1. Home
  2. Credit card of tomorrow: software, not plastic

Credit card of tomorrow: software, not plastic

[email protected] (News Network)
April 3, 2014

Apr 3: Since the 1970s, paying with plastic has been pretty standard everywhere: customers swiped their cards, signed receipts and took home their purchases.

Credit_cardBut after security breaches at Target late last year led to the loss of personal data from as many as 110 million customers, the financial industry is racing to adopt technologies that will alter that decades-old ritual. Driven largely by security concerns, credit card companies and issuers say they are working to make the system as consumers know it obsolete through smart chips and advanced computer programming.

To many, it is about time. The roots of the magnetic strip on credit cards extend back to World War II, ample time for thieves to learn to hack and steal those black lines of prized account information. Credit card fraud totalled nearly $5.3 billion in the United States alone in 2012, giving the industry plenty of incentive to devise a better system. The amount lost to fraud continues to grow by 30 to 50 per cent a year, according to estimates from the Aite Group, a research company.

Efforts to bolster card security were underway well before hackers broke into the systems of Target, Neiman Marcus, Michaels and other store chains. But the recent data breaches injected new urgency into adopting newer technology. “I think this will become a defining moment about how we in the industry think about security,” said Eileen Serra, the chief executive of Chase Card Services.

The credit card industry, especially in the United States, has long relied on increasingly sophisticated analytical programmes to weed out potentially fraudulent transactions. But it has also focussed on a handful of technologies it contends will better protect customers in stores and online. One is placing microprocessors onto cards, a standard known as EMV for its initial backers: Europay, MasterCard and Visa. Another is known as tokenisation, a way of masking consumers" card information over the Internet. “It"s about taking vulnerable data out of the merchant environment,” said Ellen Richey, Visa"s chief legal officer.

EMV is the best-known technology. Such cards are embedded with smart chips authenticating that their bearers are their rightful users. The chip is also extraordinarily difficult for thieves to counterfeit. Cardholders verify the transaction with a PIN or a signature. Though the latter is less secure, it will likely be more prevalent in the United States at first, though Chase and others expect to offer chip-and-PIN cards this year.

Europe and parts of Asia have already used the system for the better part of a decade, while American merchants and issuers have balked, largely because of cost. Chip-equipped cards cost an estimated $1.30 each to make, while a standard plastic card with a magnetic stripe on the back costs roughly 10 cents. Retailers, too, have been loath to update their systems to accept chip technology because of the added cost.

“EMV is going to cost billions of dollars to implement in this country,” said Shirley W Inscoe, an analyst at the Aite Group. But research suggests that the system works. In 2005, when Britain fully phased in the EMV technology, credit counterfeit card fraud was 25 per cent; such fraud plummeted to 11 per cent seven years later, according to the Aite Group.

Visa, MasterCard and American Express all announced road maps for adopting smart chips more than a year and a half ago, with the aim of forcing most retailers and issuers to put EMV in place by October 2015 in the United States. By then, the liability for any counterfeit fraud will fall on whoever has not adopted the chip technology (gas stations and ATMs will have until 2017 to meet the new requirements.)

From 17 million to 20 million chip cards have been issued in the United States, according to the Smart Card Alliance, an industry group. But that represents just 2 per cent of the one billion cards in use. In many ways, the chip technology is already decades old. It has been around since the 1990s, born in an era before the Internet and widespread e-commerce.

Industry officials concede that such technology would not have prevented the data breach at Target, or any sort of online fraud in which thieves obtained lists of customers" credit card numbers. Markets where EMV has been adopted have shown a significant increase in Internet fraud. That is a gap that tokenisation is meant to fill.

The technology works behind the scenes of a digital transaction: customers still put in their card number, but software then transforms that information into a one-time token — a randomly generated code — that is sent through the payment-processing chain. Thieves who intercept the code can do little with it without the means to unscramble the token.

To many in the industry, part of the technology"s appeal is that it requires less upheaval than EMV customers still put in card information as they always have. And the digital tokens are largely in the same format as traditional card numbers, but mask identifying information.

“Now you don"t have personal information around the world,” Serra said. “With tokenisation, we can keep that data much more secure.” The hope of digital tokens is that they will not be confined to any one way of paying. Websites, digital wallets and mobile devices could all use the technology, broadening its utility. “Every device should have the same foundation,” Ed McLaughlin, MasterCard"s chief emerging payments officer, said.

Token technology

Still, for years token technology lacked the sort of universal standard that underpins chip cards. But in recent months, a joint venture of Visa, MasterCard, American Express and others announced a proposed framework to ensure that everyone was on the same page. At least two of the five biggest card issuers in the United States are adopting some form of tokens, Inscoe said.

A framework for token systems is still being built, and meaningful adoption is years away, said Randy Vanderhoof, the executive director of the Smart Card Alliance. For now, chip cards will help eliminate the most obvious and pressing kinds of fraud. “If your boat is leaking in multiple places, and you can"t plug them all up at the same time, you plug the biggest one first,” Vanderhoof said.

Ultimately, while physical cards will remain in use for some time, many in the industry predict plastic as the primary way to pay will give way to digital wallets embedded in smart phones, tablets and other devices. MasterCard is already testing a way for Australian consumers with Samsung Galaxy S4 phones to pay using their phones.

Smart chips and tokens eventually will be embedded in an array of computers, providing multiple layers of security, Mr McLaughlin of MasterCard said. A consumer"s smartphone will not only have a unique ID, it will also generate one-of-a-kind tokens for every transaction — ones that can easily be disabled if the phone is lost or stolen. “The mag stripe will become functionally obsolete,” Richey of Visa said. “Mobile will take over.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
February 29,2020

Ahmedabad, Feb 29: The presence of two feral pigeons onboard a GoAir flight at the airport in Ahmedabad in Gujarat created a flutter among the amused passengers, even though the avian surprise did not lead to any untoward incident or delay in the flight.

The incident took place on Friday when the passengers were boarding the Ahmedabad-Jaipur flight.

"Two pigeons had found their way inside the flight G8 702 while the passengers were boarding," an airline statement said on Saturday.

"The crew immediately shooed away the birds. The flight took off at its scheduled time at 5 p.m.," it added.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 19,2020

Cybersecurity researchers on Monday warned of a Trojan malware campaign which is targeting India's co-operative banks using COVID-19 as a bait.

Seqrite, the enterprise arm of IT security firm Quick Heal Technologies, detected the new wave of Adwind Java Remote Access Trojan (RAT) campaign.

Researchers at Seqrite warned that if attackers are successful, they can take over the victim's device to steal sensitive data like SWIFT logins and customer details and move laterally to launch large scale cyberattacks and financial frauds.

According to the researchers, the Java RAT campaign starts with a spear-phishing email which claims to have originated from either the Reserve Bank of India or a nationalised bank.

The content of the email refers to COVID-19 guidelines or a financial transaction, with detailed information in an attachment, which is a zip file containing a JAR based malware.

Upon further investigation, researchers at Seqrite found that the JAR based malware is a Remote Access Trojan that can run on any machine which has Java runtime enabled and hence it can impact a variety of endpoints, irrespective of their base operating system.

Once the RAT is installed, the attacker can take over the victim's device, send commands from a remote machine, and spread laterally in the network.

In addition, this malware can also log keystrokes, capture screenshots, download additional payloads, and extract sensitive user information, Seqrite said, adding that such attack campaigns can effectively jeopardise the privacy and security of sensitive data at the co-operative banks and result in large scale attacks and financial frauds.

To prevent such attacks, users need to exercise ample caution and avoid opening attachments and clicking on web links in unsolicited emails.

Banks should also keep their operating systems updated and have a full-fledged security solution installed on all the devices, Seqrite advised.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
June 7,2020

New Delhi, Jun 7: The Government of India (GoI) must strengthen the laws to protect animals, said People for the Ethical Treatment of Animals (PETA) India CEO Dr Manilal Valliyate on Sunday, following an elephant's death in Kerala and cow injured due to ingestion of explosives in Himachal Pradesh.

"Such incidents are not just restricted to certain regions but are happening all across the country. PETA receives more than 100 similar cases every day. People send in their complaints to us, not just for cows and elephants but for so many other animals as well," he said.

The PETA chief urged the GoI to strengthen the laws established to protect animals.

"As per the current laws set out against animal cruelty, the perpetrator would only be charged Rs 50,000 as a fine. That is equivalent to no punishment at all," added PETA India CEO.

He expressed his anguish against municipal agencies as well, saying that they are not doing "serious" work. He also highlighted how cows are left on the roads to wander, after milking them, to feed on garbage, in several parts of the country.

"These injustices against animals through explosives has been going on for quite a while. But for the first time, it has received such public attention," he said.

After a pregnant elephant was fed cracker-filled pineapple and her eventual death on May 27 in Kerala's Palakkad district, a pregnant cow sustained fatal injuries on May 25 due to accidental ingestion of explosives in Dadh village of Bilaspur district of Himachal Pradesh.

One person has been arrested in the Dadh village for allegedly hurting the cow.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.