How quantum computing will improve credit card security

Pierluigi Paganini May 12, 2015

Quantum computing in credit cards introduces a new type of encryption (quantum cryptography) that will make magnetic strips and EVS solutions obsolete.

Nowadays getting credit card credentials it’s not difficult and you don’t need to have technical skills, you can just buy them in the dark web, but that’s may change in the future thanks to quantum computing.

Credit cards are exposed to numerous cyber threats, including malware and phishing, in particular malicious codes have being always very popular among crooks and they generate huge amounts of money.

The traditional U.S credit cards are based on the magnetic “swipe-the-stripe”, despite the technology is not considered secure by EMV, or Europay, Mastercard and Visa which offer also computer chip card. The EMV cards encrypt “transaction data on a per-use basis”, supposedly making them more secure, but don’t be mistaken they have flaws, part of it because the subject of security was poorly discussed in the past (there is a change for better nowadays).

Which is the improvement with the introduction of quantum computing?

The idea behind using quantum computing in credit cards is the adoption of a new type of encryption called quantum cryptography, in order to make magnetic strips and EVS solutions obsolete.

There is no easy way to explain the method, but in a short version, the researchers propose to use “quantum-secure authentication” (“QSA”), that uses a strip of nanoparticles in the credit card, that replaces the magnetic stripe of the common credit card.

These nanoparticles after would be exposed to a laser to create a different pattern every time, and because it creates a different pattern every time its makes impossible to copied it. The researchers sustain that this solution will make “unhackable” the credit cards, this means that the industry will save $14 billion per year that represents the overall loss related to criminal activities just in the US.

The experts confirm that this could be a tragedy for the principal black markets where the stolen card data are ordinary traded. Another side effect could be the reduction of financial malware used by criminal gangs, but I cannot agree with this scenario because I haven’t further information of the way the systems manage user data.

Even if there is a long way to get the “unhackable” credit card, if the technology can be developed with success this can mean that maybe we will have more secure passports as well, or a more secure ID card, driving license, stopping the ID theft, that is a huge problem.

credit_cards

As I told, we have to wait until this technology will be developed and adopted by principal card issuers, in the meanwhile there are some technology that can be used to protect users from frauds and online scams.

Once of most effective countermeasures are the “Dynamic CVV”, developed by Oberthur Technologies firm, which combines security tokens and credit cards.

To authenticate contactless credit card transactions, major brands such as Visa and MasterCard have built dynamic CVV codes into their contactless cards. A new security code is generate for each contactless transaction. If an attacker obtains the card he will be not able to use it because he will not able to generate the dynamic code.

Be aware Dynamic CVV codes are quite useful for contactless near field communication transactions, but could be not effective to protect point of sale (PoS) transactions. If a criminal is able to steal credit card’s data from magnet stripe by skimming it or by physical theft, it will be able anyway to use the card.

The solution is particularly interesting for  users that purchase many products online,

The “Dynamic CVV” will enter in the market in 2017.

About the Author Elsio Pinto

Elsio Pinto is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Pierluigi Paganini

(Security Affairs –  Credit card, Security)



you might also like

leave a comment