Several years ago websites began asking for the Card Verification Value (CVV), those three digits on the back of your credit card. It’s also called Card Security Code (CSC) or Card Verification Code (CVC). The idea behind this code is it proves you are in possession of the card because this value is not stored on the magnetic strip.
This was a good idea at first, however once you enter that code on a website for the first time, it immediately becomes worthless as a security measure. That merchant now (potentially) has this code and can go to other websites and order items as you.
The solution to this problem has existed for quite some time. They’re called security key fobs, and people in the IT industry have been using these for years to connect to private networks. It’s a small device that connects to your key chain that generates a “random” number every so many seconds that you must provide to log in. This number isn’t random at all but is generated by encrypting the current time using a security key that is unique to that device. Since this code changes every few second you have to be in possession of the device in order to log in.
A company called InCard Technologies has developed a payment card that has this feature built in. The card has a display screen button and battery inside. Whenever you press the button a code is displayed on the screen that is valid for the next few seconds. Using a system like this instead of CVV code would solve the security problem with entering credit card information into a website. If anyone obtained the card data submitted and tried to use it the transaction would fail because the random key code is no longer valid.
This was a good idea at first, however once you enter that code on a website for the first time, it immediately becomes worthless as a security measure. That merchant now (potentially) has this code and can go to other websites and order items as you.
The solution to this problem has existed for quite some time. They’re called security key fobs, and people in the IT industry have been using these for years to connect to private networks. It’s a small device that connects to your key chain that generates a “random” number every so many seconds that you must provide to log in. This number isn’t random at all but is generated by encrypting the current time using a security key that is unique to that device. Since this code changes every few second you have to be in possession of the device in order to log in.
A company called InCard Technologies has developed a payment card that has this feature built in. The card has a display screen button and battery inside. Whenever you press the button a code is displayed on the screen that is valid for the next few seconds. Using a system like this instead of CVV code would solve the security problem with entering credit card information into a website. If anyone obtained the card data submitted and tried to use it the transaction would fail because the random key code is no longer valid.
No comments:
Post a Comment