I retired in April 2013 after 25 years as a librarian at the British Library specialising in inventions. This included running numerous workshops; writing books on inventions and a work blog; carrying out searches for clients; and one-to-one meetings with inventors. [more]


24 December 2016

Debit cards to become more secure

Today's Daily Telegraph has an article titled "Enigma technology to make new ultra-secure bank card" (online version).

It is about Barclays Bank's patent application for a more secure method for authenticating debit and credit cards. When "chip and pin" was introduced in 2004 in Britain there was a three digit code on the back. This can be used besides the account number and the expiry date to validate a transaction when the card is not present. For example when the payment is being made by phone or the Web.

The patent specification, Transaction authentication, published as a World application in November 2015, involves the card having a miniature keypad. The PIN is typed directly onto this keypad. That generates a fresh code which then appears next to the signature strip. The basic concept dates back, apparently to the German Enigma enciphering machines.

The concept has been hailed as the biggest development in anti-fraud devices since "chip and pin". It will replace Barclays Bank's sentry card readers, where account customers can access their accounts on the Web at home by using a stand-alone keypad.

The official summary of the invention is, to me, incomprehensible:

The disclosure provides a method of performing multiparty computation to carry out an operation, wherein the multiparty computation uses a plurality of parties arranged to jointly generate a result for the operation based on input data, the method comprising: each party of the plurality of parties generating corresponding intermediate data for use in generating the result; and performing a first authentication process on first authentication data, the first authentication data being based on the intermediate data generated by a first party of the plurality of parties, and, if the first authentication data fails the first authentication process, performing a corresponding predetermined action indicative of failure of the operation.

The article claims that the invention has been "patented" but my understanding is that it is awaiting grant (which would be done individually by region or country anyway). There is often confusion about the difference between publication of the application and of the grant of rights.

The UK suffered £755 million in losses due to banking fraud in 2015, and it is hoped that this new device will cut those losses. It will be interesting to see if the technology is kept for exclusive use by Barclays and its allied financial companies.

No comments:

Post a Comment