Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Sunday February 05 2017, @02:32AM   Printer-friendly
from the solution:-pay-only-in-rutabegas dept.

Deterred by the security capabilities of chip cards for in-store payments, thieves have resorted to stealing credit-card numbers and passwords or opening new accounts with false credentials to use in making online payments for purchases, according to recent studies. Botnets also comprise some of the biggest increases in online card fraud.

"We predicted this [online fraud increase] would happen following [chip] cards in the banking industry years ago," said Mike Lynch, chief strategy officer at InAuth, a vendor of mobile and browser security products. (InAuth was recently purchased by American Express, but will remain a subsidiary.) Other countries, including Canada and Australia, also saw big jumps in online card fraud after chip cards were adopted, he said.

Lynch said the online fraud increase is probably higher for financial institutions than for merchants, but merchants are more open about the problem and discuss it more freely. "Banks don't typically want to disclose fraud," he said.

The amount of dollars put at risk by online fraud went up 55% from the second quarter of 2015 to the second quarter of 2016, according to the Pymnts.com study. That was a jump from $4.90 to $7.60 per $100 of online sales. For luxury goods alone, the dollars at risk were $12.10 per $100 in sales in late 2016.

Botnets were behind many of these attacks. The rate of attacks by botnets increased by 47% for the same period for all goods and by 87% for luxury goods alone, Pymnts.com said.

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Insightful) by nitehawk214 on Sunday February 05 2017, @04:45PM

    by nitehawk214 (1304) on Sunday February 05 2017, @04:45PM (#463134)

    That makes no sense whatsoever. At home therefore is nobody there to verify the hardware has not been tampered with. How could you possibly prove the USB chip reader was even real? Magic encryption keys on the device? Laughable.

    Heck even in stores with a cashier or camera watching, machines get tampered with.

    What are you proposing, making every home PC a regulated back box tightly controlled by the government, or worse... Microsoft?

    --
    "Don't you ever miss the days when you used to be nostalgic?" -Loiosh
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Sunday February 05 2017, @06:22PM

    by Anonymous Coward on Sunday February 05 2017, @06:22PM (#463152)

    The encryption keys we care about are the one on the chip itself. The security of the chip-card system is already based on it being difficult to extract the encryption keys stored in the chip on the card. It's not completely unreasonable to have a USB device that would let a computer communicate with that chip for online purchases, but I don't know if there's issues that would make it infeasible.

  • (Score: 2) by sjames on Sunday February 05 2017, @11:54PM

    by sjames (2882) on Sunday February 05 2017, @11:54PM (#463226) Journal

    Some of the chips the banks did not select for use in credit cards are capable of enough processing to require passwords and to sign transaction records presented to them.

    The system they SHOULD use would have the card reader acting as a serial connection to the chip. In store purchases could be handled entirely by a POS or the customer might prefer to enter a password and a transaction limit using his own device and then slot the card so the POS can present it with a transaction record to sign.

    Online sales would simply require that the customer somehow sign a transaction record using a key the bank will recognize. One such way would be a dirt cheap USB card interface (dirt cheap since all it needs to do is provide power and a serial port to the chip) and their credit card.

    Since the transaction is driven by the chip on the card, there's no need to trust the PC OR a POS terminal.