Ken Westin and Craig Young, security experts with threat detection and security intelligence provider Tripwire, comment on the new “Hidden” MasterCard recently announced at CES.
Ken Westin, Security Analyst, Tripwire:
“It looks really interesting, particularly the credit card number changing when you turn it on. However, I wonder about actual implementation. One of the key challenges with getting banks and retailers to adopt more secure payment technologies has been the cost.
Free eBook: Modern Retail Security Risk – Get your copy now.
“These new cards do not look cheap or easy to manufacture, so I wonder who will be absorbing the cost of these cards. Is it the consumer who is willing to pay a bit more for a replacement card, or will the card issuers absorb the cost?
“The card itself now becomes an electronic device as well, which may introduce additional vulnerabilities into the payment process. Where and how are the cards read? What if there is a vulnerability in the cards’ code? Are new cards issued or do you have to patch your credit card now? I also am curious about durability. After all, credit cards get abused. Is this thing going to be able to handle it?”
Craig Young, Security Researcher, Tripwire:
“The idea has a lot of potential, but as always, the actual security benefit boils down to how well it is implemented. In this case, the critical question is how it handles offline storage. Will the card erase itself if incorrect PINs are entered? Can data be gleaned from chips on the device?”
