This is one of those issues that "seems" like a good idea at first, but, has some negative implications.
My wife worked as a fundraising coordinator and worked with different vendors to sell (or give away) gift cards to people. Since we share a car, there have been many times that I was driving around with a box of gift cards (100? 200? something like that) in the trunk, etc.
You're looking at this rather myopically, as if it was just the gift cards that made the search reasonable. Already you've said - you have the gift cards in a box in the trunk. The passenger of the vehicle was being arrested for an outstanding warrant. As the officer was getting the passenger out of the vehicle he noticed a little bag that was partially hidden in the crevice between the center console and the car seat. That immediately looks like the passenger, who is lawfully under arrest, was trying to hide something prior to his arrest. That immediately raises reasonable suspicion.
I expect this situation happens quite a bit since many vendors work with fundraising coordinators to sell gift cards, etc to raise money for their causes.
If I got stopped for speeding, having the cards be confiscated (so they could later be scanned), with potentially myself being potentially being "held" for 72 hours while that is being done by an outside agency isn't exactly something that I should have to think about.
And why should you think about it? You've already said they are in a box in the trunk. I have never had a police officer ask me what is in a sealed container in my vehicle during a terry stop. Why would they? They have asked me if I am carrying a weapon. They have asked me for my identification. But they generally don't give a damn about anything else. As soon as you start making them suspicious, they start asking more questions. If you decided to let them search the car and they found the gift cards in the trunk, then your explanation of your wife's charitable work would likely suffice. However you have to realize that preloaded cards are used to launder money. It's going to raise suspicion. What you really need to worry about is civil asset forfeiture. What they'll likely do is assume that the gift cards are ill gotten gains and will just take the cards and let you go. Then you'll spend months trying to reclaim that money and will likely never get all of it back. That IS wrong, and very reprehensible. But questioning someone who has 143 cards to see if they have a plausible story and then doing more digging after they can't come up with anything reasonable? I see no problem with it.
In my case, there would be nothing wrong - however, it would be a serious inconvenience! I should be able to carry large amounts of cash, gift cards, etc without getting interrogated, as there can be legitimate reasons to do so (although, most people aren't likely to do so!)
Of course you should. But if you had a bag of $100 bills sitting in your front seat at a traffic stop - be prepared to be questioned. While legal it is not normal. You just admitted that you would consider this situation to be odd yourself.
Realistically, this situation wouldn't happen to someone that didn't have other issues (the people in the article had an outstanding warrant, which made it far more likely those cards weren't legitimate in the LEO's eyes), but that isn't the point. Warrantless searches in my mind should only be for "emergency" situations where there is a clear and present danger (someone locked in a trunk, clear smell of decaying human flesh, etc.)
This is also ignoring the fact that the way the gift cards are designed should be changed to prevent issues like this and the POS system should alert the store so they can call the authorities when people try to use the "stolen" cards.
Unfortunately for crooks, until you have the constitution amended, what they did was safely covered under r
In fact, the police do not use the license plate at all to identify a stolen vehicle.
Not once they're out of their vehicles and looking for it up close, but of course they use the license plate to identify stolen vehicles. At least, potential ones. When they get closer, they can use the VIN.
Yes. That's exactly what I said:
They might use the plate to stop someone with probable cause
I agree with everything you say about the gift cards, but that is not the problem. The article stated it was an opaque bag that was spotted, not 143 gift cards. Unless the warrant of passenger had something to do with an illegal activity the could involve hiding stuff inside small opaque bags the how could there be reasonable suspicion? From my experiences with the courts, the only reason they defendants didn't win getting the search thrown out is that they did have enough money for a good attorney.
It was a reasonable search because the person who was sitting next to the gift card bag was being arrested. It appeared that the person being arrested attempted to hide the bag and failed. At that point a reasonable person would be suspicious of the contents of the bag. And it's the kind of reasonable suspicion that a police officer could easily articulate and a normal person would reasonably understand.
why do you guys keep raising the issue of the AMOUNT of cards?
did the judge declare that the 4th ammendment is null and void if you have 'too many' of something?
now, go ahead: define EXACTLY what 'too many' is.
THAT is my point.
this is bullshit. the law was not followed and a new crap law was essentially created to help cops fuck people over at-will.
carrying 'too many cards' is not a crime. it does not matter what the cards are or any other details.
soon, carrying 'too much money' will be a crime. oops, forgot, they ALREADY declared that a crime;(
I weep for us all. we don't respect laws anymore; we seem to do anything to make authoritarians happier. citizens - they don't really matter anymore, do they?
The amount matters because the police are allowed to search the car and the gift cards with probable cause. The validity of the search is based on the sum total of things taking place at the time of the search. They arrested the passenger of the car for an outstanding warrant. As they arrested him, they noticed that it looked like he was trying to hide evidence of a further crime (bag partially hidden next to his seat). They pull out the card and see an extremely unusual number of gift cards. They ask the owner of the vehicle if they were lawfully purchased. The owner of a vehicle says he bought them from some random guy. I mean, did you read the article? The whole exchange is suspicious as hell. At that point the officer is within the law when he attempts to determine whether or not the property is stolen. There are at least a half a dozen plausible reasons for someone to have that many gift cards but the way the person claimed they were obtained, combined with the fact that they attempted to hide them, and that one of them was already being arrested lead to a legal search.
The information on a license plate is in plain view. The data on a magnetic strip is not.
You may not be able to tell that a car is stolen just from the license plate. In fact, the police do not use the license plate at all to identify a stolen vehicle. They might use the plate to stop someone with probable cause, but they will look at the VINs stamped on the engine block, the dashboard, inside the driver's door, and anywhere else that is required to properly identify the car.
That's one of my problems with the rules of evidence: the only penalty for unlawfully obtaining evidence is that the evidence is thrown out. That protects only the guilty, innocent people who's rights are violated have zero recourse! I thinks cops should be penalized for violating the rules, but if you got evidence of a crime, unless you have reason to suspect that the cops themselves planted the evidence, it should be admissible in court.
I disagree. I say that it protects the innocent also because the police have to think twice before they perform an unlawful search on anyone. While you may say that an innocent person is unlikely to be unlawfully searched, I say look at New York's Stop and Frisk policy. The only thing you have to do wrong in NYC to be unlawfully searched is to have the wrong skin color.
why do cops have a Credit Card reader in their squad car? I'd heard stories of some cops taking payment for tickets when they pull you over and threatening jail time if you don't pay then and there...
Doesn't the back of your drivers license have a magnetic stripe on it? Every state license I have had for the last 10+ years has had one. The data is typically Latin-1 ASCII encoded binary data across multiple magnetic tracks. The data was probably readable on the card, the officer just didn't understand what it meant.
Does a LEO, without a warrant or probable cause, have the legal authority to open a container to peruse it's contents? (No)
These two individuals had 143 gift cards in their car. One of them had an outstanding warrant. Exactly how many gift cards would you consider to be an unreasonable amount? I write software for dealing with gift cards and credit cards and you want to know how many (test) cards I keep on my person? Less than half a dozen with my work stuff. So unless these two young outstanding citizens are going to give them to their 143 closest friends, I would say something is going on. Further more, the police asked them where they got the stack and the defendants indicated that they just bought the gift cards but didn't have a receipt.
I didn't say it was great. I'm just pointing out that it isn't an evil conspiracy hatched by George Soros and Saul Alinsky.
Right. It's an evil conspiracy hatched by the rich white male founding fathers, who wanted to retain control of the nation. What, you thought they were fucking angels?
I do not believe that the United States would even exist without the electoral college. Why would Rhode Island want to participate in a popular presidential election when they have basically no say over who is elected? At least they're guaranteed 2 electoral votes through their senate seats. All of the little states could band together and have their voice heard through the electoral college. The five most populous states contain almost half the US population and would therefore dominate elections. It would lead to neglect of the smaller states and their departure from the union. Were the founding fathers saints? No. Of course not, but it sounds like they understand people a hell of a lot better than you do.
Every election is rigged by design, because of the electoral college system. If you're just now figuring out that the elections are rigged, you slept through civics and should probably refrain from contributing to political conversations.
The Founding Fathers created the electoral college system specifically to prevent populist perverts like Trump becoming president.
If anyone has a beef with the electoral college, take it up with the Founding Fathers.
The Electoral College is also designed to help balance out the distinct advantages of the most populous states. Without the electoral college you'd have almost half the US population in the 5 most populous states. You could probably safely ignore 40 out of the 50 states and still get elected with a popular vote.
Seeing as the majority of people do not seem to share your pain I would guess it is something that you have to work on yourself instead of expecting everyone around you to acquiesce to your wishes.
I have definitely been to events where everyone is holding up their phones and (and worse) tablets. You seriously can't see through all the arms and devices, even if you're tall. But I've also been to other events where almost no one is doing this, and it's just a few inconsiderate people. It just depends on the event and the type of crowd it draws. I would prefer people NOT stick their phones in front of my face while they record a crappy video of whatever event their at. I feel like it's mostly the hardcore snapchat types that do it
Being forced to upgrade to something which in every other country in the world has caused a significant drop in credit card fraud is a damn good thing, not a sueable offence.
The new chip system in the US works differently than the chip system in Europe, so no, the US isn't being forced to adopt what the rest of the world is already using.
For instance, in France I can use a European chip card in a restaurant in the middle of nowhere where there is no cell phone reception (or no landlines), and the transaction gets reconciled later when the transactions get uploaded. In the US, under the new system, no one is allowed to keep the data around for later reconciliation, even in an encrypted form, so that means that the multitudes of authentication handshakes must occur correctly before the transactions get authorised (even if the amounts in question are tiny).
This is incorrect. The US requirement for "Online Only" is strictly for fraud liability. You can use offline PIN in the US (though it can be attacked). Furthermore, all EMV cards, including those issued in France have what is called a velocity limit on the card. When this limit is hit, the card itself requires the next transaction to go online no matter what. If the terminal tells the card that it cannot go online, then the card itself will either reverse a pending ARQC (online request) or will just immediately return an AAC (decline). This is true in all regions where EMV has been implemented.
This is why using smartcards in Europe takes no time at all to get authorized, they're actually faster than magnetic debit/credit cards. But this is also why the current smartcards in US (when used through the chip) are so slow, although in theory they're supposed to be more secure than the European smartcards.
This is also incorrect. The chip transactions in the US are slow because most banks have insisted on implementing EMV incorrectly. A properly configured terminal will process an EMV request in 1-2 seconds in the US. That's not (noticeably) slower than an offline approval. It is literally a few hundred milliseconds longer.
Many of them did. The problem is that the new terminals then need to be certified by each card company before they can be turned on, for each business (not just a hardware certification for the mfg, each deployment requires certification).
That is untrue. You do NOT have to certify each deployment with the card companies. You have to certify the terminal hardware, the kernel on the hardware (card brand specific), the communication from the card terminal to the gateway, and the communication from the gateway to the processor. The processor has to certify from them to the card brand. Most gateways are offering certified hardware + software deployments that only require you to certify with the processor if you develop against their software. If you just take a package that is already certified, you have to do nothing other than meet your PCI requirements that you're already obligated to do. I spend my life writing card terminal drivers and everything I do has to be certified from the terminal to the payment gateway. This is my every day life. You would only need to certify if you made your own software implementation somewhere in that chain. If you write software below the gateway then you may not even need to certify with the card brand, you may be able to just certify with the gateway, depending on what exactly you did.
The card companies have been dragging their feet getting them certified, particularly for small to mid sized businesses. However they did not extend the deadline for those companies that installed the terminals but can't yet use them. So these businesses did what they were supposed to do but they are in a bind now with liability shifted to them but they are unable to even accept chip cards because they can't get the big 4 to certify their installations.
This happened to my local grocery chain. They have the new readers, had them well before the deadline, but they can't use them, even now almost a year after the deadline passed, because they are still in the queue for certification.
Which chain is this? Publix, for instance, chose to write their own card terminal application which requires all kinds of certifications with the card brands, terminal manufacturers, etc. That's a time consuming process. But I've personally had such a project go through certification in a matter of weeks. It's not the card brands holding things up.
The chip thing is a disaster as far as I am concerned:
* It is slow as molasses. Just unreal!
That's an implementation problem - one I see all the time. This has to do with the way they set up their AID Candidate list, most likely. An EMV transaction should take 1-2 seconds.
* It encourages you to forget your card.
* The other day it took 5 MINUTES for it to finally work at a store, the stupid contacts on my card are already corroded and the card is only 4 months old. Guess what, if it doesn't read, they wouldn't allow me any other way to use the card (key it in or swipe it). So it is NOT RELIABLE.
The US region still has what they call technical fallback. They're not supposed to decline to accept your card if it fails to read 3 times then they are supposed to proceed with it as magnetic stripe. There is no fraud liability shift in this case, at least for now.
* There is still no PIN, so it doesn't prevent anyone from picking up my card and using it.
It protects your card from cloning, which is the most common type of card fraud in the US
* It doesn't protect anything with online purchases.
None of the current card technologies protect against Card Not Present transactions
Fail for consumers
Fail for stores
Fail for security
Fail for convenience
Fail for economy
*FAIL*
I don't personally see any failure except in the development teams that do not know how to properly implement EMV.
I'm not sure if I have any sympathy for these retailers. The card industry did not force them to accept chip transactions, they forced them to accept liability if they refused to accept chip transactions. You can still, to this day, accept magnetic stripe data instead of chip data. You can also choose to take cash at any time. They also gave the warning more than a year in advance and even basically extended the deadline past October 2015.
Disclosure: I do make money off the chip card transition. However, I make money off of magnetic stripe implementations also.
So, if I get this right, those Google cars cause about 0.5 accidents per 1M miles? If so, that equates to about 1.5M traffic accidents per year in the US if you replaced every car with a driverless model (assuming all rates are constant, of course). If that seems like a big number, Americans currently drive about 3 trillion miles per year and get into about 5.5 million traffic accidents. If I did the math right, driverless cars will result in about 2/3 fewer accidents per year than we experience now. Should we all welcome our autonomous vehicle overlords now?
The may not be able to MITM the connection, but with the developers' signing key they could push an update out which would send the cleartext straight from the app to the FBI's servers. To avoid that attack vector you would need to disable auto-updates and only install versions (manually, after verifying the signature on the binary) which have undergone a thorough security audit by someone you trust—preferably yourself.
The may not be able to MITM the connection, but with the developers' signing key they could push an update out which would send the cleartext straight from the app to the FBI's servers. To avoid that attack vector you would need to disable auto-updates and only install versions (manually, after verifying the signature on the binary) which have undergone a thorough security audit by someone you trust—preferably yourself.
You're assuming I can trust myself. What if my other personality received a NSL and isn't telling me about it?
Should we not hope for change? Expect things to get better as time goes on? Not to mention the fact that laws were changed after that particular email scandal. As far as I am concerned, though, you can throw the whole lot in jail. Everyone who has tried to hide anything under the FOIA can rot in prison.
This doesn't make much sense for retail, as the CCV isn't used or recorded; the user enters a PIN at the point of sale. But, the CCV could be recorded and fraudulently reused by any online retailer or man-in-the-middle. Randomly changing CCV's would limit the damage.
The CVV is recorded and used in an EMV transaction. In fact, the CVV for each EMV transaction is unique for the transaction parameters - amount, time of transaction, etc. They're just using the same sort of algorithm to generate a CVV that is unique for each Card Not Present transaction the customer wishes to complete.
i.e. you have one hour to test 1000 variations of this number. By distributing the "test load" across a thousand online stores, each of those sites will "think" it is the first incorrect attempt to enter the digits, thus have no reason to flag it as suspicious.
This can be easily automated, therefore it can be done on a large scale.
Except that each of those one thousand online stores would have to hit the issuing bank to validate the CVV which will, obviously, see a very suspicious trend taking place.
Software token would eliminate the need for special card, but would probably be clunkier. Wonder if Apple Pay will eventually incorporate something like this, which seems like it could eliminate need for a card entirely - online or offline.
ApplePay already uses a token. You put in your card number and, when it generates a payload to send up to the processor, it generates a token. If you use NFC ApplePay, it also uses a token but it doesn'tt generate it per transaction, only per device.
instead of being a "huge blow" this might help the criminals, since something algorithmically predictive that depends on other permanent numbers or id info, must be verified,
Chip cards already generate a new CVV each time a transaction is run. All this does it let you do the same thing in the Card Not Present world
Slashdot Mirror
This is one of those issues that "seems" like a good idea at first, but, has some negative implications.
My wife worked as a fundraising coordinator and worked with different vendors to sell (or give away) gift cards to people. Since we share a car, there have been many times that I was driving around with a box of gift cards (100? 200? something like that) in the trunk, etc.
You're looking at this rather myopically, as if it was just the gift cards that made the search reasonable. Already you've said - you have the gift cards in a box in the trunk. The passenger of the vehicle was being arrested for an outstanding warrant. As the officer was getting the passenger out of the vehicle he noticed a little bag that was partially hidden in the crevice between the center console and the car seat. That immediately looks like the passenger, who is lawfully under arrest, was trying to hide something prior to his arrest. That immediately raises reasonable suspicion.
I expect this situation happens quite a bit since many vendors work with fundraising coordinators to sell gift cards, etc to raise money for their causes.
If I got stopped for speeding, having the cards be confiscated (so they could later be scanned), with potentially myself being potentially being "held" for 72 hours while that is being done by an outside agency isn't exactly something that I should have to think about.
And why should you think about it? You've already said they are in a box in the trunk. I have never had a police officer ask me what is in a sealed container in my vehicle during a terry stop. Why would they? They have asked me if I am carrying a weapon. They have asked me for my identification. But they generally don't give a damn about anything else. As soon as you start making them suspicious, they start asking more questions. If you decided to let them search the car and they found the gift cards in the trunk, then your explanation of your wife's charitable work would likely suffice. However you have to realize that preloaded cards are used to launder money. It's going to raise suspicion. What you really need to worry about is civil asset forfeiture. What they'll likely do is assume that the gift cards are ill gotten gains and will just take the cards and let you go. Then you'll spend months trying to reclaim that money and will likely never get all of it back. That IS wrong, and very reprehensible. But questioning someone who has 143 cards to see if they have a plausible story and then doing more digging after they can't come up with anything reasonable? I see no problem with it.
In my case, there would be nothing wrong - however, it would be a serious inconvenience! I should be able to carry large amounts of cash, gift cards, etc without getting interrogated, as there can be legitimate reasons to do so (although, most people aren't likely to do so!)
Of course you should. But if you had a bag of $100 bills sitting in your front seat at a traffic stop - be prepared to be questioned. While legal it is not normal. You just admitted that you would consider this situation to be odd yourself.
Realistically, this situation wouldn't happen to someone that didn't have other issues (the people in the article had an outstanding warrant, which made it far more likely those cards weren't legitimate in the LEO's eyes), but that isn't the point. Warrantless searches in my mind should only be for "emergency" situations where there is a clear and present danger (someone locked in a trunk, clear smell of decaying human flesh, etc.)
This is also ignoring the fact that the way the gift cards are designed should be changed to prevent issues like this and the POS system should alert the store so they can call the authorities when people try to use the "stolen" cards.
Unfortunately for crooks, until you have the constitution amended, what they did was safely covered under r
In fact, the police do not use the license plate at all to identify a stolen vehicle.
Not once they're out of their vehicles and looking for it up close, but of course they use the license plate to identify stolen vehicles. At least, potential ones. When they get closer, they can use the VIN.
Yes. That's exactly what I said:
They might use the plate to stop someone with probable cause
I agree with everything you say about the gift cards, but that is not the problem. The article stated it was an opaque bag that was spotted, not 143 gift cards. Unless the warrant of passenger had something to do with an illegal activity the could involve hiding stuff inside small opaque bags the how could there be reasonable suspicion? From my experiences with the courts, the only reason they defendants didn't win getting the search thrown out is that they did have enough money for a good attorney.
It was a reasonable search because the person who was sitting next to the gift card bag was being arrested. It appeared that the person being arrested attempted to hide the bag and failed. At that point a reasonable person would be suspicious of the contents of the bag. And it's the kind of reasonable suspicion that a police officer could easily articulate and a normal person would reasonably understand.
why do you guys keep raising the issue of the AMOUNT of cards?
did the judge declare that the 4th ammendment is null and void if you have 'too many' of something?
now, go ahead: define EXACTLY what 'too many' is.
THAT is my point.
this is bullshit. the law was not followed and a new crap law was essentially created to help cops fuck people over at-will.
carrying 'too many cards' is not a crime. it does not matter what the cards are or any other details.
soon, carrying 'too much money' will be a crime. oops, forgot, they ALREADY declared that a crime ;(
I weep for us all. we don't respect laws anymore; we seem to do anything to make authoritarians happier. citizens - they don't really matter anymore, do they?
The amount matters because the police are allowed to search the car and the gift cards with probable cause. The validity of the search is based on the sum total of things taking place at the time of the search. They arrested the passenger of the car for an outstanding warrant. As they arrested him, they noticed that it looked like he was trying to hide evidence of a further crime (bag partially hidden next to his seat). They pull out the card and see an extremely unusual number of gift cards. They ask the owner of the vehicle if they were lawfully purchased. The owner of a vehicle says he bought them from some random guy. I mean, did you read the article? The whole exchange is suspicious as hell. At that point the officer is within the law when he attempts to determine whether or not the property is stolen. There are at least a half a dozen plausible reasons for someone to have that many gift cards but the way the person claimed they were obtained, combined with the fact that they attempted to hide them, and that one of them was already being arrested lead to a legal search.
The information on a license plate is in plain view. The data on a magnetic strip is not.
You may not be able to tell that a car is stolen just from the license plate. In fact, the police do not use the license plate at all to identify a stolen vehicle. They might use the plate to stop someone with probable cause, but they will look at the VINs stamped on the engine block, the dashboard, inside the driver's door, and anywhere else that is required to properly identify the car.
That's one of my problems with the rules of evidence: the only penalty for unlawfully obtaining evidence is that the evidence is thrown out. That protects only the guilty, innocent people who's rights are violated have zero recourse! I thinks cops should be penalized for violating the rules, but if you got evidence of a crime, unless you have reason to suspect that the cops themselves planted the evidence, it should be admissible in court.
I disagree. I say that it protects the innocent also because the police have to think twice before they perform an unlawful search on anyone. While you may say that an innocent person is unlikely to be unlawfully searched, I say look at New York's Stop and Frisk policy. The only thing you have to do wrong in NYC to be unlawfully searched is to have the wrong skin color.
why do cops have a Credit Card reader in their squad car? I'd heard stories of some cops taking payment for tickets when they pull you over and threatening jail time if you don't pay then and there...
Doesn't the back of your drivers license have a magnetic stripe on it? Every state license I have had for the last 10+ years has had one. The data is typically Latin-1 ASCII encoded binary data across multiple magnetic tracks. The data was probably readable on the card, the officer just didn't understand what it meant.
Does a LEO, without a warrant or probable cause, have the legal authority to open a container to peruse it's contents? (No)
These two individuals had 143 gift cards in their car. One of them had an outstanding warrant. Exactly how many gift cards would you consider to be an unreasonable amount? I write software for dealing with gift cards and credit cards and you want to know how many (test) cards I keep on my person? Less than half a dozen with my work stuff. So unless these two young outstanding citizens are going to give them to their 143 closest friends, I would say something is going on. Further more, the police asked them where they got the stack and the defendants indicated that they just bought the gift cards but didn't have a receipt.
I didn't say it was great. I'm just pointing out that it isn't an evil conspiracy hatched by George Soros and Saul Alinsky.
Right. It's an evil conspiracy hatched by the rich white male founding fathers, who wanted to retain control of the nation. What, you thought they were fucking angels?
I do not believe that the United States would even exist without the electoral college. Why would Rhode Island want to participate in a popular presidential election when they have basically no say over who is elected? At least they're guaranteed 2 electoral votes through their senate seats. All of the little states could band together and have their voice heard through the electoral college. The five most populous states contain almost half the US population and would therefore dominate elections. It would lead to neglect of the smaller states and their departure from the union. Were the founding fathers saints? No. Of course not, but it sounds like they understand people a hell of a lot better than you do.
The Founding Fathers created the electoral college system specifically to prevent populist perverts like Trump becoming president.
If anyone has a beef with the electoral college, take it up with the Founding Fathers.
The Electoral College is also designed to help balance out the distinct advantages of the most populous states. Without the electoral college you'd have almost half the US population in the 5 most populous states. You could probably safely ignore 40 out of the 50 states and still get elected with a popular vote.
Seeing as the majority of people do not seem to share your pain I would guess it is something that you have to work on yourself instead of expecting everyone around you to acquiesce to your wishes.
I have definitely been to events where everyone is holding up their phones and (and worse) tablets. You seriously can't see through all the arms and devices, even if you're tall. But I've also been to other events where almost no one is doing this, and it's just a few inconsiderate people. It just depends on the event and the type of crowd it draws. I would prefer people NOT stick their phones in front of my face while they record a crappy video of whatever event their at. I feel like it's mostly the hardcore snapchat types that do it
He trolled you with a Donald Trump parody.
The verdict: the Trump Campaign wasn't "tied" to the Russian state-sponsored hacking group(s), but their relationship was just extremely careless.
And no reasonable prosecutor would indict Trump anyway, so why bother?
My password is ********. Seriously 8 *s, No one will ever guess/
That looks like hunter2 on my screen. How did you know my password!?!?
Being forced to upgrade to something which in every other country in the world has caused a significant drop in credit card fraud is a damn good thing, not a sueable offence.
The new chip system in the US works differently than the chip system in Europe, so no, the US isn't being forced to adopt what the rest of the world is already using.
For instance, in France I can use a European chip card in a restaurant in the middle of nowhere where there is no cell phone reception (or no landlines), and the transaction gets reconciled later when the transactions get uploaded. In the US, under the new system, no one is allowed to keep the data around for later reconciliation, even in an encrypted form, so that means that the multitudes of authentication handshakes must occur correctly before the transactions get authorised (even if the amounts in question are tiny).
This is incorrect. The US requirement for "Online Only" is strictly for fraud liability. You can use offline PIN in the US (though it can be attacked). Furthermore, all EMV cards, including those issued in France have what is called a velocity limit on the card. When this limit is hit, the card itself requires the next transaction to go online no matter what. If the terminal tells the card that it cannot go online, then the card itself will either reverse a pending ARQC (online request) or will just immediately return an AAC (decline). This is true in all regions where EMV has been implemented.
This is why using smartcards in Europe takes no time at all to get authorized, they're actually faster than magnetic debit/credit cards. But this is also why the current smartcards in US (when used through the chip) are so slow, although in theory they're supposed to be more secure than the European smartcards.
This is also incorrect. The chip transactions in the US are slow because most banks have insisted on implementing EMV incorrectly. A properly configured terminal will process an EMV request in 1-2 seconds in the US. That's not (noticeably) slower than an offline approval. It is literally a few hundred milliseconds longer.
Just upgrade your damn terminal already.
Many of them did. The problem is that the new terminals then need to be certified by each card company before they can be turned on, for each business (not just a hardware certification for the mfg, each deployment requires certification).
That is untrue. You do NOT have to certify each deployment with the card companies. You have to certify the terminal hardware, the kernel on the hardware (card brand specific), the communication from the card terminal to the gateway, and the communication from the gateway to the processor. The processor has to certify from them to the card brand. Most gateways are offering certified hardware + software deployments that only require you to certify with the processor if you develop against their software. If you just take a package that is already certified, you have to do nothing other than meet your PCI requirements that you're already obligated to do. I spend my life writing card terminal drivers and everything I do has to be certified from the terminal to the payment gateway. This is my every day life. You would only need to certify if you made your own software implementation somewhere in that chain. If you write software below the gateway then you may not even need to certify with the card brand, you may be able to just certify with the gateway, depending on what exactly you did.
The card companies have been dragging their feet getting them certified, particularly for small to mid sized businesses. However they did not extend the deadline for those companies that installed the terminals but can't yet use them. So these businesses did what they were supposed to do but they are in a bind now with liability shifted to them but they are unable to even accept chip cards because they can't get the big 4 to certify their installations. This happened to my local grocery chain. They have the new readers, had them well before the deadline, but they can't use them, even now almost a year after the deadline passed, because they are still in the queue for certification.
Which chain is this? Publix, for instance, chose to write their own card terminal application which requires all kinds of certifications with the card brands, terminal manufacturers, etc. That's a time consuming process. But I've personally had such a project go through certification in a matter of weeks. It's not the card brands holding things up.
I would +1 you if I had points.
The chip thing is a disaster as far as I am concerned:
* It is slow as molasses. Just unreal!
That's an implementation problem - one I see all the time. This has to do with the way they set up their AID Candidate list, most likely. An EMV transaction should take 1-2 seconds.
* It encourages you to forget your card. * The other day it took 5 MINUTES for it to finally work at a store, the stupid contacts on my card are already corroded and the card is only 4 months old. Guess what, if it doesn't read, they wouldn't allow me any other way to use the card (key it in or swipe it). So it is NOT RELIABLE.
The US region still has what they call technical fallback. They're not supposed to decline to accept your card if it fails to read 3 times then they are supposed to proceed with it as magnetic stripe. There is no fraud liability shift in this case, at least for now.
* There is still no PIN, so it doesn't prevent anyone from picking up my card and using it.
It protects your card from cloning, which is the most common type of card fraud in the US
* It doesn't protect anything with online purchases.
None of the current card technologies protect against Card Not Present transactions
Fail for consumers Fail for stores Fail for security Fail for convenience Fail for economy
*FAIL*
I don't personally see any failure except in the development teams that do not know how to properly implement EMV.
I'm not sure if I have any sympathy for these retailers. The card industry did not force them to accept chip transactions, they forced them to accept liability if they refused to accept chip transactions. You can still, to this day, accept magnetic stripe data instead of chip data. You can also choose to take cash at any time. They also gave the warning more than a year in advance and even basically extended the deadline past October 2015.
Disclosure: I do make money off the chip card transition. However, I make money off of magnetic stripe implementations also.
So, if I get this right, those Google cars cause about 0.5 accidents per 1M miles? If so, that equates to about 1.5M traffic accidents per year in the US if you replaced every car with a driverless model (assuming all rates are constant, of course). If that seems like a big number, Americans currently drive about 3 trillion miles per year and get into about 5.5 million traffic accidents. If I did the math right, driverless cars will result in about 2/3 fewer accidents per year than we experience now. Should we all welcome our autonomous vehicle overlords now?
http://www.usacoverage.com/aut...
http://www.afdc.energy.gov/dat...
Sure if you want to drive in circles around Mountain View at half the posted speed limit.
The may not be able to MITM the connection, but with the developers' signing key they could push an update out which would send the cleartext straight from the app to the FBI's servers. To avoid that attack vector you would need to disable auto-updates and only install versions (manually, after verifying the signature on the binary) which have undergone a thorough security audit by someone you trust—preferably yourself.
The may not be able to MITM the connection, but with the developers' signing key they could push an update out which would send the cleartext straight from the app to the FBI's servers. To avoid that attack vector you would need to disable auto-updates and only install versions (manually, after verifying the signature on the binary) which have undergone a thorough security audit by someone you trust—preferably yourself.
You're assuming I can trust myself. What if my other personality received a NSL and isn't telling me about it?
"Back in 2007, the White House "lost" more than five million private emails. The story was barely covered"
"Back in 2007, the White House "lost" more than five million private emails. The story was barely covered"
Should we not hope for change? Expect things to get better as time goes on? Not to mention the fact that laws were changed after that particular email scandal. As far as I am concerned, though, you can throw the whole lot in jail. Everyone who has tried to hide anything under the FOIA can rot in prison.
This doesn't make much sense for retail, as the CCV isn't used or recorded; the user enters a PIN at the point of sale. But, the CCV could be recorded and fraudulently reused by any online retailer or man-in-the-middle. Randomly changing CCV's would limit the damage.
The CVV is recorded and used in an EMV transaction. In fact, the CVV for each EMV transaction is unique for the transaction parameters - amount, time of transaction, etc. They're just using the same sort of algorithm to generate a CVV that is unique for each Card Not Present transaction the customer wishes to complete.
i.e. you have one hour to test 1000 variations of this number. By distributing the "test load" across a thousand online stores, each of those sites will "think" it is the first incorrect attempt to enter the digits, thus have no reason to flag it as suspicious.
This can be easily automated, therefore it can be done on a large scale.
Except that each of those one thousand online stores would have to hit the issuing bank to validate the CVV which will, obviously, see a very suspicious trend taking place.
Software token would eliminate the need for special card, but would probably be clunkier. Wonder if Apple Pay will eventually incorporate something like this, which seems like it could eliminate need for a card entirely - online or offline.
ApplePay already uses a token. You put in your card number and, when it generates a payload to send up to the processor, it generates a token. If you use NFC ApplePay, it also uses a token but it doesn'tt generate it per transaction, only per device.
instead of being a "huge blow" this might help the criminals, since something algorithmically predictive that depends on other permanent numbers or id info, must be verified,
Chip cards already generate a new CVV each time a transaction is run. All this does it let you do the same thing in the Card Not Present world