This is far from the first implementation of this kind of thing
Eugh, I'd never use this. I like having all of my CC info memorized for the sole purpose of [I]not[/I] having to pull out my card every time I buy something online. Not to mention that if you were buying shit from Amazon or something similar you'd have to edit your card info every time you wanted to buy something.
Does it automatically remagnetize with the new code?
[QUOTE=The golden;51166600]So if you use it for online purchases...how does your credit card company know which code is currently active for your card?
When you enter your credit card info into a a website and hit "Buy" it sends that details to your credit company who verifies it. How will this work when they don't have a clue which number is currently active on your card?
Unless they use an algorithm for producing the number based off your card's number. But then it's not truly random and with only 3 digits - would be easy to crack.[/QUOTE]
Same principle as SecurID tokens, [url]https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator[/url]
They're both set up to generate the same number at the same time based on a synchronised clock. Bruteforcing would be impossible since the number regenerates periodically and the card would be locked after too many failed attempts
[QUOTE=kaze4159;51166639]Same principle as SecurID tokens, [url]https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator[/url]
They're both set up to generate the same number at the same time based on a synchronised clock. Bruteforcing would be impossible since the number regenerates periodically and the card would be locked after too many failed attempts[/QUOTE]
Reverse engineering is an issue with these things.
[QUOTE=Map in a box;51166713]Reverse engineering is an issue with these things.[/QUOTE]
I don't think I have ever seen a hacked SecurID token. They typically self-destruct when tampered with.
[QUOTE=pentium;51166981]I don't think I have ever seen a hacked SecurID token. They typically self-destruct when tampered with.[/QUOTE]
To date, I don't think there has been one, but there's always the server end and then just brute forcing the formula it since its only 3 digits based on the time. Its a potential risk and a massive one at that because once one unit is figured out, all of them will be.
[QUOTE=Map in a box;51167010]To date, I don't think there has been one, but there's always the server end and then just brute forcing the formula it since its only 3 digits based on the time. Its a potential risk and a massive one at that because once one unit is figured out, all of them will be.[/QUOTE]
I mean, if it uses cryptographically secure random number generation based on a secret seed it shouldn't be an issue.
My credit card uses SMS TANs, which is probably more secure than this (but costs 40 cents a use now for whatever reason. I may switch to their app).
I like (one of) Germany's system(s) regarding online banking: You can get a cheap TAN generator that uses the chip on your debit card, and also displays the transaction information when you use it on the separate device. That way you can't have a virus fake the data that is displayed.
Sorry, you need to Log In to post a reply to this thread.