undefined | Better HN

0 pointstomjen312y ago0 comments

Can you elaborate on some of those techniques? Plenty of people are reluctant to use credit cards online for the fear that they might get stolen.

0 comments

nknighthb12y ago

Picture, for example, a card which has a small OLED display which displays an amount and a merchant name. You press a little button on the card, and an authorization is generated, cryptographically signed with an embedded key, and sent to the card reader (which also provides the power for the card).

Such a reader can be built into laptops, keyboards, smartphones, available as small stand-alone USB devices, etc.. Web browsers, POS systems, etc. can send a request to the reader and tell the user to place their card on it and check the card's display.

Transactions without a valid signature can simply be discarded.

If the system is implemented properly, the only way to commit fraud should be to physically steal the card.

(A more paranoid version could include buttons on the card for entering a passcode, so that even if the card is stolen, it would be difficult to use, at least before being reported stolen.)

raverbashing12y ago

I have a bank card that can be attached to a device, and transactions (internet banking) can be signed with it.

The device is not connected to the computer, rather, you have to type some info (like value of the transaction) and it generates a code you type back in the website

For this device to work you need to type the card pin

Of course this wouldn't work in the US since they're still stuck with the magstripe

Amadou12y ago

Well, I can see why they haven't implemented that - its a huge undertaking to build specialized hardware like that into so much varied equipment. For all intents and purposes rolling out a system like that is impossible.

nknighthb12y ago

I don't believe it is materially more difficult than the NFC rollout. In fact, I believe it would be far easier than NFC if the financial industry would actually get behind it enthusiastically.

I'm curious, what other undertakings do you think are impossible? WiFi? Bluetooth? GSM?

1 more reply

j / k navigate · click thread line to collapse

0 comments

nknighthb12y ago

Transactions without a valid signature can simply be discarded.

If the system is implemented properly, the only way to commit fraud should be to physically steal the card.

(A more paranoid version could include buttons on the card for entering a passcode, so that even if the card is stolen, it would be difficult to use, at least before being reported stolen.)

raverbashing12y ago

I have a bank card that can be attached to a device, and transactions (internet banking) can be signed with it.

The device is not connected to the computer, rather, you have to type some info (like value of the transaction) and it generates a code you type back in the website

For this device to work you need to type the card pin

Of course this wouldn't work in the US since they're still stuck with the magstripe

Amadou12y ago

nknighthb12y ago

I don't believe it is materially more difficult than the NFC rollout. In fact, I believe it would be far easier than NFC if the financial industry would actually get behind it enthusiastically.

I'm curious, what other undertakings do you think are impossible? WiFi? Bluetooth? GSM?

1 more reply

j / k navigate · click thread line to collapse