SoylentNews is people
SoylentNews
Deterred by the security capabilities of chip cards for in-store payments, thieves have resorted to stealing credit-card numbers and passwords or opening new accounts with false credentials to use in making online payments for purchases, according to recent studies. Botnets also comprise some of the biggest increases in online card fraud.
"We predicted this [online fraud increase] would happen following [chip] cards in the banking industry years ago," said Mike Lynch, chief strategy officer at InAuth, a vendor of mobile and browser security products. (InAuth was recently purchased by American Express, but will remain a subsidiary.) Other countries, including Canada and Australia, also saw big jumps in online card fraud after chip cards were adopted, he said.
Lynch said the online fraud increase is probably higher for financial institutions than for merchants, but merchants are more open about the problem and discuss it more freely. "Banks don't typically want to disclose fraud," he said.
The amount of dollars put at risk by online fraud went up 55% from the second quarter of 2015 to the second quarter of 2016, according to the Pymnts.com study. That was a jump from $4.90 to $7.60 per $100 of online sales. For luxury goods alone, the dollars at risk were $12.10 per $100 in sales in late 2016.
Botnets were behind many of these attacks. The rate of attacks by botnets increased by 47% for the same period for all goods and by 87% for luxury goods alone, Pymnts.com said.
-- submitted from IRC
(Score: 0) by Anonymous Coward on Sunday February 05 2017, @06:22PM
The encryption keys we care about are the one on the chip itself. The security of the chip-card system is already based on it being difficult to extract the encryption keys stored in the chip on the card. It's not completely unreasonable to have a USB device that would let a computer communicate with that chip for online purchases, but I don't know if there's issues that would make it infeasible.