Bank card on/off switch technology could cut online fraud

Kansas City Central Bank launches a prepaid bank card users can switch off when they are not using, to prevent hackers accessing funds

Kansas City Central Bank in the US has launched a prepaid bank card that users can switch off when they are not using it, to prevent hackers accessing funds.

The Blinx On/Off card from Veritec allows the user to turn the card off and back on quickly by calling an automated system or with a few keystrokes online.

Although the method of security goes against the "always-on" nature of digital banking, one banking security source welcomed it.

“This is a very good idea as it gives the card-holder information and choice, so they can choose to deactivate if an unexpected transaction is flagged to them,” he said.

But he said it is unlikely to be fool-proof. “It should help a bit, but will not solve the whole issue, as I expect the system could be compromised if it takes off and attracts the attention of the bad guys.”

He said one possible security method would be to always set the card to inactive, with the user only activating it momentarily, at the point of the transaction. “I don't know if that is yet possible, but having a card system where cards are normally 'off' rather than 'on' could be safer," he said.

"That is, until the bad guys find a way to turn a card on.”

Hackers' progress

He said that, whenever a new defence comes along, if it gains popularity it will attract hackers: “So the cat and mouse game continues.”

In September 2014, US retailer Home Depot reported that hackers had compromised 56 million customer payment card records, and stolen 53 million email addresses.

Home Depot said it had traced the world’s second largest theft of credit card details from its systems back to a supplier’s compromised username and password.

The Home Depot breach is second only to the theft of 130 million payment card details from Heartland Payment Systems in 2009.

In May 2014 a breach at US retailer Target saw hackers steal 70 million records that included the name, address, email address and phone number of customers, and the details of 40 million credit and debit cards.


Read more on IT for financial services