Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Credit Card Includes Display and Keypad

samzenpus posted about 2 years ago | from the looking-at-plastic dept.

The Almighty Buck 118

First time accepted submitter pev writes "A new credit card released in Singapore includes a screen and keyboard in order to generate one-time passwords for your online banking. From the article: 'The card has touch-sensitive buttons and the ability to create a "one-time password" - doing away with the need for a separate device sometimes needed to log in to online banking. Future versions of the card could display added information such as the remaining balance.' Lets hope they've put more thought into the implementation than with chip and pin."

cancel ×

118 comments

Sorry! There are no comments related to the filter you selected.

What am i missing? (2)

ArturoBandini77 (2610501) | about 2 years ago | (#41930319)

Don't one-time-pasword exists just in case you loose your card???
With these cards, it's like writing your PIN in the back of the card itself...

Re:What am i missing? (5, Informative)

Fjandr (66656) | about 2 years ago | (#41930349)

No, they're to prevent the used of the information on the card without the card itself. These basically replace the CVV on the back of the card for determining that the user actually has it in their possession.

Re:What am i missing? (1)

ArturoBandini77 (2610501) | about 2 years ago | (#41930355)

That makes perfect sense...
Cheers!

Re:What am i missing? (0)

Anonymous Coward | about 2 years ago | (#41931971)

Wait the 3 digit cvv is meant to prove that I have the card corresponding to the 16 digit number I already entered?

Re:What am i missing? (0)

Anonymous Coward | about 2 years ago | (#41931991)

Yes. Which is why you often have to re-enter the CVV and only the CVV when making an online purchase with a saved cared.

Re:What am i missing? (2)

Golddess (1361003) | about 2 years ago | (#41933155)

Meanwhile, some places don't seem to require the CVV number ever.

Re:What am i missing? (2)

xelah (176252) | about 2 years ago | (#41932631)

There are tighter rules concerning the CVV. Merchants are never allowed to store, and don't need it to process refunds or continuing payments. Possibly it's not on the swipe, either, I'm not sure. So you could obtain the 16 digits from a stolen merchant database/backup or a sneaky swipe under the table, but not the CVV. That's the theory, anyway. It's never seemed like the strongest security measure on earth....

Re:What am i missing? (0)

Anonymous Coward | about 2 years ago | (#41930361)

It is for cards combing ATM card and credit card. The OTP is for online banking
A bank in taiwan has similar card in market
http://card.sinopac.com/Product/Card/Detail/3

Re:What am i missing? (5, Informative)

Bomazi (1875554) | about 2 years ago | (#41930391)

What they did here is integrate a secure terminal like this one [bayimg.com] directly on the card.

These terminals are used for online banking. Every time you log in, you receive a different challenge. You then insert the card into the terminal and enter both the pin and the challenge and get the response back. Then you enter the response in the browser.

The goal of the system is to provide two-factors authentication. You need both something you have (the card) and something you know (the PIN).

The reason you need a secure terminal is that typing the PIN directly on the computer would allow a keylogger to steal it.

Overall it is a pretty solid system.

Re:What am i missing? (2)

heypete (60671) | about 2 years ago | (#41930603)

Indeed. PostFinance (a bank in Switzerland where I have an account as I'm a grad student there) has those exact same terminals. It's pretty slick.

Only disadvantage: they only allow one card to be linked to one's account for online access, even if it's a joint account. In my case, my wife has access to it because she does most of the financial stuff, but it's annoying. Naturally, we both have bank cards and can access the account via ATMs and the like, but only her card can be used for logging into the website.

Re:What am i missing? (1)

L4t3r4lu5 (1216702) | about 2 years ago | (#41930729)

Similar one used by my bank; Card + Pin + Reader = One time pad, presumably based upon a synchronised clock between the reader and the authentication server RSA-token style.

I wish they implemented this for all transactions, not just using the bank website.

Re:What am i missing? (0)

Anonymous Coward | about 2 years ago | (#41930773)

"What they did here is integrate a secure terminal like this one [bayimg.com] directly on the card."

Not really. What they've done is add a credit card magnetic strip to an RSA SecurID 900. (http://www.flickr.com/photos/emccorp/3311657259/)

Re:What am i missing? (1)

davecb (6526) | about 2 years ago | (#41930929)

Yes: we used to use RSA cards with numeric pads to do mutual authentication at (the late, lamented) Sun Microsystems. This is basically the minimum functionality one needs to be able to do financial transactions without having to maintain (and pay out!) huge reserves against fraud.

--dave

Re:What am i missing? (0)

Anonymous Coward | about 2 years ago | (#41934663)

... except that, unless you regularly change your PIN, the keys on the card will be nice and worn by use. At least standard terminals are the something you know separated physically from the something you have - where they live together it would be a relatively easy guessing game to work a PIN out and use your account.

Re:What am i missing? (1)

wonkey_monkey (2592601) | about 2 years ago | (#41930409)

It's a one-time-password for getting access to your online banking, not (as I assume you mean) for getting cash out of the machines in emergencies.

Re:What am i missing? (1)

Sepodati (746220) | about 2 years ago | (#41931195)

They're also used to "sign" online transactions, like money transfers and paying bills.

Re:What am i missing? (1)

TechMouse (1096513) | about 2 years ago | (#41930533)

You need to enter a passcode to get the OTP. Something you have (the card) plus something you know (the code).

Re:What am i missing? (0)

Anonymous Coward | about 2 years ago | (#41934165)

So, if you have the card and you know the code, what does the one time key buy you? It's not really clear from the article what the one time key will be used for.

Re:What am i missing? (4, Interesting)

DZign (200479) | about 2 years ago | (#41930975)

I saw these (or a similar type) last year here in Belgium when I was part of a test panel/opinion group.

Basically it was all possible types of payment systems thrown together in one card.

It had the debit card system we have here (Maestro / Bancontact), but at the same time you could use it as a credit card too (Visa / Mastercard). Most people in the group found this a good idea as all had multiple cards in their wallet.

As you can see it has the keypad type thing for extra authentication on the internet so you don't need an extra device for it. Nice, but less useful. Not everyone had a need for it, and we didn't get technical details about how secure it was or how it worked.

It also had some kind of contact-less system we don't have yet in Belgium but they said it was used in France. Small payments you could just make by holding your card above a reader, no need to enter a pin. As we don't know this, most found it insecure.

It also wasn't known if you could deactivate certain things or always had all features - like only use the debit/credit card combination but not the touchless thing.

I remember one disadvantage: the 'buttons' you had to push to generate the nr were difficult to operate. Had to push hard in exactly the right spot. Don't think elderly people could get along with it.

Technically I was impressed with this card for having battery electronics and lcd in it, as it was very thin and still flexible.

Re:What am i missing? (1)

Nerdfest (867930) | about 2 years ago | (#41931749)

The problem is that this is just for on specific card. An open standard would really be nice so that you didn't need to carry multiple cards, but the card companies consider that against their interests. Something like Google Authenticator on a smartphone would also be a nice solution.

Re:What am i missing? (0)

Anonymous Coward | about 2 years ago | (#41931685)

you spelled lose wrong

Re:What am i missing? (2)

mcgrew (92797) | about 2 years ago | (#41931687)

Don't one-time-pasword exists just in case you loose your card???

I assume by "loose" you mean "set your card free," as in giving it to your girlfriend. Seems a one time password would work if you only wanted to let her use it once. Nice idea, I like it!

The future (1)

Sla$hPot (1189603) | about 2 years ago | (#41930359)

This looks like the future credit card, phone, citizen card.
The question is not when it will happen, but who will make the first version that has an internet connection and a touch sensitive full screen OLED display.
That would be a true smart phone killer.

similar to Sweden, where all banking is electronic (5, Interesting)

acidfast7 (551610) | about 2 years ago | (#41930385)

No personal checks in Sweden, so all person-to-person transfers are done in cash. However, banks won't take huge piles of money ... say anything over €500 ... so all of the those transfers are done electronically. When I sold my used bike, we met and did the transfer electronically at a cafe via mobile phones. The biggest difference was that you had to the put the credit card into a device that looks like a calculator and enter a number from the banking website into the card-inserted device. The number returned is that entered into the web to authenticate the transfer. This just does it all on one credit card, which is GREAT.

Re:similar to Sweden, where all banking is electro (2)

acidfast7 (551610) | about 2 years ago | (#41930407)

Looks like this [blogspot.de] for those interested ...

Re:similar to Sweden, where all banking is electro (1)

Bogtha (906264) | about 2 years ago | (#41930635)

Yes, we have the same thing here in the UK.

Re:similar to Sweden, where all banking is electro (4, Informative)

rapiddescent (572442) | about 2 years ago | (#41930713)

Yes, we have the same thing here in the UK.

it's called CAP, Chip Authentication Programme [wikipedia.org] . I was the designer of the system that used by a big UK bank. It requires a self powered sleeve reader (that looks alike a calulator) and it's an open standard so that all EMV cards can use any branded reader device (they don't tell you that). Some of the readers have a "MENU" button and you can read off the transaction counter etc on your card. A handy way to tell if someone close has been using the card while you're not looking. if you do muck around with your card, be careful. I changed my PIN to be 6 digits on some test gear and ended up having to get a new bank card because the UK ATM network is hard coded to 4 digits. EMV cards support 6 digits.

Re:similar to Sweden, where all banking is electro (2)

Viol8 (599362) | about 2 years ago | (#41930769)

"I changed my PIN to be 6 digits on some test gear and ended up having to get a new bank card because the UK ATM network is hard coded to 4 digits."

Why couldn't you use the test gear to change it back to 4 digits , or once its set to 6 digits is it fixed at that and can't be reverted?

Re:similar to Sweden, where all banking is electro (0)

Anonymous Coward | about 2 years ago | (#41934653)

The Finnish bank Nordea uses such a reader on their business accounts. Unfortunately, the reader model they chose isn't supported by Linux. If card readers move into the center of our daily lives, open standards should be required by the banking authorities.

Re:similar to Sweden, where all banking is electro (1)

Viol8 (599362) | about 2 years ago | (#41930419)

"No personal checks in Sweden, so all person-to-person transfers are done in cash"

Did they get rid of cheques or did they never have them? I always thought sweden was an advanced country , but it doesn't sound like it. Personal cheques are damn useful in situations where electronic banking can be a PITA and cash isn't feasible - eg paying a builder.

Re:similar to Sweden, where all banking is electro (4, Interesting)

acidfast7 (551610) | about 2 years ago | (#41930443)

They are advanced. Everything is electronic. All train tickets, most plane tickets, and most subway tickets can just be done with the mobile phone (no paper needed).

They're REALLY pushing for a cashless society and making significant progress. Everyone is paid on the same day (25th of the month) after all.

To be honest, it's much more of a hassle in Germany and a total nightmare in the US, compared to the simplicity in Stockholm. Once you get up and running, it's super easy.

Re:similar to Sweden, where all banking is electro (0)

Anonymous Coward | about 2 years ago | (#41930761)

And I thought it is already simple in Germany. Did not see a paper cheque for over 15 years now.

Re:similar to Sweden, where all banking is electro (0)

drinkypoo (153816) | about 2 years ago | (#41930841)

To be honest, it's much more of a hassle to find dissidents in Germany and a total nightmare in the US, compared to the simplicity in Stockholm. Once you get up and running, it's super easy

There, fixed that for you.

Re:similar to Sweden, where all banking is electro (1)

NJRoadfan (1254248) | about 2 years ago | (#41930931)

and all of that technology would have been useless in the past week here in the northeast. No electric = nightmare for cashless society. Even the places with electric were having trouble processing credit cards.

Re:similar to Sweden, where all banking is electro (1)

pixelpusher220 (529617) | about 2 years ago | (#41932221)

As a serious question, what if someone doesn't have a phone?

Re:similar to Sweden, where all banking is electro (1)

Anssi55 (729722) | about 2 years ago | (#41932339)

Paper versions still exist, I'd assume.

Re:similar to Sweden, where all banking is electro (1)

pixelpusher220 (529617) | about 2 years ago | (#41932269)

Another serious question :)

Here in the US, Credit Card payments siphon off a percentage to the CC company. Is that different in Sweden and other 'advanced' places? ;-)

Re:similar to Sweden, where all banking is electro (0)

Anonymous Coward | about 2 years ago | (#41932487)

Here in the US, Credit Card payments siphon off a percentage to the CC company. Is that different in Sweden and other 'advanced' places? ;-)

Not different at least here in Finland, though it seems chip-and-pin transactions with EU-issued debit cards have a 0.75 EUR max limit, at least on provider Luottokunta [luottokunta.fi] . Source: Luottokunta price list (PDF) [luottokunta.fi]

The retailers do not charge customers more for paying with credit cards (though I think I saw some exceptions reported in national news).

Bank transfers are free, though.

Re:similar to Sweden, where all banking is electro (1)

acidfast7 (551610) | about 2 years ago | (#41930447)

Also, in Stockholm, I never saw a builder without a mobile phone? I never saw anyone with a mobile phone. And, don't say that the "government just wants it piece of the cake by not allowing cash." I like it because it really keeps things on the "up-and-up" as all personal tax records are publicly available.

Re:similar to Sweden, where all banking is electro (0)

Anonymous Coward | about 2 years ago | (#41930453)

What I want to know is how do I leave the lawn care guy $40 USD in an envelope. This is obviously more secure although seems to me to be inconvenient. When you have two parties which trust each other (to some degree) or an insignificant matter of money (although don't necessarily have that money cause you didn't stop at the bank) how do you pay some one? This is where checks come in handy. Or what about paying a bill? I understand this can be done online with credit cards and the like although... not everyone is technically savvy enough for that.

Re:similar to Sweden, where all banking is electro (2)

acidfast7 (551610) | about 2 years ago | (#41930475)

You give him/her 400SEK in cash (€40) or he gives you an invoice with his/her banking info and you just transfer it. He'll just email/SMS you the invoice. Pretty simple. We ran into significant problems trying to deposit 25000SEK (€2500) in cash into an account after selling a few items. The police became involved because they thought it might be part of a money laundering scheme (the money can't be tracked once it's in the open.)

Re:similar to Sweden, where all banking is electro (1)

Viol8 (599362) | about 2 years ago | (#41930707)

"he gives you an invoice with his/her banking info and you just transfer it. He'll just email/SMS you the invoice. Pretty simple. "

Considerably less simple than just handing him a cheque on the day he finishes.

Re:similar to Sweden, where all banking is electro (1)

oobayly (1056050) | about 2 years ago | (#41930823)

You could hand him cash - they still have that, they just don't have that out-dated form of transferring money. I can't see the benefit of cheques.

* You still need a bank account, so they're still traceable, ie. You can't use them for hiding funds, unless you take them to some dodgy cheque cashing place, which will take a percentage. I suppose you bank off-shore, but the issuer will still be able to determine where the money has gone.
* They take longer to clear, as the bank has to verify the issuer that there are cleared funds. The money also tends to "disappear" for a few days, so the bank doesn't have to pay interest on the money.

I haven't had to write a cheque for years, not even when I bought my flat, and I can't wait for the day that they're no longer accepted in the UK - it's a pain in the arse for us to have to go the bank to lodge cheques from our customers (the motor trade are slow to catch up). I have even paid my car cleaning guy (£10) via bank transfer.

Re:similar to Sweden, where all banking is electro (1)

mcgrew (92797) | about 2 years ago | (#41933177)

You could hand him cash - they still have that, they just don't have that out-dated form of transferring money. I can't see the benefit of cheques.

Checks make receipts unnecessary. With cash he'll have to write a reciept. The check will be proof of payment to a judge, a receipt maybe or maybe not.

Re:similar to Sweden, where all banking is electro (1)

Sepodati (746220) | about 2 years ago | (#41931289)

It's really not that hard to log in and transfer the money. And you'll never run out of transfers, they can't be lost and you don't force the person receiving the transfer to have to go to the bank or scan in a check to get their money. It's not as hard as you're making it out to be and there are benefits.

Re:similar to Sweden, where all banking is electro (0)

Anonymous Coward | about 2 years ago | (#41930525)

You don't give them cash. You make a bank transfer since this serves as proof of payment. Plus, then it's harder for them to cheat on their taxes. Everyone in Sweden has electronic banking since paying a bill using it is free and costs ~100 SEK (USD 15) to pay an invoice (50 SEK to the bank and 50 SEK charge for non-electronic billing by the phone company/rental/whatever). And of course, knowing someone's bank account number is worthless (all they can do is wire you money; what a horrible thing to do). As is knowing someone's personnummer (SSN), which is just date of birth, gender, place of birth and a control digit.

I live in Sweden and in my wallet I have EUR (~150), USD (~100), GBP (~50) to get by when I travel. I do not have any Swedish currency on me since it is never needed (buy some carrots on the farmer's market? the vendors all have little wireless credit card terminals). In fact, 10 years ago when ordering a new PC C.O.D., the total sum was a little over 10000 SEK, which meant the post office refused to accept my money. So I had to ask my mom to use her credit card (was only 17 at the time, only 5000 SEK credit limit on mine...). These days, most banks do not carry cash. To withdraw money you visit a supermarket (and pay with card for your items plus the cash you want to withdraw) or you visit an ATM.

Re:similar to Sweden, where all banking is electro (1)

oobayly (1056050) | about 2 years ago | (#41930867)

Why are cheques so much more secure? They can still bounce, or I could call up the bank and ask them to cancel my chequebook, and still write them out. Sure, it's fraudulent, but if I'm willing not to pay somebody, the I probably don't care about upsetting some lawn care guy.

... or an insignificant matter of money (although don't necessarily have that money cause you didn't stop at the bank) how do you pay some one?

Easy, I log onto internet banking and queue the transfer for tomorrow. If you're relying on the cheque clearing delay as a free overdraft, I think you've got bigger worries.

Re:similar to Sweden, where all banking is electro (1)

mcgrew (92797) | about 2 years ago | (#41933231)

They can still bounce, or I could call up the bank and ask them to cancel my chequebook, and still write them out. Sure, it's fraudulent

And you will go to jail for it, guranteed (at least in my state).

Re:similar to Sweden, where all banking is electro (1)

camperdave (969942) | about 2 years ago | (#41935043)

What I want to know is how do I leave the lawn care guy $40 USD in an envelope.

1. Get $40USD
2. Get envelope
3. Put cash in envelope
4. Leave for lawn care guy

It's really not all that difficult.

Re:similar to Sweden, where all banking is electro (0)

Anonymous Coward | about 2 years ago | (#41930523)

Hmm, why would electronic banking be a PITA when paying for a builder?

Here in Finland I've seen 3 or so cheques in the last 10 years. They were either presents (usually cash is used for that, though) or for paying for a house (no reason online banking couldn't have been used for the latter, though).

I use online banking for person-to-person transfers (even the very small amounts) and use credit/debit card in stores, so I don't really use cash at all (except when someone has paid to me in cash so I have to spend it, or if there is a problem with the card terminal (rare, once for me so far))...

Re:similar to Sweden, where all banking is electro (1)

Viol8 (599362) | about 2 years ago | (#41930573)

"Hmm, why would electronic banking be a PITA when paying for a builder?"

Hmm , let me think. Because he doesn't have a computer or card reader on site and he doesn't do electronic banking anyway.

"I use online banking for person-to-person transfers (even the very small amounts) "

Good for you. But not everyone loves technology so much that they find farting about with electronic payment simpler than spending 30 seconds writing a cheque.

Re:similar to Sweden, where all banking is electro (1)

acidfast7 (551610) | about 2 years ago | (#41930631)

Everyone in Sweden and all of Northern Europe does it this way. Germany is totally different and requires cash much more often, even moreso that the US. After living in Sweden, Germany and the US ... I can wholeheartedly say that Swedish system is the easiest, quickest and best. With a mobile phone and the bank's App, a transfer takes less than 1 minute and is complete ... try doing that with a check/cheque ... talk about archaic ... it's worse than cash.

Re:similar to Sweden, where all banking is electro (1)

Viol8 (599362) | about 2 years ago | (#41930753)

"Everyone in Sweden and all of Northern Europe does it this way"

If by northern europe you don't include the UK, ireland or france then sure. If you mean just scandinavia then maybe , but scandinavia != the world and a lot of people in the rest of the world (myself included) find cheques quick and simple. I've done electronic payments for many things including my house and car and they are somewhat more hassle than just writing a cheque and handing it over.

"With a mobile phone and the bank's App, a transfer takes less than 1 minute and is complete ... try doing that with a check/cheque"

I can write a cheque in seconds. How long it takes for the workman to cash it is not my concern. And why the hell should I have to own a fucking smartphone to be able to pay someone??

"it's worse than cash"

Cash is anonymous. Rather useful if you want to avoid tax. And yes I have used it for that and no I don't give a damn if you disapprove so save your breath.

Re:similar to Sweden, where all banking is electro (0)

acidfast7 (551610) | about 2 years ago | (#41930863)

you're the same moron that always trolls my threads. please die in a grease fire!

Re:similar to Sweden, where all banking is electro (1)

Viol8 (599362) | about 2 years ago | (#41931055)

Wow, a real +5 insightful response there mate. Got no answers then?

And no, I'm not whoever you seem to think I am.

Re:similar to Sweden, where all banking is electro (1)

oobayly (1056050) | about 2 years ago | (#41930939)

Cash is anonymous. Rather useful if you want to avoid tax. And yes I have used it for that and no I don't give a damn if you disapprove so save your breath.

Ah, we've now got to the nub of it. I was wondering who would seriously trust a piece of handwritten paper that hopefully will be worth the money. As far as I can see, the people that want to keep cheques going are exactly the one you should never trust a cheque from.

Seeing as you seem to mention builders and workmen a lot, it would appear that you work in the building trade - there's a surprise - always looking for a loophole and a shortcut.

Re:similar to Sweden, where all banking is electro (0)

Anonymous Coward | about 2 years ago | (#41935237)

Eh. In what dismal part of Germany did you need any significant amount of cash?! I have about € 5,- in my wallet and the only time I ever need that is for a shopping cart or at the bakery. *boggle* (And I've spent most of my last 6 years out in the boondocks aka the middle of Niederbayern!)

Re:similar to Sweden, where all banking is electro (2)

compro01 (777531) | about 2 years ago | (#41931919)

spending 30 seconds writing a cheque.

Plus 5 minutes to deposit said cheque, then a few days waiting for said cheque to clear before your balance reflects reality again.

Re:similar to Sweden, where all banking is electro (1)

Cimexus (1355033) | about 2 years ago | (#41932541)

But in countries with ubiquitous electronic banking, he WOULD have a computer or card reader. It'd be a fundamental tool of the job, without which he simply couldn't run his business. They're not exactly expensive these days, especially the ones that just attach to an existing mobile phone. Your builder probably spent more on his last new hammer.

Re:similar to Sweden, where all banking is electro (1)

clickclickdrone (964164) | about 2 years ago | (#41930715)

>Did they get rid of cheques or did they never have them?
In the UK they want to get rid of them and they were due to be phased out but got a last minute reprieve. They're old tech but no solution for sending gifts if you're a granny etc have been found yet.

Re:similar to Sweden, where all banking is electro (0)

Anonymous Coward | about 2 years ago | (#41932289)

>Did they get rid of cheques or did they never have them? In the UK they want to get rid of them and they were due to be phased out but got a last minute reprieve. They're old tech but no solution for sending gifts if you're a granny etc have been found yet.

Couldn't Granny send a pre-paid credit card?

Re:similar to Sweden, where all banking is electro (0)

Anonymous Coward | about 2 years ago | (#41931317)

Thankfully enough electronic banking isn't a PITA in most of Europe, for some reason it's easier for me to transfer cash to an another country in the EU than inside the US.

Re:similar to Sweden, where all banking is electro (1)

Cimexus (1355033) | about 2 years ago | (#41932517)

Can't speak for Sweden, but honestly I'm surprised there are still places that have any measurable use of paper cheques still. I'm in my 30s and have never had a cheque account. Never written a cheque. Never received one. Hell, never even seen one other than vague recollections of my parents using them in the 80s when I was a kid.

I'm in Australia and while they technically haven't abolished cheques here, virtually no one uses them. The need for them vanished due to the invention (and more importantly standardisation, so that they are ubiquitous) of electronic methods:

- Paying paper bills: BPay - http://en.wikipedia.org/wiki/BPAY [wikipedia.org]
- Paying in-person for services (i.e. builders, plumbers): they all have mobile EFT terminals ... seriously never found one that doesn't
- Paying your friend back the money you owe him/sending your relatives some money etc: log onto bank's website, type their account and the amount, hit enter. Done instantly.

Electronic methods are no more PITA than scrambling for a pen and writing out a cheque ... they take roughly the same amount of time. And they are processed straight away so your balance isn't in limbo until the cheque clears etc. While I agree that there are conceivable situations where a cheque would be useful, I'm yet to actually come across any of these situations in real life, so I'm fine with the way things are.

Re:similar to Sweden, where all banking is electro (0)

Anonymous Coward | about 2 years ago | (#41933561)

Come to Canada and you won't be able to live without paper cheques. Yes, Canada is really backward....

Re:similar to Sweden, where all banking is electro (0)

Anonymous Coward | about 2 years ago | (#41934125)

Are you kidding? I have never written a paper cheque in Canada (I wrote several during a brief time living in the United States, mainly because it took a while to establish an account). I've received one once when I cancelled my Rogers account. I'm 28. Interac killed the chequeing system before I had to deal with it.

Re:similar to Sweden, where all banking is electro (0)

Anonymous Coward | about 2 years ago | (#41933073)

As a European living in the US I always found it hard to believe how old-fashioned the US banking system is. The main point is you never need a check anywhere in Europe because it's a less secure and less convenient means of transferring money. If you are a US person that hadn't lived long enough in *any* European state (I never lived elsewhere, so I can't discuss other countries) you may find it hard to believe that the banking system (or healthcare system...) in the USA looks very primitive when seen from an outsider's perspective.

Flashback (1)

jtownatpunk.net (245670) | about 2 years ago | (#41930401)

It's been a good 20 years since I've used a device like that for authentication. Maybe 19. Used it to log into telco switches. The token generator was a little device about the size of a small calculator, securely attached to a desk next to a laminated sheet of paper (taped to the desk) with step by step authentication instructions including username/password. The desk was in a secluded corner right next to an unlocked door that opened onto the building's loading dock. :facepalms:

physical keys (1)

KiloByte (825081) | about 2 years ago | (#41930425)

Let's get it right... no cell phones have a physical keyboard anymore, yet it's credit cards that get (limited) keyboards and display? Something is amiss...

Re:physical keys (1)

OolimPhon (1120895) | about 2 years ago | (#41930583)

Absolutely. The device as described sounds to me exactly like an app on a smartphone. Albeit it would have to be a pretty damn secure app, not the garbage most apps seem to be these days.

Why would I want to carry one of these gadgets around when I already have a smartphone which can do the same job?

Re:physical keys (2)

TheRaven64 (641858) | about 2 years ago | (#41931321)

Why would I want to carry one of these gadgets around when I already have a smartphone which can do the same job?

You answered this question in your first paragraph. A mobile phone application runs on a general purpose OS (which, unless its an iPhone or a Google-branded Android phone, probably has a load of old and buggy libraries and kernel because your carrier doesn't push out updates sufficiently competently). Even if the app itself is perfectly written, the TCB contains a whole load of other stuff that really shouldn't be trusted - you install one malicious app by mistake (or visit one malicious web page with a browser that has a known exploit that is fixed upstream but the fix never pushed to you) and your bank account is compromised.

In contrast, the device on the card is running a simple OS, has no network communication, and is basically impossible to trojan without physical access and disassembly.

By the way, we have the Singapore banking regulator to thank for a number of things, including two-factor authentication for online banking. They were the ones that insisted that it had to be provided by all banks doing business in Singapore, and the big banks decided that it was cheaper to roll it out worldwide than have a single system for Singapore. They also have very strict rules (and impose fines for violations) regarding security and disclosure.

Re:physical keys (1)

Sepodati (746220) | about 2 years ago | (#41931411)

The device as described sounds to me exactly like an app on a smartphone

A smartphone would be useless here. The key here is something you have (the card) and something you know (the pin). The device, whether built into the card or separate, and the PIN leads to creating the OTP. Maybe I'm just dense, but I don't see how a smartphone (w/o a card reader) would be any use here.

Re:physical keys (1)

camperdave (969942) | about 2 years ago | (#41935111)

Why can't the "Something I have" be the phone itself, rather than some ratty piece of plastic? After all, it's just the number on the card that's important. Why can't that number be inside the phone?

Re:physical keys (1)

Sepodati (746220) | about 2 years ago | (#41935415)

The whole point is to make sure the person making the transaction is in possession of the card. If "card possession" is not your concern, you're talking about a completely different system.

Re:physical keys (1)

beelsebob (529313) | about 2 years ago | (#41930701)

Is it? I don't see what's surprising here. The expensive device with more functionality has got the better input system. The cheap device that's distributed "freely" by banks to all their customers has the crappy input device that works less well but is significantly cheaper.

What's amiss?

Who pays for the improved card? (1)

Anonymous Coward | about 2 years ago | (#41930431)

This is against the banks interest. In Australia, the banks actually MAKE money out of fraud by overcharging and charge-backs to the merchant.
Only because the law says owner up to the first $50, the bank wears the cost for any fraud. So it is a no brainer to send a 50 cent mag stripe card, than an expensive unit that may actually harm their business model. Camera's and SMS messaging do the job nicely.

Years ago, patents for laser stripe cards - replace mag strip with dvd like material, or high resolution mag stripe, were rejected - paying 5 cents per card more
was just unacceptable. OK, say customer looses the card. Who pays the cost of the replacement? Same deal for 'smartcards' - the bank does not want to replace
expensive to produce hard to crack smartcards.

But this makes sense in Singapore .

WTF? (1, Flamebait)

Bearhouse (1034238) | about 2 years ago | (#41930441)

Can someone please explain why, when I submitted this story yesterday, it was flagged as spam?

http://slashdot.org/submission/2344885/credit-card-has-display-acts-as-security-token [slashdot.org]

Re:WTF? (0)

Anonymous Coward | about 2 years ago | (#41933513)

Can someone please explain why, when I submitted this story yesterday, it was flagged as spam?

Because your mother blows goats.

New? (0)

Anonymous Coward | about 2 years ago | (#41930513)

I've had the exact same thing here in Israel for almost 3 years. They even waived all my credit card fees for a year and reimbursed me a symbolic ~$10 for using it.

I had one of these in the 1980s... (2)

Aphrika (756248) | about 2 years ago | (#41930555)

...all the rage it was. I could do maths and stuff on it and everything. Fitted in my wallet and was credit card sized and 1mm thick...

So why the big fanfare about sticking electronics in a card again, 30 years later?

Re:I had one of these in the 1980s... (0)

Anonymous Coward | about 2 years ago | (#41930625)

I'm guessing your calculator didn't create synergies by leveraging the knowledge base of the information supercyberway, or something like that.

Re:I had one of these in the 1980s... (0)

Anonymous Coward | about 2 years ago | (#41931101)

the information super highway was actually the term everyone was using in the 1980s. Leveraging synergies was I think from the late 90s, so that was indeed after his calculator.

Signed,
  Pedantic Man

Re:I had one of these in the 1980s... (1)

ArcadeMan (2766669) | about 2 years ago | (#41931259)

Because some people still think digital displays are a pretty neat idea.

Re:I had one of these in the 1980s... (2)

TheRaven64 (641858) | about 2 years ago | (#41931367)

I'm not sure about the one in TFA, but one of the big differences in the prototype that I saw was that it used eInk instead of a traditional LCD for the display. This means that the battery life is a whole lot better. That, combined with improvements in battery technology means that it's possible to create one that will last for longer than the lifetime of a credit card and be able to create cryptographic tokens for this entire time. Oh, and I think you're misremembering the thickness of the 'credit card sized' calculators in the '80s. They were at least 2-3 times the thickness of a normal card. This is exactly the same size, and so works with magnetic strip and chip-and-pin readers as well.

Not replacing chip and pin (1)

metamarmoset (2728667) | about 2 years ago | (#41930695)

> Lets hope they've put more thought into the implementation than with chip and pin

The card displayed in TFA has a 'chip', and is presumably comptable with chip and pin systems.

As far as I understand it, this is simply trying to integrate an authentication device [wikipedia.org] into the card itself, not replace the current card system.

Re:Not replacing chip and pin (1)

Hrrrg (565259) | about 2 years ago | (#41930813)

This is slightly offtopic, but I want to promote the use of two-factor authentication. I just ordered a Yubikey for $25. It reportedly is supported by gmail, fastmail, lastpass among others: http://www.yubico.com/ [yubico.com]

Includes display and leopard (1)

Anonymous Coward | about 2 years ago | (#41930915)

Thanks to XKCD, this appears to have awesome security features.

Instant Failure. (2)

Lumpy (12016) | about 2 years ago | (#41930963)

Show me how durable that thing is by putting it in a overstuffed wallet that is then used by a construction worker who bends over and plops down 90 times a day.

I remember the SecurID credit cards. I had to replace them 3 times a year from cracked LCD screens or cracked boards.

Re:Instant Failure. (1)

CharmElCheikh (1140197) | about 2 years ago | (#41933099)

Yes sir. Here it is bent in 2 with the screen and buttons still working (I did that many times):
http://i1299.photobucket.com/albums/ag67/tempforsd/WP_000647.jpg [photobucket.com]

I'm not saying all brands are that good, but that one is.

Re:Instant Failure. (0)

Anonymous Coward | about 2 years ago | (#41933849)

You sir are a liar. If you work in that industry and I do. You would know that the display is an E-INK display. Its bistable, meaning it doesn't require any power applied to the display in order to keep the display "lit up" Do you notice the fading on the numbers in that card? Yes I do. It means that the card is garbage and the display lost power during the torsion and lfex tests it was submitted to. That "aging" on the display is what happens when the battery conenction on the PCB is CUT!

And yes I do forensic analysis for a living.

SmartDisplayer (3, Informative)

cocotoni (594328) | about 2 years ago | (#41931045)

Basically we have "news" of a product by SmartDisplayer [smartdisplayer.com.tw] , that they have been producing for the last 7 years, already implemented by some 30 banks, used by Visa in some markets, which I have been using with the in-house TOATH authentication systems for the last four years. So where's the news? Slow news day?

Re:SmartDisplayer (0)

Anonymous Coward | about 2 years ago | (#41933873)

They don't physically make the card. NagraID does that. They make the electronics. Big deal

Re:SmartDisplayer (1)

evilviper (135110) | about 2 years ago | (#41934005)

So where's the news? Slow news day?

On the new Slashdot... EVERY DAY is a slow news day!

"New" (0)

Anonymous Coward | about 2 years ago | (#41931137)

This have been available for 5+ years at least for customers with some money in their account :-D I know because I program them.

LCD? (2)

ArcadeMan (2766669) | about 2 years ago | (#41931239)

Why choose LCD over e-ink?

Only credit card with buttons and display I want (1)

Jerom (96338) | about 2 years ago | (#41932381)

can be found here http://www.rpn-calc.ch/ [rpn-calc.ch]

Fully functional HP-15C clone - updatable firmware!

History (0)

Anonymous Coward | about 2 years ago | (#41932383)

First off. This isn't anything new. Cards like this have been in existence for more than 10 years. The problem really is acceptance by people like MasterCard/Visa/Amex. Years ago I was involved with a company that invented the first polymer batteries that are used in these products (Solicore). There were only a few companies doing this. AudioSmartCard, NagraID (eventually Audiosmartcard went bankrupt and their guys joined Nagra) and Identita. In any case, that card for MasterCard is made by NagraID. Identita and AudioSmartcard made the first embedded cards back in 2002 (credit card thickness)
Visa/MC/Amex hate new tech. They need to own it or wait long enough that most of the value in the IP means nothing and they can use it at little or negligible cost to themselves while they screw the banks with new expensive programs and in the end, screw the consumer. Remember PayPass? Yeah that was some really cool technology done by a company in California called Privasys. Well right after MasterCard tried stealing that (they were subsequently sued by Privasys) they sure learned their lesson since they paid Privasys a shitload of money and royalties on the Paypass tech which they now license to Visa and Amex (keep it in the family boyz!)
Where a typical EMV (chip n pin) card goes for 2 bucks, you can be sure this card is over 20 and they are charging the customer for something they will rarely use. You should have heard the guys at Solicore and their customers swear how Visa/MC/Amex were breaking nuts about NEEDING to keep the lower part of the card free of electronics so that they could have it for embossing. Just an excuse by the big three that's all. Look at this card. Fuck if they put anymore electronics in it, it would shit out the side. What you don't need the embossing for the name anymore MC? What a joke. You should have heard in a meeting once when some dumbass lawyer for MC said they were concerned that a consumer would eat (EAT FOR GOD SAKES) 50 credit cards! and make themselves sick from the battery inside. We had done testing at Solicore (I mean shitloads of cash) to properly test our batteries and you could have eaten 100 of them without a problem. Thatâ(TM)s not the point. Who the FUCK is going to eat 50 credit cards? REALLY? Again just reasons for these guys to stall us.
Then the whole industry went to shit for a few years because of the financial bank crisis in 2008. No bank is going to buy cards for 20 bucks. It just doesn't mitigate their risk values at that price and consumers won't buy it because they should be getting it for free with all the fucking fees banks charge today. Bank of America had a program with a similar OTP card they did with Gemalto and some shitty pump and dump stock company called InCard. That program is now cancelled.
Identita got a huge order from a bank in South Korea but they were able to only partially deliver the order because their supplier in China fucked up in a major way. Don't do shit in China boys!!! Identita moved to corporate from banking (smart move MM) which is full of assholes like RSA and Vasco who keep telling all their customers that our batteries explode and aren't safe. Yeah right you do that. Meanwhile keep fucking your corporate customer 80 bucks a token while you pay a buck for them out of China. Meanwhile, like MC/Visa/Amex the only reason those guys (RSA etc) won't do it is because they don't own manufacturing rights or IP to make it exclusive to them. And well, if you can keep screwing dumb ass consumers into believing that an OTP token for a buck out of China is worth 80 bucks then you guys deserve to make that money.

Amex was supposed to do some really cool "changing magnetic swipe card" called SmartStripe or some shit like that. With a company in California called Qsecure. Anyways Qsecure apparently can't do it properly and Amex dumped them, partly because they had already taken a massive hit developing the program internally but also because the card just didn't work reliably enough.
Then Identita and a company they licensed IP from (CardXX) went into litigation with some company formerly associated with us at Solicore. This company, Innovatier basically thought they would rip off CardXX but didn't realize that they had licensed it to Identita as well. Identita apparently ended up financing the whole litigation which ended in Innovatier losing their license. Apparently Innovatier doesn't think much of losing in court since they keep using the technology they ripped off.
Through all of this, some dipshit at a company called Dynamics actually convinced Bain Capital to give him 50m for a similar piece of technology to the one NagraID made for MasterCard. Not really sure what they are doing with their tech but they sound like another Innovatier to say the least.
Anyways the tech is cool; the market is just fucked up because you can't sell this to banks because they wonâ(TM)t buy it in volume to drive the cost down. They're already thieves and the idea of actually buying tech for their customers that could save them money in the long run is just NOT GOOD BUSINESS FOR A BANK. Not today anyway.
So its NagraID for the banking industry and Identita for corporate and speciality security products. Anyone else is either a bit player or someone looking for litigation.

"More thought than Chip and PIN"??? (0)

Anonymous Coward | about 2 years ago | (#41932413)

Whoever wrote the summary is an ignorant. The chip and PIN system has existed in France since the 70s, and is by FAR more secure than the silly magnetic strip system that has persisted chiefly in anglophone countries. It has withstood attacks for a long time, and if only now vulnerabilities are being exposed, thirty years after, then I'd say it was bloody well thought out!!

seems more useful for face-to-face transactions (1)

Khashishi (775369) | about 2 years ago | (#41934373)

I'm not too worried about online. It seems to me that this technology would be far more useful for securing face-to-face transactions. Every time you hand your card over to a cashier or a waiter, you give them nearly unrestricted access to your account. If you just gave them a one-time password, that would be a huge increase in security.

Finally! (0)

Anonymous Coward | about 2 years ago | (#41934745)

This is a great advancement in security. You no longer have to trust the POS device to do the right thing.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?