1. Home
  2. Credit card of tomorrow: software, not plastic

Credit card of tomorrow: software, not plastic

[email protected] (News Network)
April 3, 2014

Apr 3: Since the 1970s, paying with plastic has been pretty standard everywhere: customers swiped their cards, signed receipts and took home their purchases.

Credit_cardBut after security breaches at Target late last year led to the loss of personal data from as many as 110 million customers, the financial industry is racing to adopt technologies that will alter that decades-old ritual. Driven largely by security concerns, credit card companies and issuers say they are working to make the system as consumers know it obsolete through smart chips and advanced computer programming.

To many, it is about time. The roots of the magnetic strip on credit cards extend back to World War II, ample time for thieves to learn to hack and steal those black lines of prized account information. Credit card fraud totalled nearly $5.3 billion in the United States alone in 2012, giving the industry plenty of incentive to devise a better system. The amount lost to fraud continues to grow by 30 to 50 per cent a year, according to estimates from the Aite Group, a research company.

Efforts to bolster card security were underway well before hackers broke into the systems of Target, Neiman Marcus, Michaels and other store chains. But the recent data breaches injected new urgency into adopting newer technology. “I think this will become a defining moment about how we in the industry think about security,” said Eileen Serra, the chief executive of Chase Card Services.

The credit card industry, especially in the United States, has long relied on increasingly sophisticated analytical programmes to weed out potentially fraudulent transactions. But it has also focussed on a handful of technologies it contends will better protect customers in stores and online. One is placing microprocessors onto cards, a standard known as EMV for its initial backers: Europay, MasterCard and Visa. Another is known as tokenisation, a way of masking consumers" card information over the Internet. “It"s about taking vulnerable data out of the merchant environment,” said Ellen Richey, Visa"s chief legal officer.

EMV is the best-known technology. Such cards are embedded with smart chips authenticating that their bearers are their rightful users. The chip is also extraordinarily difficult for thieves to counterfeit. Cardholders verify the transaction with a PIN or a signature. Though the latter is less secure, it will likely be more prevalent in the United States at first, though Chase and others expect to offer chip-and-PIN cards this year.

Europe and parts of Asia have already used the system for the better part of a decade, while American merchants and issuers have balked, largely because of cost. Chip-equipped cards cost an estimated $1.30 each to make, while a standard plastic card with a magnetic stripe on the back costs roughly 10 cents. Retailers, too, have been loath to update their systems to accept chip technology because of the added cost.

“EMV is going to cost billions of dollars to implement in this country,” said Shirley W Inscoe, an analyst at the Aite Group. But research suggests that the system works. In 2005, when Britain fully phased in the EMV technology, credit counterfeit card fraud was 25 per cent; such fraud plummeted to 11 per cent seven years later, according to the Aite Group.

Visa, MasterCard and American Express all announced road maps for adopting smart chips more than a year and a half ago, with the aim of forcing most retailers and issuers to put EMV in place by October 2015 in the United States. By then, the liability for any counterfeit fraud will fall on whoever has not adopted the chip technology (gas stations and ATMs will have until 2017 to meet the new requirements.)

From 17 million to 20 million chip cards have been issued in the United States, according to the Smart Card Alliance, an industry group. But that represents just 2 per cent of the one billion cards in use. In many ways, the chip technology is already decades old. It has been around since the 1990s, born in an era before the Internet and widespread e-commerce.

Industry officials concede that such technology would not have prevented the data breach at Target, or any sort of online fraud in which thieves obtained lists of customers" credit card numbers. Markets where EMV has been adopted have shown a significant increase in Internet fraud. That is a gap that tokenisation is meant to fill.

The technology works behind the scenes of a digital transaction: customers still put in their card number, but software then transforms that information into a one-time token — a randomly generated code — that is sent through the payment-processing chain. Thieves who intercept the code can do little with it without the means to unscramble the token.

To many in the industry, part of the technology"s appeal is that it requires less upheaval than EMV customers still put in card information as they always have. And the digital tokens are largely in the same format as traditional card numbers, but mask identifying information.

“Now you don"t have personal information around the world,” Serra said. “With tokenisation, we can keep that data much more secure.” The hope of digital tokens is that they will not be confined to any one way of paying. Websites, digital wallets and mobile devices could all use the technology, broadening its utility. “Every device should have the same foundation,” Ed McLaughlin, MasterCard"s chief emerging payments officer, said.

Token technology

Still, for years token technology lacked the sort of universal standard that underpins chip cards. But in recent months, a joint venture of Visa, MasterCard, American Express and others announced a proposed framework to ensure that everyone was on the same page. At least two of the five biggest card issuers in the United States are adopting some form of tokens, Inscoe said.

A framework for token systems is still being built, and meaningful adoption is years away, said Randy Vanderhoof, the executive director of the Smart Card Alliance. For now, chip cards will help eliminate the most obvious and pressing kinds of fraud. “If your boat is leaking in multiple places, and you can"t plug them all up at the same time, you plug the biggest one first,” Vanderhoof said.

Ultimately, while physical cards will remain in use for some time, many in the industry predict plastic as the primary way to pay will give way to digital wallets embedded in smart phones, tablets and other devices. MasterCard is already testing a way for Australian consumers with Samsung Galaxy S4 phones to pay using their phones.

Smart chips and tokens eventually will be embedded in an array of computers, providing multiple layers of security, Mr McLaughlin of MasterCard said. A consumer"s smartphone will not only have a unique ID, it will also generate one-of-a-kind tokens for every transaction — ones that can easily be disabled if the phone is lost or stolen. “The mag stripe will become functionally obsolete,” Richey of Visa said. “Mobile will take over.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 19,2020

Cybersecurity researchers on Monday warned of a Trojan malware campaign which is targeting India's co-operative banks using COVID-19 as a bait.

Seqrite, the enterprise arm of IT security firm Quick Heal Technologies, detected the new wave of Adwind Java Remote Access Trojan (RAT) campaign.

Researchers at Seqrite warned that if attackers are successful, they can take over the victim's device to steal sensitive data like SWIFT logins and customer details and move laterally to launch large scale cyberattacks and financial frauds.

According to the researchers, the Java RAT campaign starts with a spear-phishing email which claims to have originated from either the Reserve Bank of India or a nationalised bank.

The content of the email refers to COVID-19 guidelines or a financial transaction, with detailed information in an attachment, which is a zip file containing a JAR based malware.

Upon further investigation, researchers at Seqrite found that the JAR based malware is a Remote Access Trojan that can run on any machine which has Java runtime enabled and hence it can impact a variety of endpoints, irrespective of their base operating system.

Once the RAT is installed, the attacker can take over the victim's device, send commands from a remote machine, and spread laterally in the network.

In addition, this malware can also log keystrokes, capture screenshots, download additional payloads, and extract sensitive user information, Seqrite said, adding that such attack campaigns can effectively jeopardise the privacy and security of sensitive data at the co-operative banks and result in large scale attacks and financial frauds.

To prevent such attacks, users need to exercise ample caution and avoid opening attachments and clicking on web links in unsolicited emails.

Banks should also keep their operating systems updated and have a full-fledged security solution installed on all the devices, Seqrite advised.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
March 13,2020

Bengaluru, Mar 13: In the wake of fresh cases of Covid-19 reported in Karnataka, Infosys Foundation chairperson Sudha Murty has urged the Karnataka government to take steps to shut malls and theatres, saying the coronavirus multiplies in air-conditioned areas.

In a letter to the government, she said preventive measures should be taken to control the spread of coronovirus before it gets worse.

Murty, who also leads the State government-constituted Karnataka Tourism Task Force, said she has discussed the current situation with Chairman and Executive Director of Narayana Health, Devi Prasad Shetty.

She suggested closure of all schools and colleges with immediate effect, malls, theatres and “all air-conditioned areas where the virus multiplies”, and allow only essential services like pharmacy, grocery and petrol bunks.

“It is not scientifically proven that the virus dies in high temperature,” she said pointing to spread of the virus -- despite heat -- in peak summer in Australia and Singapore, which have “summer all 12 months”.

“I request you to vacate one government hospital with at least 500 - 700 beds for this purpose (to deal with coronavirus cases), which requires oxygen lines and pipes,” she said.

“Infosys Foundation, the philanthropic and CSR arm of software major Infosys, would do the civil work and Devi Shetty has agreed to share resources like medical equipment,” she added.

“We would like to work with the government proactively so that we can prevent this as early as possible,” Sudha Murty said.

The total number of confirmed coronavirus positive cases in Karnataka is five, including the 76-year old man from Kalaburagi who died on Tuesday night.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
June 26,2020

Facebook will introduce a new notification screen on its platform that will warn users if the article they are about to share is over 90 days old, the company announced on Thursday.

“We’re starting to globally roll out a notification screen that will let people know when news articles they are about to share are more than 90 days old,” Facebook wrote in a blog post.

The social media platform had previously introduced a context button in 2018 that provides information about the sources of articles in the News Feed. Building upon that, the new feature will inform users about the timeliness of the article.

“To ensure people have the context they need to make informed decisions about what to share on Facebook, the notification screen will appear when people click the share button on articles older than 90 days, but will allow people to continue sharing if they decide an article is still relevant,” Facebook said.

The social media giant stated that timeliness is important in understanding the context of an article and curbing the spread of misinformation on the platform.

“News publishers, in particular, have expressed concerns about older stories being shared on social media as current news, which can misconstrue the state of current events. Some news publishers have already taken steps to address this on their own websites by prominently labelling older articles to prevent outdated news from being used in misleading ways,” Facebook added.

Apart from this, the platform will also be testing a similar notification screen for information related to the global Covid-19 pandemic. The notification screen will provide information about the source of the link shared in a post if the link is related to information on Covid-19. It will also direct people to its previously introduced Covid-19 information centre for “authoritative” health information, it said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.