Payments News from Glenbrook Partners
Glenbrook   Book   Education   Views   Archives   Store   Advertise   About         SUBSCRIBE:

A Look at Bank of New Zealand's Liquid Encryption Number Technology

A news story in today's Sydney Morning Herald caught my eye: "New software to beat credit card fraud". The story describes how National Australia Bank is rolling out new technology - called liquid encryption numbers (LEN) - developed at its Bank of New Zealand subsidiary to deal with card fraud.

Exploring a bit further, I found this BNZ page with more details about LEN. According to BNZ, "LEN updates the magnetic stripe security information on BNZ credit cards when a transaction is completed at a BNZ ATM. This technology allows us to automatically detect if your card has been copied or duplicated without your knowledge. "

My take: the mag stripe of payments cards in use today contains a field called the Card Verification Value - a 3-digit number that is initially encoded as part of the stripe and then re-verified by the issuer on authorization transactions from POS. It looks like BNZ is rewriting that field (or, perhaps, another discretionary data field on the stripe) whenever the card is used at a BNZ ATM. Any counterfeits previously made of that card won't get the updated value - and can be detected and usage stopped at authorization time.

Add your comment... (note that all comments are reviewed before they're published)

Feed You can follow this conversation by subscribing to the comment feed for this post.

As for the use of CVV to update the LEN, it is quite unlikely as CVV1 is stored in usually stored in Track 1 and 2. However, it should be noted that Track 3 is the only Read/Write Track and in every possibility the Bank would be using the Track 3 to update the LEN.

They say 'when used at BNZ ATM', it is possible they have deployed track2 rewrite capability at their ATMs. If you did not store the LEN on track2 it would not appear in most transactions, as most ATM and POS transcations only send track2.
The flaw is that until the card is used at an BNZ ATM the number will not be updated, so they could not detect a skimmed card.

Anything new has to start somewhere, and a detection system which can detect a duplicate card after the next transaction at a BNZ ATM is better than nothing.

If all vendors like the system, so that it becomes universal, then any transaction with a duplicate card could be identified at least at the time of the next transaction with the original card.

Also, anyone skimming cards would have to either use the skimmed information immediately, or risk being challenged if the owner of the original card had walked down the street to the nearest BNZ ATM to withdraw cash following the skimming.

It is probably best in general to discuss issues with credit card security directly with the issuing organisations rather than on a public forum in any case, because it is not good to make information publicly available that could help criminals to circumvent security systems.

The comments to this entry are closed.