Netswipe Webcam-Based Card Reading

July 26, 2011

A lot of brilliant people are making some phenomenal progress in credit card processing and card security methods, and this new method of using your webcam to capture credit card data for purchases sounds intriguing.

They have some of the nitty gritty in the press release, but I’ll try to break it down somewhat. Right now when you buy stuff online, you have to manually enter your credit card data. And a lot of personal data. I think most retailers require billing address, CC number, CVV, and blood type. All this data is encrypted a TON and fired off to the retailer, who then runs the card and sends you some coulottes or mustache wax. I buy weird stuff. What’s really unfortunate is that the data can still be compromised/captured en route to the PC via keyloggers and other assorted malware designed to steal your stuff.

Enter Jumio and Netswipe. Rather than hand enter data, your webcam opens a secure connection to an authentication service, and you hold your card in front of the webcam while it gets a read. It might also see your messy apartment, but I don’t think it will judge. You use your mouse to enter the CVV so keyloggers just see some clicks, and the transaction’s complete. They mention that this could be used at businesses as well, my guess would be via a 2D barcode scanner that can also capture images.

I think Netswipe has the potential to minimize a lot of fraud that occurs online. You actually need the card to make the transaction, so you cut back potential users to those who own the card, or may have physically stolen it. Although a well-printed duplicate may also work, I’m not sure how that plays out. Since the CVV is entered by mouse clicks instead of keystrokes, you also eliminate another chunk of data that could be stolen.

My only worry would be malware designers building for this new capture method, where they either capture the video stream, or set the camera to take a still image after the transaction’s complete, so then they get a nice crisp image of the card instead of the keyboard-entered data. But I’m sure the Jumio developers are looking at a variety of ways to minimize abuse.

In the meantime, there are methods to secure transactions at the point of sale. The MagTek Centurion card reader offers hardware encryption that is only decrypted by your credit card processor. I’ve mentioned previously that businesses are starting to get fined for data breaches, so taking steps to secure sensitive data now will definitely save you time and money in the long run.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: