07 Oct
Go with the best - go with Cardinal
Although Chip and PIN was marketed as a security product, we all know by now that it was really about If we can do more transactions per second we can get more money. Now Visa is offering up another Let’s do it faster product that looks like it will virtually hand out financial information to the bad guys that want it, just like the other “contactless payment” technology.
In partnership with Nokia and Google, Visa is rolling out contactless payments, remote payments, and money transfers by cell phone. That’s right, wave your Nokia 6212 phone near a POS reader and you’ve made a payment by credit card; or given your account information to a thief under the moniker of Near-Field Communications.
Don’t take my word for it. Read more about it
here and
and here.
04 Oct
Here’s a quote for you:
Credit card information theft and fraud has increased at a steady pace over the last five years. It is an area of vulnerability that has been increasingly exploited. As the problem continues to evolve from physical theft to more widespread use of the Internet and technology to facilitate fraudulent activity, the trend will continue to track upward. While criminals do not have a monopoly on credit card information theft and fraud, credit card exploitation and fraud has become a growth industry for terrorists.
That quote from a
White paper from Shift4 is a pretty good indicator that we’ve got trouble in River City. It’s nothing new of course, but the white paper lays out some interesting facts.
We have to remember that Al-Qaeda is more than an organization, it’s an ideology. And part of that ideology is that criminal activity when used to further the goals is not considered criminal. Credit card fraud, in their minds, is a perfectly legitimate method of raising funds for their activities, which are no less illegal than the fraud.
I don’t have the answer of course, but I feel like I’m in good company. The card companies don’t have one either. CVV/CVV2 wasn’t the answer, Cardholder Authentication in the form of Verified by Visa and SecureCode wasn’t the answer, and now we know that Chip and PIN was far from the answer.
Al-Qaeda has plenty of tech-savy people and as long as there are ways to exploit the payment industry, they will continue to exploit it. Staying one step ahead of them is the best that we can hope for. And even that is an uphill struggle.
02 Oct
October 1, 2008 saw the official release of Version 1.2 of the Payment Card Industry Data Security Standard (PCI DSS)
Version 1.2 is effective immediately and version 1.1 of the standard will die on Dec. 31, 2008. The updated standard and supporting documentation is available on the
Council’s Web site.
The new version is designed to simplify the language of the standard by adding clarifications and explanations. According to
an article on Market Watch, The PCI Security Standards Council says there re no major changes to compliance requirements but Wired Equivalent Privacy (WEP) must be thing of the past as of June 2010. It’s not soon enough, in my opinion.
“This latest revision to the PCI DSS is welcome news for merchants and service providers as they grapple with the latest security threats to their payment transactions systems,” said Diana Kelley, partner and analyst with SecurityCurve, a data security consultancy. “The clarifications and language revisions should go a long way in easing implementation questions and help to reduce compliance costs.”
As merchants, we might argue that having to change out our wireless processing terminals isn’t exactly “welcome news” in the current economic climate, but certainly a simplification of the standard’s language is. I only scanned the document but it seems they’ve done a good bit to make it easier to understand and, as a result, easier to assure compliance. That’s a big point in the Council’s favor.
