Brian Krebs has a nice write-up on the Credit Card data breach at Target US ( http://krebsonsecurity.com/ ) The interesting thing for me in this story is that it affects US locations only. The reason that this is interesting is that the data that was stolen was all mag-stripe data. This mag-stripe data is much less useful on a CHIP+PIN card, which is used in pretty much every other country on the planet. We'll continue to see credit card attacks focus on countries that make it easy - while of course you can steal / duplicate a chip+pin card, for a criminal it's so much easier to simply skim a mag stripe and take the win.
===============
|
Rob VandenBrink 556 Posts ISC Handler Dec 19th 2013 |
Thread locked Subscribe |
Dec 19th 2013 7 years ago |
Rob hits the mark about the US not using chip-based credit cards. What will it take to get US card issuers to change over?
And the other useful change would be for US restaurants to issue portable card scanners to their servers. Then we would not have our cards whisked away to be swiped out of our sight. Again, the rest of the world is way ahead of us here. |
Anonymous |
Quote |
Dec 19th 2013 7 years ago |
Quoting Anonymous:Rob hits the mark about the US not using chip-based credit cards. What will it take to get US card issuers to change over? Actually unless the chip is RFID and imbedded there are issues with static, mechanical abrasion and with ISO 7816 programmer it becomes fun. Working with and around WMS for 13 years, programming ect. A easy secure way is 3D bar-code scanning fits nicely into their infrastructure since most use Motorola/Symbol. The card can handle a lot of abuse and even get wet and still work, most important cost is minimal. You will also notice most newer ID's have them. I still think there were people on the inside and out in various areas of the US, using camouflage code to be assembled. Guess we will have to wait to see if I am correct or not. |
ICI2I 63 Posts |
Quote |
Dec 24th 2013 7 years ago |
Actually, the change is coming. In the US, Visa will be shifting liability for counterfeit transactions to the merchants if they fail to support "Chip and PIN" terminals by October 15, 2015. This was announced by Visa in August of 2011. See for example:
http://usa.visa.com/download/merchants/bulletin-us-participation-liability-shift-080911.pdf One of the best write-ups on this is from Chase PaymenTech: http://www.chasepaymentech.com/documents/emv_chip_technology.pdf MasterCard shares their EMV roadmap in the current issue of "Security Matters" (pp.13-14) http://www.mastercard.com/us/wce/PDF/PSI_Magazine_SecurityMatters_US_2013.pdf Both Visa and MasterCard have the October 15, 2015 "liability forgiveness" for vendors that are fully "chip and pin" and "contactless" (tap to pay). By 2017, similar programs are in place for fuel pumps. |
GarWarner 5 Posts |
Quote |
Dec 27th 2013 7 years ago |
Sign Up for Free or Log In to start participating in the conversation!