Beyond EMV: Emoji passwords, other card innovations
By Susan Johnston Taylor
November 2, 2015
Chip-and-sign cards (using a technology called EMV) received a lot of attention due to the Oct. 1 liability shift, but they aren't the only innovations in credit card issuers' toolkits.
Here's a look at five new ideas that could make transactions even more secure and change the way we pay:
Smartphone cameras and fingerprint scanners have given biometrics (using someone's bodily characteristics such as face, voice or fingerprints to check their identity) a boost in recent years, as issuers and other financial institutions experiment with different applications.
For instance, MasterCard has pilot programs in the U.S. and the Netherlands using facial recognition (“selfies” as the media often reported) and fingerprint scanning to verify identity.
“These initial tests have the potential to deliver greater security to cardholders without compromising the ease and convenience they have come to expect when using their credit and debit cards,” says Carolyn Balfany, group head of U.S. product delivery for MasterCard Worldwide, in a press release.
In October, MasterCard announced another initiative called MasterCard Identity Check. Identity Check has two goals, according to Balfany: “proving a consumer's identity via biometrics and SMS-delivered one-time passwords to further simplify the online shopping experience.”
Experts say that this method of identification is safer than a traditional pass code, since you have the ability to create more of a unique code compared to simply choosing four numbers. It's also suggested that emoji passwords would be easier to remember as well, adding in a convenience factor for consumers.”
— David Bakke,
a financial columnist for MoneyCrashers.com
Financial institutions in the U.S. will have access to Identity Check by the middle of next year, with plans for a global expansion in 2017. Other card issuers and financial institutions are also developing uses for biometrics to authenticate transactions, although this area is still in its infancy.
2. Emoji passwords
Many people struggle to remember alphanumeric passwords, so instead they resort to common, easily guessable ones, such as “password” and “1234.” Intelligent Environments, a United Kingdom-based technology firm, has a creative solution to this problem: emoji passwords. Users of the company's Android digital banking app choose a series of four emoji characters from a bank of 44 and enter those characters as a password.
“Experts say that this method of identification is safer than a traditional pass code, since you have the ability to create more of a unique code compared to simply choosing four numbers,” says David Bakke, a financial columnist for MoneyCrashers.com. “It's also suggested that emoji passwords would be easier to remember as well, adding in a convenience factor for consumers.”
That said, laziness could still backfire on consumers, as Bakke points out. If they “just choose the first four emojis of the ones available, they could become a target for hackers and criminals, just as would people who use 1234 for their password,” he says.
3. On/off switch
In April, Discover introduced a Freeze It feature on all of its cards that essentially serves as an on/off switch for charges. The feature lets users temporarily turn a card on or off by using Discover's mobile app, by calling Discover or through the company's website. If a card is temporarily misplaced, you can simply pause it rather than requesting a new card and having to update all your recurring transactions on that card.
“Freeze It is for those times when Discover users have left their card at a restaurant, or they are pretty sure they misplaced their card in their home or car,” says Laks Vasudevan, vice president of products and innovation at Discover. “If their card is lost or stolen, they can get a new card with a new account number.
“It's a lot more convenient (and less expensive) than going through the process of putting an all-out freeze on your entire profile,” says Bakke.
“I do think that other issuers will follow suit,” Bakke adds. “Some credit unions and smaller local banks already have begun offering such a feature with their debit cards.”
4. Internet of Things
The Internet of Things (IoT) is gaining steam as consumers enjoy the convenience of technology-enabled watches, thermostats and other devices. Early adopters can even pay for purchases through their smartphone or Apple Watch. For example, McDonald's, the world's largest restaurant chain, now accepts ApplePay.
In October, MasterCard announced plans to enable secure payments on a host of other smart devices, including General Motors key fobs, wristbands and smart rings through partnerships with auto companies, jewelry designers and others.
Now, “any connected device can become a payment device,” says Matt Barr, senior vice president for North American emerging payments at MasterCard. “We can make any device — a piece of jewelry, wristband, smart bands — even sunglasses can be powered up to become a commerce device.”
Often, these innovations tie in with biometrics to make transactions more secure. For instance, a Nymi smartband health monitor would verify your identity based on your heartbeat. “If I had your Nymi band I wouldn't be able to pay using it,” Barr explains.
Retailers already set up to accept contactless payments (for instance, Apple Pay or Samsung Pay) will be able to accept this type of payment.
5. Dynamic code verification
EMV technology was developed before e-commerce took off, so while chip cards can help prevent fraud at a merchant's point of sale, they don't prevent fraud in online transactions or what's called “card not present” transactions.
Using the current credit card technology, you would enter a three- or four-digit security code (called a Card Verification Value or CVV) to complete an online purchase. But the CVV remains the same over the life of your card, so it's still possible for fraudsters to impersonate you if they know your CVV. Enter Dynamic Code Verification (or DCV for short), a technology developed by digital security company Gemalto.
With DVC, “instead of having the static, printed three-digit verification code you're used to referencing on the back of your card, there is a randomized, battery-powered, digital ePaper code that changes every 20 minutes,” explains William Tran, marketing manager at Gemalto.
Cards using DVC will look the same as a traditional card except inside the box area that used to contain the CVV will be a display with rotating numbers. Even if criminals know your credit card number, they wouldn't be able to make fraudulent transactions without knowing your constantly changing DVC.
Gemalto is currently in talks with financial institutions about bringing DVC to credit, debit and prepaid cards.
Transitioning from swiping to dipping may just be the beginning of card innovations in the works, as issuers aim to increase convenience and security.