Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Mitigating Credit Card Fraud with Dynamic Security Code

IP.com Disclosure Number: IPCOM000240817D
Publication Date: 2015-Mar-04
Document File: 2 page(s) / 28K

Publishing Venue

The IP.com Prior Art Database

Abstract

Instead of spending millions of dollars on preventing criminals from stealing credit card information, the article describes a method to make the stolen information irrelevant to criminals for the purpose of making fraudulent purchases.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 46% of the total text.

Page 01 of 2

Mitigating Credit Card Fraud with Dynamic Security Code


Background
Credit Card fraud is prevalent and takes many different forms. Problems like the one at Target Corporation in December 2013, where card data was skimmed at point of sale, cost the retailer and card companies millions of dollars in addition to irreparable damage to reputation and consumer confidence . The card data could be used to make fraudulent purchase online using the stolen credit card information . Today, the focus continues to be on preventing hackers from stealing card information using a combination of software encryption and business process control to minimize exposure of this sensitive information . Solutions that necessitate replacing point of sale authentication systems used all over the world today are cost-prohibitive and inconvenient.

Dynamic Security Codes


Instead of spending millions of dollars on preventing criminals from stealing credit card information , the article describes a method to make the stolen information irrelevant to criminals for the purpose of making fraudulent purchases. Take for instance the Card Security Code (also known as Card Verification Value) which is a static, fixed value printed on the card today. By dynamically generating the security code at some interval (say every 5 minutes), even if a hacker manages to steal credit card data, as soon as a new code is generated, the stolen data cannot be used to make fraudulent online purchases as the card provider's authentication servers would reject the transaction due to security code mismatch .

New Credit Cards


To implement this idea, card companies will need to issue new credit cards that have a low -power chip that generates and displays a new security code at some interval. The interval could be fixed or variable but typically <= 5 minutes. While this increases the cost of a card, it offsets the millions of dollars that are spent today on fraud prevention and post-fraud liability by making stolen information irrelevant in minutes . The new credit card would still have the magnetic strip for it to seamlessly work with thousands of existing card readers.

The algorithm to generate the dynamic security code will be proprietary to the card provider . The code will be based on card holder data (like card number, SSN, location, etc.) and take factors like timestamp into producing a new code. When a request is sent to the authentication server, the server will run the same algorithm to compute the dynamic security code and approve the transaction if its computed dynamic code matches with what was sent in the authentication request. This approach does not require any communication between the server and the card to synchronize on the new security code . Instead, both sides independently generate the code and the authentication server validates that they are the same prior to authorizing a transaction.

In

In-

--person purchases

person purchases


For in-person purchases, existing magne...