SIMPLYSECURE ™ A Technology for Safeguarding Credit Card Information General Information SimplySecure is a patented technology that makes theft of credit card

Document Sample
SIMPLYSECURE ™ A Technology for Safeguarding Credit Card Information General Information SimplySecure is a patented technology that makes theft of credit card Powered By Docstoc
					                              SIMPLYSECURE ™
    A Technology for Safeguarding Credit Card Information


General Information
SimplySecure is a patented technology that makes theft of credit card numbers and
security codes extremely difficult. This is accomplished without any major change to the
way cards are manufactured, distributed or used by the customer. The process involves a
few simple changes to the cards and a higher level of security on the computer data that is
used to validate the cards.
Changes to the cards are as follows:
   1. The primary credit card—the one which will be carried and presented by the
        customer—will not be embossed and will not display any account number or
        security code.
   2. The other information, such as, name, expiration date and perhaps a few digits to
        identify the card for the customer can be surface printed on the card.
   3. The information on the magnetic strip will be encrypted to make this information
        useless to a magnetic reader.
   4. A second ID card or other document must be supplied to the customer under
        separate cover to furnish account number for ordering by the phone or Internet.
This procedure eliminates the obsolete embossed credit card with visual information that
can be stolen at any transaction. The new SimplySecure Card is only machine readable
and must be validated by a central computer with the proper encryption code. The
SimplySecure Card gives up no usable information visually, mechanically or
electronically without breaking the encryption.
The information which comes off the card and makes its way into merchant‟s computer
files will be encrypted, so what is stored in those computers will be as secure as what is
on the card. Anyone who hacks into these files will come away with useless information.


This leaves a credit card without any simple way to determine the account number which
can be entrusted to third parties such as restaurant personnel with little fear that the credit
card account number can be compromised.

It is recommended that a single ID number (e.g., the last 4 digits of the account number
be printed (not embossed) on the surface of the card to allow the card holder to determine
the account associated with the card. The card holder name and the expiration date are
the only other data printed on the card.

While the encryption of the magnetic stripe information is not required to prevent the
simple recording of the card number by visual inspection it is desirable to prevent reading
of the account number by magnetic stripe readers. Elimination of this encryption does


SimplySecure 2.0                       Patent Pending                              Page 1 of 5
allow the transaction processing software to remain unchanged, without the burden of
decryption.

There are many ways to perform the encryption that can retain the current magnetic stripe
format. Specific IBM mainframe routines are available and will be provided on request.
These routines are specifically designed to encrypt numeric data and can be limited to
alphameric (including special characters @ and #), output or any other 64 character codes,
to be compatiable with input devices.

An insert is received with the credit card that provides the true credit card account
number and security code. These may be used when using the credit card secure on-line
sites.

The first six digits of the account number should not be encrypted. These digits are the
"Issuer Identification Number" (IIN[1]) which is used to route transaction to the proper
bank or credit card company.

Magnetic stripe format is provided by Track format of magnetic stripe cards (tracks 1
and 2. [2]

Another important reason for encrypting the number is that many thefts are from hackers
breaking into merchant‟s computers and stealing the credit card data.[3] If the account
number is encrypted on the magnetic stripe it is also encrypted in these files. This report
states that 40% of all credit card information theft is from restaurants and that most of
this is from hackers and not waiters.


Fraud Statistics

In 2005, an estimated 13.5 percent of U.S. adults (30.2 million consumers) were victims
of one or more of cases of identity fraud in the previous year. There were an estimated
48.7 million incidents of these frauds during this one year period.[4] (Source: Federal
Trade Commission survey, October 2007)

“The financial stakes are getting higher. Fraud involving credit and debit cards reached
$22 billion last year [2008], up from $19 billion in 2007, according to Javelin [Strategy &
Research a California consulting firm].

The security of consumer information came under renewed scrutiny on Aug. 17 when a
28-year-old Florida man, Albert Gonzalez, was indicted along with two other unnamed
hackers for breaching the computer networks of Heartland and Hannaford, both of which
said they were in compliance with security requirements.




SimplySecure 2.0                      Patent Pending                            Page 2 of 5
Those standards were set by a council that includes the world's two largest credit card
networks, Visa and MasterCard; fast-food leader McDonald's; oil company Exxon Mobil;
and big banks Bank of America and Royal Bank of Scotland.” [7]




Card Example



           SimplySecure

           JOHN DOE 01 13        1234




Use with PCI DSS[5].
SimplySecure is designed to be used alone but it could also be used as a
supplement to the Payment Card Industry Data Security Standard. This could
eliminate the problems as discussed in the articles Payment Card Industry
Swallows Its Own.Tail[6].and Credit, debit card industry at odds over security
[7]




Implementation Notes

While, in the long run the equipment and maintenance will be less costly, existing
equipment and procedures can continue to be utilized to speed implementation and
reduce conversion costs. This will be accomplished by software changes to only emboss
the last four digits of the account number and eliminate printing the security code on the
back of each card. As equipment needs replacement and as the non-embossing
equipment prove to be reliable and more efficient then a gradual migration can be
implemented.




SimplySecure 2.0                     Patent Pending                            Page 3 of 5
References

1. Bank Card Number.
   http://en.wikipedia.org/wiki/Credit_card_numbers

2. Track format of magnetic stripe cards (tracks 1 and 2)
   http://www.acmetech.com/documentation/credit_cards/magstripe_track_format.html

3. Likely Site of Credit Card Theft: Restaurants
   http://consumerist.com/248413/most-likely-site-of-credit-card-theft-restaurants

4. Credit card industry facts, debt statistics 2006-2009
   http://www.creditcards.com/credit-card-news/credit-card-industry-facts-personal-
debt-statistics-1276.php


5. Payment Card Industry Data Security Standard (PCI DSS)
   http://www.oxlink.net/ecommerce/pcidss/

6. Payment Card Industry Swallows Its Own.Tail.
   http://information-security-resources.com/2009/04/01/payment-card-industry-
swallows-its-own-tail/

7. Credit, debit card industry at odds over security,
  Merchants, financial firms disagree over technology, system upgrades.
  http://www.msnbc.msn.com/id/32541650/ns/technology_and_science-security/




Contact Information

       AVERT Technologies Group
       Info@AvertGroup.com
       Telephone: 228-328-1620




Permission to Copy and Distribute

This document may be copied and distributed freely with the following restrictions.

It must be copied and distributed in its entirety.


SimplySecure 2.0                       Patent Pending                         Page 4 of 5
No modifications are permitted.
All „Patent Pending‟ notices, including the page footers, are retained




SimplySecure 2.0                      Patent Pending                     Page 5 of 5
  Page 5 of 5

				
DOCUMENT INFO
Description: Fast Food Restaurant Credit Card Debt Elimination document sample