PNC Testing Fraud-Busting Credit Cards with Rotating Numbers

Discussion in 'HardForum Tech News' started by Megalith, Dec 29, 2018.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    13,004
    Joined:
    Aug 20, 2006
    As a method of battling online fraud and other unauthorized card-not-present transactions, PNC Bank is testing credit cards with e-ink displays that generate new card verification values (CCVs) at regular intervals throughout the day. The dynamic CCVs should prevent thieves from using credit card information that was stolen online, but there are at least two downsides, which include limited lifespan (the cards require lithium batteries) and significantly higher pricing (a regular chip card costs $2 to $4; these cost $15).

    In PNC’s case, the motion-code application is hosted on a Visa server synchronized with the dynamic CVV cards. During the authorization process, the server is able to verify the correct CVV code because it knows the algorithm used to produce the numbers. PNC and other card issuers can set the cards to refresh at custom intervals -- every 30 or 60-minutes, for example. “We picked a particular interval, but can’t disclose it,” Mr. Ward said.
     
  2. [21CW]killerofall

    [21CW]killerofall Aliens...

    Messages:
    3,078
    Joined:
    Mar 16, 2006
    Requiring a pin instead of a signature would do wonders for the fraud but for some reason the CC companies refuse to use it in the US. Well it is not like I am on the ropes either way so it doesn't really affect me. Fuck them if they don't want to help themselves.
     
  3. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,669
    Joined:
    Feb 3, 2014
    It’s not so much the CC companies not wanting it, the merchants push back hard. It would require most of them to upgrade old machines and equipment and software at their cost.
     
    Nukester and sirmonkey1985 like this.
  4. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,669
    Joined:
    Feb 3, 2014
    $15 a card is cheap, simply charge a security fee and have the users pay for the added security the cards provide. That would easily turn them a profit.
     
  5. Kenjiwing

    Kenjiwing 2[H]4U

    Messages:
    3,688
    Joined:
    Apr 6, 2009
    I want two factor approval for purchases.. first bank to give me this offer gets my business

    Meaning based on certain conditions I need to approve the purchase on my phone
     
    /dev/null likes this.
  6. potency

    potency Gawd

    Messages:
    848
    Joined:
    Dec 1, 2010
    So if the algorithm is running on the card, wouldn't that make it easy to reverse engineer?
     
    Lakados likes this.
  7. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,669
    Joined:
    Feb 3, 2014
    I would think this is the perfect use case for block chain, have all your past purchases in some way play a part in the generation of the new number.
     
  8. necrosis

    necrosis Gawd

    Messages:
    758
    Joined:
    Oct 21, 2004
    Welcome to why it took forever for stores to support the chip.

    Oh wait. Some places **STILL** don't support it. Looking at you Royal Farms. You support Apple Pay but not chip. Not to mention if you use Apple Pay you still have to sign. Kind of defeats the purpose of speed. And it is not a hardware issue. Your devices have the slot... with a post it over the thing saying swipe.

    Then there is WaWa. they support chip but they require the 3 digit on the back of the card. WTF is up with that?

    At least with swiping it was swipe and sign. Everywhere. Now when you go into a store you feel like a fool trying to pay with anything but cash.
     
  9. lollerwaffle

    lollerwaffle Gawd

    Messages:
    665
    Joined:
    Feb 3, 2008
    Another major downside is, it's with PNC Bank. They can suck it as far as I'm concerned. Once completely lost track of a CD I had with them. Without any willingness to dig through my account past 2 months history, they said I would have to pay for them to find the information. Luckily I had all the info written down somewhere, found it and was able to recover the account. Never again PNC.
     
  10. [21CW]killerofall

    [21CW]killerofall Aliens...

    Messages:
    3,078
    Joined:
    Mar 16, 2006
    Actually there is no additional cost for having the signature over the pin. The CC companies already required the merchants to upgrade to chip readers or take on the risk of any fraudulent charges (or something like that) if they didn't upgrade. It is currently chip and signature instead of chip and pin.
     
    Lakados likes this.
  11. SvenBent

    SvenBent 2[H]4U

    Messages:
    3,133
    Joined:
    Sep 13, 2008
    great almost catching up to 10-15 years ago in modern countries

    i don't know anyone in my home country that still uses a Physical card it all done over the phone. no terminals needed at all.
    its getting a rather hassle when i bring stuff to my friends that people expect me to be somehow within the last 5 years of their technology and they have no way to pay easily pay me.
     
    Darunion likes this.
  12. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,669
    Joined:
    Feb 3, 2014
    Upgrade the machines yes but their POS software/hardware to use it no.
     
  13. w4ffles

    w4ffles 2[H]4U

    Messages:
    2,170
    Joined:
    Mar 13, 2008
    I work in the industry. There are a lot of merchants who push back, but there are waaaaayy more people who can't be bothered to memorize 4 digits.
     
    Lakados likes this.
  14. Xrave

    Xrave [H]ardness Supreme

    Messages:
    7,048
    Joined:
    Jun 29, 2004
    I would assume the extra $10 the credit card company pays for the card is easily offset by the the money they save by not refunding fraud purchases.
     
    PaulP, SvenBent and steakman1971 like this.
  15. Itrocan

    Itrocan n00b

    Messages:
    5
    Joined:
    Oct 6, 2018
    I've never had the CCV matter except with online purchases. Seems easier to have a phone app or banking website that gives a CCV rather than adding another battery to a device.

    Also add another layer of headache if an order is held for later payment, when the CCV has changed long since then.
     
    scan13 likes this.
  16. sirmonkey1985

    sirmonkey1985 [H]ard|DCer of the Month - July 2010

    Messages:
    21,529
    Joined:
    Sep 13, 2008
    agree, it's a huge problem here where i live, we have a lot of local stores owned by seniors that have no basic understanding of technology. we even have some stores where they use those old school slides that copy the card onto transfer paper(forget what they're called).

    either way with how much i buy online i wouldn't mind paying 15 bucks for one of these cards although why not just put a solar cell on the card, there's no way that thing uses more power than a calculator.
     
  17. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,527
    Joined:
    Mar 4, 2013
    I see a rotating CCV being a big issue for Kickstarter type transactions where the pledge is made weeks before the funds changing transaction fires. Or for things like Patreon or account autobill where a charge is made on a repeating basis.

    For those with PTDs, include an app that spits out a CCV for transactions that charge immediately and include a "Your account is about to be charged by KS, Patreon, etc" verification setup when those process the charge.

    For those without PTDs, send out a CCV key fob type device they can set next to the desktop.
     
  18. Darunion

    Darunion 2[H]4U

    Messages:
    3,741
    Joined:
    Oct 6, 2010
    Always bothered me that my gaming accounts have better front end security than my bank cards. Like why is it easier to steal my debit card than my wow account lol
     
    xmadror likes this.
  19. JavaLava

    JavaLava [H]Lite

    Messages:
    99
    Joined:
    Apr 3, 2018
    You can do this...just put a voluntary credit edit freeze on your cards. I did this after I was a victim of identify theft years back. For 180 days, they would call me to approve any purchase I made with the cards. It was slightly annoying (used cash a lot actually), but did stop some future unauthorized purchases for the first couple months...then they gave up.
     
  20. xmadror

    xmadror Gawd

    Messages:
    711
    Joined:
    Feb 13, 2012
    seems interesting, but like mentioned earlier it would need some sort of system for renewable sub

    Same here, I dont get why there is no 2 factors authentication for banking website. It should be available for added security to those who want 2 factor auth.
    Even [H] has it!
     
    Darunion likes this.
  21. Nukester

    Nukester [H]ard|Gawd

    Messages:
    1,428
    Joined:
    Mar 21, 2016
    not so much
     
  22. TangledThornz

    TangledThornz Gawd

    Messages:
    656
    Joined:
    Jun 12, 2018
    I deal with credit card fraud once a year on average so this seems like a great idea.
     
  23. wizdum

    wizdum [H]ard|Gawd

    Messages:
    1,941
    Joined:
    Sep 22, 2010
    Same here. I have a Sears card that I only used for the initial promo purchase. That card has been stolen 3 times in 3 years, despite it never leaving my safe (was issued a new card after each theft). For the last one, the hotel that it was used at actually fought my fraud report, and I had to get a lawyer involved to prove that I did not in fact fly across the country for a one-night stay in Nowhere, Wyoming.