Last week, I had a worrying SMS that many of us have received – my bank was asking if a transaction on my card was one that I had done, as it may have been fraudulent. My first reaction was to question if it was a legitimate SMS or not – but after logging onto my bank’s app and checking, I could see the transaction and alert.
A transaction to REALPLAYER for $1.80 was detected, which on investigation was actually from RealNetworks – yes the company that made RealPlayer and they still exist beyond the 1990’s. It appears that they’re the frequent target of credit card scams/tests based on this page existing: https://customer.real.com/hc/en-us/articles/204041083-Unauthorized-use-of-credit-card-to-purchase-RealNetworks-product-or-service
Luckily, with my response to the SMS saying that I did NOT make this transaction, my card was immediately blocked, and a week later my new card turned up. In the meantime, I could use a credit card generated by my bank that would only be valid for a day, which although is a bit clunky to constantly do, is a nice way to work around potential card leakages and malicious use, since it’s rather unlikely to occur in a 24 hour period (but likely if you enter your details straight into a fake service!).
Going through this reminded me about credit card numbers and how secure they are. There’s a mathematical formula that they must obey, and this same formula is the primary step to validate a credit card. I wondered if AI would generate me one, so tried Gemini.
Gemini refused to generate me a credit card number saying it could be misused. I then asked it how to generate a credit card, which it talked through certain number values, but also that mathematical formula, which is called the ‘Luhn Algorithm’. I of course then wondered if I could ask it to generate numbers based on this alogrithm.. but again, it refused citing misuse. However, it followed up that it would happily create me the code that I could run to get a number, which it had already done on that same prompt response. It also popped out the new Canvas view, with the code already running and ready to use!
Clicking the ‘Generate Luhn Number’ button worked, showed me a 12 digit number, even with a handy ‘Copy to Clipboard’ button below it.
Why am I posting about this? I’m not picking on Google here, as I think all AI/LLM systems keep having to work out the balance between putting features out first before hardening the safety behind them. This isn’t necessarily bad with the race of being first to get something out to the world, but it does mean that you need to be careful about when these systems are used and to what audience. Particularly in the consumer space, and more so again with an under 18 year old potential audience being able to access it. The complexity of LLMs means there are so many potential ways to get around the protections that have been put in place.
I stumbled across the above without really looking for it, I didn’t know Google had released the Canvas feature which in itself is absolutely amazing – asking for code to be created and having it run live in your same browser window. But the potential risks of these new platforms need to be weighed up before widespread adoption beyond an adult having a muck around at home with it.
Play with and work out how to adopt AI, but make sure you’re considering the risks and safety aspects of what you’re doing too.
(Note – I tried to generate the image for this post with Copilot, which refused to do it with credit card numbers or fake credit card numbers, but would do it with 12 digit numbers :) )
