putting a keyboard on those things would make them less portable, less durable, and more subject to hackery (if you enter the wrong PIN, does the system simply show a random number, or is it possible to "hack" the card by entering PINs until you see a number display, for example?). But that may either be a very different or much older RSA system.

One Time Use Cards (2, Interesting)

Jason Levine (196982) | about 4 years ago | (#33612772)

This could make a long-time dream come true for me. I use one-time use numbers online but in brick-and-morter transactions (like paying at a restaurant), I still have to give my real credit card number. Perhaps these cards could be made to generate a one-time use number. Then, when I'm paying at the grocery store, they get one number while the pizza place gets a second number. I'm sure there would be some security hurdles to clear but it is a promising development.

Use CASH (-1, Offtopic)

aristotle-dude (626586) | about 4 years ago | (#33612776)

Don't buy any thing that you cannot afford. Use cash to pay for everything you can. I hate people who use plastic be it credit cards or debit cards for individual purchase of less than 10 dollars. If you cannot have at least 10 bucks in your wallet at all times then you do not deserve to call yourself an adult.

It often takes more time to use a debit card than using cash especially when the store's machines are acting up. Also consider that it costs a store money per transaction so you are actually being a jerk if you use our debit card for small purchases.

Re:Use CASH (1)

oodaloop (1229816) | about 4 years ago | (#33612840)

It also costs me money to take out cash, but I don't get an extra fee for using a credit/check/debit card. Seems like a no-brainer to me. I use my check card for everything and check my balance daily to make sure I enough money. And I even call myself an adult.

Re:Use CASH (1)

aristotle-dude (626586) | about 4 years ago | (#33612902)

It also costs me money to take out cash, but I don't get an extra fee for using a credit/check/debit card. Seems like a no-brainer to me. I use my check card for everything and check my balance daily to make sure I enough money. And I even call myself an adult.

If it costs you money to take out cash, maybe you should consider a different bank. It costs me nothing to use one of my bank's ATMs to get cash and it costs me nothing to make purchases with my debit card but I consider it bad form to use my debit card on a purchase of less than 20 bucks.

Re:Use CASH (1)

nullifi (1085947) | about 4 years ago | (#33612868)

What if I get mugged? I would lose my $10! I live perfectly within my means, and I work part time. I always use my debit card, using cash would be too inconvenient. First I would have to go to the ATM every week, or every few days, then I would need to get a bigger wallet. My current wallet only holds 4 cards and not a thing over. Now I would also have to keep track of not only my bank account balance, but also my current cash balance. Too much!

Re:Use CASH (1)

Dog-Cow (21281) | about 4 years ago | (#33612990)

I hope you fall over dead. I mean, really. If you're going to be absurd, I shall indulge as well.

Stores price goods so that they profit no matter how you pay. The exceptions are notable because you will see a sign to the effect that, for purchases under $X amount, a CC will not be accepted.

It is better for me to use a CC instead of carrying cash. If I am mugged, that cash is gone. If all the mugger gets is a CC, I can cancel it before it's used, or contest any charges, if I am too late.

Re:Use CASH (1)

rickb928 (945187) | about 4 years ago | (#33613214)

Um, since the new rules have gone into effect, you have to LET your bank accept a debit transaction you don't have the funds to pay. While this embarassing when they decline the transaction, this avoids paying $37.90 for a latte at Starbucks. So turn off overdraft privilege at the bank and live on the balance you have. No problem. Credit union users, you may have to do this specifically with a rep.

And I have more than $10 in my pocket right now. It's on two debit cards. Work just like cash at stores.

But taking time is not usually a problem with debit cards. Fishing around for bills, counting them out, waiting for the clerk to recount them, waiting for the clerk to make change, this all takes time. If you're moderately competent, you can slam dunk a debit transaction faster than you can count out $37.90.

And while small purchases do hit retailers hard with fees, on the other side, retailers get impulse buying they might not otherwise, settlement is electronic and largely automatic so no carrying money to the bank and either waiting for it to be counted or waiting for the bag to be opened and counted later, and if you are paying attention, you might get competitive info on your customers. Good for retailer, not necessarily good for consumer, but privacy is pretty much gone anyways.

And of you want to be lass of a jerk, consider using it as debit and not as credit. Most signature transactions cost the merchant more than PIN transactions. Don't belive me? Visa is running some promotions along with issuing banks that you get entered into a drawing by signing for your transaction. This is NOT so they can collect less in fees. Trust me, they collect MORE. And this is how they fund the giveaway. Nice.

Is it water proof? (1)

Openstandards.net (614258) | about 4 years ago | (#33612782)

That would be an essential requirement to replace plastic.

Re:Is it water proof? (2, Informative)

oodaloop (1229816) | about 4 years ago | (#33612800)

Yes. Says it in TFA.

Re:Is it water proof? (2, Insightful)

Openstandards.net (614258) | about 4 years ago | (#33612844)

LOL, just read it when I switched back to finish TFA. Should of searched TFA first before posting. SIGH.

Duh! (1)

Smivs (1197859) | about 4 years ago | (#33612808)

Can it be programed to remind you of your PIN?

Soo... (1)

dasdrewid (653176) | about 4 years ago | (#33612836)

When I get my credit card stolen, I'll lose a $20 gadget instead of giving the thieves access to my $0.20 bank account or my credit card with fraud protection where I simply click "Report" on any charges that weren't mine (and I have something like a week to report it stolen, so even if I don't notice it immediately I'm still not liable)?

Also, this in no way stops credit card skimmers at ATMs, gas stations, etc., nor RFID readers.

The positive thing I see about this is the ability to program multiple cards into one card. I kinda like that. Even compared to putting it in my cell phone. If it's cold enough out, I'll have my cell phone buried deep and answer with my headphones (either corded or bluetooth), especially since it's a touchscreen and I'll be damned if I'm gonna take my cell phone out *and* take-off my gloves. Having 1 credit card that I could keep in an outer pocket, alone (so as not to be a target), would be nice.

Also, if I'm at a restaurant, I really don't want to hand my waitress my cell phone to take back to the back...

Re:Soo... (2, Interesting)

Dog-Cow (21281) | about 4 years ago | (#33613040)

This is fractionally more secure than current CCs, and it allows consolidation. As someone who carries his cards loose in his pocket, I only see this development as positive. I hope financial institutions start supporting it.

Credit Card Fraud is not due to Stealing The Card (1)

HockeyGuy (1864828) | about 4 years ago | (#33612870)

You don't see a lot of Nigerian CC Theives pickpocketing cards

Credit Card Fraud is not due to Physically Stealing the Card. Maybe back in the 1960's when people were using 3 piece paper receipts that had to be run through a manual stamper this card could have made sense but it is a waste of time to try to protect accounts this way.

Does anyone remember TJMax had a few million card numbers stolen
There are about 20 big hacks where millions of card numbers were stolen.

In addition some people use their cards with un-reputable merchants

The idea of putting a password on your card is bogus when most thieves never need physical access to your card to steal from you...

And this does nothing about companies that release personal data about you and your account to their "AFFILIATES"

Or the fact that every college and High School sells your personal data to list companies. THATS RIGHT ... DIRECTLY FROM YOUR SCHOOL RECORDS
Name address, birth date, parents names and more

The card is one more level of stupid
however it may protect you from your kid ordering crap off tv.

Why not add some security (1)

nullman (68771) | about 4 years ago | (#33612888)

If they are doing all of this, and a main issue begging to be solved is credit card number theft, why not just add one simple layer of security? Have the security 3-4 digit PIN on the card change every 5 minutes or so? Similar to how SecureID works. If the ID given does not match the current, previous, or next one on the credit card computer the transaction fails. I would also make the security pin longer to prevent random guesses from working. Add an exponentially increasing lock-out period for failed attempts (and maybe send an email and/or phone message warning after a couple fails) and that should do the trick.

Smudges on card will reveal the PIN. (2, Insightful)

Last_Available_Usern (756093) | about 4 years ago | (#33612910)

Even if the numbers/strip are obscured without a PIN the finger smudges on the card over the commonly used numbers will make the PIN a trivial matter to guess. What is the point of this security? Would you not call in the card missing/stolen just because it has better security?

Re:Smudges on card will reveal the PIN. (1)

Prune (557140) | about 4 years ago | (#33613050)

There's a simple solution here--use permutation instead of combination (have say six to eight buttons where the sequence uses all of them once, but the order varies). That necessitates a longer PIN, but I think it's a minor inconvenience.

Re:Smudges on card will reveal the PIN. (1)

kaiser423 (828989) | about 4 years ago | (#33613420)

Do like what they've done on very secure military installations since the 50's: You have a 9-pin keypad and the numbers are in different locations every time you go to enter the PIN. That way the places you press are completely random. I mean, we're talking about 9 buttons, it woudn't break to bank to have a little numeric display below them, right? Especially if you just use touchscreen input for everything it's no added cost, right?

Re:Smudges on card will reveal the PIN. (1)

Local ID10T (790134) | about 4 years ago | (#33613496)

Even if the numbers/strip are obscured without a PIN the finger smudges on the card over the commonly used numbers will make the PIN a trivial matter to guess.

Solution....wash your damn hands once in a while. That is just disgusting.

Yeah! (0)

Anonymous Coward | about 4 years ago | (#33612964)

This is a great idea let's do it! Maybe the card will run Windows too for even better security - far out!!! Put ie6 on it too so I can surf the web in complete safety from active exploits.

Visa CodeSure (1)

Mr_Silver (213637) | about 4 years ago | (#33612968)

Another has several buttons and a display in place of the card's number. Only after entering a PIN is the magnetic stripe populated and the full card number revealed, and after a short time both go blank again for security

Another way to do this is use something like Visa CodeSure which gives you the ability to enter a PIN on the card so that dynamic passcodes can be created. Commercially available now too.

http://www.visaeurope.com/en/about_us/innovation/visa_codesure.aspx [visaeurope.com]

Too late... (1)

rickb928 (945187) | about 4 years ago | (#33613028)

- EMV [wikipedia.org] cards are actually gadgets. Very limited, no blinky lights and such, but has a CPU, encryption is performed on the card, and it doesn't need a mag stripe. Many don't ever get swiped.

- Mag stripes will be obsolete not long from now. Already, if you travel to Europe, many retailers refuse US cards without a chip, even though the terminal will read the stripe. It's all about risk shifting. Anything the issuers can do to avoid risk is good for them, so they want to shift risk to merchants or card holders. Merchants want to shift risk also. Guess who doesn't have any good ways to shift the risk elsewhere... Yup, customers. So European merchants hate mag stripes, and won't accept signature transactions if they can help it.

EMV adoption in the US is slow. Costs.

Now more fraud can be blamed on you. (3, Informative)

tekrat (242117) | about 4 years ago | (#33613156)

This is all just a way to make you pay for more and more. Card companies/Banks have to write off fraud, usually, and they hate doing this, so every new card gimmick that comes along will be aimed at making fraud more your problem and less theirs.

But it will also be used to make you pay for everything big companies won't. Let's create an example: Say you walk into Walmart and buy a pair of Calvin Klein jeans. You pay for the Jeans at the checkout. However, Walmart never pays the supplier, Calvin Klein (or the distributor). Thanks to all these shared records, the databases can track everything and one day you get a bill from Calvin Klein for the jeans you purchased at Walmart.

Sounds implausible right? I'm right now fighting with Direct TV for services I purchased through Verizon. Verizon didn't pay Direct TV, so Direct TV is billing me instead, even though I paid Verizon. I never got a Direct TV bill before this one. I was never their customer (directly), I was a Verizon customer. And yet here I am, stuck with the bill.

Trust me, my above example at Walmart may be implausible now, but 5 years from now it'll be commonplace to see the average joes being shafted at both ends by large companies. This card is one more step towards that end.

One Time Password Credit Card Numbers (3, Insightful)

Doc Ruby (173196) | about 4 years ago | (#33613190)

The most useful change in credit cards would be giving buyers a stack of one time passwords, each one issued to the vendor tied to the specific parties and dollar amount of the transaction, with a short expiration date.

The best way to do it would be a smartphone app that took a token from the vendor, the vendor's ID (another onetime string from a vendor pool of onetime ID#s), encrypted it with the dollar amount and a onetime ID# from the buyer's pool, and sent it over the network to the credit corp. The credit corp would decrypt it and credit the vendor's account. That way no ID info is shared that can be reused.

If they want to make a physical credit card that does those things once connected to a network (like a chipcard), great. Let them put a fingerprint sensor and PIN on the card, along with a display of the available credit remaining and outstanding balance to date. But the one time passwords are by far the most value to deliver to the consumer, and therefore to the vendor, too.

Where Is the Business Case for This? (1)

tyen (17399) | about 4 years ago | (#33613278)

As long as merchants still pay for credit card fraud, where is the business case and incentive for the card issuers to adopt this technology as they are currently laying off the risk and the benefits for adopting do not accrue to them while they incur all the costs of adoption? As a consumer, I would purchase this just to collapse all my mag-stripe cards (not just credit/debit) to one card that was secured with a PIN that I could change myself, if it could be sold that way.

Re:Where Is the Business Case for This? (1)

allawalla (1030240) | about 4 years ago | (#33613344)

Its always nice to have a reminder of how much cash you don't have in your wallet when you are using plastic. I would think a lot of people would be willing to spend a $ a month for a card that displayed their balances in real time on them
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?