Computerworld published an article describing a tiny device that can wirelessly hack point of sale and other magnetic-stripe based systems by sending malicious keyboard commands using a design vulnerability in those systems. Apparently a hotel room lock could be hacked within 18-30 minutes using the device. The device was inspired by "MagSpoof" which is a device that can [...]
Visa announced a number of interesting statistics regarding the progress of EMV adoption in the U.S.: Nearly 327 million Visa chip cards have been issued, roughly 58% of them credit cards and the remainder debit/stored-value. The U.S. has quickly become the largest chip card market globally, followed by Brazil at 141 million and the UK [...]
It is a long-established fact that fraudsters follow the path of least resistance. Recent statistics back this up. CardNotPresent points out that according to the Card Fraud Control Benchmark Study from Auriemma Consulting Group, counterfeit card fraud dropped by 18% in the first quarter, largely due to the continuing rollout of EMV which requires multifactor authentication. The [...]
In May, I published an article "Are Americans too dumb for Credit Card PINs?" pointing out the absurdity of U.S. card network rules requiring a merchant to accept a cardholder signature as authentication on an EMV-chip enabled card transaction, rather than requiring the customer to enter a PIN like 80+ other countries. By forcing merchants to [...]
MasterCard reported an impressive 27% year-over-year reduction in counterfeit card fraud at EMV chip-enabled merchants. That doesn't mean merchants are seeing the benefits of those reductions. In May, I blogged about the sharp rise in chargebacks that merchants are experiencing due to the liability shift that occurred last October, whereby merchants can be charged back without [...]
Walmart has filed a lawsuit against Visa related to Visa's policy requiring merchants to allow cardholders to choose whether to enter a PIN for debit transactions, even if the customer uses a chip-enabled card. The problem? Signature-based debit transactions are processed on Visa's debit network, often at a higher fee to the merchant than other network routing [...]
Effective last October, merchants who process a chip-enabled payment card by swiping the magnetic stripe instead of dipping the card in the chip reader are subject to full liability for fraudulent transactions. So why are banks continuing to issue cards that contain both chips and magnetic stripes? This article from ATM Marketplace offers some thought-provoking insights about the [...]
Discover's Chairman and CEO David Nelms (full disclosure: I reported to Nelms during my tenure as head of Discover's merchant network) has endorsed EMV Chip and PIN authentication. Great leadership on Discover's part advocating for this common-sense authentication method already in wide use in Canada and the EU. The U.S. really missed the boat by [...]
One of the biggest EMV-related complaints from consumers and merchants alike has been the slowdown at the point of sale. Those added seconds decrease customer satisfaction and slow down the checkout process, thereby creating significant added expense for high volume merchants. The updated technology from Visa, known as Quick Chip for EMV, speeds up [...]
Yesterday's report of a massive data breach involving nearly half of the citizens of Turkey is the latest in a series of hacks designed to make a political or philosophical point. In this case, the hacker (or "hacktivist") apparently had a beef with the Turkish government, although financial gain may also have been an objective. While the [...]
