Better Credit Card Security

While talking with a friend, who is enduring some unpleasantness the conversation turned to issues with using credit cards to buy things, like food for example. That got me thinking, how would I design a really strong way to prevent data breaches?

Encrypt everything!

Well, perhaps not that, but hash everything. Here’s what I talked myself into, of course none of this is rational because nobody will effect a planetwide shift in payment processing based on what this yokel has to say, but still, here goes.

Issuing Bank sets up credit account, there are four key fields that are important for the classic transaction, name, number, expiration date, and CVV2. I think one could also establish a timebased one-time-password secret as well, it would operate like Google Authenticator functions. So you’d need a secret that the bank generated for their systems and the physical card too. You’d need a smart chip on the card so it could forward the TOTP code to the credit terminal at the point of sale.

The bank sets up a TOTP secret, so it’s named JQP Credit Card (or account number or whatever) and the secret is: 6B57078FB88A4DD73E447D2647DCEC7D04C3D887951BA6A2D8DBA294E0B60579. This number is forwarded to the credit card terminal. Right now it’s 726995, but in thirty seconds it’ll be something else. Since the credit card terminal and the bank share sync’ed time via time.nist.gov, there is no risk that there would be some sort of mismatch between the two.

The customer goes to the credit card terminal and swipes, a value is entered and a timestamp is recorded, all of this is already parts of a credit transaction. The terminal can read the name, expiration, CVV2, whatever from the magnetic stripe and the smart chip forwards the TOTP code, then the terminal assembles this into a EDI transaction:

JOHN/Q/PUBLIC#1111222233334444#1015#170#726995 and applies SHA256 to it, to create:

621d3dd5a66277a7ab3737f306728e3c4bc5f3cd20c8730c37cc61c6575de0ba

This is stored in a database and then forwarded to the bank with the timestamp, so it’ll look like this:

987654321#621d3dd5a66277a7ab3737f306728e3c4bc5f3cd20c8730c37cc61c6575de0ba#15.09#1426615839

So the bank will be presented with a Customer ID, SHA-256, they’ll have the total dollar amount, and they’ll have Epoch time, or the number of seconds from 00:00:00 UTC, January 1, 1970. This could be easily done by a Linux kernel by the output of date -j -f “%a %b %d %T %Z %Y” “date” “+%s”

The bank would then have everything they need, they’d have the secret key, which with the Epoch time from the transaction would give them the TOTP calculation, which would generate the answer 726995. Then they’d have the card details from the customer ID, the SHA-256, and the amount. They could then calculate the hash on their own:

621d3dd5a66277a7ab3737f306728e3c4bc5f3cd20c8730c37cc61c6575de0ba

And authorize the transaction.

Even if the card details were stolen by someone copying the numbers off the card, they wouldn’t get the TOTP secret. Plus the TOTP secret is changing every 30 seconds. If someone tried to run this transaction and guessed at the TOTP code, they’d generate this:
987654321#a1b714fba988632200c78a5b9021bca5b48f149b036aa901c03173f0f2de5399#15.09#14266158 and the bank would instantly detect this incorrect SHA hash and cancel the card and ship a new one.

This is rather involved but the practical upshot is, if a vendor kept these transactions in a database and someone stole the database to use for their own nefarious needs, the presence of the TOTP and SHA-256 would make the data in the database worthless because the TOTP has no predictable pattern if you don’t know the secret, and SHA-256 is very sensitive to even the smallest change in the input data that it’s hashing. This would free vendors, banks, and customers from risking PII leakage or identity theft.

I’ve also thought that this would be a great way to secure SSN’s as well for use with the government, they know your SSN and you know your SSN, so when communicating over a possibly compromised channel you can authenticate not with your SSN, but with the hash of your SSN.

John Q. Public, 123-45-6789 -> 01a54629efb952287e554eb23ef69c52097a75aecc0e3a93ca0855ab6d7a31a0

Geek Excursion: Cryptocurrencies

I’ve been thinking on and off about Bitcoin ever since it was written years ago. Right around the end of last month, in December I thought I would look into it again. Turns out the environment has grown considerably since the last time I looked at it, by leaps and bounds! I figured now would be a great time to dip my big toe into the stream, so I found an online exchange and pursued Bitcoin with them. This exchange was ExpressCoin and the purchase deal was mailing them a US Postal Money order, they’d cash it and then send me the Bitcoin equivalent. Since this was a conversion from Fiat money (in this case United States Dollars) to Bitcoin, the exchange rate was around $330 per Bitcoin. The $10 investment gave me 0.03120712 Bitcoin.

Right after that I started lurking on the Bitcoin subreddit on Reddit and discovered two other currencies, Litecoin and Dogecoin. Then just after that I discovered the Cryptocurrency Faucet websites, places where they hand out free money for proving that you’re human with a captcha, and the off chance that exposing you to advertising will pay for the money flowing out of the faucet.

I still think a great part of all these cryptocurrencies is still quite firmly fixed in the hobbyist framework, the enthusiasts are on the “bright” side of the currency and the speculators are on the “dark” side of the currency. All of these currencies that I’ve engaged with display pretty wild volatility in comparison with any linked Fiat. My buy-in rate was around $330 per Bitcoin, and now weeks later, that’s at $218.87 per Bitcoin. There seems to be two camps developing, the first camp is quite keen on ignoring the Fiat exchange rate and trying to ignite their currencies inside themselves. One of the most positive and tightly knit communities surrounds the Dogecoin. Seeing how the Dogecoin enthusiasts communicate and cope with their currencies volatility is a lesson in lighthearted, altruistic generosity. People who hold Doge appear to be very ready to donate it to other people as encouragement, sympathy, or even on a lark. As you go from Doge to Litecoin to Bitcoin you see a lot less of the pleasantries and a lot more of the cold hard business of currency work and trading.

I think one of the most fascinating parts of these new currencies is how everything is starting from the very beginning – including questions of trust and honor. Because all of these coins are decentralized and unregulated there is no capacity for a “chargeback” mechanism, and when this runs up against mechanisms in other currencies, like the Fiat, where there are “chargeback” mechanisms in place, you run the risk of being seriously defrauded. I completely understand the fear and the very careful progress that these cryptocurrency traders make, but it does speak volumes about just how awful and corrupt some people are. We don’t assume people are trustworthy and honorable, so we need many complicated structures in place to cope with the unknowns. This gap in honor is, I feel, a huge part of what these currencies should work on next. How do you measure honor? How do you establish trustworthiness? I got to thinking about it, and every time I think I have a solution I run into an edge case that blows my concept out of the waters. The only thing that I think might work is arranging honor and trustworthiness in a way similar to the “Web of Trust” that PGP and GPG cryptographic systems rely on to establish trust. PGP/GPG never really took off for mass adoption and that’s always been a very sad thing for me, but I really like the “Web of Trust” idea that they pioneered. That people can trust others when there is reputation on the line, backed by money perhaps, there would need to be some sort of contingency addressing on the line as well. So if Bob wants to establish his trustworthiness and his honor he puts his money on the line for it. But the problem with this is that someone who is not honorable could just come along and lie about Bob and take his money, sending you right back to the start again. It’s fascinating, that Bitcoin decentralized money, but we need to figure out how to decentralize trust as well.

The US Government has done its due diligence in preventing egregious misuse of the Bitcoin currency to be used for illegal purposes by attempting to regulate how centralized exchanges transfer Fiat into the cryptocurrencies. It seems that Bitcoin and all the others are very elegantly designed in so far that despite all these regulations there is a community of individuals willing to operate as nano-exchanges that help bring everything back to its decentralized and unregulated roots. Half of the fun of playing with cryptocurrencies is being at ground zero for all these fascinating developments and arguments and seeing how something so new develops and unfolds.

So far I’ve got some small parts of a Bitcoin, some small parts of a Litecoin, and gobs of Dogecoin. For myself, I am very interested in figuring out ways to secure the relationships between traders, working on terms of honor, trust, and faith. If anyone has ideas that they would like to share, please leave them in the comments below. I would really love a nice conversation about securing honor, trust, and faith between traders.