Let's face it: Credit and debit card security is in need of an overhaul. The current system, which relies on knowing a group of numbers, is too often exploited by individuals who commit fraud by making purchases which don't require a physical card to be present. Due to the limitations of the current system it is difficult to combat this particular kind of fraud. In an attempt to protect cardholders and businesses from these types of scams Visa is testing out a new method of securing credit and debit cards in the UK.
The new cards come equipped with an additional security measure in the form of a one-time password generator embedded into the card. By adding an additional authentication factor into the transaction, Visa hopes to provide another level of security. Under the new system, when a user wants to initiate an online purchase, they would enter their PIN into the card, generating a new one-time password which would in turn be verified by Visa before authorizing the transaction.Two-factor authentication, by way of one time use codes, isn't new. Companies who deal with sensitive data often require users to make use of this to log in to a network or access a secure website. World of Warcraft, a popular online multiplayer game, offers gamers a key fob device which lets them securely access their game account. This level of security for a game left at least one blogger confused as to why it was now easier to steal his real dollars than those which exist only as a virtual denomination!
PayPal offers a similar service where users can pay $5 for a PayPal Security Key which generates one time use passwords. PayPal also offers an extremely practical solution to two-factor authentication by providing one-time passwords via text message. While using text messages to deliver a one time password seems like it could pose a security issue I can't argue with the fact that it cuts down on devices for the user to misplace.
Whether or not this new system works ultimately comes down to how the final version is implemented. By requiring a PIN to generate the one time passwords, the new system should ultimately cut down on the millions of dollars of losses racked up each year during online and other card not present transactions. Since the new cards are the same size as current credit cards and offer more protection against fraud it seems highly likely that consumers will be open to trying out the new technology.
Via Schneier on Security
Visa tries out more secure credit cards in the UK