SoylentNews is people
SoylentNews
Submitted via IRC for AndyTheAbsurd
Forget fraud, Société Générale and Groupe BPCE's new bank cards are about to change everything about fraud.
Part of the problem is that once your card details are stolen – whether through a phishing attack or by someone copying the digits on the back – fraudsters are free to go on a spending spree until you notice something's up.
They're getting away with millions, and it's a problem affecting over half a million people in the first half of 2016 alone.
Normally by the time you get around to actually cancelling your card, it's all too late. But what if the numbers on your card changed every hour so that, even if a fraudster copied them, they'd quickly be out of date?
That's exactly what two French banks are starting to do with their new high-tech ebank cards.
On the back of each card is a 3 digit security number which you must quote to validate any online or telephone purchase. If this number is compromised then there is nothing to prevent the card being used by anyone else. But on the new card the digits are displayed on a small LCD 7-segment display:
The three digits on the back of this card will change, every hour, for three years. And after they change, the previous three digits are essentially worthless, and that's a huge blow for criminals.
Providing that you still have the card in your possession, then whoever has access to the current security number has less than 1 hour to make use of the card. No details are given on how the card issuer and businesses keep synchronised with the current valid card number.
[Ed's Note: Edited to show LCD display rather than LED. Apologies for my error.]
(Score: 4, Informative) by VLM on Wednesday October 05 2016, @05:20PM
If you think like a big bank, cutting your fraud expense by a factor of 1000 is darn near as good as cutting it to zero. Also the bank can go all "check card" and attack the end user, why our system is infallible therefore all fraud reports must be fake or an inside job, if that scares away even 1% of fraud claims (maybe because 1% of fraud claims are fake?) then they still profit.
Also if some Russian gang steals 10000 CC and tries to cash in on some online betting service in Jolly Ole England as once happened to me, the CC processor isn't going to notice a 99.999% failure rate any faster than a 99.9% failure rate. Sure a couple charges might sneak thru but most processors will completely flip their shit (technical term, lock your merchant account is the term they usually use) if you send them a thousand failure vs one success. They'll assume your API went rogue on your side and lock your API key until they talk to you. It'll be a fascinating conversation.