Visa launch anti fraid card- a new PIN regenerates each time?

brightonman123

http://www.out-law.com/page-9599

If i read this right, you enter your PIN onto the actual card (before a purchase), and it generates a once only code to use for the transaction..

DCFC79

Is it not similar to PINsentry (that little device that you put your card in)

Traveller1981

How would this makes things any more secure? You card cant be used unless you know the pin, and if someone steals your card that knows your pin, they would then get the unique code any way. Doesn't make sense to me. I thought that was the point of the PIN in the first place?

DCFC79

Traveller1981 wrote: »

How would this makes things any more secure? You card cant be used unless you know the pin, and if someone steals your card that knows your pin, they would then get the unique code any way. Doesn't make sense to me. I thought that was the point of the PIN in the first place?

but if anyones got any sense then they will cancel the card straight away if it were to get stolen

barak

Traveller1981 wrote: »

How would this makes things any more secure? .....

cahoot have something similar called 'webcard'. You have to install software and so it only works on your own PC for online purchases. You can state a limit for each transaction.

I assume that for the new visa card you would have to enter some additional security data for it to generate the once-only unique number, so presumably that could help ...

bob_a_builder

If you watch the video it makes it clearer

Its aimed at cardholder not present transaction, buying online or by phone when they ask you for the last 3 digits of the back of your card
It will generate a unique one of those

but if anyones got any sense then they will cancel the card straight away if it were to get stolen"

Of course they would, but what about the gap between it being stolen and you finding out its gone

I'm sure the crooks would use the same logic and attempt to use it straight away, before you report it

PROLIANT

Why don't they adopt fingerprint technology like HP and Sony use on their laptop computers? Unless a theif cut's your finger off...guessing the correct finger of course then I am sure it will be very hard to scam.

buglawton

I think it is a good idea as currently I refuse to enter my card into anything smaller than an airline or a household name company. Only the smaller online merchants who accept Paypal benefit from my current approach as I always veer towards Paypal accepting sites nowadays. Such a Card gadget means I could go back to buying from whoever using a card.

If there is one catch it's that it can make refunds (which are an easy routine with fixed cc numbers) difficult.

Oh, and don't use for Airline tickets or those booking eg some cinemas which later may ask for your card as a purchase confirmation ID (and rail tickets?).

Nilrem

PROLIANT wrote: »

Why don't they adopt fingerprint technology like HP and Sony use on their laptop computers? Unless a theif cut's your finger off...guessing the correct finger of course then I am sure it will be very hard to scam.

Fingerprint technology in uncontrolled environments (IE home) isn't very reliable, to get accurate consistent results the person needs to have clean hands/fingers, and the reader needs to be kept clean.
The way they get round that is to keep the allowable margin of error high, and they can apparently be fooled by various methods.
It also requires specific software to work on most machines (that don't have it built in), and that would be a weak point (not to mention a potential support nightmare for the banks, as they would need it to work with multiple OS's, and it wouldn't ever work for some devices).


IIRC this thing Visa are trying now is basically what both Visa and Master Card trailed about 5 years ago (and was adopted by the likes of Barclays online banking recently) - I had a similar reader from Barclaycard as part of that trial, unfortunately at the time only about 3 retailers I ever used were in on it, and one of them never properly implemented it (so it never asked for it).

The way it works is that you have a dedicated reader that any card from that issuer (or even other companies*) can be inserted into, it then asks for your pin and uses it to generate a one time online security code.
Theoretically it's much more secure than anything that requires software on the PC as the reader is completely separate, and to use it you need
A reader
The card with working chip
The correct pin for that chip.

The theory is that the reader is secure (no real chance of tampering), and the card number is useless online at participating retailers without the person making the transaction physically having the card and knowing the pin.
As the number that is generated is a one time only code, and only valid for a few minutes it renders keyloggers (and the like) on the users PC effectively useless for that card at participating retailers.




*The technology used in the reader is industry standard, so in theory if you've got 3 or 4 cards that have it enabled they can all be used in a single reader regardless of which of the companies' readers you use.

brightonman123

National & Provincial B/S (before they came part of..??) had cardholder's photo as part of the design.. i cant see why that didnt take off.

I guess the only true way is to save people's DNA, and scan your blood/pee, each time..!