Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday October 05 2016, @04:08PM   Printer-friendly
from the all-change dept.

Submitted via IRC for AndyTheAbsurd

Forget fraud, Société Générale and Groupe BPCE's new bank cards are about to change everything about fraud.

Part of the problem is that once your card details are stolen – whether through a phishing attack or by someone copying the digits on the back – fraudsters are free to go on a spending spree until you notice something's up.

They're getting away with millions, and it's a problem affecting over half a million people in the first half of 2016 alone.

Normally by the time you get around to actually cancelling your card, it's all too late. But what if the numbers on your card changed every hour so that, even if a fraudster copied them, they'd quickly be out of date?

That's exactly what two French banks are starting to do with their new high-tech ebank cards.

On the back of each card is a 3 digit security number which you must quote to validate any online or telephone purchase. If this number is compromised then there is nothing to prevent the card being used by anyone else. But on the new card the digits are displayed on a small LCD 7-segment display:

The three digits on the back of this card will change, every hour, for three years. And after they change, the previous three digits are essentially worthless, and that's a huge blow for criminals.

Providing that you still have the card in your possession, then whoever has access to the current security number has less than 1 hour to make use of the card. No details are given on how the card issuer and businesses keep synchronised with the current valid card number.

Source: http://www.thememo.com/2016/09/27/oberthur-technologies-societe-generale-groupe-bpce-bank-this-high-tech-card-is-being-rolled-out-by-french-banks-to-eliminate-fraud/


Original Submission

[Ed's Note: Edited to show LCD display rather than LED. Apologies for my error.]

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Interesting) by Anonymous Coward on Wednesday October 05 2016, @04:28PM

    by Anonymous Coward on Wednesday October 05 2016, @04:28PM (#410686)

    I've seen technologies like this in the past for various purposes; I guess the unique angle here is using it for bank cards?

    I used to have a "card" that had my PIN to use my dial-up modem. It had a number that changed every X hours (I don't remember the exact number), apparently based on a list of numbers on the card synced with the server. I had to replace the card every 6 months or so. I think it turned out to be less secure than intended because people managed to dump the list of numbers; I heard other companies using similar techniques had the formula they used to generate the numbers figured out and exploited.

    So I'm curious, how is this similar or different from those?

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   1