Credit Card Security
01 June 2012
I think it's pretty well known that credit cards aren't very secure. To steal the information, all you need is to phish a user into typing their credit card info on a fraudulent website, install a skimmer or camera at an ATM, or some other way to read the information stored in the magnetic strip. A 4-digit PIN isn't particularly secure either. The problem is that the information is static, it never changes. So once they have it, they can use that same info to charge on your account as many times as they wish.
There's a rather simple and elegant solution. There exists two-factor authentication devices which simply display a random number, like in the image below. The number changes every minute and there are 1 million possible combinations to guess from.
We need this in credit card form. When you make an online purchase, you'd need the physical card to display a random number which you type into the website to verify and complete the transaction. There'd also need to be a way to transmit this random number, whether through the magnetic strip (I think this is unlikely), or wirelessly, i.e. contactless smart cards.
A second layer of security could be to allow the card owner to verify online transactions before completing them. The bank can send a randomly generated number through a call, text, or email (no links to click!), with the exact details of the transaction and the amount to be charged. To verify the transaction, the person must type this random number into the website. This number could only be valid for (say) one hour, sufficient time to complete the transaction.
This would make online transactions much safer, and solve the problem of credit card skimmers and other such devices. The only way to bypass the security would be to steal the physical card or hack into the servers. If the card is ever stolen, just follow the standard procedure of deactivating it and issuing a new card. Unfortunately, credit card companies seem less interested in making things more secure, and would much rather hide the problem from public view and merely give the appearance of security.
There's a rather simple and elegant solution. There exists two-factor authentication devices which simply display a random number, like in the image below. The number changes every minute and there are 1 million possible combinations to guess from.
We need this in credit card form. When you make an online purchase, you'd need the physical card to display a random number which you type into the website to verify and complete the transaction. There'd also need to be a way to transmit this random number, whether through the magnetic strip (I think this is unlikely), or wirelessly, i.e. contactless smart cards.
A second layer of security could be to allow the card owner to verify online transactions before completing them. The bank can send a randomly generated number through a call, text, or email (no links to click!), with the exact details of the transaction and the amount to be charged. To verify the transaction, the person must type this random number into the website. This number could only be valid for (say) one hour, sufficient time to complete the transaction.
This would make online transactions much safer, and solve the problem of credit card skimmers and other such devices. The only way to bypass the security would be to steal the physical card or hack into the servers. If the card is ever stolen, just follow the standard procedure of deactivating it and issuing a new card. Unfortunately, credit card companies seem less interested in making things more secure, and would much rather hide the problem from public view and merely give the appearance of security.
1
