A View from Simson Garfinkel
A Fingerprint for Your Credit Card
There’s a new technology for securing home banking.
Magensa has designed a new security system for home banking that uses the magnetic stripe on your credit cards in a new way. Instead of just reading the magnetically encoded numbers, the Magensa system takes a “fingerprint” (or, rather, a MagnePrint) of the individual magnetic domains on your credit card’s swipe stripe. This information is then encrypted and sent to your bank, where it’s decrypted and compared with a template that’s on file. If the two match, then your card is assumed to be legitimate.
The basis of the Magensa system is the twin observations that no two credit cards are exactly the same and that practically everybody in the United States over the age of 18 has at least some kind of plastic with some kind of magnetic strip in his or her pocket.
The Magensa technology could be used to combat phishing, to improve the security of home banking, or even as a way of proving your identity to specialty websites. The only problem with the technology is that you need to have one of Magensa’s special USB swipe readers on your home PC. In the past, e-commerce and security systems that have required special hardware have worked well in business but have failed at home: people don’t buy the equipment. Even when it’s provided for free, it doesn’t get installed because of either laziness or software incompatibility.
Still, it will be interesting to see if the Magensa system actually works. We certainly need some way of authenticating home users that’s better than user names and passwords.