Google Play icon

‘SafePay’: First anti-fraud system to use existing credit card readers

Share
Posted September 28, 2015

From large-scale data breaches such as the 2013 Target case to local schemes that use skimming devices to steal data at the gas pump, credit card fraud is becoming commonplace. Because existing magnetic card readers use plain text to store confidential information, they are vulnerable to an untrusted card reader or skimming device. Analyst firm Alite Group estimates that this vulnerability is adding up to $8 billion in incurred losses per year in the U.S.

SafePay transforms disposable credit card information to electrical current and drives a magnetic card chip to simulate the behavior of a physical magnetic card.

SafePay transforms disposable credit card information to electrical current and drives a magnetic card chip to simulate the behavior of a physical magnetic card.

Solutions have been proposed—such as integrated circuit cards and mobile wallets systems. However, they are incompatible with current systems, making them too costly and time-consuming for retailers to implement.

For the first time, researchers have developed an inexpensive, secure method to prevent mass credit card fraud using existing magnetic card readers. The novel technique—called SafePay—works by transforming disposable credit card information to electrical current and driving a magnetic card chip to simulate the behavior of a physical magnetic card.

The research, led by Yinzhi Cao, assistant professor of computer science and engineering at Lehigh University, with coauthors Xiang Pan and Yan Chen from Northwestern University, will be presented at the IEEE Conference on Communications and Network Security, September 28-30, in Florence, Italy. The study will also be published as paper, “SafePay: Protecting against Credit Card Forgery with Existing Magnetic Card Readers.”

“Because SafePay is backward compatible with existing magnetic card readers, it will greatly relieve the burden of merchants in replacing card readers,” said Cao. “At the same time, it will protect cardholders from mass data breaches.”

Broadly speaking, SafePay is related to Cyber-Physical Systems (CPS), which are systems consisting of computational elements that control physical entities. The computational elements in SafePay consist of a mobile device and a server which distributes disposable credit card numbers. The physical entity is the magnetic credit card chip controlled by a mobile application inside a customer’s mobile device.

The paper outlines the overall architecture and server-side deployment model, the design of SafePay, prototype implementation and security analysis.

Here’s how it works: First, the user downloads and executes the mobile banking application which communicates with the bank server. During transactions, the mobile application acquires disposable
credit card numbers from the bank server, generates a wave file, plays the file to generate electrical current, and then drives the magnetic card chip via an audio jack or Bluetooth.

The critical elements that make SafePay unique are:

•    Disposable credit card information that expires after a limited time or number of usages (i.e., just one time) so, even if the information is leaked, it cannot be used for future transactions.
•    A magnetic credit card chip that makes it completely compatible with existing readers. In the evaluation, the researchers show that the cost of the magnetic card chip is about fifty cents, and could be even lower if manufactured in large scale.
•    A mobile banking application that automates the process making it extremely user-friendly.

Cao and his colleagues conducted real-world experiments with the SafePay technology performing transactions with a vending machine, a gas station and a university coffee shop. During the experiments, they used a bank application, cell phone application and magnetic credit card chip. The disposable credit card information was acquired from ShopSafe by registering several disposable credit card numbers with Bank of America. In all three scenarios, the SafePay method worked and the transactions were successful.

Source: NSFLehigh University

Featured news from related categories:

Technology Org App
Google Play icon
86,061 science & technology articles

Most Popular Articles

  1. NASA Scientists Confirm Water Vapor on Europa (November 19, 2019)
  2. How Do We Colonize Ceres? (November 21, 2019)
  3. Universe is a Sphere and Not Flat After All According to a New Research (November 7, 2019)
  4. Scientists Reverse Dementia in Mice with Anti Inflammatory Drugs (5 days old)
  5. Scientists created a wireless battery free computer input device (December 1, 2019)

Follow us

Facebook   Twitter   Pinterest   Tumblr   RSS   Newsletter via Email