Blog article
See all stories »

I won't show you mine...

How to commit a credit card fraud? "Simples!" - emboss card number on the card itself.

The credit card predecessor (called "Certificate of Credit") didn't have a card number at all, just the bearer's name - there were not that many people who were wealthy enough to have such a certificate back in the 20s in a given area, I guess (those cards were only accepted locally).

Next came "charge plates" (I have a few of them sitting on my desk). Those were typically issued by the department stores, and were kept in-store too (think of "Pay with Square", btw). Charge plates still didn't have numbers, but this time the name of the owner was embossed - so that the copy of a charge plate could be imprinted, using carbon paper, onto the transaction receipt.

When the first credit cards appeared in the early 30s (initially issued by the petrol stations, Diner's Club would not come into existance for another twenty odd years), they had a name, but not the embossing - those cards were made of cardboard. Embossing was introduced on plastic credit cards initially as a counterfeit prevention measure. Later, embossing began to be used for the same purpose as embossing on the charge plates - creating card's imprint on the receipt.

Fast forward to 2013: do we need card number (let alone the expiry date) on the card? Well, perhaps there could be a few odd places out there where credit card imprinters are still in use, but is that the reason for the whole card industry to remain backward?

All transactions in a physical retail environment can now be conducted without either party knowing the card number. Expiry date is an atavism too which serves no purpose at all these days - the issuer does know whether the card expired or not. 

We only need card number for online transactions. Card itself is not, by far, the best place to keep that number. In fact, banks should be providing us with a different card number specifically for remote transaction, decoupling it from the physical card - so that if the "online" number is compromised, the physical card does not need to be re-issued.

Better still, the issuers should be giving us one-time tokens for online purchases - some banks are already experimenting with that approach.

Going further, the physical card should have on-chip tokenization, so that retail transactions can be based on one-time tokens too. That will bring exposure of sensitive data to zero, and would allow to greatly simplify retail card terminals (as well as to reduce their cost).

When there is nothing to steal, there is nothing to protect.

If EMV wants to remain relevant in the fast-changing payments world, they need to start thinking about changing the underwear - the old one begins to stink.

4490

Comments: (2)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 08 March, 2013, 20:11Be the first to give this comment the thumbs up 0 likes

For all its faults, I'm amazed at the sheer popularity enjoyed by the basic credit card over the decades. HDFC Bank and a few other card issuers have been offering "onetime tokens for online purchases" but, despite being around for over five years, their offtake has been poor and COD reigns supreme for ecommerce in India. In an ideal world, OTP, card reader, 2FA, out-of-band authentication and all those nice things should provide more comfort to the user and increase their use of epayments, but in the real world, the inevitable friction they add to the payment process seems to be driving people away from them.

Sreeram Yegappan
Sreeram Yegappan - Cognizant - London 12 March, 2013, 09:37Be the first to give this comment the thumbs up 0 likes

Barclaycard has the ability to generate one time card for online transactions.. To my knowledge this can be used for high value transactions and then linked back to the main a/c for reconciliation purposes. This was the Physical card wont be compromised.

Retired Member

Member since

19 Mar 2009

Location

Blog posts

5,774

Comments

6,121

This post is from a series of posts in the group:

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.


See all