Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday October 05 2016, @04:08PM   Printer-friendly
from the all-change dept.

Submitted via IRC for AndyTheAbsurd

Forget fraud, Société Générale and Groupe BPCE's new bank cards are about to change everything about fraud.

Part of the problem is that once your card details are stolen – whether through a phishing attack or by someone copying the digits on the back – fraudsters are free to go on a spending spree until you notice something's up.

They're getting away with millions, and it's a problem affecting over half a million people in the first half of 2016 alone.

Normally by the time you get around to actually cancelling your card, it's all too late. But what if the numbers on your card changed every hour so that, even if a fraudster copied them, they'd quickly be out of date?

That's exactly what two French banks are starting to do with their new high-tech ebank cards.

On the back of each card is a 3 digit security number which you must quote to validate any online or telephone purchase. If this number is compromised then there is nothing to prevent the card being used by anyone else. But on the new card the digits are displayed on a small LCD 7-segment display:

The three digits on the back of this card will change, every hour, for three years. And after they change, the previous three digits are essentially worthless, and that's a huge blow for criminals.

Providing that you still have the card in your possession, then whoever has access to the current security number has less than 1 hour to make use of the card. No details are given on how the card issuer and businesses keep synchronised with the current valid card number.

Source: http://www.thememo.com/2016/09/27/oberthur-technologies-societe-generale-groupe-bpce-bank-this-high-tech-card-is-being-rolled-out-by-french-banks-to-eliminate-fraud/


Original Submission

[Ed's Note: Edited to show LCD display rather than LED. Apologies for my error.]

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Username on Wednesday October 05 2016, @07:16PM

    by Username (4557) on Wednesday October 05 2016, @07:16PM (#410773)

    No, they’ll most likely skip verification after the first transaction. They’d probably only use it when you change shipping/payment info or if their anti-fraud software flags you.

    This will only be a temp measure. Eventually how the key/hash is made will become public and it will be as useless as the current ccv.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by jmorris on Wednesday October 05 2016, @08:50PM

    by jmorris (4844) on Wednesday October 05 2016, @08:50PM (#410820)

    Actually, if they built it right they will publish how the numbers are made. Good cryptosystems survive disclosure of the details. The card will have a secret and it will know the time, hashing those along with your card number will yield the displayed value. Unless you can find a way to make the card give up the secret, knowing the hash formula doesn't get you anything. And if you can extract info from the card you can break chip + pin too.