Called SafePay, the novel technique works by transforming disposable credit card information to electrical current and driving a magnetic card chip to simulate the behaviour of a physical magnetic card.
The key challenge today is that existing magnetic card readers use plain text to store confidential information which makes them vulnerable to an untrusted card reader or skimming device.
"Because SafePay is backward compatible with existing magnetic card readers, it will greatly relieve the burden of merchants in replacing card readers and, at the same time, protect cardholders from mass data breaches," explained Yinzhi Cao, assistant professor at Lehigh University in Bethlehem, Pennsylvania.
Here is how it works.
First, the user downloads and executes the mobile banking application which communicates with the bank server.
During transactions, the mobile application acquires disposable credit card numbers from the bank server, generates a wave file, plays the file to generate electrical current and then drives the magnetic card chip via an audio jack or Bluetooth
"With SafePay, disposable credit card information expires after a limited time or number of usages. So, even if the information is leaked, it cannot be used for future transactions," the authors pointed out.
Its has a magnetic credit card chip that makes it completely compatible with existing readers.
It also features a mobile banking application that automates the process making and makes it extremely user-friendly.
Cao and his colleagues conducted real-world experiments with the SafePay technology performing transactions with a vending machine, a gas station and a university coffee shop.
In all three scenarios, the SafePay method worked and the transactions were successful.
The research is set to be presented at the IEEE Conference on Communications and Network Security from September 28-30, in Florence, Italy.