backtop


Print 43 comment(s) - last by LikeLinus.. on May 18 at 10:36 AM

A new credit card has been developed in the battle against credit card fraud

Credit card companies use a variety of methods to help battle credit card fraud. Some have implemented the placement of an owner’s photo on their individual card, and others offer hotlines, along with “tips for protection” guidance. Now, Visa is testing another security measure: the Emue Card.   

Aside from the usual security code that credit cards show, the new Emue Card generates an additional four-digit code which is changed each time the card is used. Card owners would need a pin in order to view these four numbers, which would be required to complete a transaction.

The card will be on trial until the end of the year, before which it will be tested by 500 Deloitte employees. If the trial goes well, and the card is certified by Visa, it will be up to both banks and credit card companies whether they will choose to take on the product.

Employees at Deloitte, along with anyone else who has access to the card, can expect to see a rise in safety when it comes to phone, internet, and mail order fraud. According to the BBC, thefts occurring through these mediums, known as card-not-present or CNP fraud, are continuously increasing and make up over 50 percent of all credit card fraud. An Emue Card could help to bring down this percentage because it demands more information than what can be seen on the card - those attempting to use it would have to know the pin needed to generate its additional security code. This security measure would be especially important with transactions occurring without a salesperson present to check signatures or look at photos on the cards that offer them.

The Emue Card has brought about certain obstacles in its development. One example included finding a way to help card owners avoid the accidental pressing of buttons. Developers tackled this by creating buttons which need to be “pinched” to work rather than simply pushed down.  

Sandra Alzetta, head of innovation at Visa, explained another problem-prevention system underway: "One of the things we're testing is how long the battery lasts - the plan is for it to work for more than three years, which means your card should expire before it runs out of power."

Alzetta also discussed the challenge and need of global compatibility features, including “embossed characters for mechanical swipes, a magnetic strip for systems that require a signature, the fixed three digit security code and now the unique four- figure code.”

"You have to remember that our cards work across the world, and not every country or retailer has access to the level of technology we might be used to," she said.
 



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

The real problem
By Spivonious on 5/14/2009 9:29:28 AM , Rating: 2
is that most stores nowadays don't even take the card from you or bother to compare signatures, if a signature is required at all.

Case in point: McDonalds lets you use a credit card. You swipe it in the machine and that's it. No signature, no employee taking the card and seeing that it says "Susan Jones" when the customer is a man wearing overalls that say "Jim Smith".

The only thing this extra code will do is cause more steps for the consumer.




RE: The real problem
By FITCamaro on 5/14/09, Rating: 0
RE: The real problem
By QueBert on 5/14/2009 12:07:19 PM , Rating: 2
A store cannot legally ask for ID, even if it says "check ID" on the back, it's still sort of a gray area. As Visa does not allow it, so if I stole your card. Even if you wrote Check ID on the back, technically I could refuse to show the store my ID and they couldn't do anything about it. And would have to approve the transaction.


RE: The real problem
By FITCamaro on 5/14/09, Rating: -1
RE: The real problem
By ClownPuncher on 5/14/2009 1:17:13 PM , Rating: 5
Link it to Obama, then FDR, then eco nutjobs. It has something to do with the GM bailout too, it just has to.


RE: The real problem
By Samus on 5/16/2009 8:00:21 PM , Rating: 2
I've worked in retail and im unaware it was illegal to check id for purchases. I mean, we were required to check id for check payments. We even wrote down the id # on the checks. How is that and different from a debit or credit card?


RE: The real problem
By postar on 5/14/2009 4:03:54 PM , Rating: 2
quote:
Yes and that is the stupidest thing in the world. To make it illegal to validate the ID of someone when they're making a purchase.


It's not stupid at all. See, your address is a security feature for your credit card. Once you show your ID to the store clerk, he/she now has all the info they need to shop with your card online - card number, expiration date, potential billing address and security number at the back.

Sure, they need to have photographic memory, but how do I know that they don't or that the security camera behind them is not recording all these details?


RE: The real problem
By FITCamaro on 5/14/2009 4:09:12 PM , Rating: 3
I'm far more concerned with people stealing my card and using it in a B&M store than a pimply faced kid having photographic memory and remembering all my information.

My family had a car stolen in 2000 with my mom's purse in the car. The thief drove to a Publix and bought $90 worth of stuff using a check. They failed to check ID on it. If they had, we would have had our car back as there was usually a police officer at that Publix. To top it all off, the store tried to make us cover the check.

Now if all credit cards had my picture on it, I wouldn't mind as much, but they don't. I really don't know why that didn't catch on more.


RE: The real problem
By Ratinator on 5/14/2009 2:46:00 PM , Rating: 2
Refuse to sell you the item??? not that any company would do that.


RE: The real problem
By FITCamaro on 5/14/2009 4:10:59 PM , Rating: 2
When I worked for Best Buy, if the card was unsigned and they didn't have ID, we would not sell them what they wanted until they showed us an ID. It was company policy.


RE: The real problem
By QueBert on 5/14/2009 4:35:43 PM , Rating: 2
One call to VISA and they would be selling me the item regardless of if they wanted to or not. I'm not sure how a store like Best Buy can have a policy that goes directly against what Visa & Mastercard have in their card holder TOS. While I wouldn't be a royal dick about it, if I was pressured to show my ID, I would get the proper people involved to have the Cashier corrected. I actually think showing ID is safer, but requiring, or even asking is illegal for any store to do. And I do not like stores who break laws.


RE: The real problem
By karkas on 5/14/2009 8:42:22 PM , Rating: 4
People using stolen/fraudulent cards do not press their point. They run out of the store.

People that write "SEE ID" on the back of their card don't care if they are asked to show ID.

I worked for BEst Buy too for a while and the only people that had a problem showing an ID were the ones sweating & fidgeting.


RE: The real problem
By QueBert on 5/15/2009 4:58:03 AM , Rating: 1
That's because most people don't know it's illegal for a store to ask to see your ID. If this was common knowledge you would have plenty of people who would raise a bitch when asked. I wrote "you can't see my ID" on the back. I understand the majority of cashiers don't know Visa's TOS so I can't get upset at them. But whoever trained them definitely should know better. And I'm not a big fan of training people to break the law. I have walked out of stores because I refused to show my ID. Ultimately it wasn't worth it to me to put up a fight even with me being right.


RE: The real problem
By keith524 on 5/18/2009 8:51:31 AM , Rating: 2
While everyone says it's "illegal in some States" a quick search doesn't produce any specific results (maybe if I spent more than 2min I could find one). The only thing I've been able to find is that according to the Visa agreement they can't use a lack of ID to refuse taking the card. The only thing they can use is comparing the signatures.

Page 31 on this PDF from Visa: http://usa.visa.com/download/merchants/card_accept...

So I guess if you are a idiot and refuse id when asked then the store could always just say the signatures didn't appear to match in their opinion.

If you think companies really care about the Visa policies keep in mind it is also against Visa policy to have a minimum purchase for credit cards.


RE: The real problem
By AlexWade on 5/14/2009 9:57:07 AM , Rating: 2
I have yet to sign any of my credit cards. Yet I have been able to use them anytime I want in any store.


RE: The real problem
By FITCamaro on 5/14/2009 10:23:47 AM , Rating: 2
That's kind of his point. Stores are supposed to be checking that you are you. When I was a cashier if a card wasn't signed we asked for ID. If you didn't have ID, you weren't buying anything.

Now you just have to scribble on a screen and they assume its you because you have the card.


RE: The real problem
By Lifted on 5/14/2009 11:56:16 AM , Rating: 2
Who cares? We don't have to pay for any fraudulent purchases made at stores with lazy managers/staff, the store does. Let them run their business into the ground, I don't care.


RE: The real problem
By mmcdonalataocdotgov on 5/14/2009 12:18:48 PM , Rating: 3
The credit card company usually foots that bill, and the card holders pay for it in service fees and higher interest rates. So you see, your caring attitude is misplaced.


RE: The real problem
By leexgx on 5/15/2009 10:57:32 AM , Rating: 2
if chip and pin is not used the company norm foots the bill (in the UK that is) you find alot of stores in the UK will not accept an no chip and pin user (i have forgotten my pin users) as the card companys norm blame shops
cheqs are norm not accpeted any more as well as cant be verfied untill you cash it in at the bank, as thay can be stoped even if it has been accepted by the bank after


RE: The real problem
By FITCamaro on 5/14/2009 12:53:44 PM , Rating: 4
Yes and free health care will be free right?

As another said CC companies usually pay for it. But even if it was the stores, that lost money would be made up in the cost of the product. Businesses raise prices, cut staff, cut quality, or close down when they lose money.

So you'll eventually care.


RE: The real problem
By nayy on 5/14/2009 3:08:59 PM , Rating: 2
quote:
...when it comes to phone, internet, and mail order fraud. According to the BBC, thefts occurring through these mediums, known as card-not-present or CNP fraud, are continuously increasing and make up over 50 percent of all credit card fraud.


This is not meant for your in store transactions, just like you dont have to type the 3 digit code in the back off your card every time you swipe it some where. This is meant to make the transacrions you make over your phone or computer safer.
For example if some manages to install a key logger in your computer, under current conditions they may get all the information they need to make charges to your card, but with a random code being requierd it gets a lot harder


RE: The real problem
By 85 on 5/14/2009 11:55:57 PM , Rating: 2
this is such a huge problem. why not make it a federal law with harsh fines? it would be much easier to bust someone for not checking an id then selling alcohol to a minor. with the ridiculous amount of money the FBI spends every year, you would think something would have been done sooner.


RE: The real problem
By LikeLinus on 5/18/2009 10:36:46 AM , Rating: 2
That is simply not true. A store has the right to refuse the sell of an item to anyone. It's a private business and they legally do not have to make a sell. Don't spread complete BS if you don't know the actual law.

If they ask for ID and you are unwilling to show it, they can simply refuse the sell.


More hoops
By severtki on 5/14/2009 8:49:22 AM , Rating: 2
So once this is adopted, to use cards online, I'm betting we'll have to enter: 1) card #, 2) expiration, 3) security code, AND 4) generated 4-digit code. (As well as name, billing address, etc.)

I hope banks and merchants understand that all that would be needed with this system is just the card # and the 4-digit code. What's the use of all the rest? It's like continuing to lock the screen door after you install a dead-bolt.




RE: More hoops
By afkrotch on 5/14/2009 8:55:06 AM , Rating: 2
Don't forget sometimes you have a password also, if you set it up with Visa or Mastercard. Problem is, the site you're ordering from has to support it. Newegg is one of them.


RE: More hoops
By DigitalFreak on 5/14/2009 11:58:30 AM , Rating: 2
I wish more sites used "Verified by Visa" and asked for your verification password. Newegg is the only one I've ever seen use it. That would be a huge help in cutting down on on-line fraud.


RE: More hoops
By grant2 on 5/14/2009 3:12:02 PM , Rating: 3
There's a lot of very good reasons more sites don't use "Verified by Visa"

1) customers don't get *any* benefit from VbV ... they're always protected from fraud charges anyways
2) retailers also get limited benefit from VbV ... if a crook makes a successful purchase with or without, the retailer still suffers chargeback penalty.
3) most retaillers already try to block fraud by demanding matching personal information of the cardholder, e.g., their address & CVV. If a scammer is able to get this info, how much more difficult is it for them to set up the VbV password?

so retailers have to weigh the costs vs. benefits:

benefits:
- will reduce chargebacks by some unknown amount... probably a very tiny amount.

drawbacks:
- requires a moderate amount of development & testing resources
- some customers will abandon sales when faced with another anti-fraud gateway
- some legitimate customers will be declined because they cannot successfully operate the VbV interface.

Basically VbV is just a PR scheme developed by Visa to play on people's fears. They get retailers to shoulder 95% of the costs (i.e., in development & reduced sales), and then collect 99% of the benefits (i.e., they pay out less in fraud claims).


RE: More hoops
By Narcofis on 5/14/2009 9:52:23 AM , Rating: 2
quote:
I hope banks and merchants understand that all that would be needed with this system is just the card # and the 4-digit code. What's the use of all the rest? It's like continuing to lock the screen door after you install a dead-bolt.


For credit card processing, you actually need the billing address and zip code to be able to process the card for a transaction without the person being present. The terminal specifically asks for it. Obviously you also need the cvv2 but it is not required. Also only when the cvv2 is used will the terminal asks for the address.

For your information


Emue Card
By bubbastrangelove on 5/14/2009 9:18:59 AM , Rating: 3
When I read "Emue Card" I was expecting the defense mechanism would be to cut itself up.




RE: Emue Card
By afkrotch on 5/14/2009 9:51:43 AM , Rating: 5
I was picturing a big bird that can't fly.


Speaking of Credit Cards.....
By callmeroy on 5/14/2009 1:40:23 PM , Rating: 2
Did anyone hear about this new bill the senate is going over right now? I just heard about it for the first time this morning on my drive in. Basically if passed it will do several things in efforts to try to rein in credit card abuse and also try to limit the near extortionistic level to which credit card companies penalize people.

Two things I like that are included in this proposed bill : 1) No more "pre-approved" offers sent to anyone with a pulse. This bill will make it illegal for any creditor to even allow anyone under the age of 21 to sign up for a credit card AT ALL, _or_ if you are at least 18 and have a co-signer _or_ you can document you are employed, only then could you get a credit card. The difference today if you wonder --- there is no real checks in place, though "technically" you have to be 18 --- for example, my 16 y/o niece got her own credit card with little trouble. She doesn't even work (and btw she used her REAL information and no one co-signed). Under this bill - she never would have been granted that card.

2) Second thing I like -- if you miss a couple payments that get you that horribly increased APR that most cc companies would then impose, under this bill you could earn your previous rate back --- as long as you were never late again for at least a consecutive 6 month period of payment minimum payments.

I believe the 3rd thing is something about capping credit card limits based on income or in the case of a 21 y/o (who can get a card w/o income documentation -- even under this new law) -- there would standardized minimum caps for no income accounts.

I think this bill sounds pretty good to me...it somes very sensible, about time....




RE: Speaking of Credit Cards.....
By callmeroy on 5/14/2009 1:44:06 PM , Rating: 2
I meant there would be MAXIMUM credit caps, not minimum -- that wouldn't make sense... :)


RE: Speaking of Credit Cards.....
By Zoomer on 5/15/2009 9:20:34 PM , Rating: 2
Sounds pretty crazy to me. What's with all that crap? If someone misses a payment, they should pay interest just like they agreed to.

Standardized minimum caps: people with "bad" credit who would otherwise get cards will not get cards then.

21 year old min age for card: Why 21? I believe 18 is the age where one can enter into legally binding agreements. Oh wait, never mind, "no one" believes that contracts should be binding.


RSA
By Master Kenobi (blog) on 5/14/2009 8:23:08 AM , Rating: 2
According to their website this works just like an RSA token as well with their "hybrid" cards. Definately reminded me of one.




RE: RSA
By AnnihilatorX on 5/14/2009 8:44:15 AM , Rating: 2
I don't think this is as secure as RSA's SecurID
For SecurID, your PIN code is required to be entered together with the RSA token generated by the SecurID device, and your PIN is not actually stored on the SecurID device.

The credit card shown in is however susceptible to brute force PIN code decode, which yields you both the PIN code and the RSA token.

Unless of course if whatever you enter as PIN would generate a RSA token sequence, then it is harder for people to know if the PIN combination just tried is a valid one.


They are taking a page out of Blizzard's playbook
By Xavier434 on 5/14/2009 11:11:16 AM , Rating: 3
This reminds me of the Blizzard Authenticator.




By callmeroy on 5/14/2009 3:47:34 PM , Rating: 1
Um....no they aren't.....since Blizzard is not the originator of their "authenticator" concept in the first place....RSA tokens (of which the authenticator -- btw I have one, mimics) have been around many years longer than WoW has.


Yawn!
By frobizzle on 5/14/2009 8:42:16 AM , Rating: 2
What good will this do if the merchants do not utilize it? Case in point: All credit cards today have some sort of CVV (Card Verification Value) code yet how many online vendors actually request the code when you place an order? My experience has been less than half though YMMV.

Having a lock on the front door of your house is only good at preventing unauthorized entry if you actulally lock your door.




Of course...
By gsellis on 5/14/2009 9:42:05 AM , Rating: 2
It has been more than 10 years since a team at Washington U in St Louis developed a system to read the fingerprint of the magnetic strip and validate the card based on that signature. Each strip has a unique fingerprint because of the way the Iron Oxide molecules are formed. Sigh. Does not help online, but sure does validate a card as the original.




As the article states
By Chaser on 5/14/2009 11:29:47 AM , Rating: 2
this is about preventing Card Not Present (CNP) fraud, which is the most common method of thieves using a stolen card. When you're checking your back pocket and find your billfold missing the initial panic that rolls through your mind could be mitigated somewhat with this system. Sure, they may fill up with gasoline or make some McDonald's runs but its the CNP charges like good, trips, etc that are most common.




Strange Attractor...
By mmcdonalataocdotgov on 5/14/2009 12:15:57 PM , Rating: 2
Watch, some egghead will demonstrate a strange attractor algorithm that will crack this thing in 2 minutes at the next black hat convention.




What is the point?
By OCedHrt on 5/14/2009 2:15:39 PM , Rating: 2
You use a fixed pin to generate a moving security code. The pin is still fixed.




Chip n Pin
By pdamad on 5/15/2009 4:12:19 AM , Rating: 2
For many years in France, and 3 or 4 in the UK, we have been using Chip and Pin for Customer Present transactions. In most petrol stations in the UK they now no longer accept cheques. This Chip n Pin security is obviously not useful for CNP. The new type of card introduces a similar capability for online transactions. And allows validation that you have actually got the card rather than just the card number and its you. If your pin hasnt been compromised.
When combined with a proximity card that can be used for low value transactions,such as the VISA Oyster card on trial in London, maybe we will see the tide of fraud at least slowing!





"So, I think the same thing of the music industry. They can't say that they're losing money, you know what I'm saying. They just probably don't have the same surplus that they had." -- Wu-Tang Clan founder RZA











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki