Existing credit cards are pitifully insecure. Anyone with just it's NUMBER can make purchases with it. It's ridiculous that we're still with this 50-year-old piece of plastic.
Make the "card" electronic. A simple display and keypad, no more expensive than a cheap pocket calculator. To make a purchase with the basic. free version, the owner would key in the merchant's ID number, the amount, and a PIN number. The device would encode this data, along with an internal owner-specific key, and display a one-time purchase number. This number could then be used by the merchant to recover the amount of the purchase from the cardholder ONE time.
Based on an open encryption standard, such as PGP, there would be no secrets to crack. Just a strong encryption system..
With this open standard, the marketplace woudl take care of producing deluxe versions, with thumbprint readers, eye scanners, subdernal RFID tags, and IR or RF transmission of transactions. Integration into PDA's, cellphones, wristwatches, anything electronic and portable.
The owner would not have access to the internal key, and the device would be designed to erase it if opened or tampered with. To load a new device, the card company would send the owner a read-once memory device, like a phone SIM card, except that it gets erased as soon as the key is loaded into the new device. The owner's PIN number, encoded into the key must be entered correctly twice to activate the "card" After this, it could not be changed again.
Only the person in posession of the device could make charges with it. The generated purchase number is useful only to the merchant whose number is encoded within it.
Additional functions: Daily spending limits, periodic purchase authorization munbers (Merchant can charge X dollars a month for Y years.)
If, for some odd reason, someone wanted more than one credit account, the deluxe devices could handle more than one key/account, each with it's own PIN number.-- FooToo, Aug 21 2002 SecurID card http://www.hpcmo.hp...RITY/securid_q.htmlThis isn't tied to banking, but it's the kind of hardware and general form of challenge/response protocol described. [jutta, Aug 21 2002] O-Card from Orbiscom (Warning: media fluff galore) http://www.orbiscom...products/ocard.htmlDoesn't have a keypad, but supports one-time use. Card owner requests per-transaction numbers from card issuer. DiscoverCard uses these guys. [jutta, Aug 21 2002] eCashPad http://www.econnect.../consumer/cons.htmlPiece of hardware that sits between a regular credit card and the merchant. The merchant receives an approval token from the bank, not the credit card data itself. [jutta, Aug 21 2002] A Survey of Security in Online Credit Card Payments http://www.cs.berke...commerce/credit.htmQuick overview. [jutta, Aug 21 2002] AmericanExpress® PrivatePayments http://www26.americ...atepayments/faq.jspThe kind of service [waugsqueke] mentioned. These expire within 30 days. [jutta, Aug 21 2002] Discover Deskshop® http://www2.discove...deskshop/main.shtmlSimilar thing (combined with automatic form-filler-outer, Windows-only) from Discover. Unlike Amex's numbers, these are good for recurring use. [jutta, Aug 21 2002] "its", for goodness' sake! Every place except one.-- El Pedanto, Aug 21 2002 The major card companies are already doing something very similar to this. Single-use card numbers have been around for a few years now.-- waugsqueke, Aug 21 2002 "PIN number" - surely the visual equivalent of nails on a blackboard.
Good idea, which is why I wouldn't be surprised if waugs is right. Those credit card companies are normally pretty good at acting in their own interest...-- -alx, Aug 21 2002 How timely; I was told only days ago that my main account's visa card may have been compromised and has been canceled and reissued with another number.
[The calling visa card support center refused to tell me (and claimed they didn't know) which vendor did this; I guess the vendor's privacy is a lot more important than their customers'.]
Anyway. The described approach is a bit of overkill - I am told that tamper-proof is hard, I don't think you need to protect and store that much information on the card, and as described it would produce too much output for a human to copy.
It also doesn't do _quite_ what I need, but the missing functionality is easy to add. I don't necessarily want to limit transactions to one per number (some, but not all); in addition to the one-time numbers, I also want to be able to pull reusable numbers out of the card and enable and disable them independently. That way, if the number I use to pay my phone bill gets compromised, the number I use to pay my cable bill stays operational. (Apparently DiscoverCard supports this; now if only they had a clue about operating systems...)-- jutta, Aug 21 2002 To make the system highly tamper resistant (but unfortunately not quite tamper proof), the manufacturer could build a very special ASIC (application specific integrated circuit) processor/memory combo which would only communicate with the outside world in a secure fashion, and specifically prohibit direct memory access. The user's encryption key, account number, PIN, etc. would all be stored inside the ASIC's volatile RAM. The chip architecture would be carefully crafted so that power connections to the volatile RAM would encase the balance of the circuitry in a maze of power filaments. Any attempt to physically probe the chip would have to pierce the power layer and thus interrupt the flow. Additionally, the card's case would have microswitches and other tamper sensors to alert the chip if disassembly were attempted.
To activate a new card or re-activate a disabled card, one would have to visit an authorized service center equipped with a programming station. The station would engage in an encrypted exchange with the financial institution's central computer to verify your account number and obtain a new personal encryption key. It would then engage in an encrypted exchange with the ASIC in your card to wipe any old data, download the new data, and signal that a new PIN should be entered in the next 60 seconds. The user then takes the card and types in a PIN they can remember. If they fail to enter a PIN before the time limit expires, the card wipes its memory and deactivates.
During normal use, the card interfaces with a docking station at the point of sale. The docking station submits the purchase price, recurrance options, and vendor ID to the card electronically. The card displays the price and a symbol for either "recurring" or "non-recurring". The user must then enter the correct PIN to authorize the purchase, or else press the Cancel key to decline the purchase. Entering the wrong PIN three times deactivates the card.
Once the correct PIN is entered, the ASIC takes all the purchase data from the POS docking station and then uses the personal key to generate a hash sequence which will serve as the authorization number. The authorization may be validated immediately with the financial institution or else deferred, depending on the purchase amount and vendor preferences.-- BigBrother, Aug 21 2002 I like the idea of a smart card that spits out a new number for each purchase, and which allows you to give specific numbers to particular parties for recurring payments (or open-ended payments, such as when the video store wants to be able to charge you late fees as needed). This calculator-like device will presumably work with the equipment that merchants already have, and it provides a high level of fraud protection.
I think taking it to your local bank with proper ID should be all that's required to re-program it, since it would be expensive to replace for every forgotten PIN. It might be more cost-effective to upgrade merchant boxes everywhere to communicate with these devices, leaving only a small display and an "approve" button onboard. (The PIN would be useless without access to the embedded secret key, which would never be revealed.)
Currently, both conventional credit card and PIN-authenticated transactions (which are much safer) are commonplace. Security could be considerably improved if banks required all merchants that have physical contact with their customers accept require a PIN. This calculator-like device would work even over the phone, and also prevents merchants who hack their equipment from successfully using stolen PINs.
Calculator-like devices that can talk to each other would also potentially useful for secure person-to-person transactions.-- beland, May 24 2003 So then the thief would force you to tell him your PIN before he knocked you down and ran off with your stolen, fraud-proof credit card.-- ScottS, Jan 02 2011 [ScottS] See the Panic PIN idea. Even without that, you can still tell them the wrong PIN.
I've seen digital keys (a number on an LCD screen that changes each minute) used for years for VPN access, and some banks now use them for authorising business banking transactions online.-- marklar, Jan 02 2011 random, halfbakery