PNC Testing Fraud-Busting Credit Cards with Rotating Numbers

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
As a method of battling online fraud and other unauthorized card-not-present transactions, PNC Bank is testing credit cards with e-ink displays that generate new card verification values (CCVs) at regular intervals throughout the day. The dynamic CCVs should prevent thieves from using credit card information that was stolen online, but there are at least two downsides, which include limited lifespan (the cards require lithium batteries) and significantly higher pricing (a regular chip card costs $2 to $4; these cost $15).

In PNC’s case, the motion-code application is hosted on a Visa server synchronized with the dynamic CVV cards. During the authorization process, the server is able to verify the correct CVV code because it knows the algorithm used to produce the numbers. PNC and other card issuers can set the cards to refresh at custom intervals -- every 30 or 60-minutes, for example. “We picked a particular interval, but can’t disclose it,” Mr. Ward said.
 
Requiring a pin instead of a signature would do wonders for the fraud but for some reason the CC companies refuse to use it in the US. Well it is not like I am on the ropes either way so it doesn't really affect me. Fuck them if they don't want to help themselves.
It’s not so much the CC companies not wanting it, the merchants push back hard. It would require most of them to upgrade old machines and equipment and software at their cost.
 
$15 a card is cheap, simply charge a security fee and have the users pay for the added security the cards provide. That would easily turn them a profit.
 
I want two factor approval for purchases.. first bank to give me this offer gets my business

Meaning based on certain conditions I need to approve the purchase on my phone
 
So if the algorithm is running on the card, wouldn't that make it easy to reverse engineer?
 
So if the algorithm is running on the card, wouldn't that make it easy to reverse engineer?
I would think this is the perfect use case for block chain, have all your past purchases in some way play a part in the generation of the new number.
 
It’s not so much the CC companies not wanting it, the merchants push back hard. It would require most of them to upgrade old machines and equipment and software at their cost.
Welcome to why it took forever for stores to support the chip.

Oh wait. Some places **STILL** don't support it. Looking at you Royal Farms. You support Apple Pay but not chip. Not to mention if you use Apple Pay you still have to sign. Kind of defeats the purpose of speed. And it is not a hardware issue. Your devices have the slot... with a post it over the thing saying swipe.

Then there is WaWa. they support chip but they require the 3 digit on the back of the card. WTF is up with that?

At least with swiping it was swipe and sign. Everywhere. Now when you go into a store you feel like a fool trying to pay with anything but cash.
 
Another major downside is, it's with PNC Bank. They can suck it as far as I'm concerned. Once completely lost track of a CD I had with them. Without any willingness to dig through my account past 2 months history, they said I would have to pay for them to find the information. Luckily I had all the info written down somewhere, found it and was able to recover the account. Never again PNC.
 
It’s not so much the CC companies not wanting it, the merchants push back hard. It would require most of them to upgrade old machines and equipment and software at their cost.
Actually there is no additional cost for having the signature over the pin. The CC companies already required the merchants to upgrade to chip readers or take on the risk of any fraudulent charges (or something like that) if they didn't upgrade. It is currently chip and signature instead of chip and pin.
 
great almost catching up to 10-15 years ago in modern countries

i don't know anyone in my home country that still uses a Physical card it all done over the phone. no terminals needed at all.
its getting a rather hassle when i bring stuff to my friends that people expect me to be somehow within the last 5 years of their technology and they have no way to pay easily pay me.
 
Actually there is no additional cost for having the signature over the pin. The CC companies already required the merchants to upgrade to chip readers or take on the risk of any fraudulent charges (or something like that) if they didn't upgrade. It is currently chip and signature instead of chip and pin.
Upgrade the machines yes but their POS software/hardware to use it no.
 
It’s not so much the CC companies not wanting it, the merchants push back hard. It would require most of them to upgrade old machines and equipment and software at their cost.
I work in the industry. There are a lot of merchants who push back, but there are waaaaayy more people who can't be bothered to memorize 4 digits.
 
$15 a card is cheap, simply charge a security fee and have the users pay for the added security the cards provide. That would easily turn them a profit.

I would assume the extra $10 the credit card company pays for the card is easily offset by the the money they save by not refunding fraud purchases.
 
I've never had the CCV matter except with online purchases. Seems easier to have a phone app or banking website that gives a CCV rather than adding another battery to a device.

Also add another layer of headache if an order is held for later payment, when the CCV has changed long since then.
 
It’s not so much the CC companies not wanting it, the merchants push back hard. It would require most of them to upgrade old machines and equipment and software at their cost.

agree, it's a huge problem here where i live, we have a lot of local stores owned by seniors that have no basic understanding of technology. we even have some stores where they use those old school slides that copy the card onto transfer paper(forget what they're called).

either way with how much i buy online i wouldn't mind paying 15 bucks for one of these cards although why not just put a solar cell on the card, there's no way that thing uses more power than a calculator.
 
I see a rotating CCV being a big issue for Kickstarter type transactions where the pledge is made weeks before the funds changing transaction fires. Or for things like Patreon or account autobill where a charge is made on a repeating basis.

For those with PTDs, include an app that spits out a CCV for transactions that charge immediately and include a "Your account is about to be charged by KS, Patreon, etc" verification setup when those process the charge.

For those without PTDs, send out a CCV key fob type device they can set next to the desktop.
 
Always bothered me that my gaming accounts have better front end security than my bank cards. Like why is it easier to steal my debit card than my wow account lol
 
I want two factor approval for purchases.. first bank to give me this offer gets my business

Meaning based on certain conditions I need to approve the purchase on my phone

You can do this...just put a voluntary credit edit freeze on your cards. I did this after I was a victim of identify theft years back. For 180 days, they would call me to approve any purchase I made with the cards. It was slightly annoying (used cash a lot actually), but did stop some future unauthorized purchases for the first couple months...then they gave up.
 
seems interesting, but like mentioned earlier it would need some sort of system for renewable sub

Always bothered me that my gaming accounts have better front end security than my bank cards. Like why is it easier to steal my debit card than my wow account lol

Same here, I dont get why there is no 2 factors authentication for banking website. It should be available for added security to those who want 2 factor auth.
Even [H] has it!
 
I deal with credit card fraud once a year on average so this seems like a great idea.
Same here. I have a Sears card that I only used for the initial promo purchase. That card has been stolen 3 times in 3 years, despite it never leaving my safe (was issued a new card after each theft). For the last one, the hotel that it was used at actually fought my fraud report, and I had to get a lawyer involved to prove that I did not in fact fly across the country for a one-night stay in Nowhere, Wyoming.
 
Back
Top