Will Target Credit Card Disaster be the Tipping Point for Mobile Banking?


Target has managed to become the poster child for security ire, having lost around 40 million credit and debit cards. It's the latest documented breech of credit card security. Financial institutions have to be thinking how to migrate away from the increasingly exploited system of numbers, plastic and mag stripes, especially as lawsuits start arriving.

Credit card authentication has been lame for years, as my numerous credit card replacements over the past 24 months can attest.  A card is swiped or entered in on line, sometimes accompanied with a three (yes, 3 whole digits) security authorization number on the back.  The card number is run against a database to confirm the security authorization number along with the purchase amount -- mostly to see if you are up against your credit limit, and a cursory geographic check if it is an in-person purchase.   On-line purchases get scrubbed a bit more carefully with looks at with IP addresses and purchasing websites due to the anonymous nature of the Internet, but that's about the extent of additional verification.

For years, telecom carriers have dreamed about holding the mobile wallet, and fumbled through various iterations of offering financial services. The latest variation on the theme has been using NFC (near-field communications) to enable touch-payments with (presumably) better security.  On a larger scale, the phone can provide multiple physical bits to authenticate with including Wireless MAC address, IP address on a network, and phone number. 

The trick to more secure payments is combining the existing financial credit card verification system with the mobile world while keeping both sides separated as much as possible.  The credit/debit card industry would hold one authentication "keys" and the mobile phone network would hold the other one or ones.  Making a purchase would require the phone and credit card information.  In theory, the credit card numbers could/would reside on the phone, with separate processes validating the two pieces at the point of sale. A phone could be stolen, but only one phone or two phones would be uniquely mapped to a small set of accounts.

Further security could be encouraged by keeping credit card numbers separate from the phone, using a mag card swipe and a NFC tap or some other mechanism  (WiFi MAC query) to provide two-factor authentication with card and phone.  Additional protection is provided by keeping cards and phone separate; if one is lost, the other one can provide some funds while limiting bigger purchases and/or subject to increased scrutiny.

The final step in the process may be in providing multi-factor biometric authentication at point of sale.  Voice and finger prints may be possibilities, but a simple photograph of the card holder might be better and harder to defeat.  Rolling in face detection could provide a better -- but a bit more costly -- solution for kiosk sales, self-checkout and busy lines. 

Edited by Cassandra Tucker

Contributing Editor

Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More