http://online.wsj.com/article_print/0,,SB111689465103641274,00.html
The Wall Street Journal
May 24, 2005
MONEY
Credit-Card Firms
Bank on New Ways
To Counter Fraud
By DAVID ENRICH
DOW JONES NEWSWIRES
May 24, 2005; Page D2
Credit cards are going high-tech in an effort to combat fraud, but some
banks and issuers fear the changes could make it harder for consumers to
reach for the plastic.
The next generation of credit and debit cards is squarely aimed at fighting
theft and fraud. These cards will run on paper-thin batteries and feature
liquid-crystal-display screens that frequently generate fresh card numbers.
The theory is that oft-changing card numbers will be useless to thieves who
intercept Internet transactions or get access to databases of card numbers.
A number of major banks and data-security firms have designed prototypes of
the new dynamic-number cards, but it isn't clear when they will be
available to consumers. Some industry officials expect to start testing the
cards with consumers later in 2005, and others say they could be ready for
production within a year.
Citigroup Inc., the world's largest issuer of credit cards, is one of the
leaders in the race to launch the new cards. Alonzo Ellis, the head of
information security at Citigroup Private Bank, confirmed that Citigroup,
of New York, is working on the new cards but wouldn't discuss details.
It's almost there. It's pretty close to something that can be mass
produced, he said.
Representatives of several major card issuers declined to discuss new
technology they are developing, but Mr. Ellis said other banks --
recognizing that preventing fraud will cut their costs -- are scrambling to
incorporate new dynamic-number technology into their cards. If you can
reduce your fraud percentage by a few points, that's real dollars, he said.
U.S. card issuers last year racked up about $788 million in losses from
credit-card theft and fraud, according to the Nilson Report, an industry
publication. That doesn't include losses stemming from fraudulent online or
phone transactions, which are estimated to have run into the billions of
dollars.
Compared with their peers overseas, U.S. banks and card issuers have been
slow to upgrade security. In Europe, computer chips are embedded in many
smart credit and debit cards, and some banks require customers to use
number-generating devices to access bank or credit-card information online.
In the U.S., card issuers have balked at those added levels of security.
They are expensive, and banks are reluctant to impose inconveniences on
American consumers, especially when it comes to their deeply ingrained
shopping habits.
As a result, there is a premium on high-security but easy-to-use cards that
allow consumers to continue using their standard behavior patterns, said
David Watkins, the chief executive officer of QueueCard, one of several
firms working with card issuers to develop cards with changing numbers.
On some of the new cards, as many as 10 of the 16 digits on the front of
the card would appear in a digital screen and would automatically change
periodically -- perhaps every 60 seconds. For purchases over the Internet
or phone, users would supplement that number with a personal identification
number, or PIN. The system also is designed to enhance the security of
in-store transactions.
Other cards would require users to punch in a PIN on a touchpad on the card
every time they make an online or phone transaction. A screen on the card
would then produce a one-time password, which the user would enter along
with the credit-card number.
Patrick Gauthier, Visa USA's senior vice president of emerging-products
development, said card issuers will need to clear a number of significant
hurdles if the new cards are to win broad consumer acceptance. Not the
least of the complications is to train the consumer on this new method of
shopping, he said.
--
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
