Domain: smartcardalliance.org
Stories and comments across the archive that link to smartcardalliance.org.
Comments · 8
-
Re:barcode
It's a contactless EMV card without the plastic.
http://www.smartcardalliance.o...Basically, you wave your radio-barcode through the induction field and the payment terminal then goes online using the ring's serial number instead of your credit card number?
So yeah, more complicated than that. It's also *possible* that it's contactless MSD, which is essentially reading MSR data at a distance, but I'm guessing it's EMV since the latter is extremely insecure.
-
Re: It works for me
“Fraud on lost and stolen cards is now at its lowest level for two decades and counterfeit card fraud losses have also fallen and are at their lowest level since 1999. Losses at U.K. retailers have fallen by 67 per cent since 2004; lost and stolen card fraud fell by 58 per cent between 2004 and 2009; and mail non-receipt fraud has fallen by 91 per cent since 2004.”
-
Re:For all of you USA haters out there:
What were they doing before the useless encryption chips? Stealing dozens of cards and beating the PINs out of the owners? How did these magical encryption chips put a stop to this practice?
Cloning magstripe cards to use in ATMs. The chips can't be cloned.
“Fraud on lost and stolen cards is now at its lowest level for two decades and counterfeit card fraud losses have also fallen and are at their lowest level since 1999. Losses at U.K. retailers have fallen by 67 per cent since 2004; lost and stolen card fraud fell by 58 per cent between 2004 and 2009; and mail non-receipt fraud has fallen by 91 per cent since 2004.”
Similarly, the national roll-out of EMV in Canada in 2008 had a dramatic impact on fraud. Losses from card skimming in Canada fell from CAD$142 million in 2009 to CAD$38.5 million in 2012, according to the Interac Association.
-
Re:Wow ...
I disagree https://support.authorize.net/... "When a brick and mortar merchant accepts a credit card, and the charge is authorized, and assuming the merchant conforms to regulation, the merchant will get paid, even if a stolen card is used." http://creditcardforum.com/blo... "Even if the millions of consumers burned in the most recent rash of breaches start clamoring for EMV cards, those cards will offer no extra defense unless retailers update their equipment. That will cost merchants money, but the card networks (Visa, MasterCard, AmEx and Discover) are giving both them and card-issuing banks an incentive to upgrade by October 2015. At that point, the networks will institute a “fraud liability shift.” That’s a fancy way of saying “adapt or pay.” If a consumer’s card is involved in fraud, whichever party involved in the transaction (the bank that issued the card or the merchant that accepted it) that didn’t upgrade to EMV will be held accountable." Linked from the previous link a white paper titled Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure? http://www.smartcardalliance.o... "The contact interface requires the issuance of contact chip cards and the installation of contact chip readers at merchants and ATMs and is required if merchants wish to protect themselves from counterfeit magnetic stripe liability shift. " If merchants get protection from a liability shift if they convert to Chip and PIN then they must not currently have liability. Otherwise there is no shift.
-
Re:Disable the RFID
I just happen to have been doing some research in a closely related subject, the new passports.
If you want information from the industry side, go look at: Smart Card Alliance. They provide a wealth of information on the subject.
There is also a paper on "contactless" smartcard security.
From the other side, you can read the paper on "Relay Attacks" by Kfir and Wool.
There is also a piece in the New York Times.
Most credit card companies are going to be coming out with these cards. This is what the MasterCard PayPass commercials are about. The main issues will be with the way the individual banks implement security. They aren't supposed to transmit your name, or provide the number from your card. What you are hearing about are the situations where the security wasn't implemented. I'm not saying there aren't concerns.
My question is what is going to happen when we have three of these cards in our wallet and we go to pay. Do we get prompted for which one to use? On a further note. It looks like they want to put the chip in your cell phone and you would be able to select your method of payment from your phone. -
Not really "new" and it might just work...Things like this have been kicking around the federal government for years and this particular initiative dates to August when the President issued HSPD12, http://csrc.nist.gov/policies/Presidential-Direct
i ve-Hspd-12.html, basically saying IDs ought to be issued in a standard way. So much for the Washington Post scoop.Flamebait aside, this has a good chance at increasing security, if done right. NIST is the right agency to handle this. It's not intended to be a centralized national ID, but a standard way of defining what IDs look and act like. Basically, a guard doesn't have to remember all the different agency and vendor ID cards no matter what door he gets transferred to.
Since every dorm has a kid that "can make it look real" verifying that ID is the key. Here's where the folks at NIST and the rest of the Feds really need to earn their pay. If you can't verify who issued the ID and how, it doesn't have much security. The Smart Card Alliance sponsored a good white paper on the "Chain of Trust" concept, http://www.smartcardalliance.org/alliance_activit
i es/secure_id_systems_report.cfm These IDs can't be issued by one entity so unless the effort includes a easy, fast and secure method to verify both the identity and how it was issued, they are just setting up a beauty contest between the forgers. -
Re:ummm ok
-
ummm ok
that's cool and all,..but what are smartcards exactly?
I was looking all over the site and all I could make of it was that they were cards with microprocessors that could be contactless?
I did find this and it told me that it could be storage medium or a microcomputer, Could these be really cool ways to add a second or third CPU to my box??
oh yeah, check this out too
404'ed!