RSSOne-Time Passwords Coming to Bank Card Near You
By Ed Oswald | Published May 1, 2007, 7:13 PM
VeriSign is looking to strengthen credit card security by offering a new technology that would generate a temporary password directly on the corner of the card. Users would need to have the card in their possession in order to make purchases.
The company has announced a deal with Innovative Card Technologies that would assist interested banks and online stores with the addition of temporary password technology to their web sites.
With a second level of authentication necessary to make online purchases, the risk of identity theft is decreased. Even if the first password is revealed, the account is still locked as the attacker would need the temporary password that appears on the card.
"For businesses to inoculate themselves against online fraud, they must make it convenient for consumers to authenticate their identity with every transaction," VeriSign authentication services head Fran Rosch said.
Businesses and merchants participating in the system will also be able to share the codes that make it easier on consumers shopping at several participating merchants.
The first bank to use the cards would be announced this month, and those cards could be used at merchants participating in a currently available system that uses a separate device to generate these one-time passwords.
Merchants such as eBay, PayPal, Yahoo, and Charles Schwab already have agreements with VeriSign to use the device-based version of the service.
All we need are one time credit card numbers.
Score: 0
|I thought they already used a rectal identification probe. It feels like it every time I open my credit bill.
Score: 0
|This is precisely what is needed. Biometric identification can just as easily be stolen as a credit card number, and when it's stolen, you can't ever change it.
Score: 0
|While this sounds cool, I'm interested to know what technology specifically is being used to achieve this? Is there just one password on the card? A bunch of random ones? Or is it really fancy and updates remotely, in some way?
Would like to know if this is just another CVN or actually a useful innovation.
Score: 0
|I was thinking the same thing as I was reading through. What came to mind was SecurID cards which each minute generated a new pass number which was about 6 digits long, and while you attempt to log in with your username and password, it would then ask for your securid number. That would be interesting, however, those cards are very fat and a bit heavy. Today's technology, I am sure, has corrected this though. I hope, at least. ;]
Score: 0
|That's probable. My only concern with that system is that it is obviously pre-programmed: what if the algorithm used to generate the keys is cracked? I assume it's based on the card number, so if someone managed to crack the sequence or encoding the technology would become useless rather quickly.
Not sure how hard it is to crack, though. ;)
Score: 0
|Trickly-down costs of fraud hit consumers first (as costs are passed along to all of us) but the main card companies also get hit pretty hard in yearly losses. Let's hope the dollar motivates them to actually get this right for everyone's sake.
Score: 0
|I don't know exactly how the securid technology worked.. Whether or not it was pre-programmed in or not. But with todays technology, it could simply be broadcast, much like GPS or Atomic clock. But then of course, you have "sniffers"... But then again again, a randomly generated code only means it will change a minute or whatever later anyways, so I find it alrighty.. ;] You would actually have to be NEXT to the card in order to intercept the Tx, meanwhile, making the transaction before the passcode changes.
Score: 0
|