Battery-powered credit supercard fights fraud
A small Australian tech firm believes it can stop up to $1 billion a year in credit card fraud with its new battery-powered supercard.
The cards include an alpha-numeric display, built-in microprocessor, a keypad and three years of battery power.
When the user enters their pin into the card the display shows a one-time number with which to authenticate each online credit card transaction.
Each card costs around five times more than a regular credit card to produce and will be sold to bank customers for between $US18 and $US30 each.
The technology was developed over two and a half years by a small Deloitte-backed technology firm based in Adelaide and Melbourne called EMUE Technologies.
The two founders previously worked in banking security and technology companies.
EMUE's chief executive, Brendan McKeegan, said trials would begin with an Australian bank in the first quarter of next year.
This week Visa announced it was piloting Emue's technology at four banks in Britain, Israel, Switzerland and Italy, including Bank of America.
"The interest in this solution in the industry has been overwhelming and we look forward to working with the banks involved in the pilots to gain greater insights into how effective this solution can be in the longer term," said Sandra Alzetta, head of innovation and new products at Visa Europe.
Bureau of Statistics figures show 383,300 Australians lost an average of $1600 to credit card fraud last year.
But the bureau acknowledged the true figure was much higher because its survey only recorded an individual's most recent loss.
Banks have struggled to stamp out credit card fraud because, no matter how secure their systems are, they can do little to prevent a customer from losing their credit card details.
It is common today for viruses to send back a detailed log of everything the victim enters into their keyboard, including automatically pulling out credit card numbers with expiry dates and the three-digit security code.
Getting infected by such viruses only takes opening an email attachment or clicking on a malicious web link.
Similarly, there is little banks can do if a merchant is hacked and their customers' credit card details are stolen.
With EMUE's technology, even if all of these details are stolen the hacker is unable to make any online transactions because the security code is different each time.
Whenever the user wants to buy something online, they give the online merchant their credit card and expiry date as normal.
But instead of using a static three-digit security code typically found on the back of the card, the user enters their pin on the card's keypad and uses the one-time number generated by the card as their security code.
This means merchants do not have to modify their systems in any way.
"It's a fundamental step that will solve most of the fraud, not withstanding if someone attacks me and steals my card and convinces me to give them the pin," McKeegan said.
He said the technology could also be used for logging in to online banking and for verifying your bank's identity when it calls you over the phone. With online banking, the password used is the code generated after typing your pin into the back of the card.
McKeegan explained that the pin was not stored on the physical card itself, so even if it was stolen it could not be hacked.
"When the card is created for the user it has a unique seed on it, and that unique seed is stored with the bank ... along with the pin the user chooses," he said.
"If I enter the wrong pin [into the credit card] it will still generate a number for me, but when I put that into the browser [to buy something] it will reject that as a transaction."
This story was found at:
http://www.smh.com.au/news/technology/security/battery-credit-card-switched-on-to-fraud/2008/11/12/1226318724466.html
A small Australian tech firm believes it can stop up to $1 billion a year in credit card fraud with its new battery-powered supercard.
The cards include an alpha-numeric display, built-in microprocessor, a keypad and three years of battery power.
When the user enters their pin into the card the display shows a one-time number with which to authenticate each online credit card transaction.
Each card costs around five times more than a regular credit card to produce and will be sold to bank customers for between $US18 and $US30 each.
The technology was developed over two and a half years by a small Deloitte-backed technology firm based in Adelaide and Melbourne called EMUE Technologies.
The two founders previously worked in banking security and technology companies.
EMUE's chief executive, Brendan McKeegan, said trials would begin with an Australian bank in the first quarter of next year.
This week Visa announced it was piloting Emue's technology at four banks in Britain, Israel, Switzerland and Italy, including Bank of America.
"The interest in this solution in the industry has been overwhelming and we look forward to working with the banks involved in the pilots to gain greater insights into how effective this solution can be in the longer term," said Sandra Alzetta, head of innovation and new products at Visa Europe.
Bureau of Statistics figures show 383,300 Australians lost an average of $1600 to credit card fraud last year.
But the bureau acknowledged the true figure was much higher because its survey only recorded an individual's most recent loss.
Banks have struggled to stamp out credit card fraud because, no matter how secure their systems are, they can do little to prevent a customer from losing their credit card details.
It is common today for viruses to send back a detailed log of everything the victim enters into their keyboard, including automatically pulling out credit card numbers with expiry dates and the three-digit security code.
Getting infected by such viruses only takes opening an email attachment or clicking on a malicious web link.
Similarly, there is little banks can do if a merchant is hacked and their customers' credit card details are stolen.
With EMUE's technology, even if all of these details are stolen the hacker is unable to make any online transactions because the security code is different each time.
Whenever the user wants to buy something online, they give the online merchant their credit card and expiry date as normal.
But instead of using a static three-digit security code typically found on the back of the card, the user enters their pin on the card's keypad and uses the one-time number generated by the card as their security code.
This means merchants do not have to modify their systems in any way.
"It's a fundamental step that will solve most of the fraud, not withstanding if someone attacks me and steals my card and convinces me to give them the pin," McKeegan said.
He said the technology could also be used for logging in to online banking and for verifying your bank's identity when it calls you over the phone. With online banking, the password used is the code generated after typing your pin into the back of the card.
McKeegan explained that the pin was not stored on the physical card itself, so even if it was stolen it could not be hacked.
"When the card is created for the user it has a unique seed on it, and that unique seed is stored with the bank ... along with the pin the user chooses," he said.
"If I enter the wrong pin [into the credit card] it will still generate a number for me, but when I put that into the browser [to buy something] it will reject that as a transaction."
This story was found at:
http://www.smh.com.au/news/technology/security/battery-credit-card-switched-on-to-fraud/2008/11/12/1226318724466.html
