Disposable Credit Card Numbers
‘Anti-Fraud Scheme’
Each time you give your credit card details to a phone agent or Web site, it can feel like you die a little — after all, you’ve just given away the keys to your personal kingdom.
Security experts nowadays are trying to help address this fear by developing disposable credit card numbers (DCCNs).
Under one new proposal, the disposable digits would be good only for a single transaction. As detailed in a recent edition of the International Journal of Electronic Security and Digital Forensics, researchers at Anglia Ruskin University in the U.K. suggest a scheme whereby consumers submit a DCCN instead of their regular card number when making online purchases.
Researchers Mohammed Assora, James Kadirire and Ayoub Shirvani suggest that the customer would get the secret code number from the credit card company. Using a simple calculation, the code would be a combination of a number from the e-commerce site (probably the sale price) and the credit card number to create a “hash” of the credit card details.
This hash — which would resemble a long random number — would be stored by the merchant instead of the usual credit card details. Neither the merchant nor any malicious eavesdropper or hacker would be able to read it, but the credit card company could read it, since it knows the customer’s code number.
Not popular yet
Disposable credit cards actually are available today — the technology has been around for seven or eight years, said Mike Rothman, head of Security Incite in Atlanta.
“But it complicates the user experience and the result has been less-then-stellar adoption rates,” Rothman told LiveScience. “Given that consumers are protected from fraud on their accounts (after the first $50), there isn’t a big incentive to use these services,” Rothman said.
DCCN examples he cited included CitiBank’s Virtual Account Number Option, Bank of America’s ShopSafe program and Discover’s Secure Online Account Numbers. The numbers are generated online by the credit card company after consumers enter their credit card numbers.
The U.K. researchers say their new approach is superior, because the DCCN can be created offline, so the original credit card number never needs to be transmitted.
FTC fraud log
Protection against fraud on your account does not mean you are completely protected — the merchant could turn out to be fraudulent, or someone could steal your identity and set up new accounts in your name.
About two-thirds of consumer complaints to the Federal Trade Commission involve old-fashion consumer rip-offs.
The latest FTC report shows it logged about 800,000 consumer complaints during 2007, of which 32 percent involved identity theft and 68 percent covered other types of fraud. The median loss on a fraud complaint was $349, and the biggest offenders were shop-at-home channels or Web sites.
Of the identity theft cases, only 23 percent involved a credit card account, and cases of unauthorized new accounts outnumbered misuse of existing accounts by two to one. Other categories involved using someone else’s name for a utilities account (18 percent), for employment (14 percent), for government benefits fraud (11 percent), loan fraud (5 percent) and other forms of bank fraud (13 percent).
Also, a study last year by researchers at Utica College found that identities were more likely to be stolen through old-fashion methods, such as purloined mail or wallets, than via the Internet.
Source: LiveScience
Recent Entries
- World’s Largest Dinosaur Grave Unearthed in China
- Foxit PDF Suite, Simple & Powerful
- Unmasking the “hidden potential” of Windows XP
- Studying the Chameleon-like Properties of Giardia Parasite
- FTP Error Codes
- Review: ThinkDigit.com
- BAM! It’s More Slippery Than Teflon (And Greener)
- Using the Auto Shutdown Feature In Windows XP
- Optimizing The RAM Speed Windows XP Style
- Turning Off the Useless Services In Windows XP
April 2nd, 2008 at 2:27 pm
The DCCN solution already exists whereby a cardholder is given a number without having to enter the real credit card details. The technology was created and patented by Orbiscom, a Dublin, Ireland-based technology company and is currently used by many leading banks including, “Virtual Account Numbers” at Citibank, “ShopSafe” at Bank of America and “Secure Online Account Numbers” at Discover. The cardholder can download a small applet to the desktop and when shopping just via a user name and password…and a DCCN, an expiration date, and a security code are created for the transaction. The applet form-fills the info directly onto the merchant check-out. If the cardholder does not want to download, he/she can go to the bank card’s online site and create a DCCN and then drag and drop the info onto the check-out form. There is no need to enter any of the real card account details. The DCCN solution is also offered to protect signature debit transactions in Europe; in the US only credit cards currently offer this valuable service. Millions of cardholders are enrolled in the service and billions of ecommerce dollars have been protected by using these Orbiscom online security products. Cardholders should go to the online banking site of their banks to enroll, or call the Customer Service units of their banks to inquire about getting coverage if their bank does not yet offer it.
April 3rd, 2008 at 1:25 am
True, its a wonderful option that the credit card users have and which would definately cover the loop holes (to a certain degree) during the online transactions.