h a l f b a k e r yRenovating the wheel
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Existing credit cards are pitifully insecure. Anyone with just it's NUMBER can make purchases with it. It's ridiculous that we're still with this 50-year-old piece of plastic.
Make the "card" electronic. A simple display and keypad, no more expensive than a cheap pocket calculator.
To make
a purchase with the basic. free version, the owner would key in the merchant's ID number, the amount, and a PIN number. The device would encode this data, along with an internal owner-specific key, and display a one-time purchase number.
This number could then be used by the merchant to recover the amount of the purchase from the cardholder ONE time.
Based on an open encryption standard, such as PGP, there would be no secrets to crack. Just a strong encryption system..
With this open standard, the marketplace woudl take care of producing deluxe versions, with thumbprint readers, eye scanners, subdernal RFID tags, and IR or RF transmission of transactions. Integration into PDA's, cellphones, wristwatches, anything electronic and portable.
The owner would not have access to the internal key, and the device would be designed to erase it if opened or tampered with. To load a new device, the card company would send the owner a read-once memory device, like a phone SIM card, except that it gets erased as soon as the key is loaded into the new device. The owner's PIN number, encoded into the key must be entered correctly twice to activate the "card" After this, it could not be changed again.
Only the person in posession of the device could make charges with it. The generated purchase number is useful only to the merchant whose number is encoded within it.
Additional functions: Daily spending limits, periodic purchase authorization munbers (Merchant can charge X dollars a month for Y years.)
If, for some odd reason, someone wanted more than one credit account, the deluxe devices could handle more than one key/account, each with it's own PIN number.
SecurID card
http://www.hpcmo.hp...RITY/securid_q.html This isn't tied to banking, but it's the kind of hardware and general form of challenge/response protocol described. [jutta, Aug 21 2002]
O-Card from Orbiscom (Warning: media fluff galore)
http://www.orbiscom...products/ocard.html Doesn't have a keypad, but supports one-time use. Card owner requests per-transaction numbers from card issuer. DiscoverCard uses these guys. [jutta, Aug 21 2002]
eCashPad
http://www.econnect.../consumer/cons.html Piece of hardware that sits between a regular credit card and the merchant. The merchant receives an approval token from the bank, not the credit card data itself. [jutta, Aug 21 2002]
A Survey of Security in Online Credit Card Payments
http://www.cs.berke...commerce/credit.htm Quick overview. [jutta, Aug 21 2002]
AmericanExpress® PrivatePayments
http://www26.americ...atepayments/faq.jsp The kind of service [waugsqueke] mentioned. These expire within 30 days. [jutta, Aug 21 2002]
Discover Deskshop®
http://www2.discove...deskshop/main.shtml Similar thing (combined with automatic form-filler-outer, Windows-only) from Discover. Unlike Amex's numbers, these are good for recurring use. [jutta, Aug 21 2002]
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Annotation:
|
|
"its", for goodness' sake! Every place except one. |
|
|
The major card companies are already doing something very similar to this. Single-use card numbers have been around for a few years now. |
|
|
"PIN number" - surely the visual equivalent of nails on a blackboard. |
|
|
Good idea, which is why I wouldn't be surprised if waugs is right. Those credit card companies are normally pretty good at acting in their own interest... |
|
|
How timely; I was told only days ago that my main account's visa card may have been compromised and has been canceled and reissued with another number. |
|
|
[The calling visa card support center refused to tell me (and claimed they didn't know) which vendor did this; I guess the vendor's privacy is a lot more important than their customers'.] |
|
|
Anyway. The described approach is a bit of overkill - I am told that tamper-proof is hard, I don't think you need to protect and store that much information on the card, and as described it would produce too much output for a human to copy. |
|
|
It also doesn't do _quite_ what I need, but the missing functionality is easy to add. I don't necessarily want to limit transactions to one per number (some, but not all); in addition to the one-time numbers, I also want to be able to pull reusable numbers out of the card and enable and disable them independently.
That way, if the number I use to pay my phone bill gets compromised, the number I use to pay my cable bill stays operational. (Apparently DiscoverCard supports this; now if only they had a clue about operating systems...) |
|
|
To make the system highly tamper resistant (but unfortunately not quite tamper proof), the manufacturer could build a very special ASIC (application specific integrated circuit) processor/memory combo which would only communicate with the outside world in a secure fashion, and specifically prohibit direct memory access. The user's encryption key, account number, PIN, etc. would all be stored inside the ASIC's volatile RAM. The chip architecture would be carefully crafted so that power connections to the volatile RAM would encase the balance of the circuitry in a maze of power filaments. Any attempt to physically probe the chip would have to pierce the power layer and thus interrupt the flow. Additionally, the card's case would have microswitches and other tamper sensors to alert the chip if disassembly were attempted. |
|
|
To activate a new card or re-activate a disabled card, one would have to visit an authorized service center equipped with a programming station. The station would engage in an encrypted exchange with the financial institution's central computer to verify your account number and obtain a new personal encryption key. It would then engage in an encrypted exchange with the ASIC in your card to wipe any old data, download the new data, and signal that a new PIN should be entered in the next 60 seconds. The user then takes the card and types in a PIN they can remember. If they fail to enter a PIN before the time limit expires, the card wipes its memory and deactivates. |
|
|
During normal use, the card interfaces with a docking station at the point of sale. The docking station submits the purchase price, recurrance options, and vendor ID to the card electronically. The card displays the price and a symbol for either "recurring" or "non-recurring". The user must then enter the correct PIN to authorize the purchase, or else press the Cancel key to decline the purchase. Entering the wrong PIN three times deactivates the card. |
|
|
Once the correct PIN is entered, the ASIC takes all the purchase data from the POS docking station and then uses the personal key to generate a hash sequence which will serve as the authorization number. The authorization may be validated immediately with the financial institution or else deferred, depending on the purchase amount and vendor preferences. |
|
|
I like the idea of a smart card that spits out a new number for each
purchase, and which allows you to give specific numbers to particular
parties for recurring payments (or open-ended payments, such as when
the video store wants to be able to charge you late fees as needed).
This calculator-like device will presumably work with the equipment
that merchants already have, and it provides a high level of fraud
protection. |
|
|
I think taking it to your local bank with proper ID should be all
that's required to re-program it, since it would be expensive to
replace for every forgotten PIN. It might be more cost-effective to
upgrade merchant boxes everywhere to communicate with these devices,
leaving only a small display and an "approve" button onboard. (The
PIN would be useless without access to the embedded secret key, which
would never be revealed.) |
|
|
Currently, both conventional credit card and PIN-authenticated
transactions (which are much safer) are commonplace. Security could
be considerably improved if banks required all merchants that have
physical contact with their customers accept require a PIN. This
calculator-like device would work even over the phone, and also
prevents merchants who hack their equipment from successfully using
stolen PINs. |
|
|
Calculator-like devices that can talk to each other would also
potentially useful for secure person-to-person transactions. |
|
|
So then the thief would force you to tell him your PIN before he knocked you down and ran off with your stolen, fraud-proof credit card. |
|
|
[ScottS] See the Panic PIN idea. Even without that,
you can still tell them the wrong PIN. |
|
|
I've seen digital keys (a number on an LCD screen
that changes each minute) used for years for VPN
access, and some banks now use them for authorising
business banking transactions online. |
|
| |