Posts

Chip and PIN, will It save Us?

Many Americans, says a recent survey by Gallup, worry about a data breach connected to the use of their credit cards. Interestingly, many people use a credit card for everything under the sun: even just a soda and bag of chips from the convenience mart. The more you use a credit card, the more likely it will be compromised by cyber thieves.

1CThe magnetic stripe technology for credit cards makes them so “hackable.” One way to help prevent credit card crimes is to implement a chip-and-PIN technology. It’s been touted as a sure way to keep crime at bay. But is it what it’s cracked up to be? After all, how could the thief, holding your credit card, know your PIN?

The magnetic stripe contains account information. This can easily be copied with a thief’s tools such as a skimming device. A chip card uses a microprocessor that’s embedded. This makes the account information non-accessible to a hacker during any point of a sales transaction.

There are additional features to chip technology that tie into keeping fraud away:

  • Every time the card is used is recorded.
  • A cryptogram lets banks view the data flow.

Chip technology will be coming out in 2015 for the States, and experts are very confident that this transition will choke a lot of life out of card fraudsters. The transition will cost around $8 billion—if done correctly. And this “roll-out phase” won’t happen overnight, either.

There has been credit card fraud involving chip technology. Here’s how it happened: The crooks stole account information from magnetic stripes via skimming. The transactions were then done EMV style, then the criminals picked up traffic from an authentic EMV chip transaction. Next, the thieves put the information they’d skimmed into the transaction, and pulled off their crime.

In short, chip-and-pin technology is not without the element of human error; EMV can still be implemented poorly. As for that human error, this happened not too long ago with Canadian banks. They were struck with a big financial loss because the counter data and cryptograms were not being checked efficiently.

We can have a really great thing here—if it’s implemented in a smart way. What good is an advancement in technology if it’s carelessly employed?

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Chip and PIN vs. Chip and Signature Cards

The planet’s most powerful nation is sure backwards when it comes to the payment card industry: Why has America been using 1970s technology as of the posting date of this article? That magnetic strip on credit and debit cards has GOT to go already! And thank goodness, the transition to chip technology is more imminent than ever.

1CFor those of you out of the loop, the stripe makes it ridiculously easy for cyber thieves to commit all sorts of crimes. (Remember Target?) The chip in most cases will trip them up on this.

Chip-and-PIN technology is better than chip-and-signature. However, the chip-and-signature is taking a much stronger root in America than the PIN version. The signature version’s most obvious drawback is that it’s useless in all the other nations where PIN technology rules.

Additional Problems with Chip ‘n Signature

  • A signature can be forged.
  • The card can be intercepted prior to transaction completion.
  • Will be very costly to convert the current stripe technology to signature—but the investment will not offset the cost due to the inherent weaknesses in signature-based technology.
  • Consumers, thinking that the “chip” part of the signature version means great security, will be miffed once they realize how vulnerable signature actually is.

Benefits of Chip ‘n PIN

  • The card issuer must assign the personal identification number prior to mailing the card to the user; the user must reset the PIN at a branch. Just like a debit card. Easy.
  • Makes it really difficult for criminals to use a person’s credit or debit card in a fraudulent way. A most obvious example is that if a thief steals or finds a lost credit card…and tries to make a purchase…he’ll come to a dead end when it’s time to enter the PIN.

Drawbacks of Chip ‘n PIN

  • Will cost an arm and a leg to implement on a universal scale, and unfortunately, funds are already being diverted to switch over to the signature technology rather than the chip.

Solutions to the Signature Problem

  • To nab or prevent imposters from making that signature, certain technologies like geo-location can be implemented to determine if the customer is the real owner of the card. There’d be multiple technologies in place for verifying ownership.
  • The transaction can require voice biometrics with a smartphone: The system will approve the purchase only when the card user’s voice is identified as that of the real owner.
  • The second point here would be contingent on authenticating the smartphone.

But all that seems a little complicated an unnecessary. We really should just use the Chip and Signature. Or how about we just use Apple Pay!

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Chip and PIN or Chip and Signature?

OK, there’s lots going on here. Read slowly and wrap your brain around this. So which offers more security? Chip-and-PIN or chip-and-signature for your card payments? Chip-and-PIN wins. This is due to two authentication forms: the card and the PIN, which is stored in your head (or should be, anyways, rather than on some small piece of paper crinkled inside your purse).

1CBut chip-and-signature has its virtues for all involved. One reason is that most people don’t know their credit card PIN, something like 5-10 percent knowing it. If credit card payments were only via chip-and-PIN, consumers would memorize their PINs very quickly.

Another issue is that only one-fourth of U.S. POS terminals have a PIN pad. This means a lot of money spent by merchants to accommodate a chip-and-PIN-only environment with updated POS terminals.

On the other hand, this investment can pay off because, says a 2013 Fed Payments Study Summary, PIN debit transactions come with a much lower fraud loss rate than do signature transactions.

A PIN based transaction brings unwanted issues to some merchants, e.g., car rental companies requiring preauthorization transactions prior to the final transaction amount. Car rental and lodging companies, however, better like the signature based transaction because it has a separate authorization and settlement process.

Other merchants, too, must make some big decisions, such as the restaurant industry: To accommodate customers who want to use their mobiles for payments at their table, restaurants will have to pay a pretty penny for terminals.

The chip-and-PIN comes with a human based flaw: If a buyer forgets their PIN, the transaction will be incomplete. The signature based transaction has the signature to complete the transaction.

All of these pros and cons must be carefully considered among consumers, merchants and the card payment industry. But what bankers and merchants seem to agree on is that the magnetic strip is getting very old and needs to be replaced by a more secure technology: the chip.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Dumb Criminal Tries To Guess PIN 50 Times

What do you do when you are picked up in a cab and the driver suspects your home will be vacant while you are gone?

The Manchester Evening News reports “A BUNGLING burglar went to the same ATM more than 50 times – to try and guess the PIN numbers of bank cards he had stolen. He thought he might strike it lucky if he kept on putting in random sets of four numbers into the ATM machine. But, with the odds of correctly guessing a card’s PIN number ranked at one in 10,000, and he never managed to make a single withdrawal.”

Police believe the dumb criminal may have used his job as a taxi driver to pick out homes where he had picked people up and he would then return to at night and break into. He pleaded guilty to eight counts of burglary and was jailed for three years four months.

Whenever I’m picked up in a cab from my home I always get on the phone and fake or make a real call and say “Bill, can you make sure when I’m gone that the Dog stays in the house? He got out again and bit someone bad, there was blood everywhere, and please set the home alarm, and I’ll only be gone a short time this is just a shuttle”.

This puts enough doubt in the mind of the cabbie to choose my home as his next target.

Get the new ADT Pulse™ system which has 5 ways to turn on/ off the system including a wired keypad, touchpad, iPhone app, remote control and a PC.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News.