No credit card required
Browse credit cards from a variety of issuers to see if there's a better card for you.
This is interesting. A French company is coming out with a new card that has a rotating CCV code that changes hourly.
THE MEMO - This high-tech card is being rolled out by French banks to eliminate fraud
Very interesting, works like a RSA Secure ID that creates a new code every minute for secure VPN network access - don't know how well it'll work on online transactions that are not automated, and I'm sure it'll add to the cost of a card production (battery and chip), but I think it's a great solution. Also concerns as to the durability since cards get pretty beat up at times, but I suspose they are aware of that factor - maybe all future cardswill be thicker and stronger (perhaps not metal tho).
Thanks for posting the story, very interesting.
@pipeguy wrote:Very interesting, works like a RSA Secure ID that creates a new code every minute for secure VPN network access - don't know how well it'll work on online transactions that are not automated, and I'm sure it'll add to the cost of a card production (battery and chip), but I think it's a great solution. Also concerns as to the durability since cards get pretty beat up at times, but I suspose they are aware of that factor - maybe all future cardswill be thicker and stronger (perhaps not metal tho).
Thanks for posting the story, very interesting.
Yep, reminds me of my RSA keychain, probably works on a similar principle.
As far as the durability, this is what the author says: You can bend, drop, even put it through the wash no problem.
@pipeguy wrote:Very interesting, works like a RSA Secure ID that creates a new code every minute for secure VPN network access - don't know how well it'll work on online transactions that are not automated, and I'm sure it'll add to the cost of a card production (battery and chip), but I think it's a great solution. Also concerns as to the durability since cards get pretty beat up at times, but I suspose they are aware of that factor - maybe all future cardswill be thicker and stronger (perhaps not metal tho).
Thanks for posting the story, very interesting.
That sounds like a PCI compliance nightmare waiting to happen.
Anyway, I think a big part in getting this adopted is the cost. Coin had a similar e-ink display in its cards and charged $50-100 for them, which I don't see banks paying even if it did eliminate all online fraud. Oh, also, they'll actually need to require the CVV in the first place--a lot of online stores don't ask for it (Amazon for example).
@Anonymous wrote:
@pipeguy wrote:don't know how well it'll work on online transactions that are not automated,
That sounds like a PCI compliance nightmare waiting to happen.
Yeah, no kidding.
Quite a few years ago, in a prior job, I was doing a security audit and ran across a setup doing that... major coffee retailer had a "secure" ordering site (SSL, etc...) that handled card orders with an old copy of formmail.pl that just emailed the card/shipping/order info to a shared email account. They then manually typed the card numbers into a terminal, same as they did for phone orders.
That was ...fun to write up.
I wouldn't be surprised if there's still some nonsense like that going on today with some vendors, unfortunately.
@Anonymous wrote:Anyway, I think a big part in getting this adopted is the cost. Coin had a similar e-ink display in its cards and charged $50-100 for them, which I don't see banks paying even if it did eliminate all online fraud. Oh, also, they'll actually need to require the CVV in the first place--a lot of online stores don't ask for it (Amazon for example).
Oh, cards with embedded OTP e-ink displays aren't anywhere near $50-$100.
Only slightly more expensive than existing EMV cards. (Although even $1 per card can add up...)
@iv wrote:
@Anonymous wrote:Anyway, I think a big part in getting this adopted is the cost. Coin had a similar e-ink display in its cards and charged $50-100 for them, which I don't see banks paying even if it did eliminate all online fraud. Oh, also, they'll actually need to require the CVV in the first place--a lot of online stores don't ask for it (Amazon for example).
Oh, cards with embedded OTP e-ink displays aren't anywhere near $50-$100.
Only slightly more expensive than existing EMV cards. (Although even $1 per card can add up...)
Heh, another reason why Coin was such a badly run company. Though to be fair, the cards also had that dynamic magstripe thing too.
this is an interesting product. I imagine the bank would also have to offer a backup method to generate a CCV code in the event the battery dies or the chip fails, may be the CC company will allow the card holder to call the bank and get a temp CCV code until the chip card is fixed
@Anonymous wrote:this is an interesting product. I imagine the bank would also have to offer a backup method to generate a CCV code in the event the battery dies or the chip fails, may be the CC company will allow the card holder to call the bank and get a temp CCV code until the chip card is fixed
The battery in this type of card outlasts a normal card expiration (five years is a normal battery lifetime...)
It's possible, although rare, for the display or PRNG chip to fail. But that wouldn't directly affect the EMV chip (or the magstripe) for card-present transactions, and only some card-not-present transactions require CVV anyway.
I suspect that overnighting a replacement card would be the default issuer action, rather than a temp CVV.