<http://online.wsj.com/article_print/0,,SB111689465103641274,00.html>
The Wall Street Journal May 24, 2005 MONEY Credit-Card Firms Bank on New Ways To Counter Fraud By DAVID ENRICH DOW JONES NEWSWIRES May 24, 2005; Page D2 Credit cards are going high-tech in an effort to combat fraud, but some banks and issuers fear the changes could make it harder for consumers to reach for the plastic. The next generation of credit and debit cards is squarely aimed at fighting theft and fraud. These cards will run on paper-thin batteries and feature liquid-crystal-display screens that frequently generate fresh card numbers. The theory is that oft-changing card numbers will be useless to thieves who intercept Internet transactions or get access to databases of card numbers. A number of major banks and data-security firms have designed prototypes of the new dynamic-number cards, but it isn't clear when they will be available to consumers. Some industry officials expect to start testing the cards with consumers later in 2005, and others say they could be ready for production within a year. Citigroup Inc., the world's largest issuer of credit cards, is one of the leaders in the race to launch the new cards. Alonzo Ellis, the head of information security at Citigroup Private Bank, confirmed that Citigroup, of New York, is working on the new cards but wouldn't discuss details. "It's almost there. It's pretty close to something that can be mass produced," he said. Representatives of several major card issuers declined to discuss new technology they are developing, but Mr. Ellis said other banks -- recognizing that preventing fraud will cut their costs -- are scrambling to incorporate new dynamic-number technology into their cards. "If you can reduce your fraud percentage by a few points, that's real dollars," he said. U.S. card issuers last year racked up about $788 million in losses from credit-card theft and fraud, according to the Nilson Report, an industry publication. That doesn't include losses stemming from fraudulent online or phone transactions, which are estimated to have run into the billions of dollars. Compared with their peers overseas, U.S. banks and card issuers have been slow to upgrade security. In Europe, computer chips are embedded in many "smart" credit and debit cards, and some banks require customers to use number-generating devices to access bank or credit-card information online. In the U.S., card issuers have balked at those added levels of security. They are expensive, and banks are reluctant to impose inconveniences on American consumers, especially when it comes to their deeply ingrained shopping habits. As a result, there is a premium on high-security but easy-to-use cards that allow consumers "to continue using their standard behavior patterns," said David Watkins, the chief executive officer of QueueCard, one of several firms working with card issuers to develop cards with changing numbers. On some of the new cards, as many as 10 of the 16 digits on the front of the card would appear in a digital screen and would automatically change periodically -- perhaps every 60 seconds. For purchases over the Internet or phone, users would supplement that number with a personal identification number, or PIN. The system also is designed to enhance the security of in-store transactions. Other cards would require users to punch in a PIN on a touchpad on the card every time they make an online or phone transaction. A screen on the card would then produce a one-time password, which the user would enter along with the credit-card number. Patrick Gauthier, Visa USA's senior vice president of emerging-products development, said card issuers will need to clear a number of "significant hurdles" if the new cards are to win broad consumer acceptance. "Not the least of the complications is to train the consumer on this new method of shopping," he said. -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]