Today's smaller, slimmer mobile phones look like credit cards -- and in a curious twist, future credit cards could look like mobile phones, with their own displays and keypads. That is, if the cards don't end up merging with mobile phones first. Both possibilities were on show at the Cartes & IDentification show on the outskirts of Paris this week.

A new credit card demonstrated by Visa adds a couple of new security features to the usual tamper-proof signature strip and embedded chip: an eight-digit display and a 12-button keypad. The new features are intended to improve security in online payments.

At the touch of a button, the cardholder can generate a single-use security code to validate an online transaction. They do this by entering the four-digit personal identification number usually used to secure transactions via an ATM, but in this case the code never leaves the card, so it can't be intercepted in transit. Because the generated code is single-use, it will not work even if it is intercepted.

The same card can also verify the identity of an e-commerce Web site before a transaction is made, through a challenge-response mechanism where the user enters a code displayed on the site and the card reports whether it is genuine.

The card's internal battery should last for three years if used for 20 to 30 transactions per week, said company spokesman David Main.

The bank knows a single-use code is valid because the codes form part of a pseudo-random number sequence based on a seed unique to the card and known only to the bank. The bank keeps track of how many codes the card has generated and can predict which one should come next in the series. If the two get out of sync (perhaps because the cardholder generates a few unused codes showing it off to friends) then the bank can "look ahead" to see if the code offered as authentication appears a little later in the same card's sequence, and if so choose to accept it anyway.

To fit all of that -- and a battery with an expected service life of three years -- into a card that's slimmer than many so-called credit-card-sized pocket calculators, something had to go. In this case, it was the embossed number on the front (the stamping process would wreck the battery), so the new cards can't be used anywhere that still makes manual impressions of cards.

The IDG News Service is a Network World affiliate.