SoylentNews is people
SoylentNews
Submitted via IRC for AndyTheAbsurd
Forget fraud, Société Générale and Groupe BPCE's new bank cards are about to change everything about fraud.
Part of the problem is that once your card details are stolen – whether through a phishing attack or by someone copying the digits on the back – fraudsters are free to go on a spending spree until you notice something's up.
They're getting away with millions, and it's a problem affecting over half a million people in the first half of 2016 alone.
Normally by the time you get around to actually cancelling your card, it's all too late. But what if the numbers on your card changed every hour so that, even if a fraudster copied them, they'd quickly be out of date?
That's exactly what two French banks are starting to do with their new high-tech ebank cards.
On the back of each card is a 3 digit security number which you must quote to validate any online or telephone purchase. If this number is compromised then there is nothing to prevent the card being used by anyone else. But on the new card the digits are displayed on a small LCD 7-segment display:
The three digits on the back of this card will change, every hour, for three years. And after they change, the previous three digits are essentially worthless, and that's a huge blow for criminals.
Providing that you still have the card in your possession, then whoever has access to the current security number has less than 1 hour to make use of the card. No details are given on how the card issuer and businesses keep synchronised with the current valid card number.
[Ed's Note: Edited to show LCD display rather than LED. Apologies for my error.]
(Score: 2) by DannyB on Wednesday October 05 2016, @04:30PM
Let's talk about old tech. TFA says . . .
Why in the hecking heck would anyone use an LED display? That would suck the battery dry very quickly. It would be so power hungry as to need a "demand" button of some sort to request the display to turn on. Remember the LED digital wrist watches of the 1970's?
But the pictures look like they made the sane choice and used LCD displays. Those require only microamps (back in the 1970s) and maybe less today. So the display and battery would last at least until the card's expiration date. Remember the LCD digital wrist watches from the 1970's?
Maybe in middle school they should teach the difference between LEDs and LCDs?
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by janrinok on Wednesday October 05 2016, @04:37PM
From TFA: "The three digits on the back of this card will change, every hour, for three years."
The error was mine - it should be LCD, but if you read the TFA all your questions will be answered.
(Score: 3, Interesting) by frojack on Wednesday October 05 2016, @08:15PM
The three digits on the back of this card will change, every hour, for three years. And after they change, the previous three digits are essentially worthless,
But there is only 999 possible combinations of a three digit display, and that time period requires 26,280 for ALL the previous 3 digits to be worthless.
Sounds to me like the three digits are good for an hour, and the transaction must be submitted and cleared within the hour, and previous or next numbers don't work, but those same three digits will be cycled around and reused - on-average- once every thousand hours.
I wonder if this presents a problem for resturants? Many clear your purchase at the time the ring up the sale, but they clear your TIP later, usually after closing. Or places you have your credit card on file, and re-occuring payments are processed against the card.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Thursday October 06 2016, @07:43AM
Restaurants don't use the CVV on the back of the card at all.
No place where you physically swipe the card uses it.
And even online, it's optional - the merchant has more fraud protection if they require you to give it, but they can run the card without it.
Amazon, for instance, generally doesn't require it.
(Score: 2) by VLM on Wednesday October 05 2016, @05:05PM
That would suck the battery dry very quickly.
Its just at the border of technological feasibility.
In the 70s/80s there was a LED flasher chip LM3909 that went to extraordinary lengths with voltage doublers and stuff to flash an old fashioned 30 mA LED every second for a year or so off a single AA battery (yes yes a single AA is lower voltage than the Vf of the LED its flashing... read the data sheet and be prepared to be amazed). As a kid I obtained the data sheet (Radio Shack used to staple psuedo-data sheets to back of packages, kids these days grow up without reading data sheets and are therefore much more ignorant) and built a LED flasher as a science experiment (although far too long duration to be a science faire experiment) and it did in fact blink a LED for a bit over year using a fresh radio shack "battery club" AA.
Now a carbon zinc AA battery is pretty big for a credit card but consider that 30 mA LEDs are horrifically obsolete and new ones are about 100 times more efficient now a days and microcontrollers (real ones) are so low power they may as well be zero at low clock rates and accelerometers and sensors cost nothing require no power and take no space, so I think a lithium coin cell is barely feasible to power a CC that only lights up or flashes when held to be read in light (not dark in a wallet). If it only lights up when held at a reading angle in a source of light and the thermal sensor indicates a human is holding the card... Its not going to take that many mAh of battery to deploy for three years...
See some of the stuff the "wearables" people are doing with womens (why womens?) fashion that lights up with LEDs and embedded arduinos for inspiration.
For better or worse, the technological age of not having all manner of crap flashing lights at us is about to end. Junk mail, packages at the store, maybe cards in your wallet, all that crap is about to get really visually spammy for a variety of EE reasons all colliding at once. I live in a nice area (aka they like to spam the F out of us) and my supermarket has spammy video displays already. The future is gonna be ugly.
(Score: 3, Insightful) by jmorris on Wednesday October 05 2016, @08:40PM
I live in a nice area (aka they like to spam the F out of us) and my supermarket has spammy video displays already. The future is gonna be ugly.
Walmart is rolling those damned things out. Half the endcaps have them, they have huge ones hanging down from the ceiling. They have sound. Argh!
When it will be over the rainbow is when they can print epaper with a solar cell integrated along with a controller cheap enough half the breakfast cereal boxes will be calling out to your kid. And thanks to the Internet of Things and Google the boxes will be able to see the kid's cell phone and call out to him by name.
(Score: 2) by VLM on Wednesday October 05 2016, @09:48PM
I have faith in the hacking community and you know that'll be built to traditional infosec security standards so about 5 minutes after they deploy your talking cereal boxes they'll be powned and displaying 4chan memes to little old ladies. I kinda like that idea.
(Score: 2) by DannyB on Wednesday October 05 2016, @09:05PM
I actually remember the LM3909.
My college roommate made these things he called a "fuzzy blink". It was a big furr ball with a mouth, nose, and two cloth hollow tube extensions coming out where eyes would be and a blinking LED at the end of each little tube to make two blinking eyes.
Powered by a D cell. Sow it up into the cloth. Forget ever servicing it.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by VLM on Wednesday October 05 2016, @09:33PM
I have no comment on the aesthetics of that other than I hope I can sleep at night now, but yeah a D cell should run it until it naturally rust thru and leaks, probably five years. I suppose the aesthetics could be cute or could be Lovecraftian, so it depends a bit.
In the old days you could guess a decent AA primary cell at 2 aH and 10 aH for a D cell. I imagine its changed a lot over the years, all new battery chemistry. Do mercury free alkalines have more energy or less or just higher internal resistance? Who knows and I'm too lazy to pull data sheets.
As an exercise in arithmetic its interesting to see how bright a LED you can get from various combinations of exotic lithium primary cells and exotic drivers and exotic low current LEDs. They say the cells are shelf stable to a decade, and to one sig fig there's 100K hours in a decade. Now a days a half mA gives a very dull red you won't be reading books with that or blinding people but you'll see its on. The biggest problem with "switchless flashlights" that I can remember is the lithium battery chemistry dies in a decade but white LEDs phosphor dies in about 2, 3 years of continuous use, so even at low brightness you have to use a monocolor like a red LED.
(Score: 1) by Chrontius on Wednesday October 05 2016, @11:55PM
Modern rechargeables (Eneloops and similar low-self-discharge chemistries) offer exactly that - 2 AH in a AA, and 10 AH in a D cell - but the difference between NiMH and alkaline is that NiMH delivers their rated capacity at close to 1C - one capacity per hour - whereas alkalines deliver their rated energy with draws of only about 150 mA for a D cell. Decent for low-drain stuff like remote controls - if not for the pesky tendency to leak and destroy your gear.
(Score: 2) by DannyB on Thursday October 06 2016, @01:27PM
This was definitely back in the 'old daze'. I don't know what the capacity of an alkaline D cell was in 1981.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by richtopia on Wednesday October 05 2016, @06:00PM
I think that this is an ideal situation for Eink. Low profile, low power, reflective display.
(Score: 2) by DannyB on Wednesday October 05 2016, @09:10PM
Is it actually eInk? It looked like LCD to me. TFA originally said LED, and corrected to LCD. But eInk would be interesting for an application like this.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.