Could dissolving credit cards and iris scanners change the way you bank?
Hackers and fraudsters are becoming more high-tech – but banking security is evolving to fight back. Which? takes a look at the next wave of game-changer products and features designed to keep your money safe. Dissolving credit cards, iris scanning and credit cards with dynamic PINs might sound like science fiction but these developments are on the cusp of becoming mainstream. Which? explores the not-too-distant future of banking security with six innovations to watch out for.
Dynamic PINs and CVVs
The Da Vinci Choice card has dynamic CVV, expiry dates and PINs that change at the push of a button. The technology allows you to link up to eight Visa, Mastercard or American Express cards onto a single card. You select the account you want to use and enter your real PIN onto the card itself – rather than at an ATM that may have been tampered with, or at a card terminal surrounded by prying eyes. This generates a one-time-use PIN or CVV you can then use at the checkout or at an ATM. On top of the traditional chip and magnetic strip, the card has a screen, keyboard, processor and battery built-in.
The innovation has the potential to wipe out card-not-present fraud as key details needed for payment (like the PIN and CVV) constantly change, and the PIN that creates them is never directly entered onto devices which can be hacked. You can see the Da Vinci Choice card in action in our video below.
The Da Vinci Choice card is in the final stages of testing and will be available in the next couple of months for a one-off fee of £75 or £7.50 a month. However, founder Simon Hewitt, a former chief security officer of Westpac Banking Corporation, one of Australia’s biggest banking groups, says the technology could easily be adopted by banks to for mainstream credit and debit cards of the future.
Find out more: new pays to way – our guide to contactless cards and innovative payment Fingerprint card verification
Most of the big banks allow you to use smartphone fingerprints scanners – like Apple Touch ID or Android Fingerprint – to access your mobile banking. Now, that tech is being applied to making card payments more secure. One new development from Mastercard uses fingerprint recognition instead of a PIN to authenticate the cardholder at a terminal. Your bank will ask you for a fingerprint scan, which will be stored in an encrypted digital template of the card’s chip. When a customer places a finger on the embedded sensor on the corner of the card, it is matched against the encrypted record and authorises payment. Mastercard told Which? that the technology is ready to go but is reliant on card issuers offering the feature to customers.
‘Selfie’ security Facial and voice biometric technology is also becoming mainstream. First Direct was an early adopter of voice ID and is also one of the first mainstream banks to embrace facial recognition technology enabled by the new iPhone X. Customers with the device can unlock their mobile banking by looking into their mobile phone camera. Last year, TSB became the first bank to use iris scanning, which means customers with a Samsung Galaxy S8, S8+ or Note 8 can login to their mobile banking just by looking at their phone.
Security experts believe iris scanning is the most secure form of biometric authentication today, with 266 unique characteristics, compared to 40 for fingerprints. However, getting access to this sort of high-tech security comes at a price, as you’ll need the latest smartphones to support it – so the cost could be prohibitive for some.
Contactless cash machines
Barclays is rolling out contactless cash machines that allow customers to withdraw money by tapping their smartphones or contactless card. The technology is designed to eliminate the risk of fraudsters stealing your pin number at the ATM by distracting you or using card-skimming devices. Using the Barclays app, customers can select how much they want to take out and type in their PIN on their mobile phone.
They will then have 30 seconds to tap their phone against the contactless reader on the machine, which will then dispense the cash. The service was initially launched in the north of England in 2016 but the success of the pilot means the machines will be rolled out to more branches.
Iowa State University’s material division is exploring ‘transient materials’ that could be used to make the credit cards of the future safer. Reza Montazami, assistant professor of mechanical engineering, is researching special polymers that melt when a trigger is activated.
It would mean a lost or stolen card made of the materials would potentially be able to ‘self-destruct’ from a remote signal, leaving a fraudster empty-handed.
The project hit the headlines in 2014 and Montazami told Which? the area is still very much a major research project for him and his team. Confirmation of payee check While less dramatic than other examples, one of the biggest developments for the future of banking security is the introduction of Confirmation of Payee.
This system will allow you to check the name of the account holder you are transferring cash to before you hit send – so if it doesn’t match up, you’ll know something fishy is going on. The simple change could help prevent devastating bank transfer fraud, where criminals trick people and businesses into sending huge sums of money to bogus accounts.
In the second half of last year, an estimated £100 million was lost to bank transfer scams. The change is expected to be rolled out to by the end of 2018.
What are the risks of innovation?
Biometrics is no doubt the future of banking security. More and more banks are moving away from increasingly complex passwords and PINs to using unique body parts that can acts as a digital signature. However, biometrics in isolation could leave you vulnerable.
After all fingerprints can be lifted, voices mimicked, facial recognition security fooled and iris scans replicated. Which? has long advocated multi-factor authentication with a combination of possession (smartphone, tablet, keycard), knowledge (password, PIN or security question) and inherence (fingerprint, voice, facial or iris scan).
To read the full article click here >