Feeds

Boffins test voice-activated secure credit card

Give me the bl**dy money!

  • alert
  • submit to reddit

SANS - Survey on application security programs

Boffins have developed a credit card that works only when it hears its owner's voice.

A prototype card from Santa Monica, California-based Beepcard comes with a built-in voice recognition chip, miniature battery, microphone and speaker.

To operate the card a user would need to press a button on the card's surface and provide a password. If the in-built voice recognition technology authenticates this voice then it emits an variable audible squawk, which a merchant's server can recognise and thereafter allow a transaction to proceed. The system would allow merchants to establish a customer has a card and is the authorised user for customer not present transactions, a notorious source of credit card fraud.

The technology is based on a refinement of a non-voice activated version of the card (which could only establish that a person had a credit card; it still might be stolen). In the case of both old and new technologies the audible signal from a card differs according to a preset order known by the server, but unfathomable to crooks. The principle is the same as that used by two-factor authentication devices commonly used for authenticating remote access.

Although two-year battery life isn't a problem with the prototype card (whose circuit is only switched on when its button is depressed), size is more of a challenge. The prototype card is three times the size of a regular credit card. Also merchants would have to support Beepcard's technology.

Visa, which already makes some use of voice recognition technology on telephone calls, is cautiously enthusiastic about the idea. "It's an interesting idea but the transaction has got to be user friendly. You wouldn't want to increase the time it takes," Visa spokesman Colin Baptie told New Scientist.

Respected security expert Bruce Schneier is far more enthusiastic. ""It's a physical authentication system that doesn't require any special reader hardware. You can use it on a random computer at an internet cafe. You can use it on a telephone. If the price is cheap enough, Beepcard has a winner here," he writes in his monthly Cryptogram newsletter. ®

Related stories

UK credit card fraud down 8%
Retailers must embrace Chip and PIN. Or else
Anti-fraud scheme saves retailers £2m
Online fraud, ID theft soars
Shoppers warned of £110m card not present fraud
Opera browser to recognise speech
Insurer taps voice analysis tech to detect fraud

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.