To Pay With Your Credit Card, Please Speak Up 300
prostoalex writes "It's reasonable easy for a thief to steal the social security number and bank account information (which is printed on a check) as well as an address. The next generation of financial tools are fighting this problem. Business Week talks about voice verification in future debit and credit cards. "Here's how it works: A special sensor on the credit card stores its owner's previously recorded voiceprint in digital form. When the owner receives a new card, he or she speaks a password into the sensor on the card. If the voiceprint matches, the card is activated.""
so.. (Score:5, Insightful)
Re:so.. (Score:3, Insightful)
YMMV
-P@
Re: (Score:2, Funny)
Re:so.. (Score:2)
Re:so.. (Score:2)
I can't stand the rain... (Score:5, Interesting)
This was good technology applied in a bad way. As one of more than one way of activating a card this would be a good thing. Thieves are a skittish lot, even if they could sign for card use or use a stolen PIN, the fact they would be expected to voice activate the card first would deter them, not wishing to draw undue attention to themselves.
Even 14 years ago this technology had a extremely low false positive rate misidentifying someone as someone else. Even 25 years ago I seem to remember this technology being not being prone to misidentification, though more finicky and with a much smaller vocabulary (like 10 words).
Re:so.. (Score:5, Insightful)
The need for a side channel to serve the voice challenged population presents a (possibly huge) problem. If somebody who legitimately cannot speak can activate a credit card without speaking, then so can the bad guys. That side channel will also need to be secure.
Could it be done properly (so that the bad guys can't get around the system)? Probably. Will it? Probably not. And, like so much so-called security, we'll end up inconvenienced in exchange for little or no benefit.
Not that it should need saying, but security systems such as this will need to cater to everybody, not just those of us with voices.
508 Compliance (Score:3, Informative)
Re: (Score:2)
Re:so.. (Score:2)
Re:so.. (Score:2)
Re:so.. (Score:2)
And if you want to buy a cold remedy? ... and you're out of town? .... Trying to check into a hotel after your 'code' bloomed on your 12hour flight?
I know one person who was in town for a weekend course. One side effect of the course was that, by Sunday afternoon, he had shed so much stress that his (voice activated) cell phone no longer recognized his commands. If that had been a credit card, he might not have been able to pay his way home. As
Re:so.. (Score:4, Insightful)
Why do you call people who use credit cards for everything retards?
I pretty much use mine for everything (amex mostly)...I just feel more comfortable doing that than carrying around large sums of cash. And, usually, it seesm with me, if I've got cash in my pocket...I'm more apt to spend it.
Also, it is just convenient....I don't have to worry about making a trip to find one of my banks money machines (I can't stand paying ATM fees going to other banks' ATM's)...payments to me are direct deposit....so, I rarely need to go to a bank branch.
And I pay it off every month...just like cash...just without the hassle...
Re:so.. (Score:3, Funny)
like the 'tard girl I served once who was buying two apples and wanted to pay with two separate card transactions because one was for a friend and she couldn't work out how much her friend would owe her otherwise.
in my experience, anyone paying for a transaction of less than 1 pound with a card is doing so because they're too retarded to be allowed to carry coins (probably for fear of eating them). YMMV.
Re:so.. (Score:2)
THAT's why.
Re:so.. (Score:2)
From the damn /. blurb: "When the owner receives a new card, he or she speaks a password into the sensor on the card. If the voiceprint matches, the card is activated.""
Why? To prevent identity theft, rather than pickpocketing. A lost or stolen card can be deactivated with one phone call. Someone getting a card in your name and having it sento to their PO box isn't going to ring any bells till after they've run up a few thousa
Old Fashioned Way... (Score:2, Insightful)
How is this inconvenient? I had to go into the branch to open the account anyway, going back a week later to pick up my card wasn't that bad.
Before thinking of expensive new ideas like this people should really sit back and think do people really need this technology?
Re:Old Fashioned Way... (Score:2)
I personally think this is their best idea so far. (Score:5, Funny)
oh good! Cause that *CANT* be beaten (Score:5, Funny)
Re:oh good! Cause that *CANT* be beaten (Score:3, Funny)
Thief: Errr.... I have a cold. Yeah, that's it. A cold.
Re:oh good! Cause that *CANT* be beaten (Score:5, Funny)
Thief: Errr.... I have a cold. Yeah, that's it. A cold.
Checkout Chick: Ok, like it's my problem or anything anyhow. Please enjoy all your new, easily resold wide-screen tv's.
Re:oh good! Cause that *CANT* be beaten (Score:5, Funny)
Hello.. my.. name.. is.. Werner Brandes.. my.. voice.. is.. my.. passport.. verify.. me?
Re:oh good! Cause that *CANT* be beaten (Score:2)
"Damnit, the machine isn't accepting my card. What do I do?"
(pause on phone)
"Are you sure? Okay."
*Kicks down card reader*
"It worked!"
Re:oh good! Cause that *CANT* be beaten (Score:2)
Cracked in 4 seconds (Score:4, Funny)
Build card reader for voice print
Step 2:
Download voice print to your MP3 player
Step 3:
PROFIT!
even lower tech (Score:4, Insightful)
Step 1: steal identity and get credit card mailed to oneself, shameless thief.
Step 2: record your voice onto some shmoe's card.
Step 3: PROFIT!
Credit Card pranking is over then? (Score:2, Interesting)
I tried it, it's no problem, just sign all of your bills "It's Me", no one cares.
Re:Credit Card pranking is over then? (Score:2)
What I find disturbing is the outcome of the prank.
Scammer sending him virus and DoS-ing his website is alright, but then in a short while Jeff himself disappears completely, noone can find him, his email and websites all go down, what the hell?
I mean we all know that playing with scammers might get dangerous, so why don't the guys who do this check up on each other to make sure they are fine? I mean, from the way it looks it might be that scammer arranged for Jeff to be k
Got to be better than the system here (Score:5, Insightful)
Because, as we all know, typing your PIN into someone elses computer system is by far the best way to keep it confidential.
ATMs are at least owned by the bank and significantly harder to tamper with in a non-obvious way.
Re:Got to be better than the system here (Score:2)
In most smaller retailers, the terminals (including the keypads) are provided by the banks' merchant services division.
For the rest, they have to be certified equipment, from authorised suppliers, and be tested on site and approved [chipandpin.co.uk] before rollout by your merchant services provider. Aquirer Acceptance Testing is by no means a walk in the path - it's a rigorous process.
If you have unapproved equipment, then you don't escape the liability shift [streamline.com], and are now liable (in the UK anyway - different countr
Re:Got to be better than the system here (Score:5, Informative)
The pin pad is the only device in that chain that is secured at all. The pin pad is tested, and has to meet very, very tough standards. Your pin is not stored on the device, and the credit card terminal cannot get the actual pin number from the pin pad. All that comes from the pin pad is a big pile of "garbage" that is some sequentially ordered 3DES encrypted data that at one time resembled your PIN number. This block of encrypted data cannot be retransmitted, and if it is, it will be denied.
During our testing phase with the terminal (not the PIN pad, we just bought those from someone else), the other programmer that was working on the code messed up some offsets and was not giving the correct PIN data to the test site. This got right past the testing, because even the merchant services test system cannot decrypt the data that comes out of the PIN pads. The rest of your data (including the entire contents of your magnetic strip, which in no way shape or form contain your pin number), is just sent across the wire in plaintext via 2400 bps modems. There was also no security testing of our terminal at all, and there is not even a requirement that credit card numbers aren't stored.
So, the moral of this story is this: If there is one thing to trust in the whole credit card processing world, it is this: Your PIN is the most secure part, unless the PIN pad has been tampered with (aka, has a new set of buttons over the old set of buttons, or a camera to capture your finger movements, because opening up a PIN pad will destroy the key stored on the pad, and will render it useless) that part is secure.
Why does a SSN need to be attached? (Score:5, Interesting)
The worst response? "You need it on your account for your protection". Oh really? Until, I don't know, 1 of the 100 forms my SSN is one gets scanned and posted somewhere on the internet.
And for those that think it can't happen, some dipshit made a family tree of all of my family across the country and posted it on the internet... 1 out of 10 (out of ~600 people... this tree goes back pretty far) has a SSN posted and it's now in google's cache.
So I ask again... why is a SSN required for a bank account? What about those people withouth SSNs?
Re:Why does a SSN need to be attached? (Score:2)
Of the dead.
Of course, it's not like the information isn't publicly available from the Social Security DEATH Index.
Odds are... this is what that other guy is doing, too.
I figure, if someone wants to use my dead mom's SSN let 'em. This is going to affect me HOW?
Now, with regards to the SSNs of any of my living relatives that's a different story. It's not like I go asking my brothers all the time, "Hey! What's your SSN?"
Re:Why does a SSN need to be attached? (Score:2, Interesting)
Re:Why does a SSN need to be attached? (Score:2)
Re:Why does a SSN need to be attached? (Score:2)
$10,000, OR a series of smaller transactions which a bank thinks a regulator MIGHT think could eventually add up to $10,000. In other words, any two transactions that make the teller think: ``Ooh, that's a lot of cash.''
Re:Why does a SSN need to be attached? (Score:2)
So in all fairness.. this only hurts the honest people. So yea, banks don't need a SSN.
Re:Why does a SSN need to be attached? (Score:3, Informative)
Heh... (Score:4, Funny)
so record it... (Score:2)
And what will happen when you're cold and your voice is not the same? In fact, teenagers would not be able to use it from one year to another
Re:so record it... (Score:2)
too lazy to RTFA so someone explain... (Score:2)
Re:too lazy to RTFA so someone explain... (Score:2, Funny)
Re:too lazy to RTFA so someone explain... (Score:2, Insightful)
They have a problem with their eyes, not their hands. They sign their name.
I would be real impressed... (Score:4, Interesting)
It would be rather sad trying to pay for caugh drops with ATM/CC but unable to do so because the sore throat is causing your voice print to shift.
SSN on check? (Score:2)
Re:SSN on check? (Score:2)
Re:SSN on check? (Score:2)
At any rate, in order to facilitate check usage, they put their driver's license number right onto t
Hello? (Score:2)
Next stop: the Sony Store!
Does anybody remember LAUGHTER? (Score:5, Funny)
Coworker A: huh huh huh... huh huh huh... it's not letting me in... huh huh huh... oh wait I think I changed it... huhhuhuhhuhuh huhhuhhuhuh... huhhuhuhhhuh... no, that doesn't work either huh huh huh...
Coworker B: Here, I'll log in for you. hahahahah!
Coworker A: Huh huh huh thanks!
Re:Does anybody remember LAUGHTER? (Score:2)
Coworker B: Here, I'll log in for you. hahahahah!
Coworker A: Huh huh huh, you said log.
we're doomed (Score:2)
Working in the wrong direction (Score:3, Interesting)
Re:Working in the wrong direction (Score:4, Funny)
Oh, man, I'd love to see a story about that posted on Slashdot. The comments. The comments! It would be hours of fun.
Re:Working in the wrong direction (Score:3, Interesting)
My GF had a new card stolen from her mail, and only noticed 3 days later when her account was empty. The police went to the store where the largest purchase was made and caught the thieves from the CCTV footage.
I'm going with the 'public place, CCTV warnings all over, you should expect your privacy to be compromised, especially since you're on someone else's property' position.
Flame on
Slightly on-topic (sorry, I had to), some form of card initialisation w
That's been done for years... (Score:2)
As a former retail worker I can tell you that store number, date, time, register, and cashier number have been printed on receipts for several years, if not a decade or two. They may not be in an easily recognized format, but you didn't think all those meaningless numbers at the top and bottom of your reciepts were actually random, did you?
As for tying it into the security cameras & keeping tapes long enough to review d
Re:Working in the wrong direction (Score:2)
2) every last measure like this will be thwarted. the best way to reduce fraud is to reduce the number of people committing fraud.
3) "most folks" do not want to do anything more than swipe their card and go. extra authentication does two things:
a) slow down checkout lines
b) create an artifical market for the authentication technology
Why not SMS? (Score:5, Insightful)
I don't have a cell phone... (Score:3, Insightful)
Really, I don't.
Re:I don't have a cell phone... (Score:2)
Re:Why not SMS? (Score:2, Insightful)
Mobile Phone Shop Person: OK, Cash or Credit?
Me: Credit
Mobile Phone Shop Person: Sure, enter your card here. Now we'll just wait for VISA to SMS you for authorisation....
Me: errr.... *leaves*
Re:Why not SMS? (Score:2)
Re: (Score:2)
Re:Overcomplicated solution to a simple problem (Score:2)
Global infrastructure problems (Score:2)
Too bad if you have throat cancer (Score:2)
Paypal Authentication (Score:3, Insightful)
Require you to put in your work phone number and then an automated system phones it and asks you to authenticate what is onscreen by touchpad. Atleast with this method of authentication the hackers have to spoof more than one method of communication and would leave a rather sizeable paper trail of changing account data.
Not like reading the extra 3 digits off your card into a computer system so that someone else can steal those digits and reuse 'em.
This post started out with better ambitions. Stupid boob tube, oh how you distract me!
I Want Biometric Choice! (Score:2, Interesting)
For example, it has a module on which I've stored my thumbprint (the module will only verify my print. It won't give out the data). I strobe it and a unique credit card number appears which is only good for that transaction.
Or perhaps I can write my own custom module which requires me to tap out a randomly generated five character sequence that it displays in Morris code accurately in less than
There's your problem: (Score:2)
I am sure there's a logical explanation why you're still doing this - I just don't really see it.
(the other thing I never figured out, is: the US dollar is the most forged currency in the world, and yet, it's also on
Re:There's your problem: (Score:2)
Re:There's your problem: (Score:2)
Therefore, replacing the bills with something more advanced and harder to forge, is possible albeit not simple.
Re:There's your problem: (Score:2)
First, If you call all us US folks "yanks" that's okay... but there are huge swaths of folks in this country (mostly in the southeast) that calling them a "yankee" will get you in a whole heap of trouble. Word to the wise if you ever visit. ;-)
Secondly, checks are really on their way out here, too. I draw exactly two checks a month. One's the electric company and I do that on the web, so does that even count? The other is my water company, which is a tiny little mom and pop operation with about 700 cu
Read Schneier on Two-Factor Authentication (Score:2)
Biometrics DO NOT WORK (Score:3, Insightful)
Comment removed (Score:4, Insightful)
Re:First things first (Score:3, Informative)
And yet it goes nowhere. There's a myriad of reasons for this, but one of the biggest is that it makes little difference. Very little credit card fraud is perpetrated by people who are using someone else's physical card. The main security system on that fraud is purchase pattern/auditing systems and the ability to kill off the card.
Most credit card fraud is online and/or via altered cards (like with the criminal's name and if
Re:First things first (Score:2)
Don't forget that at one time not all states required a photo on drivers licenses. I know one person who (20+ years ago) had to have here photo visa card with her all the time because her drivers license didn't have a photo. (It was optional in that state for some people and she met the requirements so they didn't even try to get her in for a photo) Her school checked photo Id for tests, so her Id was her Visa. Write a check and the clerk needs a photo id - Visa again.
If you need to present two forms
Only Slightly Effective (Score:3, Informative)
- Identifying people who phone a bank (ie. for phone services or ordering a credit card)
- When people first receive a credit card, they speak to it to activate it
But, here's what this type of biometrics fails to address:From TFA, "Over-the-phone fraud already affects 12% of all banks offering e-payment services." 12%? That's it? Of all the banks offering electronic/phone services, only 12% have ever been affected by over-the-phone fraud, which this new technology is supposed to help prevent? That makes me think that most credit card frauds are being conducted another way.
Point two: This type of biometrics does nothing to protect consumers if their card or card number are stolen after their card is activated. Continuing from my above comment about how most frauds actually happen, I'd wager good money that most credit card frauds do not occur from cards being stolen from the mail before they're activated; rather, I'm guessing that most frauds happen because the little numbers on someone's card are stolen.
They need to rethink their manner of usage if they want this new biometric scheme to be anything more than a headache (I mean, how many different things could go wrong with a voice-recognition chip embedded in a little card?). I mean, a voice-authentication system is definately a better scheme than asking someone what their birthday is, but there has to be a more effective way of using it than this.
Won't help with online fraud (Score:2)
helpdesk will suck (Score:2)
Online, counterfit (Score:2)
Hmm, won't do anything to stop people with your card details spending online (or through mail order / telephone order).
Also not clear if it will prevent counterfiting, where someone swipes your card through a magnetic stripe reader. Get a blank card, copy the magstripe data onto it, and record your own voice print...
Voice recognition... still a pipe dream. (Score:2)
President Clinton's voice is too southern for todays voice recognition software to accurately recognize.
Re:Voice recognition... still a pipe dream. (Score:2)
In other words, this is really just another form of biometrics.
Of course the fact that you have a gallon of phlegm in your lungs, a hoarse voice from barfing and fever induced hiccups today because you've just caught avian flu may make paying for your medical visit a bit
I'm picturing 2001 now. (Score:2)
"Open the pod bay doors HAL."
"I'm sorry, Dave, you have reached your credit limit."
But, hey, I've had too much coffee today.
What a waste. (Score:2)
They need to fix checks not Credit/Debit transactions. On every check is all the information needed to perform check-by-phone transactions. I have been scammed this way twice (both times by credit card companies who wanted to use my account to pay someone
Sinus Surgery (Score:2)
A minor concern, but I guess I would likely need to retrain any voice programs at this point in time. I do know that my cell phone auto dialer is not working anymore, but then again, it was never a very reliable voice dial to begin with...
it's all digital.... (Score:2)
Voices would it seem need to be encoded into digital format to be useful. I.e. you do a match on the numberic voiceprint stored in the card vs that stored in a database.
Oh poo. There's a database involved somewhere--that also means that merchants will want to capture and store those fingerprints to prevent chargebacks.
Double poo. There's a second set of databases involved--ones which are often guarded willy-nilly (if at all).
Maybe I'm m
Re:it's all digital.... (Score:2)
Note to self: preview. preview!
Amputated fingers and other biometric consequences (Score:2)
The whole idea that a "key" that is a part of your body is somehow more secure than a manufactured gadget you carry with you has more emotional than logical appeal.
I still don't see the security (Score:2, Informative)
worried people (Score:2)
Doctor Who Reference (Score:2)
Reminds me of the old quote by Borusa:
that he ironically used to key a lock with a voice print...
So no more cough medicine on credit card .. (Score:2)
Yawn. Move along, just another dotcom idea lying on teh floor, nothing to see..
Siblings (Score:2)
Re:Password? Phrase would be better... (Score:2)
Re:Puberty (Score:2)
Re:Puberty (Score:2)
debit cards are tied to your checking account and make a direct withdrawal from the account when used, there is no line of credit involved (though sometimes you can use a debit card as a credit card). The limit on the card is a combination of a limit you set up with the bank, the banks overdraw rules, and the amount of money in your checking account.
Re:Puberty (Score:2)
Btw, I've never had a credit card, had my debit card for yrs though
Re:What's wrong with just putting a damn photo on (Score:2)
So, to provide enhanced security with a picture would cost a lot of money. It's not the cost of putting the picture on the card, it's the cost of verifying that the picture matches who the card says it