- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Today's smaller, slimmer mobile phones look like credit cards -- and in a curious twist, future credit cards could look like mobile phones, with their own displays and keypads. That is, if the cards don't end up merging with mobile phones first. Both possibilities were on show at the Cartes & IDentification show on the outskirts of Paris this week.
A new credit card demonstrated by Visa adds a couple of new security features to the usual tamper-proof signature strip and embedded chip: an eight-digit display and a 12-button keypad. The new features are intended to improve security in online payments.
At the touch of a button, the cardholder can generate a single-use security code to validate an online transaction. They do this by entering the four-digit personal identification number usually used to secure transactions via an ATM, but in this case the code never leaves the card, so it can't be intercepted in transit. Because the generated code is single-use, it will not work even if it is intercepted.
The same card can also verify the identity of an e-commerce Web site before a transaction is made, through a challenge-response mechanism where the user enters a code displayed on the site and the card reports whether it is genuine.
The card's internal battery should last for three years if used for 20 to 30 transactions per week, said company spokesman David Main.
The bank knows a single-use code is valid because the codes form part of a pseudo-random number sequence based on a seed unique to the card and known only to the bank. The bank keeps track of how many codes the card has generated and can predict which one should come next in the series. If the two get out of sync (perhaps because the cardholder generates a few unused codes showing it off to friends) then the bank can "look ahead" to see if the code offered as authentication appears a little later in the same card's sequence, and if so choose to accept it anyway.
To fit all of that -- and a battery with an expected service life of three years -- into a card that's slimmer than many so-called credit-card-sized pocket calculators, something had to go. In this case, it was the embossed number on the front (the stamping process would wreck the battery), so the new cards can't be used anywhere that still makes manual impressions of cards.
Several banks will soon begin testing "Visa Card with one-time code": MBNA in the U.K., Cornèr Bank in Switzerland, Cal in Israel and IW in Italy. Main also named BarclayCard as one of the testers.
Not content with combining cards and security tokens, Visa also wants to turn the "contactless" cards it already issues in some markets into transit passes.
The company's PayWave cards -- and similar cards issued by MasterCard -- incorporate flat antennas that can absorb radio waves transmitted over a short distance from a reader in order to power a tiny chip that authenticates transactions. The same technology is used in London and Paris to replace tickets on public transport systems: Wave a card, and the ticket barrier opens. The difference is that when a ticket barrier beams a message at a PayWave card asking "Are you a valid transit pass?" the answer is going to be "No."
Rss FeedRss Feed
The Leader in Network Knowledge
Comment