We have probably all received the dreaded call from Visa or Mastercard Security Services at one time or another, “Madam (or Sir) did you make a purchase in ?” More often than not the reply is that we have never been to England, Russia, China or wherever the rogue purchase had been made. The pain that follows is a huge inconvenience and may mean being without a credit card for several days while a new one is en route. Not to mention all the payees and automatic payments that need to be notified of your latest credit card number. Well this may all soon be over thanks to a couple of new patents filed by a company called De Sonneville.
De Sonneville has filed two U.S patent applications that are the solution to end the systemic U.S. credit card fraud epidemic. According to Forbes the United States loses an estimated $190 billion per year to credit/ debit (“payment”) card fraud, which is more than the country spends on energy.
In recent years, certain technological advances have been introduced to combat the counterfeiting of payment cards. Such advances include the introduction of Chip and PIN, which is also known as EMV (Europay, MasterCard, Visa). It is apparent from works such as the University of Cambridge’s Chip and Pin is Broken, and the BBC’s Newsnight’s New flaws in chip and pin system revealed, that Chip and Pin is far from fool proof, let alone a firm security and defense against fraudsters. Such sophisticated fraudsters continue to find ways to circumvent the Chip and Pin protocol, and defraud people of billions of dollars every year.
In the case of SIM cards, the same is taking place. Sophisticated fraudsters have discovered ways to by-pass the security features and gain access to mobile networks to commit crimes under assumed identities and to use the network without payment. According to the Communications Fraud Control Association (CFCA), “Experts estimate 2013 fraud losses at $46.3 billion (USD), up 15% from 2011.” And, “The main reason for the relative increase in fraud is due to more fraudulent activity targeting the wireless industry.”
As recorded and filed in De Sonneville’s U.S. patent application on April 9th, 2014, its microchip self-authenticates before it can perform any subsequent action or function. Simply put, if the chip does not authenticate itself, through the authentication circuit, it does not allow the chip to proceed to process a payment at a point-of-sale (POS) or, in the case of a SIM card, to access the mobile network. This has obvious benefits in protecting against the counterfeiting of payment cards and SIM cards.
Also, conveniently, De Sonneville has developed its’ self-authenticating SIM card as an encrypted payment SIM card that can be accepted at any radio-frequency (RF) or near-field communication (NFC) (“contactless”) POS. The self-authenticating SIM cards contain the same payment data as a payment card (in an encrypted form), and are operable to a contactless POS. Currently, contactless transactions are limited to an average of approximately $50 per transaction. De Sonneville’s payment cards and payment SIM cards will be used for any amount that the user’s payment limit allows.
“Convenience does not have to be a choice over security”, said De Sonneville’s Chairman and technology co-inventor Dennis van Kerrebroeck .
He went on to say, “Companies have become accustomed to payment card fraud as a cost of doing business, which is wrong. In this day and age, merchants and consumers have the right to be assured by their payment network providers that their payment card purchases are conducted without compromise. According to the study conducted by Lexis Nexis, [The True Cost of Fraud – 2009], in the U.S., over the next 10 years, the payment card fraud losses will equate to more than $1.9 trillion, unadjusted, and that is simply not acceptable. Ultimately, these costs are passed on to the consumers and the merchants; we want to eliminate these costs by giving consumers and merchants a better option.”
The payment account information on De Sonneville’s chips cannot be intercepted. If the chip does not perform its’ patent pending self-authentication, the card does not allow itself to transmit the payment data through to the POS and then on to the network, and therefore would instead terminate the attempted transaction as counterfeit. This eliminates pre-play attacks, man-in-the-middle attacks , cloning and the like.
Before a De Sonneville SIM card can gain access to its mobile network, it must first perform its patent pending self-authentication, therefore ensuring the SIM, the subscriber, the communication or a mobile payment is authentic. This stops call and text message interception. Other applications include ID cards, passports, and access systems. De Sonneville’s payment SIM cards protect the payment data in the same manner as its’ traditional payment card. In the future, and as required, the Company would be able to seamlessly integrate digital currency transactions throughout its payment network, POS terminals, payment cards, and SIM cards.
It is the mission of De Sonneville and its potential partners in banking, wireless communications, networking and large retailers, to build a new global payment network that will include encrypted payment cards and encrypted point-of-sale terminals all the way through to bank settlements, thus working towards eliminating payment card and SIM card counterfeiting, as well as the subsequent fraud that accompanies it.
Current global payment networks process in excess of $6 trillion annually. The average merchant discount in the United States is 1.9%, and the average interchange fees break-down as 0.1% goes to the acquirer, 1.7% to the issuer, and 0.09% to the network.
There are currently approximately 6 billion SIM cards in use in the world.
The Company is currently in the process of selecting an investment bank to represent its private capital needs for development of its technology, and in an anticipated subsequent initial public offering.
Reference: M. Bond, O. Choudary, S.J. Murdoch, S. Skorobogatov, R. Anderson. Chip and Skim: cloning EMV cards with the pre-play attack, Computer Laboratory, University of Cambridge, UK. September 10, 2012. http://www.cl.cam.ac.uk/~rja14/Papers/unattack.pdf  S.J. Murdoch, S. Drimer, R. Anderson, M. Bond. Chip and PIN is Broken, University of Cambridge, Computer Laboratory, Cambridge, UK. 2010 IEEE Symposium on Security and Privacy. http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf  Choudary, O. The smart card detective: a hand-held EMV interceptor. Master’s thesis, University of Cambridge, June 2010. http://www.cl.cam.ac.uk/~osc22/scd/  S. Watts. New flaws in the chip and pin system revealed. Newsnight, BBC. http://www.bbc.co.uk/blogs/legacy/newsnight/susanwatts/2010/02/new_flaws_in_chip_and_pin_syst.html
SOURCE De Sonneville International Ltd.