Smart Credit Card - Raindrop/Ice/Tide

[milvinae]

Exploring the possibility of developing a credit card with Hydro based 3 digit CVV security code.

A few years ago a company developed a credit card where the CVV code changed every hour to prevent skimming and phishing. Would it be possible for a Hydro card to be developed where the three digit code was replaced with a hydro 2fa number that you have to confirm on the app.

This would help prevent CC skimming and increase online/phone shopping security.

https://www.popularmechanics.com/technology/security/a23186/credit-card-number-change/

[MasterSensei]

Very interesting idea!

[AndyHydro]

What would the CVV be used for here? Would you be signing a CVV number in the app in order to do a transaction?

[milvinae]

That was the thought. You usually have to verify purchases with the CVV, if someone gets your details and CVV they can use your card until its cancelled.

A changing CVV helps prevent this but if you also had to verify it in app it would provide a pretty tight extra layer of security

Would it be possible?

[AndyHydro]

Theoretically yes I think so. The thing we would need to consider is what happens if a users phone breaks. Are they just out of luck? I guess that would be up to the card provider to handle that though

[milvinae]

I suppose breaking your phone would be considered the equivalent of losing your card.

You should be fine for using the card physically. It would only be an issue for online or over the phone purchases.

[mitdralla]

So would the CVV on the back of the card essentially be blank (maybe hydrogen logo or QR), and since you "linked" your card to Hydro you could authenticate to produce a 3 digit code?

[AndyHydro]

I'm more thinking the card strip/chip won't work until you sign a message displayed on the CVV

[milvinae]

So am I right in thinking that we have three differing thoughts.

1. CVV changes and online purchases need to be verified by typing the CVV in app.
2. All purchases (even physical) are locked until verified
3. No CVV until authenticated

1&2 could potentially work together depending on your chosen level of security. You may use Security Level 1 for day to day, but if you went somewhere on holiday for example you may enable Security Level 2 and totally lock the card (a bit like the Revolut PIN for the physical credit card).

I'm not totally sure how 3 would work?

[HarshRajat]

In India, we actually have another layer of authentication after entering the CC details... usually an OTP of 6 digits on the phone (as an sms) which is needed to enter.

Maybe, we can cook something similar like that with Hydro instead of CVV changes since my thoughts are that any bank will require several workarounds if they are to change the way they handle the CVV process but adding an authentication layer like this can be fast.... thoughts??

[milvinae]

I don't see why both can't happen. Maybe an authentication layer like this could be a precursor to bring in adoption, prior to banks implementing a changing cvv method.

[milvinae]

I was just at the ATM and had a thought about the issue of unlocking a card via your phone for it to work.

There are times where you may need to get cash from an ATM in a place where you don't really want your phone out. This is all too easy if you live in a city.

Could you add a timer to the app, so you can say unlock my card for n seconds when in a safe place, then go to the ATM and get cash?

[HarshRajat]

Should have mentioned this before. The OTP is only for online things... physical things doesn't require an OTP, just your card and CVV

[milvinae]

Sorry, the second post was meant for the case where Andy said about locking the card.

I think your idea and my original idea was online only. Physical purchases wouldn't be affected.

On Fri, 21 Sep 2018, 18:58 Harsh Rajat, notifications@github.com wrote:

The OTP is only for online things... physical things doesn't require an OTP, just your card and CVV

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/HydroCommunity/Community-Brainstoming/issues/3#issuecomment-423622236, or mute the thread https://github.com/notifications/unsubscribe-auth/AZZT_bYdeXsW_emkWQ8_G-bNBQq5PD6Yks5udSjXgaJpZM4WFr5h .

[HarshRajat]

Ohh ok...