Domain: creditcardforum.com
Stories and comments across the archive that link to creditcardforum.com.
Comments · 6
-
Re:That's ridiculous
OK, hand over your details here and now if that's how you feel.
It doesn't work if you give them out to somebody willingly, as that is effectively authorizing them to use your card, which you are liable for.
Personally I think this is a good idea, but I think it needs to be improved. GGP mentions using ShopSafe, which uses virtual credit card numbers, but it's ultimately not going to stop fraud:
http://creditcardforum.com/blo...
A good system, IMO, would be one where you authorize only a single transaction to a single merchant using modern cryptography. I.e. a message holding your account number + date + time + payee account number + amount + nonce; message is hashed with sha512, bcrypt, or scrypt, then hash is encrypted with your private EdDSA key. Merchant then passes the message to your bank, who validates with your public key that they have on file, then your bank pays the merchant's account. Even if this message were to be transmitted in plaintext, the account numbers are useless.
This way it could be made easy (for the end user) by using a pin+NFC system, with your credit card just acting as a fob. Modern smartphones would immediately be compatible with it, and some kind of USB NFC reader (emulated as a serial connection) could make any PC compatible as well.
No need to store it on browsers or phones, unless the user simply wanted to; at their own risk of course.
-
Re:If visiting Europe, card should have chip AND P
-
Re:Wow ...
I disagree https://support.authorize.net/... "When a brick and mortar merchant accepts a credit card, and the charge is authorized, and assuming the merchant conforms to regulation, the merchant will get paid, even if a stolen card is used." http://creditcardforum.com/blo... "Even if the millions of consumers burned in the most recent rash of breaches start clamoring for EMV cards, those cards will offer no extra defense unless retailers update their equipment. That will cost merchants money, but the card networks (Visa, MasterCard, AmEx and Discover) are giving both them and card-issuing banks an incentive to upgrade by October 2015. At that point, the networks will institute a “fraud liability shift.” That’s a fancy way of saying “adapt or pay.” If a consumer’s card is involved in fraud, whichever party involved in the transaction (the bank that issued the card or the merchant that accepted it) that didn’t upgrade to EMV will be held accountable." Linked from the previous link a white paper titled Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure? http://www.smartcardalliance.o... "The contact interface requires the issuance of contact chip cards and the installation of contact chip readers at merchants and ATMs and is required if merchants wish to protect themselves from counterfeit magnetic stripe liability shift. " If merchants get protection from a liability shift if they convert to Chip and PIN then they must not currently have liability. Otherwise there is no shift.
-
Re:Better late....
I beg to differ. As someone who travels overseas and needs a chip and pin card, they've been available for years. You're just not looking hard enough. See: http://creditcardforum.com/blo...
I'm not arguing that they are available overseas, and they are available if you request them (from a few banks) in the US. What I am saying is that it's not the retailers but the major card companies (MC/Visa) that have been dragging their feet rolling them out en masse in the US. The National Retailer Federation has been asking for them for a while now. The reason is simple: PCI. Every since PCI came to be in the US, they have a financial motivation to prevent breaches.
Even before the Target breach came to light, they were asking for them and the plan was to start rolling out in October of 2015. However, even then the credit card issuers wanted to make the PIN optional and up to the issuing bank or CU. This would essentially make them chip and sign by default. The retailers want mandatory PINs. -
Re:Thankfully!
As someone else who replied to your message noted: VISA (and in face MasterCard) explicitly forbid this in their terms of service. More can be found here which also links directly to the TOS in question.
-
The fees will have to go a way or come down 7-11
http://creditcardforum.com/blog/7-11-rallies-against-the-credit-card-industry/
7-11 does like them and a system like this may have lot's of fees some times on both sides.