Tell me more x
, there is a new speed test available. Give it a try, leave feedback!
dslreports logo
    All Forums Hot Topics Gallery


Search Topic:
share rss forum feed

Name Game
Grand Rapids, MI

1 edit
reply to Exidor

Re: MasterCard Extends U.S. EMV Migration Roadmap to ATM Channel

Yes it is the buzz word out there and for good reason that might make some of this go away..

Experience Design Is The Future of Mobile Payments


In order for an experience to be successful, it must meet people’s basic needs before it can attempt to satisfy higher level needs [1]

Mobile payments is the next big thing.
In the past 12 months there has been much hype around mobile payments with lots of articles espousing the “next great wave” and the promise of new revenue streams, product, and services.

And here’s why:

Handset manufacturers, such as Nokia, announcing the imminent introduction of smartphones embedded with NFC chips. Smartphones introduced by the company in 2011 will come with NFC.
Manufacturers, such as VeriFone, including NFC as standard in all their new point of sale (POS) terminals.
The announcement in late 2010 by three U.S. wireless carriers — AT&T Mobility, T-Mobile USA and Verizon Wireless — of the formation of a joint venture chartered with building “Isis,” a national mobile commerce network.
Google’s launch in May 2011 of “Google Wallet,” a mobile application for smartphones that will use NFC to enable mobile transactions, coupled with “Google Offers” — online deals that integrate into Google Wallet.
Orange and Barclaycard launching “Quick Tap” NFC mobile payments in the U.K.
PayPal’s mobile payment ambitions to offer a seamless end-to-end experience from product lookup, comparison shopping across local retailers, coupling, payment, and fulfillment.
American Express announces its SERVE digital wallet service platform in August 2011, in direct competition with PayPay.
Facebook Credits expansion announced March 2010 that will turn retailer’s FaceBook pages into commerce sites, offering limited edition product or at discounted prices, loyalty programs, and more.
Amazon announces mobile wallet initiative.
In November 2011, Visa announced its V.ME digital wallet initiative

» ··· ayments/

see also

» ··· preface/

I am reminded when Microsoft started to think about "holistic" approach to security..but then it was too late.
Gladiator Security Forum

Name Game
Grand Rapids, MI

1 edit
reply to Name Game

Re: Why Card Fraud Grows

Phonetic attack commands crash bank phone lines

A security researcher has demonstrated a series of attacks capable of disabling touch tone and voice activated phone systems or forcing them to disclose sensitive information.

In one test, a phone system run by an unnamed Indian bank had dumped customer PINs.

Attacks including blind SQL injection and buffer overflows could be served to almost any interactive voice response (IVR) phone system, according to Rahul Sasi, a security researcher with iSight Partners.

He said the attacks could take down critical phone systems, cutting off banking services or the ability of call centres to field customer inquiries.

“If someone can crash a banking app from anywhere in the world, that’s critical,” Sasi said.

“No banks or organisations are testing IVRs because they think the systems are secure, but in reality they are not. No firewall or CAPTCHAs monitor voice traffic.”

The attacks were limited to the characters available within dual-tone multi-frequency signalling (DTMF) systems, which could include numbers and letters, but not most special characters such as backslashes.

In demonstrations at the recent Hack in the Box conference to be replayed at the upcoming Ruxcon security event, Sasi ran fuzzy testing against IVR systems serving data via a keypad and by spoken commands.

» ··· nes.aspx


» ··· king.htm
IVR Credit Card Payments
» ··· ents.htm

Money money
Gladiator Security Forum

El Quintron
I dunno, lemme check my trollodex
Etobicoke, ON
·TekSavvy Cable
·TekSavvy DSL

1 recommendation

reply to Name Game
I haven't read the whole thread, but I did work in Credit/Debit card processing for a number of years.

The chip is definitely about placing the onus for fraudulent charges on the card holder, if you look at how a chargeback works, the merchant is always holding the brunt of responsibility when s/he deals with credit cards.

When a card holder requests a chargeback, the money is immediately taken away with a service charge from the merchant, and it's up to the merchant to dispute the chargeback, or provide documentation that s/he performed their due dilligence.

The merchants in most cases provide money to Visa and their merchant banks so who do you think VISA and the merchant banks wanna protect the most card holders or Merchants?

As a card holder, I watch all of my debit/credit transactions, and use cash whenever possible.
Support Bacteria -- It's the Only Culture Some People Have

More Fiber
West Chester, PA

1 recommendation

reply to Mele20
said by Mele20:

Credit cards do NOT require pins.

Agreed, mag stripe credit cards do not require pins, but we're talking about EMV chip (smart) cards.

A smart card can have multiple "wallets". The implementation of each wallet is up to the issuer. A wallet can be credit, debit, prepaid, private label, or even cash.

When you use a smart card, depending on the capabilities of the reader you can choose which wallet you want to use for a transaction. For example, a credit issuer may choose to go with "chip and sig", in which case the reader would not prompt the user for a PIN. Or a credit issuer may choose to go with "chip and pin", in which case the reader will prompt for a PIN.

said by Mele20:

..why would I use a debit card when I have a checkbook?

Because merchants don't like to take checks?

Maybe where you live a merchant will take a check from a local resident, but in big cities merchants are reluctant to take checks when most people have a debit or credit card.

said by Mele20:

For those with tons of money why not just pay in cash?

Who carries around large amounts of cash in a big city?

said by Mele20:

I still believe that you are talking about debit cards. EMV is NOT on table in this country. RFID is.

I am talking about EMV (smart cards) which can be multiple types of cards.

EMV most certainly is on the table. MC, Visa and Discover have MANDATED that payment networks accept EMV transactions by sometime in 2013 (actual date varies by network). This is only the first step. The next step is for merchants to update their readers to accept EMV cards. That can't happen until the networks can process EMV transactions.

said by Mele20:

So what about RFID cards ....can they be used in Europe?

Only as a mag stripe card, and acceptance of those is now spotty.

said by Mele20:

That thread was confusing about saying EMV cards will be here en mass in 2013. I thought it was RFID cards that would be here en mass in 2013 because currently there are not a lot of merchants where you can do a contactless charge but I had read this would change dramatically in 2013 but according to that thread EMV cards will be big and RFID ones will go away before even really getting started here?

I doubt EMV cards will be here en masse in 2013, although we may see them start to appear. Merchants have to update their terminals to accept EMV cards. 2014 maybe.

RFID will probably fade away. Too may problems with RFID being insecure. RFID will be replaced by Near Field Communications (NFC) on smartphones. This is farther out as NFC is present only on a couple of smartphones today. Secure transactions using a Smartphone require something called a Secure Element (SE) on the smartphone. There is going to be a battle over the who controls the SE on smartphones (smartphone vendor or issuer). I'm afraid this is going to become very fragmented for lack of standards and interoperability.
said by Snowy:

said by Mele20:

What's a "stored value card"? I've never heard of it.

Any type of prepaid card.

In the most generic sense, that's true. However, in the context of EMV, a stored value card is one where the value is stored in the chip on the smart card, rather than in a computer somewhere which is the case with prepaid cards.
Think of using a smart card at a parking meter or vending machine where the transaction is authorized completely offline. Smart cards are capable of storing cash. You load x $ onto your smart card at an ATM and then can use that cash at any online or offline terminal.
There are 10 kinds of people in the world; those who understand binary and those who don't.

Hilo, HI
Thank you for the information. I will try to get to where I need no credit card (never debit card) except for a large purchase where I need to carry a balance, or a deposit on a hotel room, or the few times I am forced to shop on the internet. I will start writing checks again, or paying with cash for groceries, and all the small things I put on a credit card and pay off at the end of the month for cash back or mileage rewards. I will save a significant amount of money this way as I will make no impulse purchases and only purchases that are truly necessary so I see this as going backwards for banks especially if the consumer is held liable for fraud as a lot of folks will stop using credit cards if that happens.

Other than the rewards, I see no reason now with these Smart cards and moving fraud liability to the customer to use a credit card except when truly necessary (which is not for groceries, prescription medication, drug store purchases, Walmart, Target, etc). I don't live in a big city but when I visit Honolulu I have not been afraid to carry a good amount of cash or travelers checks. I don't have a cell phone but if I did it would not have internet connectivity so I wouldn't be doing this stuff on a cell phone.

I have about ten credit cards and I will hate getting rid of them all but one, but I just want a simple credit card...not all this wallet stuff. Although if the card was chip and sig that might be ok. I would not allow chip and PIN. We don't have parking meters, I don't ever buy, EVER anything from a vending machine, I can't see any reason to not carry actual cash instead of putting cash on a credit card? That is plain weird. I just want a simple credit card that earns cash back or mileage.

I suppose the main problem might be if the local banks stop issuing ATM cards that are NOT credit or debit cards. Then I would I have go back to going in the banks to get cash frequently (as I did before my bank set up tons of ATM machines all over the state). But I can do that if need be. What I really would not want to see happen would be for Macy's to do something like this with their cards. I would lose a lot if I had to pay cash at Macy's. You really must have their card.
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson