My credit card (CC) has been taking a hammering lately as I book flights and accommodation in preparation for going to South America. Up until now I’ve been loath to put my credit card number online because of all the stories one hears about hackers getting lists of numbers with which they commit horrendous acts of fraud. But every time I entered my CC number I gained solace from all the jargon; ‘your transaction is secured using SSL technology and 128 bit encryption’.
I’ve long known (from the days when I sold Burroughs E machines and later when I learnt COBOL) that one way of ensuring the integrity of a given sequence of numbers was to calculate a ‘check sum’ number, and I knew that this was done on credit cards. Now I find that any cluey 10 year old can calculate a check sum using the Luhn Algorithm.
Further I have discovered that, in addition to the issuer number being easy to determine, the next six digits are the BSB, a simple identifier for the bank branch at which the CC was issued. So all a crook really needs is the five digit ‘account number’ before it becomes really easy to clone your card.
Because checks before money is debited from your account can be minimal at times, it is possible for a criminal to ‘clone’, that is copy, your card and use that as if it you were using it yourself.
To prevent this, credit cards now have a three or four digit Card Security Code printed on the back of the card, in the signature panel, which is an additional check that the card is valid.
This code is calculated using an extremely advanced encryption technique, and multiple encoding algorithms are applied, using the card number, the expiry date and secret issuer codes before selected digits of the results are written to the magnetic strip and printed on the back of the card. The number on the back of the card is not held on the magnetic strip itself.
Unattended credit card payment points, on-line shops, and even stores will now ask what the Card Security Code is as an extra safeguard that the card is valid. Unless a criminal has access to your physical card, there is no way they can know the printed Card Security Code, even if they have all the other details and can create a card with what they do know.
I suspect that the financial institutions don’t want information on just how vulnerable their cards are to leak out to the punters and I know that they actively suppress actual cases of CC fraud, so where do we go from here ? Even if I do all the right things, never let the CC out of my sight, only use web sites with SSL technology, make sure that I know and use the Card Security Code etc. etc. How safe is my credit card ?