Feeds

Boffins test voice-activated secure credit card

Give me the bl**dy money!

  • alert
  • submit to reddit

Securing Web Applications Made Simple and Scalable

Boffins have developed a credit card that works only when it hears its owner's voice.

A prototype card from Santa Monica, California-based Beepcard comes with a built-in voice recognition chip, miniature battery, microphone and speaker.

To operate the card a user would need to press a button on the card's surface and provide a password. If the in-built voice recognition technology authenticates this voice then it emits an variable audible squawk, which a merchant's server can recognise and thereafter allow a transaction to proceed. The system would allow merchants to establish a customer has a card and is the authorised user for customer not present transactions, a notorious source of credit card fraud.

The technology is based on a refinement of a non-voice activated version of the card (which could only establish that a person had a credit card; it still might be stolen). In the case of both old and new technologies the audible signal from a card differs according to a preset order known by the server, but unfathomable to crooks. The principle is the same as that used by two-factor authentication devices commonly used for authenticating remote access.

Although two-year battery life isn't a problem with the prototype card (whose circuit is only switched on when its button is depressed), size is more of a challenge. The prototype card is three times the size of a regular credit card. Also merchants would have to support Beepcard's technology.

Visa, which already makes some use of voice recognition technology on telephone calls, is cautiously enthusiastic about the idea. "It's an interesting idea but the transaction has got to be user friendly. You wouldn't want to increase the time it takes," Visa spokesman Colin Baptie told New Scientist.

Respected security expert Bruce Schneier is far more enthusiastic. ""It's a physical authentication system that doesn't require any special reader hardware. You can use it on a random computer at an internet cafe. You can use it on a telephone. If the price is cheap enough, Beepcard has a winner here," he writes in his monthly Cryptogram newsletter. ®

Related stories

UK credit card fraud down 8%
Retailers must embrace Chip and PIN. Or else
Anti-fraud scheme saves retailers £2m
Online fraud, ID theft soars
Shoppers warned of £110m card not present fraud
Opera browser to recognise speech
Insurer taps voice analysis tech to detect fraud

The smart choice: opportunity from uncertainty

More from The Register

next story
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.