Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Handhelds Security The Almighty Buck Hardware Technology

Credit Cards That Think They Are Gadgets 239

Posted by Soulskill
from the why-is-my-wallet-beeping dept.
holy_calamity writes "Pittsburgh startup Dynamics Inc has unveiled gadget-like credit cards with buttons, lights and even displays built into the same space as a conventional card. One card has two buttons on the front, which, when pressed, rewrite the data on the card's magnetic stripe, allowing it to act as multiple bank or credit cards in one. Another has several buttons and a display in place of the card's number. Only after entering a PIN is the magnetic stripe populated and the full card number revealed, and after a short time both go blank again for security." I wonder how long it'll be until somebody builds onboard biometrics into one of these things.
This discussion has been archived. No new comments can be posted.

Credit Cards That Think They Are Gadgets

Comments Filter:
  • Biometrics? (Score:4, Insightful)

    by spun (1352) <`moc.oohay' `ta' `yranoituloverevol'> on Friday September 17, 2010 @12:03PM (#33612510) Journal

    You mean, digital passwords you can never change? Sounds secure...

    • Why could it not be changed? Chip and pin cards store the pin on the chip, and they can be changed.
      • Re: (Score:3, Funny)

        by Anonymous Coward

        Did you ever tried to change your fingerprints?

        • Re: (Score:3, Insightful)

          by Prune (557140)
          Revocable biometrics exist, and you don't have to chop off your fingertips either: for example, http://www.turbine-project.eu/ [turbine-project.eu] or http://vast.uccs.edu/biodistmet.html [uccs.edu] or http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=4318487 [ieee.org] and so on By the way, not to be a grammar nazi, just informative: did you ever tried -> did you ever try
          • Re:Biometrics? (Score:5, Insightful)

            by Zerth (26112) on Friday September 17, 2010 @12:48PM (#33613118)

            Turbine just generates a non-reversible key from fingerprints. It does nothing to help you out if your fingerprint data gets out. Like by touching a car door.

            • by Prune (557140)
              There are two separate issues, physical and electronic compromises. Compromising the database is a much bigger problem and more likely scenario than compromising the actual physical feature. The schemes mentioned above solve the electronic issue. Physical security of oneself is fairly reasonable, and if compromised then one should switch to a different biometric ID or a password. Of course, I always believe the option has to be there to use a password. But revocable biometric IDs can still be useful fo
              • by Prune (557140)
                Think of it this way: it's just like with a computer--if physical security is breached, all bets are off regardless of what crypto you're using. Your whole hard drive can be encrypted with TrueCrypt, but there was an article posted here (months ago I think) where they can spray the RAM with a freeze spray as they cut power to the machine and then recover the plain text keys because there's still some charge. Protecting yourself from say retina scans by wearing glasses is a pain, so what we need for biomet
            • by jeffmeden (135043)

              <Insert mythbusters episode reference here>

              The current (and foreseeable future) crop of biometric systems are very difficult to "attack" by using lifted fingerprints due to the way they read the fingerprint from your skin. Creating a real-skin (or functional equivalent) duplicate is probably somewhere near the order of difficulty of brute-forcing a password for commonly accepted (read: flawed) password mechanisms. So; worry about one worry about the other, I guess.

              • by idontgno (624372)
                So, you're saying that fingerprint readers have beaten this attack? [theregister.co.uk] I hadn't heard that, but then I imagine "Now no longer vulnerable to Gummi Bear attack" isn't much of a marketing bullet point either.
      • I didn't read the post title... I thought that this comment was referring to the part where you can enter a pin to make the mag strip work. My bad...
    • Re:Biometrics? (Score:5, Insightful)

      by slshwtw (1903272) on Friday September 17, 2010 @12:36PM (#33612948)
      Three kinds of security:
      • something you are (biometrics)
      • something you have (card)
      • something you know (pin)

      As parent indicated, biometrics is the weakest of these, as if someone is able to 'break the code' you have no way of changing your fingerprints, etc. The best approach is a combination of having and knowing, such as an ATM card which a thief can't use without knowing the PIN, or a building access card that requires you to punch in a code. If you lose your card, no big deal, just issue a new one and assign it a new code just in case.

    • Re:Biometrics? (Score:4, Insightful)

      by profplump (309017) <zach-slashjunk@kotlarek.com> on Friday September 17, 2010 @01:00PM (#33613250)

      Please don't conflate "biometerics as a stand-alone authenticator" with "biometrics as a second authentication factor". It's pretty reasonably to combine a physical token with biometrics, because you *can* deactivate/replace/rekey the physical token pretty easily. It's important that the authentication system includes some revokable factor, and ideally you'd also have a PIN or other knowledge-based authentication token, but physical + biometric is not a bad start, and can form a perfectly usable, revokable system.

      And it's certainly not a bad system compared to the current "physical only" authentication currently in place.

      Your fingerprints can't be changed, but they can't be as trivially reproduced as a password either. I agree, someone *could* steal your fingerprints and reproduce them in some useable way, though it would take a higher level sophistication than simply stealing your card or copying your password. And if someone stole your fingerprints and your card you could simply deactivate the stolen card and have a new one issued. The person with your fingerprints would then have a copy of your fingerprints and a useless credit card dongle. He'd need to steal your physical credit card all over again in order to use make use of his copy of your fingerprints.

  • Erm (Score:4, Funny)

    by iONiUM (530420) on Friday September 17, 2010 @12:09PM (#33612568) Homepage Journal

    Why don't they just tie this shit into your cell phone instead? They already have something similar in Japan with swipe phones for the JR line.

    Why does every company have to try and put another gadget in your pocket. They should just integrate better with existing gadgets so I don't have to wear fucking cargo pants and have a wallet that is 3 feet big.

    • Re:Erm (Score:4, Funny)

      by swanzilla (1458281) on Friday September 17, 2010 @12:13PM (#33612632) Homepage

      They should just integrate better with existing gadgets so I don't have to wear fucking cargo pants and have a wallet that is 3 feet big.

      That ain't a wallet. This is a wallet...

    • Re:Erm (Score:4, Funny)

      by tekrat (242117) on Friday September 17, 2010 @12:13PM (#33612634) Homepage Journal

      That's also why, when women hit you with their purse, the injury is now fatal.

    • Re:Erm (Score:5, Informative)

      by oodaloop (1229816) on Friday September 17, 2010 @12:17PM (#33612684)
      AS TFA points out, there are 16 million credit card readers out there. Instead of making them all RFID readers, just use the existing infrastructure. And this would potentially reduce the size of your wallet, not increase it, by allowing you to carry just one programmable card instead of many.
    • Re:Erm (Score:4, Insightful)

      by Microlith (54737) on Friday September 17, 2010 @12:21PM (#33612732)

      Why don't they just tie this shit into your cell phone instead? They already have something similar in Japan with swipe phones for the JR line.

      Because in Japan the companies are far more tightly integrated, and it's much easier for NTT to work with JR East on what they want to do, and decree to handset makers that their next products will include the functionality. In the US, for instance, it's virtually guaranteed we'd have massive infighting and incompatibilities as vendors fought for dominance over all others. Verizon would work in some places, AT&T in others, and unless you bought your phone from them you couldn't use it at all.

      Basically, there's a whole bunch of bullshit in the States that prevent solutions like Japan has from working.

    • by D Ninja (825055)

      I don't have to wear fucking cargo pants and have a wallet that is 3 feet big.

      ...that's no wallet...

    • No thanks (Score:5, Interesting)

      by pavon (30274) on Friday September 17, 2010 @12:37PM (#33612966)

      Because cell phones are buggy pieces of shit, and I wouldn't trust them with my credit card number and PIN for anything. Especially as they become more and more tied to the web.

    • by Ksevio (865461)

      I used to have a payment tag from citi that was just a sticker that could go on my phone. I used that to pay for things for a while until they "upgraded" my card to one that had it built in. Apparently they can't issue a separate tag for this card, so when I requested a new one, they just sent me a new card, then when I called customer support, they told me that could, but just sent a new card....

      Anyways, it's possible to have just the rfid chip on your phone without having to interact with it, but it's n

    • by Firehed (942385)

      Did you even glance at the tech? This replaces your existing credit cards - it's not more crap to carry around. In theory, it can even reduce the number of cards you have to carry, since it can combine (at least) two cards into a single physical device of the same size and functionality.

      It's not tied into your cell phone (something that, believe it or not, not everyone with a credit card has) because no POS terminals in the country allow you to pay with your cell phone, where all of them allow you to swipe

  • The main use (Score:3, Insightful)

    by wirelessdreamer (1136477) on Friday September 17, 2010 @12:11PM (#33612602)
    Scammers will love these, they'll find a flaw where they can reprogram any name and card number, swipe a card and clone it.
    • Re:The main use (Score:5, Insightful)

      by Anonymous Coward on Friday September 17, 2010 @12:23PM (#33612770)

      swipe a card and clone it

      And how this is different from what we have now?

      • Because one involves a material change using a specialized printer and card stock (unless you're just going to gamble that the clerk won't look at what is actually printed on the card) and one is an electronic change that can be presumably used with a magnetic card reader/writer and a general purpose computer.

        Both are doable, the latter can conceivably be easier as well as easier to start up.

        If there is a combination of permanent lettering on the new type of electronic card, then things just stay the same,

    • by Firehed (942385)

      They can already do that with a $200 mag-stripe programmer. The hard part is getting the data to clone (which is not just the card number).

  • I wonder how long a card like this will last in an average wallet, perhaps facing demagnetization, wear and tear, and other issues of being in a pocket and constantly jostled around.

    However, it it can handle that, this could be a great thing to have, as not just a credit card, but as an authentication device. Punch your PIN, punch a challenge phrase, give the vendor the response, and that will do a lot to minimize credit card fraud.

    Of course, skimmers with cameras will still be an issue -- just videotape t

    • by Bigjeff5 (1143585)

      And that's different from a normal credit card how?

      These things are even more flexible and durable than credit cards. There is no reason to expect these cards will be more susceptible to demagnetization than the magnetic strip of any other card.

      The electronics are in the plastic, it makes them pretty darn durable.

      Punch your PIN, punch a challenge phrase, give the vendor the response, and that will do a lot to minimize credit card fraud.

      Not really, most card theft these days happens in mass thefts of data, not individual credit card thefts.

  • by TheCreeep (794716) on Friday September 17, 2010 @12:12PM (#33612618)
    I wonder how long it'll be until somebody builds onboard biometrics into one of these things.

    Screw that, I'm waiting for these guys to port Quake to a credit card.
  • by Anonymous Coward on Friday September 17, 2010 @12:20PM (#33612722)

    I know chip&pin isn't perfect, but it'd be a step in the right direction..

    I just went on vacation and had no problem with my cards until the end, when someone cloned one of my cards and "swiped" it nearly ten days after I'd last used the card in that particular city.

    Curiously the card was never out of my sight. They carried a machine to the table in restaurants and swipe on the spot, as is common in Europe.

    Then, when my genius bank thought there might be fraud, they called me on my land line at home. This despite having told them my travel plans and they knew I wouldn't be home for another 24 hours. Since I didn't get back to them soon enough they let the fraudulent charges go through -- one of them for over $2000 -- and I had to deal with it the hard way when I got home.

    • by Intron (870560)

      I know chip&pin isn't perfect, but it'd be a step in the right direction..

      I just went on vacation and had no problem with my cards until the end, when someone cloned one of my cards and "swiped" it nearly ten days after I'd last used the card in that particular city.

      Curiously the card was never out of my sight. They carried a machine to the table in restaurants and swipe on the spot, as is common in Europe.

      Then, when my genius bank thought there might be fraud, they called me on my land line at home. This despite having told them my travel plans and they knew I wouldn't be home for another 24 hours. Since I didn't get back to them soon enough they let the fraudulent charges go through -- one of them for over $2000 -- and I had to deal with it the hard way when I got home.

      You tell your bank your travel plans?

      • by Dog-Cow (21281) on Friday September 17, 2010 @12:34PM (#33612914)

        It's not uncommon. It's done to prevent charges at the destination from being rejected due to automated fraud prevention.

        • by Intron (870560)

          How do you do it? Call the CC 800 number? If so, what prevents me from calling and saying I'm you and that I'm in Milan?

          • Re: (Score:3, Interesting)

            by freeweed (309734)

            How do you do it? Call the CC 800 number?

            Basically, yes. Talk to a CSR at the CC company.

            If so, what prevents me from calling and saying I'm you and that I'm in Milan?

            The same way you're prevented from calling the CC company and changing my address, or calling my bank and wire transferring money into your account, or 300 other nasty things you could think up. They do have *some* security on your account that way - they ask you enough personal information that they're satisfied it's you.

            You don't travel much

          • Re: (Score:3, Interesting)

            by jeffmeden (135043)

            It is common for anyone who doesn't want their card frozen due to seemingly fraudulent use. You call the 800 number, do the usual authentication rigmarole (they check your source phone number, they ask you a number of security questions) and then amend your account details with the window you will be traveling and the destination. I have had a card deactivated even on a short road trip where I stopped too frequently at various gas stations and it auto-locked my card due to a pattern too far out of my norm

      • If you want to use your bank issued cards you do. Sudden transactions thousands of miles away from your home area is a huge red flag for theft prevention algorithms. If they can't get a hold of you to verify the transaction (and if you're on vacation they probably won't be able to) they will cancel your card or at least put a hold on it until they can talk to you directly.

        • by clodney (778910)

          I've done it both ways, and never had an issue. I've wondered how good the fraud algorithms are - so if my Amex shows up in another country, do they look to see if you had recent transactions with an airline or an airport merchant? I would think that from a fraud perspective there is a big difference between my card showing up at a hotel in a tourist destination like Cancun, vs a grocery store in Roatan. It would be an interesting problem to work on.

  • by mysidia (191772) on Friday September 17, 2010 @12:20PM (#33612724)

    Cards that will populate the mag-strip with transaction-specific codes each time. So you can type the code in, the guy at the restaurant can pick up the card with your ticket, and swipe it once.

    But if he tries to scan the stripe and clone the card, the number he gets is useless, because it is transaction specific.

    I would envision each CC being allocated a block of 200 random CC numbers, to be used in sequence, when it is printed, 200 random initial CVV2 numbers, and 1000 random CVV2 offsets in the form of a number between 0 and 999. For each transaction, pick a number, with no number re-used until 199 more transactions have been made.

    Each time a number is used, the CVV2 is to be the initial CVV2 number plus the next CVV2 offset, modulo 999. CVV2 offsets are not re-used until 999 more transactions have been made.

    Each time a number is used, the CC company can determine it is valid and compute exactly the right CC and CVV2 numbers that should be used by the next 10 transactions.

    Unless there is delayed processing involved, they can also know to reject any number other than those 10.

    Even if there is delayed transaction processing involved, the CC company can know a code 199 transactions ago is "too old", because there have been transactions made since then that are too old.

    There should also be a way to enter a special PIN to generate a 'vendor specific' code that can be used for multiple transactions.

    Possibly assigning card users larger pools of numbers, so expiration dates, and dollar limits can be encoded using the CC# and CVV2.

    If multiple failures are detected with a CC# (e.g. someone tries to clone one number and try it with multiple CVVs), then that CC# is retired permanently, and the CC company sends the customer a new file to flash their credit card's memory with.

    • by Mr_Silver (213637) on Friday September 17, 2010 @12:51PM (#33613150)

      Cards that will populate the mag-strip with transaction-specific codes each time. So you can type the code in, the guy at the restaurant can pick up the card with your ticket, and swipe it once.

      It's called Dynamic Magstripe and is available now. One example of it is here [cardlab.com].

      In Europe, they are solving this problem by moving away from magstripe to chip-and-pin. This is for two reasons, you don't give your PIN out to anyone else and because the card never leaves your sight.

      For example, when you pay for food at a restaurant, the server physically brings you the Point Of Sale terminal for you to insert your card, confirm the price and enter your PIN. This means that it's impossible for them to run off and make a copy of the card without you seeing it happen.

      (I was in the US recently and did not like the fact that my credit card disappeared from my sight when I went to pay for the bill)

      • I find the dichotomy of trusting someone enough to provide clean and safe items to ingest into your body but not trusting them enough to handle your credit card for 3 minutes w/o stealing it (even though you'd get the money back) interesting. I'm not saying it's wrong or I don't often feel the same way, it's just when you step back and think about it that seems kind fo backwards doesn't it?
      • by dj245 (732906) on Friday September 17, 2010 @02:57PM (#33614502) Homepage
        I experienced table-top POS terminals during a recent trip to Nova Scotia. Apparently they are very popular there, and the waitress couldn't believe that I had never seen one in the US. The biggest problem is that in Europe, tipping is not expected or required. In the US, you can write the tip and walk away without the waitress watching you. If they go to table-top POS terminals like I saw in Canada, then you need to tip in front of your server. As an American, it was not very comfortable, although I suppose it is more profitable for the waitstaff. As an aside, when I was younger, tipping was commonly 10% and 15% for good service. Now my coworkers give me a hard time if I give any less than 20%. I think its time that we pay servers more and do away with the tip. The hidden cost of tipping is starting to be a substantial part of the restaurant bill.
      • Re: (Score:3, Insightful)

        by mentil (1748130)

        The problem with this system is that many of these machines wirelessly transmit the CC# to the POS machine, cleartext. Sniffers in a van in the parking lot intercept the CC# and clone it anyways. A poster above you had exactly this happen to him (although he didn't realize how it was done.)

    • by BitZtream (692029)

      In the end, the result is that you've made a protocol more complex trying to make it obscure ... but its an open protocol so obscuring it is pointless, anyone can tell you how to unobscure it ...

      An added part of that is that you then what the CC clearing houses to deal with a much larger number of CC numbers so you can use them as one time numbers. They'd have to keep all those numbers stored if they are randomly generated, OR they have to use a clearly defined way to generate the numbers, in which case, a

  • Something similar (Score:4, Interesting)

    by dsavi (1540343) on Friday September 17, 2010 @12:21PM (#33612730) Homepage
    A major corporation that someone I know has worked for used to use what looked like a very thick credit card to log into what I believe was a VPN. You would input a PIN on the front, and it would display a code that would be valid for 30 seconds or so for logging into the VPN that it calculated itself, based on the current time and PIN. I think this card was made by RSA, now I think the same company uses a slightly different system.
    • The company I work for uses the same system. I think it has been around for years. WOW uses it now if you want the service. The concept is that the server and the card use the same algorithm to create the password which is time and parameter dependent. It changes every 30 seconds so a hacker can't brute force the password from the server.

      What I think is neat is that they have managed to put the magnetizing mechanism in the card now. Imagine placing your credit card on the degausser at the market and inste
    • Re:Something similar (Score:4, Informative)

      by rickb928 (945187) on Friday September 17, 2010 @12:45PM (#33613078) Homepage Journal

      SecureID I think. Mine is the size of a care remote. The thin ones broke a lot. Old technology, but effective.

      • by freeweed (309734)

        RSA's product is indeed SecureID. Several other companies produce similar products. I carry several on my keychain for various purposes, it's a pain in the ass. Thankfully the batteries last 3-5 years on them so at least you're not always replacing the damn things.

    • by toastar (573882)
      Kinda like the Battle.net authenticator
  • One Time Use Cards (Score:3, Interesting)

    by Jason Levine (196982) on Friday September 17, 2010 @12:23PM (#33612772)

    This could make a long-time dream come true for me. I use one-time use numbers online but in brick-and-morter transactions (like paying at a restaurant), I still have to give my real credit card number. Perhaps these cards could be made to generate a one-time use number. Then, when I'm paying at the grocery store, they get one number while the pizza place gets a second number. I'm sure there would be some security hurdles to clear but it is a promising development.

    • by ad454 (325846) on Friday September 17, 2010 @02:02PM (#33613888)

      Agreed, these cards would be invaluable if they had a one-time card number generator. But in practice, that is a lot harder to do then you would think.

      Credit cards have 15-16 digits, but the top 6 reserved are for the BIN that identifies the issuer and corresponding VAP/MIP/... processing station in the credit card network that authorizations are sent to. The last digit is reserved for the mod10 checksum. So that means that you have only 7-8 digits available per BIN. Note that each BIN typically is used for 10's of thousands of individual cards.

      When you use a one-time card number online, it is generated/provided by a centralize server and database in order to efficiently maximize that 7-8 digit pool for one-time use that is SHARED, coordinated, and distributed among the 10's of thousand of card holders.

      But since these new computerized cards do not have any networking capabilities, and since of the 10's of thousand of card holders need to be identified individually, you would only have a 2-3 digital pool for the one-time use, which is not enough for security.

      The only option for these new computerized cards would be to either add network capabilities, like a bluetooth connection to a mobile phone, or add a one-time passcode to another field in the magstripe, perhaps appended to the card holders name.

  • That would be an essential requirement to replace plastic.
  • by Smivs (1197859)
    Can it be programed to remind you of your PIN?
  • When I get my credit card stolen, I'll lose a $20 gadget instead of giving the thieves access to my $0.20 bank account or my credit card with fraud protection where I simply click "Report" on any charges that weren't mine (and I have something like a week to report it stolen, so even if I don't notice it immediately I'm still not liable)?

    Also, this in no way stops credit card skimmers at ATMs, gas stations, etc., nor RFID readers.

    The positive thing I see about this is the ability to program multiple cards

    • Re: (Score:2, Interesting)

      by Dog-Cow (21281)

      This is fractionally more secure than current CCs, and it allows consolidation. As someone who carries his cards loose in his pocket, I only see this development as positive. I hope financial institutions start supporting it.

  • by Last_Available_Usern (756093) on Friday September 17, 2010 @12:34PM (#33612910)
    Even if the numbers/strip are obscured without a PIN the finger smudges on the card over the commonly used numbers will make the PIN a trivial matter to guess. What is the point of this security? Would you not call in the card missing/stolen just because it has better security?
    • by Prune (557140)
      There's a simple solution here--use permutation instead of combination (have say six to eight buttons where the sequence uses all of them once, but the order varies). That necessitates a longer PIN, but I think it's a minor inconvenience.
    • Even if the numbers/strip are obscured without a PIN the finger smudges on the card over the commonly used numbers will make the PIN a trivial matter to guess.

      Solution....wash your damn hands once in a while. That is just disgusting.

    • by Nadaka (224565)

      randomize the location of the numbers to even wear and make location based tracking useless.

    • by BitZtream (692029)

      Make the 'buttons' display numbers on them electronically, then just make the numbers move around every use.

      Next

  • Another has several buttons and a display in place of the card's number. Only after entering a PIN is the magnetic stripe populated and the full card number revealed, and after a short time both go blank again for security

    Another way to do this is use something like Visa CodeSure which gives you the ability to enter a PIN on the card so that dynamic passcodes can be created. Commercially available now too.

    http://www.visaeurope.com/en/about_us/innovation/visa_codesure.aspx [visaeurope.com]

  • - EMV [wikipedia.org] cards are actually gadgets. Very limited, no blinky lights and such, but has a CPU, encryption is performed on the card, and it doesn't need a mag stripe. Many don't ever get swiped.

    - Mag stripes will be obsolete not long from now. Already, if you travel to Europe, many retailers refuse US cards without a chip, even though the terminal will read the stripe. It's all about risk shifting. Anything the issuers can do to avoid risk is good for them, so they want to shift risk to merchants or card hold

  • by tekrat (242117) on Friday September 17, 2010 @12:52PM (#33613156) Homepage Journal

    This is all just a way to make you pay for more and more. Card companies/Banks have to write off fraud, usually, and they hate doing this, so every new card gimmick that comes along will be aimed at making fraud more your problem and less theirs.

    But it will also be used to make you pay for everything big companies won't. Let's create an example: Say you walk into Walmart and buy a pair of Calvin Klein jeans. You pay for the Jeans at the checkout. However, Walmart never pays the supplier, Calvin Klein (or the distributor). Thanks to all these shared records, the databases can track everything and one day you get a bill from Calvin Klein for the jeans you purchased at Walmart.

    Sounds implausible right? I'm right now fighting with Direct TV for services I purchased through Verizon. Verizon didn't pay Direct TV, so Direct TV is billing me instead, even though I paid Verizon. I never got a Direct TV bill before this one. I was never their customer (directly), I was a Verizon customer. And yet here I am, stuck with the bill.

    Trust me, my above example at Walmart may be implausible now, but 5 years from now it'll be commonplace to see the average joes being shafted at both ends by large companies. This card is one more step towards that end.

    • by BitZtream (692029)

      As silly as this sounds, Walmart isn't nearly as evil as Verizon and DirectTV. Verizon is a phone company, know for being evil. DirectTV is a failing business that pulls any scam it can trying to stay in business, much like XM/Sirius radio, who recently billed my CC after being told not to because I wanted an invoice and no automatic deduction ... then when I called to get that fixed, they told me they couldn't give me a refund because they didn't have my CC number ... and they couldnt' give me a full ref

  • by Doc Ruby (173196) on Friday September 17, 2010 @12:54PM (#33613190) Homepage Journal

    The most useful change in credit cards would be giving buyers a stack of one time passwords, each one issued to the vendor tied to the specific parties and dollar amount of the transaction, with a short expiration date.

    The best way to do it would be a smartphone app that took a token from the vendor, the vendor's ID (another onetime string from a vendor pool of onetime ID#s), encrypted it with the dollar amount and a onetime ID# from the buyer's pool, and sent it over the network to the credit corp. The credit corp would decrypt it and credit the vendor's account. That way no ID info is shared that can be reused.

    If they want to make a physical credit card that does those things once connected to a network (like a chipcard), great. Let them put a fingerprint sensor and PIN on the card, along with a display of the available credit remaining and outstanding balance to date. But the one time passwords are by far the most value to deliver to the consumer, and therefore to the vendor, too.

  • by CrazyJim1 (809850) on Friday September 17, 2010 @01:28PM (#33613540) Journal
    What if the US did away with cash, and instead we started using credits like scifi? Well at first you'd think you'd carry a credit card around, and maybe a device to transfer credits from one to another with an indicator of how many transfer so no one cheats? Then I figured the device could be on the card itself, and two cards interact in a certain method.

    Wouldn't it be great to be able to look over how a politician obtains and spends his money? Public officials should lose their privacy while they're in office and all their money transactions should be able to be scrutinized.

    Illegal sales like drugs would be more difficult to do because if someone gets caught by the police, the police could then scan the offender's device and see all of his contacts.

    Of course you automatically upload to the IRS every tax season at least and FBI maybe more. I'm thinking with cell phone capabilities, it could auto network.

    I guess there are a lot of downsides to this too that I'm not seeing, but since it has some good points its worth at least idly talking about. What are some downsides we'd have if we moved to an all credit system? I guess one would be the worry that the government could seize your money with a few clicks. Or maybe two would be hackers.
    • by CrazyJim1 (809850)
      I guess people would just start doing illicit stuff with a different currency like pesos or something. I didn't think this through, I was just wondering.
    • Re: (Score:3, Insightful)

      The "cash" economy includes lots of activity, not just illegal sales. Lots of "unbanked" people conduct all of their transactions in cash, and many of them can't or don't keep records. Think, lawn service, tree trimmers, the guy who sells water mellons fro the back of a pickup truck, the immigrant laborers who re-roof your house. A surprising fraction of people are illiterate (unable to read or write). An even larger fraction of all people are innumerate (unable to use numbers).

      Without "cash", your lawn

  • Old Skooool (Score:3, Interesting)

    by Fizzl (209397) <fizzl@[ ]zl.net ['fiz' in gap]> on Friday September 17, 2010 @01:54PM (#33613820) Homepage Journal

    Magnetic stripe huh?
    I think I haven't used that part of my card ever. This was issued in ...2008.
    It's secure chips and online verification all the way in scnadinavia now. Helpfully, it is hard to overrun your bank account with a debit card this way. I wonder if this was deployed for my or the banks safety?

  • We'll finally be able to "swipe" the card for tipping at the strip club now?
  • by Arancaytar (966377) <arancaytar.ilyaran@gmail.com> on Friday September 17, 2010 @02:08PM (#33613960) Homepage

    On a keypad that is used to enter only a single combination, wear patterns can leak information [schneier.com]. That's one advantage the ATM's keypad has over one on your personal card.

    An advantage of entering the PIN on the card's keypad, on the other hand, is that it cannot be gleaned by a fake ATM machine.

  • 'Populate the magstripe' - er, how's that done in accordance with international Standards for machine-readability of encoded digits on each track? And who cares, when the only half-good security nowadays is on a chip which is already there?
  • by aristotle-dude (626586) on Friday September 17, 2010 @05:05PM (#33615802)

    1. CASH is always the same speed.

    Think of those times when you were in a hurry and you were stuck behind some someone who enters in the wrong pin or chooses the wrong bank account type when they were buying items that cost less than 20 bucks. What if there was a network error? Had they used cash, you would have been out of there long before they finally got the transaction to work.

    2. Cash is accepted everywhere.

    Not every place accepts Visa or Mastercard and a lot of places do not accept Amex. Some places do not accept debit cards for logistical reasons (ferries, planes and many taxis). Cash is generally accepted everywhere.

    3. Cash does not carry a per transaction fee when traveling in a foreign country.
      Most credit cards charge a fee per transaction on top of their poor currency exchange fees which is why I take cash with me when I travel to Europe, the States or Japan. In fact, Japan is still very much a cash based society outside of their PASMO/SUICIA system for convenience stores and trains/transit. Don't expect your North American credit or debit card to work over there.

    4. Cash is easily transferable between people.

    You can lend/give cash to anyone but you cannot do the same with a credit/debit card.

No user-servicable parts inside. Refer to qualified service personnel.

Working...