A prototype built by engineers at Beepcard in Santa Monica, California, represents the first attempt to pack a microphone, a loudspeaker, a battery and a voice-recognition chip into a standard-sized credit card. They are not quite there yet: the card is the length and width of an ordinary credit card, but it is still about three times as thick. Alan Sege, Beepcard's CEO, says the company now plans to use smaller chips to slim it down to normal thickness. The voice card is based on an earlier Beepcard technology designed to prevent fraud in online transactions. This earlier card has no microphone, but has a built-in loudspeaker that it uses to "squawk" an acoustic ID signal via a computer's microphone to an online server. By verifying that the signal matches the card details, the server can establish that the user is not simply keying in a credit card number but actually has the card to hand. The ID code changes each time the card is used in a pre-ordained sequence that only the server knows. This prevents fraudsters recording the beeps, noting the card details and then playing back the audible ID when they key in the details later. But this earlier technology cannot prevent fraudulent use of stolen cards. The new one can.
The new voice card also identifies itself by its ID squawk, but it will not do this until it has verified the legitimate user's spoken password. Thieves will be unable to use the card because even if they knew the password they would have to be able to copy the owner's voice with a high degree of accuracy. Simple voice-recognition systems are already used in cellphones to provide voice dialling. The challenge for Beepcard has been to develop voice-recognition and audio circuitry that can be powered by a diminutive battery embedded in a credit card. To maximise battery life, the electronics are only switched on when the card is being used. Pressing a button on the card's surface prompts it to utter "Say your password" in a stern American-accented female voice. If its voice-recognition software authenticates the password, it emits its ID squawk which the server then identifies, allowing to transaction to proceed.
The company is aiming to make the voice card capable of 10 transactions per day for two years before its non-replaceable battery runs out. But the capacity of the battery is not the only problem. It also has to be robust and flexible enough to survive in a credit card. Beepcard has tried to address this by putting the battery in the corner of the card, which is less likely to get bent than the centre. While credit card giant Visa of Foster City, California already offers voice recognition to boost security on some telephone transactions, the company has not explored the idea of building voice authentication into the card, says spokesman Colin Baptie. "It's an interesting idea but the transaction has got to be user friendly. You wouldn't want to increase the time it takes," he says. But writing in his computer security newsletter, Cryptogram, last week, security expert Bruce Schneier was enthusiastic about Beepcard's technology: "It's a physical authentication system that doesn't require any special reader hardware. You can use it on a random computer at an internet cafe. You can use it on a telephone. If the price is cheap enough, Beepcard has a winner here."
New Scientist issue: 24 April 2004
Author: CELESTE BIEVER, BOSTON
PLEASE MENTION NEW SCIENTIST AS THE SOURCE OF THIS STORY AND, IF PUBLISHING ONLINE, PLEASE CARRY A HYPERLINK TO: http://www.newscientist.com
"These articles are posted on this site to give advance access to other authorised media who may wish to quote extracts as part of fair dealing with this copyrighted material. Full attribution is required, and if publishing online a link to www.newscientist.com is also required. Advance permission is required before any and every reproduction of each article in full - please contact celia.thomas@rbi.co.uk. Please note that all material is copyright of Reed Business Information Limited and we reserve the right to take such action as we consider appropriate to protect such copyright."