A UK cybersecurity startup, swIDch, has announced an alternative technology to overcome the limitations of numberless cards by using dynamic PANs (primary account number), thereby creating a new security environment in the payment process.
Eliminating numbers on payment cards increases security if customers lose their card. However, hackers can exploit weaknesses through online payments.
Numberless cards appear to be a new trend in finance combined with a substantial growth of e-wallet services. Apple’s credit card, GrabPay in Asia and a few European FinTechs plan to launch the product with similar benefits. The purpose of numberless cards is to increase security. It reduces the risk of personal information loss when the card falls into the wrong hands. However, when it comes to online payments, customers’ credentials are still at risk of being targeted for CNP (Card Not Present) fraud. This is because the customer’s card information is static.
For online payments, customers are often required to input their card information. For those with numberless cards, they can view their card number in the issuer’s App. In this procedure, the static PANs can be exposed to hackers and the cardholders become victims of CNP fraud. Another consequence of using static PANs is BIN (Bank Identification Number) attacks letting cybercriminals know BIN numbers and systematically generate potential valid card numbers.
To prevent CNP fraud, e-wallet providers adopt tokenization technology to substitute sensitive data for mobile payment. However, only 35% of online merchants have integrated this technology, leaving the remaining vulnerable to CNP fraud.
While some banks use disposable virtual cards as a solution, the costs to maintain this service are prohibitive. What if customers can generate dynamic virtual cards without an internet connection for each online transaction reducing the cost for banks?
swIDch has introduced Dynamic Virtual PAN technology for businesses offering a numberless cards solution. This patented technology is a complete API-driven, CNP security solution that replaces static with dynamic PANs as well as eliminating access points for hackers.