How to fix credit and debit card fraud

(The-Asterisk asterisk: I was writing this post before the Apple announcements on September 9, 2014)

I am not an expert in the minutiae, but I know a bit about security. Here is my 'simple man' idea to fix the rash of fraudulent credit card charges and debit card withdrawals happening more and more these days.

Let's first stipulate that just about everyone has a smart phone onto which an app can be installed, or to which a text message can be sent.

Every credit card on file would be registered with an app installed on a phone belonging to the cardholder. Even with multiple cards of various types, the user would be covered (hopefully by a single app.)

So, when you go into Target or Home Depot to make a purchase with your compromised credit card, you swipe it at the point of sale (POS) and during the verification process, a challenge procedure is triggered. The credit card clearing house would send an alert message to your app (or a text message to your phone). This message would include the merchant name, amount and verification code. This code would then be presented as a string or a scannable code on the phone's screen. The cashier (or the phone itself using Near-Field Communications (NFC)) would enter this verification string into their register.

The cash register would send that info back to the clearinghouse, where it would respond back with a match code, completing the transaction. If invalid, it would respond with a no-match code at which time the card holder would be notified.

If you get a random notification from the app that a transaction is occurring, you could approve it (you might have automatic bill pay, or someone at your company is using your credit card for a valid purchase) or you could tap a button to disapprove the transaction.

If this transaction took place with an online merchant, essentially the same thing would occur, except you would have to type the verification code into the blank field in your check out screen. This verification code could be something like "jumping 326 karma". Easy to type, yet random enough to be nearly impossible to spoof.

What about folks who don't have smart phones, cell phones or such devices? Their credit card rates would skyrocket or they could be issued a key fob such as is used for 2 factor authentication (2FA). It would be simple enough to modify the procedure to accommodate the fob.

The mega-merchants, banks and clearinghouses should embrace something as simple as this. They are the ones that lose the most administratively by having to reissue cards, pay for credit checking services and endure the embarrassment of yet another hack on their businesses, but consumers also lose because they waste an inordinate amount of time swapping cards and being diligent, just so some criminal in Russia can sell your card data online for $7.

Today Apple announced Apple Pay which allows a user to swipe their watch or one of the new iPhones as mentioned above using virtually stored credit cards. This is a step in the right direction, but will take a long time to become universal.

My simple app (with required security to disallow man in the middle or other attacks to occur) has the potential to ramp up quickly and be nearly ubiquitous in a year.

Sure, the criminals will come up with some other way to rip you off, but isn't it just too easy for them the way it is right now? We are quickly losing confidence in out monetary system when we no longer freak out over Home Depot losing umpteen million customer's account information.

Oh, and if Apple or any other online system wants to find out how to thwart password cracking through social engineering or password change requests, they need to look no further than Google. If you forget your Google password, get ready to do a LOT of remembering before you can get one reissued. Trust me, you don't want to lose your Google password!

Comments

Popular posts from this blog

How To Change a Commercial Door Lock in 9 Easy Steps

Replacing the headlamp in your 2009 Toyota Highlander Hybrid

How The Asterisk would replace Obamacare and fix our health care nightmare