Visa pilots new payment card security initiatives

In addition to OfficeMax and Fifth Third Bank pilots, Visa plans new alerting for consumers.
Page:

Acknowledging the need for controls that go beyond those offered by the Payment Card Industry (PCI) Data Security Standard, a senior Visa executive Thursday described two new initiatives to reduce payment card fraud being tested by the company.

One of the pilots involves Fifth Third Bank, which is testing the use of magnetic stripe technology to create unique digital fingerprints for cards, said Ellen Richey, Visa's chief enterprise risk officer. Each stripe contains unique characteristics that can be captured and used to verify the digital identity of the card, Richey said during at a security event being hosted by Visa today. The goal is to stop the creation and use of counterfeit cards based on stolen payment card data.

Another initiative, being piloted by retailer OfficeMax Inc., involves the use of a challenge-response technique at the point of sale. The project is aimed at testing the efficacy of asking consumers to respond to specific questions such as their ZIP code, the last four digits of their phone numbers, or the first three digits of their area codes, as part of the transaction approval process.

Dan Roeber, vice president and manager of merchant PCI compliance at Fifth Third, said the bank had rolled out about 1,000 card readers to retailers who have not been informed about the pilot effort. The terminals are capable of reading the magnetic stripe information and creating a "DNA picture" of the card which is then matched during the authorization process, against baseline information for that card stored by the card issuer, he said during a panel discussion at the event Thursday.

During the pilot process, baseline images or fingerprints for a card are created when it is first swiped through one of the new readers, Roeber said. But going forward, if the approach works, baseline images for each card could be created and stored during the card issuing process itself, Roeber said. "Even if somebody gets into a database and makes fraudulent cards, the DNS fingerprints are not going to match," Roeber said. "The thing I really like about this technology is that there are no key management issues," as is the case with the use of end to end encryption for protecting cardholder data.

"We are very excited about this technology," he said.

Fifth Third is one of several "acquiring banks," which are responsible for authorizing retailers to accept payment card transactions.

Page:
More about: OfficeMax, Visa
References show all

Comments

1

marite ferrero

Mon 21/09/2009 - 02:55

VISA's Targeted Acceptance infringes on an existing patent. VISA also is fully aware of this patent's existence.

This USPTO patent with worldwide PCTs, USPTO 6931382 enables cardholders (and/or banks) to turn on or turn off their debit and credit cards. This system also enables the setting of different limits such as amount, geographical limits, time period, etc.

VISA applied for the same claims in March, 2002 (13 months after USPTO 6931382). VISA actually referred to this patent, since it is a prior art. VISA was not awarded the patent for their application since USPTO 6931382 got there first. VISA’s patent application is : 20030172040, Kemper Lynn et. Al, Assignee Name : VISA USA, Patent Law Firm : Townsend and Townsend, San Francisco, CA.

CardSwitch Technology Ltd. (www.cardswitchtechnology.com) offers this patented system.

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: pci standard, visa
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/149/dropbox/

Dropbox

Dropbox is a sharing tool that allows you to synchronize your documents, as well share files with others. It automatically uploads the files to the ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia