Grim irony alert: You know those new smart chips on your credit card? They’ve actually triggered a virtual crime wave. Hackers and identity thieves, in a rush to exploit the old magnetic swipe cards while they still can, stole an estimated $4 billion in 2016 — a new record.
The smart chips are expected to prevent fraud in the long term, but banks are already thinking of the next big defensive maneuver: A digital update to World War II cipher technology that will replace that three-digit code on the back of your card.
According to new patent filings, the U.K. bank Barclays plans to deploy a new kind of ultra-secure bank card that will use a tiny keypad and digital display on the card itself. The bank card will also incorporate an encryption system similar to that used by famous wartime Enigma machines, which encoded messages by generating constantly changing ciphers using pseudo-random numbers.
In a similar fashion, the new bank card encryption technology will generate codes at timed intervals, which will then appear on the digital display next to the signature line, according to U.K reports. Users will tap in their PIN on the card to generate the codes, which will replace the three-digit CVV number system that’s been in use for the last 20 years.
Inventors David Taylor and George French have secured a patent for the technology, which will also include Bluetooth and Wi-Fi connectivity. These features will enable contactless paymenttransactions similar to Apple Pay or Microsoft Wallet.
The constantly changing codes are intended to confound data thieves who use various methods get around the CVV code system. For instance, by using a distributed guessing attack, hackers can run a single credit card through thousands of online retail systems at once, often cracking the CVV number within seconds.
The new encryption system would prevent such brute force attacks, but would also require wide-scale deployment of supporting retail software and systems. The contactless payment options would also prevent theft from compromised card scanners and skimmers. And because users would enter their PIN code on the card itself, the new system would do away with the current system, in which users punch their code into hundreds of different machines.
A representative from Barclays told U.K. publication The Telegraph that, while there’s no timetable as of yet for the new system, the patent filing is part of an ongoing initiative to aggressively develop new methods for fighting bank card fraud.