It's time for numberless credit cards
Matthew Martin 10/14/2015 07:55:00 AM
The security benefit of the chip wasn't obvious to me, so I had to look it up. To stylize things a bit, under the old system you swipe your card at the check out at the grocery store, and now the store has your card number which they then use to charge you for your bill. But even after that charge has been made against your card, it is still a valid number sitting in their database and anyone who can hack their system can steal a copy of your card number and use it. Apparently that's a thing that happens. So the new chips prevent this by not giving the store the raw card number in the first place. Instead the chip in the card generates a randomized code based on your card number such that when the credit card company receives the transaction on the network they can verify that it was produced by your card.1 The key innovation here is that the credit card company will not honor any generated transaction code more than once. Thus, if the number gets stolen from the store's computers, the stolen copy is no longer valid anyway.
But that is in fact all the new chip does. You can't use the chip when you are shopping online, so it doesn't help at all there--you're still giving out your real credit card number every time you buy from amazon, and this can potentially be intercepted on a faulty SSL connection, hacked from amazon's server, or even captured by malware right on your own computer. And once those thieves have the number, they can keep using it right up until you tell the credit card company to block the card.
But it doesn't have to be this way. Why not apply the same principle as the chip to internet purchases? It would be simple. Instead of typing in your credit card number, you'd request a unique code from the credit card company. They'd text you the code and you'd enter that into amazon.com instead of your credit card number, just like most companies already do for two-factor logins. When the credit card company receives the transaction they'd check the unique code against their records and then add it to their list of no-longer-valid codes and decline all future attempts to use it. In order to enforce this, the credit cards themselves would no longer even have numbers or magnetic strips on them.
With credit card numbers removed from credit cards, there'd be no virtual way to steal a credit card. The only remaining options for this kind of fraud would be to physically steal the actual card (which would only work for in-person transactions) or to steal your phone (which would only work for online transactions and only if you know the password). In both those situations, it is simple for the card holder to know whether or not their card is stolen and cancel the card before any fraud can happen.
It is time to abolish the credit card number.
1 I don't know exactly what cryptography process they use, but this is probably similar to password hashing: the chip generates a random number called a salt and injects this into the card number, encrypts the salt+card number with an asymmetric encryption key (there's no decryption key), then the network relays the encrypted number, the unencrypted salt, and a card identifier to the credit card company. The credit card company can then verify that the encrypted transaction number has never been used before (if it has, the number was stolen and is invalid), use the identifier to look up the actual card number in their own records, apply the salt that was sent with the transaction, then apply the encryption key to the salted record, and finally if the result is the same as the encrypted number in the transaction then they've proved that the transaction was generated by the real credit card number and not a stolen copy of the transaction record.