1. Home
  2. Credit card of tomorrow: software, not plastic

Credit card of tomorrow: software, not plastic

[email protected] (News Network)
April 3, 2014

Apr 3: Since the 1970s, paying with plastic has been pretty standard everywhere: customers swiped their cards, signed receipts and took home their purchases.

Credit_cardBut after security breaches at Target late last year led to the loss of personal data from as many as 110 million customers, the financial industry is racing to adopt technologies that will alter that decades-old ritual. Driven largely by security concerns, credit card companies and issuers say they are working to make the system as consumers know it obsolete through smart chips and advanced computer programming.

To many, it is about time. The roots of the magnetic strip on credit cards extend back to World War II, ample time for thieves to learn to hack and steal those black lines of prized account information. Credit card fraud totalled nearly $5.3 billion in the United States alone in 2012, giving the industry plenty of incentive to devise a better system. The amount lost to fraud continues to grow by 30 to 50 per cent a year, according to estimates from the Aite Group, a research company.

Efforts to bolster card security were underway well before hackers broke into the systems of Target, Neiman Marcus, Michaels and other store chains. But the recent data breaches injected new urgency into adopting newer technology. “I think this will become a defining moment about how we in the industry think about security,” said Eileen Serra, the chief executive of Chase Card Services.

The credit card industry, especially in the United States, has long relied on increasingly sophisticated analytical programmes to weed out potentially fraudulent transactions. But it has also focussed on a handful of technologies it contends will better protect customers in stores and online. One is placing microprocessors onto cards, a standard known as EMV for its initial backers: Europay, MasterCard and Visa. Another is known as tokenisation, a way of masking consumers" card information over the Internet. “It"s about taking vulnerable data out of the merchant environment,” said Ellen Richey, Visa"s chief legal officer.

EMV is the best-known technology. Such cards are embedded with smart chips authenticating that their bearers are their rightful users. The chip is also extraordinarily difficult for thieves to counterfeit. Cardholders verify the transaction with a PIN or a signature. Though the latter is less secure, it will likely be more prevalent in the United States at first, though Chase and others expect to offer chip-and-PIN cards this year.

Europe and parts of Asia have already used the system for the better part of a decade, while American merchants and issuers have balked, largely because of cost. Chip-equipped cards cost an estimated $1.30 each to make, while a standard plastic card with a magnetic stripe on the back costs roughly 10 cents. Retailers, too, have been loath to update their systems to accept chip technology because of the added cost.

“EMV is going to cost billions of dollars to implement in this country,” said Shirley W Inscoe, an analyst at the Aite Group. But research suggests that the system works. In 2005, when Britain fully phased in the EMV technology, credit counterfeit card fraud was 25 per cent; such fraud plummeted to 11 per cent seven years later, according to the Aite Group.

Visa, MasterCard and American Express all announced road maps for adopting smart chips more than a year and a half ago, with the aim of forcing most retailers and issuers to put EMV in place by October 2015 in the United States. By then, the liability for any counterfeit fraud will fall on whoever has not adopted the chip technology (gas stations and ATMs will have until 2017 to meet the new requirements.)

From 17 million to 20 million chip cards have been issued in the United States, according to the Smart Card Alliance, an industry group. But that represents just 2 per cent of the one billion cards in use. In many ways, the chip technology is already decades old. It has been around since the 1990s, born in an era before the Internet and widespread e-commerce.

Industry officials concede that such technology would not have prevented the data breach at Target, or any sort of online fraud in which thieves obtained lists of customers" credit card numbers. Markets where EMV has been adopted have shown a significant increase in Internet fraud. That is a gap that tokenisation is meant to fill.

The technology works behind the scenes of a digital transaction: customers still put in their card number, but software then transforms that information into a one-time token — a randomly generated code — that is sent through the payment-processing chain. Thieves who intercept the code can do little with it without the means to unscramble the token.

To many in the industry, part of the technology"s appeal is that it requires less upheaval than EMV customers still put in card information as they always have. And the digital tokens are largely in the same format as traditional card numbers, but mask identifying information.

“Now you don"t have personal information around the world,” Serra said. “With tokenisation, we can keep that data much more secure.” The hope of digital tokens is that they will not be confined to any one way of paying. Websites, digital wallets and mobile devices could all use the technology, broadening its utility. “Every device should have the same foundation,” Ed McLaughlin, MasterCard"s chief emerging payments officer, said.

Token technology

Still, for years token technology lacked the sort of universal standard that underpins chip cards. But in recent months, a joint venture of Visa, MasterCard, American Express and others announced a proposed framework to ensure that everyone was on the same page. At least two of the five biggest card issuers in the United States are adopting some form of tokens, Inscoe said.

A framework for token systems is still being built, and meaningful adoption is years away, said Randy Vanderhoof, the executive director of the Smart Card Alliance. For now, chip cards will help eliminate the most obvious and pressing kinds of fraud. “If your boat is leaking in multiple places, and you can"t plug them all up at the same time, you plug the biggest one first,” Vanderhoof said.

Ultimately, while physical cards will remain in use for some time, many in the industry predict plastic as the primary way to pay will give way to digital wallets embedded in smart phones, tablets and other devices. MasterCard is already testing a way for Australian consumers with Samsung Galaxy S4 phones to pay using their phones.

Smart chips and tokens eventually will be embedded in an array of computers, providing multiple layers of security, Mr McLaughlin of MasterCard said. A consumer"s smartphone will not only have a unique ID, it will also generate one-of-a-kind tokens for every transaction — ones that can easily be disabled if the phone is lost or stolen. “The mag stripe will become functionally obsolete,” Richey of Visa said. “Mobile will take over.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 22,2020

Kochi, May 22: During the nationwide COVID-19 lockdown, Kerala recorded the highest number of cyber attacks followed by Punjab and Tamil Nadu, a study by anti-virus software firm K7 Computing said on Thursday.

In a statement issued in Chennai, the company said its K7 Computing's Cyber Threat Report, a comprehensive analysis of cyber attacks during the lockdown has found that Kerala recorded the highest number of cyber attacks during this period. The report analyses various cyber attacks within India during the pandemic and reveals that threat actors targeted the state with COVID-themed attacks aimed at exploiting user trust.

In Kerala, regions like Kottayam, Kannur, Kollam, and Kochi saw the highest hits with 462, 374, 236, and 147 attacks respectively, while the state as a whole saw around 2,000 attacks during the period - the highest thus far in the country.

This was followed by Punjab with 207 attacks and Tamil Nadu with 184 attacks, the company said.

The sudden surge in the frequency of attacks witnessed from February 2020 to mid-April 2020 indicates that scamsters across the world were exploiting the widespread panic around coronavirus at both the individual and corporate level.

These attacks aimed to compromise computers and mobile devices to gain access to users' confidential data, banking details, and cryptocurrency accounts.

The key threats seen during this period ranged from phishing attacks to rogue apps disguised as COVID-19 information apps that targeted users' sensitive data. Phishing attacks were noticed more in Tier-II and Tier-III cities while the metros fared better. Smaller cities saw over 250 attacks being blocked per 10,000 users.

Users from Ghaziabad and Lucknow seem to have faced almost 6 and 4 times the number of attacks as Bengaluru users.

According to the statement, a majority of the recorded attacks were phishing attacks with sophisticated campaigns that could easily snare even the most educated users. These attacks were aimed at heightening users' fears and creating a sense of urgency to take action.

K7 Labs noticed phishing attacks where scamsters posed as representatives of the United States Department of Treasury, the World Health Organization (WHO), and the Centres for Disease Control and Prevention (CDC), the company said.

Users were encouraged to visit links that would automatically download malware on the host computer such as the Agent Tesla keylogger or Lokibot information-stealing malware, infamous banking Trojans such as Trickbot or Zeus Sphinx, and even disastrous ransomware.

Other attacks included infected COVID-19 Android apps like CoronaSafetyMask that scam users with promises of masks for an upfront payment; the spyware app Project Spy; and seemingly genuine apps that are infected with dangerous malware like banking Trojans such as Ginp, Anubis and Cerberus.

"Covid-19 has created an ideal situation for various threat actors to target individuals and enterprises alike. The panic caused by the stringent lockdown measures and rapid spread of this virus has left many people looking for more information on the situation," J. Kesavardhanan, Founder and CEO of K7 Computing was quoted as saying in the statement.

"Threat actors exploit this fear to their advantage and scam users into downloading malicious software and divulging sensitive information like banking codes. The need to be cyber cautious has never been greater. This is more so in the case of corporates who have adopted a work from home policy hurriedly without adequate cyber hygiene. We have seen an increase in attacks on enterprises and SME employees as well," he added.

Such attacks are expected to continue till normalcy returns. Social engineering attacks targeted at winning users' trust will gain momentum.

Healthcare institutions, well-known government offices, and international organisations will continue to be a prime target throughout the pandemic, the statement said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
February 6,2020

Washington D.C., Feb 6: An international team of astronomers has found an unusual monster galaxy that existed about 12 billion years ago when the universe was only 1.8 billion years old.

The team of astronomers was led by scientists at the University of California, Riverside.

Dubbed XMM-2599, the galaxy formed stars at a high rate and then died. Why it suddenly stopped forming stars is unclear.

"Even before the universe was 2 billion years old, XMM-2599 had already formed a mass of more than 300 billion suns, making it an ultra massive galaxy," said Benjamin Forrest, a postdoctoral researcher in the UC Riverside Department of Physics and Astronomy and the study's lead author.

"More remarkably, we show that XMM-2599 formed most of its stars in a huge frenzy when the universe was less than 1 billion years old and then became inactive by the time the universe was only 1.8 billion years old," Forrest added.

The team used spectroscopic observations from the W. M. Keck Observatory's powerful Multi-Object Spectrograph for Infrared Exploration or MOSFIRE, to make detailed measurements of XMM-2599 and precisely quantify its distance.

The study results appear in the Astrophysical Journal.

"In this epoch, very few galaxies have stopped forming stars, and none are as massive as XMM-2599," said Gillian Wilson, a professor of physics and astronomy at UCR in whose lab Forrest works.

"The mere existence of ultramassive galaxies like XMM-2599 proves quite a challenge to numerical models. Even though such massive galaxies are incredibly rare at this epoch, the models do predict them."

"The predicted galaxies, however, are expected to be actively forming stars. What makes XMM-2599 so interesting, unusual, and surprising is that it is no longer forming stars, perhaps because it stopped getting fuel or its black hole began to turn on. Our results call for changes in how models turn off star formation in early galaxies," the professor stated.

The research team found XMM-2599 formed more than 1,000 solar masses a year in stars at its peak of activity -- an extremely high rate of star formation. In contrast, the Milky Way forms about one new star a year.

"XMM-2599 may be a descendant of a population of highly star-forming dusty galaxies in the very early universe that new infrared telescopes have recently discovered," said Danilo Marchesini, an associate professor of astronomy at Tufts University and a co-author on the study.

"We have caught XMM-2599 in its inactive phase," Wilson said, who led the W. M. Keck Observatory data acquisition
Co-author Michael Cooper, a professor of astronomy at UC Irvine, said this outcome is a strong possibility.

"Perhaps during the following 11.7 billion years of cosmic history, XMM-2599 will become the central member of one of the brightest and most massive clusters of galaxies in the local universe," he said.

"Alternatively, it could continue to exist in isolation. Or we could have a scenario that lies between these two outcomes," he stated.

The study was supported by grants from the National Science Foundation and NASA.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 14,2020

Social media platform WhatsApp assured the Supreme Court on Wednesday that it will not roll out its payment services without complying with all payment regulations and norms in the country.

A bench headed by Chief Justice S.A. Bobde and comprising Justices Indu Malhotra and Hrishikesh Roy took up the matter through video conferencing. Senior advocate Kapil Sibal, representing the social media platform, said "WhatsApp Inc makes a statement on behalf of his client that they will not go ahead with the payments' scheme without complying with all the regulations in force."

The statement was made during the hearing of a petition seeking a ban on payment through WhatsApp, as it does not conform to the data localization norms. The top court took the assurance made by WhatsApp on record.

WhatsApp made the statement during the hearing of a plea seeking a ban on its payment service, for not being in line with data localization norms.

In 2018, WhatsApp was granted a beta licence to launch its payment service, but a dedicated and separate app is yet to be launched. A petition was moved in the apex court that WhatsApp's existing model for its payments service should be declared inconsistent with the Unified Payment Interface (UPI) Scheme, as a separate dedicated app has not been offered by the company.

The petitioner NGO, Good Governance Chambers, argued that the National Payments Corporation of India (NPCI) and the Reserve Bank of India (RBI) must change its model on the lines of the UPI payment scheme, and its operations may be suspended until these conditions are met.

The apex court today asked the Centre, Facebook and WhatsApp to file their replies within three weeks and it will take up the matter thereafter. The court noted that the government may process the applications filed by WhatsApp in accordance with the law and there is no stay on the same. Facebook was represented by senior advocate Arvind Datar.

The petitioner argued that lapses have been found in relation to WhatsApp's claims of having a secure and safe technological interface for securing sensitive user data.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.