Computer Crime Research Center

card/id_th3.jpg

Credit Card Security

Date: January 10, 2007
Source: creditorweb.com


This is the age of plastic money. It's not uncommon for the typical consumer in the western world to go weeks at a time without ever handling a coin or bill. Everything we need is available to us with the simple "swik-swik' sound of a credit card sliding through a reader. Supplies for the office, flowers for the wife, meals and drinks out, and an endless supply of useful products available for sale through the Internet can all be bought with naught a cent to be seen.

The big question is: "How safe is all this plastic?"

Cash has its obvious benefits. When you buy a sandwich for $2.95 and you hand the cashier a $5 bill, you know you haven't been ripped off when he hands you $2.05 right then and there. But when you hand your card to a waitress at the local chain restaurant, how do you know she hasn't taken a moment to sneak into the office and copy your card number and signature? You don't, and the implications of this question are having a serious effect on credit card companies and the merchants they do business with.

In response to these issues, the big credit card companies have developed more secure ways to do business. MasterCard International and Visa got together and came up with a set of guidelines called the Payment Card Industry Data Security Standards. This is a list of 12 guidelines that imposes strict regulations on all transactions taking place between the card company and the merchants it trades with. While these standards have been in place since 2005, merchants are taking some time to catch up to them. However, in the past year there has been marked improvement, and both credit card companies have stepped up their tactics to the point where merchants may be experiencing losses of service if they do not fall in line soon. (You can read the 12 guidelines and the details of this plan on the homepages of Visa or MasterCard.)

Discover Card has responded to the pressure for more secure methods with it's own program. They call it the Secure Online Account Number program. Anytime you use your Discover card to purchase a product online, their program will generate a random account number to "stand-in" for the one on your card. You then send this number to the merchant in place of the real number. When the number is verified with Discover Card, it will link to your account and the purchase is charged to you. The benefit of this system is that the merchant never sees your true account number. Only you and Discover Card have access to it. Once the transaction is completed the randomly generated account number is no longer valid, so any attempts to use it result in denial.

A security method that online merchants are employing is the requirement of a shipping address that matches the billing address on your credit card. This is to guard against thieves who may steal your account number but will have no access to your billing address. This way, if your card is stolen, it can only be used to make purchases that will ship to your address. Any prospective thieves will have to pick up their orders from your mailbox, not something the average anonymity-seeking thief will want to do.

There are also third party systems in place for ensuring online credit card security. VeriSign's SSL (Secure Sockets Layer) technology is the leader in the field. VeriSign will give each merchant it conducts business with 2 "keys" (like coding alphabets), a public key and a private key. The public key is used to encrypt information, and the private key is used to decipher it. VeriSign's technology now offers this encryption in 128- to 256-bit encryption, which provides a nearly un-guessable number of possible combinations of codes.
Add comment  Email to a Friend

Discussion is closed - view comments archieve
2009-04-10 20:34:05 - I recently had my credit card cloned.... Cbay
2008-03-25 23:26:45 - This begs the question about actually... Steve Sildon
2007-11-23 01:52:53 - I have had merchants request the 3 number... Gracie Light
Total 3 comments
Copyright © 2001-2024 Computer Crime Research Center
CCRC logo