NFC For ATM Transactions Catching On
August 3, 2016 by admin
Filed under Around The Net
Comments Off on NFC For ATM Transactions Catching On
Several of the nation’s biggest banks in the U.S. now support the use of a smartphone to withdraw cash from an ATM — many by way of Near Field Communication (NFC) technology — instead of requiring customers to use a bank card.
One of the early adopters, Bank of America, said this week it currently supports cardless technology at 2,800 of its ATMs. That number will reach 8,000 ATMs by year’s end that rely on NFC and other technology. Bank of America, which has about 15,000 ATMs nationwide, created a video to show how a smartphone loaded with the bank’s mobile app can now withdraw cash from some ATMs.
Wells Fargo said it has a “handful” of ATMs that are NFC-ready and working to deliver cash and other transactions and is planning to reach 5,000 by the end of 2016. A total of 12,000 ATMs will be enabled in 2017.
JPMorgan Chase said it also will have many cardless ATMs available this year, but didn’t specify how many or when. Initially at Chase, customers will show up at an ATM and type in a numerical code they acquired wirelessly through use of the Chase smartphone app to get their cash. That numerical code verification process will be an early step in rolling out cardless technology at the bank’s nearly 15,000 ATMs.
In addition to using NFC or a numerical code to authenticate a transaction, some bank ATMs are expected to rely on scanning a QR code displayed on a phone.
The number of ATMs supporting cardless cash remains a small portion of the estimated 500,000 ATMs in the U.S. Crone Consulting, which monitors the mobile payment industry, recently said it expects about 95,000 ATMs in the U.S. to support cardless cash by year’s end.
Courtesy-http://www.thegurureview.net/mobile-category/nfc-for-atm-transactions-catching-on.html
Was The Omni Hotel Chain Hacked?
Omni Hotels & Resorts has reported that point-of-sale systems at some of its hotel locations were attacked by malware targeting payment card information.
The hacking of the systems of the luxury hotel chain follows similar breaches of point-of-sale systems at various hotels and retailers like Hyatt Hotels, Target, Starwood Hotels & Resorts Worldwide and Hilton Worldwide Holdings.
Omni — in Dallas, Texas — said in a statement Friday that on May 30 this year, it discovered it was hit by malware attacks on its network, affecting specific POS systems on-site at some of its properties. “The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date,” Omni said. There isn’t evidence that other customer information, such as contact information, Social Security numbers or PINs, was compromised, it added.
The chain did not disclose how many of its 60 properties were affected and the likely number of cardholders that could have been affected. As there is no indication that reservation or select guest membership systems were affected, users were unlikely to be affected unless they physically presented their payment card at a POS system at one of the affected locations. The malware may have been in operation between Dec. 23 last year and June 14 this year, although most of the systems were affected during a shorter timeframe, according to the hotel.
The hotel chain, which operates hotels and resorts in the U.S., Canada and Mexico, could not be immediately reached for comment over the weekend for further details.
Omni said after discovering the malware attack, it had immediately hired IT investigation and security firms and has now contained the intrusion. It did not specify why it had delayed to inform customers.
Courtesy-http://www.thegurureview.net/aroundnet-category/omni-hotels-reports-hacking.html
Amazon Finally Goes Two-Factor
Amazon is making it a little, or a lot, harder for miscreants to make off with user accounts by adding two-factor authentication.
It has taken Amazon some time to fall into line on this. Two-factor authentication has become increasingly popular and common in the past couple of years, and it is perhaps overdue for a firm that deals so heavily in trade.
Amazon is treating it like it’s new, and is offering to hold punters’ hands as they embrace the security provision.
“Amazon Two-Step Verification adds an additional layer of security to your account. Instead of simply entering your password, Two-Step Verification requires you to enter a unique security code in addition to your password during sign in,” the firm said.
The way that the code is served depends on the user, who can choose to get the extra prompt in one of three ways. They may not appeal to those who do not like to over-share, but they will require a personal phone number.
As is frequently the case, Amazon will offer to send supplementary log-in information to a phone via text message or voice call, and even through a special authenticating app.
It’s an option, and you do not have to enable it. Amazon said that users could select trusted sign-on computers that spare them from the mobile phone contact.
“Afterward, that computer or device will only ask for your password when you sign in,” explained the Amazon introduction, helpfully.
There are a number of other outfits that offer the two-factor system and you might be advised to take their trade and do your business through them. Apple, Microsoft, Google, Twitter, Dropbox, Facebook and many others offer the feature.
A website called TwoFactorAuth will let you check your standing and the position of your providers.
Source- http://www.thegurureview.net/technology-2/amazon-finally-goes-two-factor.html
Confusion Continues To Reign With U.S. Chip & PIN
November 11, 2015 by admin
Filed under Around The Net
Comments Off on Confusion Continues To Reign With U.S. Chip & PIN
Several large U.S. retailers are ramping up efforts to use personal identification numbers, or PINs, with new credit cards embedded with computer chips in a bid to prevent counterfeit card fraud.
But they are being resisted by the banking industry, which sees no need to invest further in PIN technology, already used with debit cards, resulting in halting adoption and widespread confusion.
A small band of retailers with the clout to call the shots on their branded credit cards is leading the charge. Target Corp is moving ahead with a chip-and-PIN rollout, and Wal-Mart Stores Inc plans to do the same.
But Wal-Mart said it faces obstacles because its credit card partner, Synchrony Financial, is not yet able to handle PINs on credit cards. Synchrony declined comment.
Broadly, U.S. banks are unprepared or resisting the change.
The impasse comes after many consumers got their hands on new credit cards embedded with so-called EMV chips in advance of an Oct. 1 deadline that required retailers to accept chip cards or be liable for fraud losses. EMV stands for EuroPay, MasterCard and Visa.
But only about a third of merchants are actually using the chip technology, according to analyst estimates. The number may not pick up until early next year, if at all, because the retail industry typically halts upgrades during the crucial holiday shopping season.
“PIN issuance will remain a niche,” said Julie Conroy, credit-card analyst with Aite Group.
Banks favor using chip cards verified by old-school signatures, even though chip-and-PIN usage has led to lower fraud over the decade they have been used in Europe and elsewhere.
“The PIN is definitely a must,” said Lance James, chief scientist with cyber intelligence firm Flashpoint. “It’s one extra step that provides true two-factor authentication.”
But bankers say PINs provide little benefit beyond the advantage of using chips in combating the estimated $7 billion-plus in annual U.S. card fraud.
EMV chips thwart criminals who use stolen data to create counterfeit cards, a category that Aite estimates accounts for 37 percent of that fraud. Banks say that PINs only provide additional fraud protection when criminals seek to use lost or stolen cards, a situation that Aite estimates accounts for only 14 percent of fraud.
Banking groups say there are better approaches than PINs for verifying customers and have asked retailers to embrace tokenization and encryption to prevent theft of credit card numbers.
“PIN is a static data element that would not have a meaningful impact on overall payments fraud,” said Electronic Payments Coalition spokesman Sam Fabens.
Courtesy-http://www.thegurureview.net/aroundnet-category/confusion-continues-to-reign-with-u-s-chip-pin.html
Is Mastercard Going With Selfies?
July 17, 2015 by admin
Filed under Around The Net
Comments Off on Is Mastercard Going With Selfies?
Mastercard has announced plans to roll out a verification technology that requires a selfie to process payments. The industry’s latest move in the shameless act of narcissism is a biometric face scanning technology that will let customers replace their PINs with their face, according to MasterCard chief product security officer, Ajay Bhalla. Bhalla told CNN Money that the multinational financial services corporation has teamed up with all the major phone manufacturers to deliver the technology. “The new generation, which is into selfies, I think they’ll find it cool. They’ll embrace it. This [app] seamlessly integrates biometrics into the overall payment experience,” he said. “You can choose to use your fingerprint or your face. You tap it, the transaction is OK’ed and you’re done.” The selfie payment feature will roll out on a trial basis first in the US, with a full scale deployment to follow at an unspecified date. The system requires users to blink when prompted once they have held their device at eye-level for the checkout process to complete. This ensures that potential cyber crooks cannot use a still image of the user to hack into their personal account. MasterCard announced last month that all retail outlets across Europe will accept contactless payments by 2020, paving the way for wider adoption of mobile payment solutions. Mike Cowan, head of emerging payments products at MasterCard, revealed at the company’s Future of Payments event in London that Europeans will soon be able to tap to pay anywhere. “From the beginning of 2016 any new payment terminal that gets deployed must accept contactless, and every single terminal must accept it by 2020,” he said. This means that new point of sale terminals must adhere to the new standard on deployment from 1 January 2016, while existing terminals that don’t yet support contactless payments must be replaced by 1 January 2020 at the latest. Source
Are Cyber Criminals Hard To Catch?
Despite 100,000 cyber crimes being committed every year UK authorities only caught 12 hackers.
In fact on average just one person was convicted of an offence under the Computer Misuse Act every month for the past 23 years.
We assume that it was not the same bloke, because he would be the most luckless criminal ever.
Campaigners from the Digital Trust, which supports victims of online abuse, said police do not know how to cope with the problem.
Need more laws
Criminal justice expert Harry Fletcher, who is a director of the Digital Trust, said: “The police still concentrate their resources on traditional offences offline, but most people are more likely to be mugged online than in the street.
“The law needs to change. It should, for example, be an offence to use any technological device to locate, listen to or watch a person without legitimate purpose.
“In addition, restrictions should be placed on the sale of spyware without lawful reasons. It should also be against the law to install a webcam or any other form or surveillance device without the target’s knowledge.”
Of course just creating new laws is not going to mean that more hackers will be caught, it will just mean that there are more crimes which they could be arrested for.
The conviction rate against hackers are not bad, if the coppers do arrest someone. Between 1990 to 2006 only 183 defendants were proceeded against and 134 found guilty under the Computer Misuse Act.
Unfortunately the Trust did not see, to realize that a lot of the hacks against companies and individuals come from overseas, particularly Russian or China. Changing laws in the UK would not change anything.
MasterCard Testing New Fingerprint Reader
October 29, 2014 by admin
Filed under Consumer Electronics
Comments Off on MasterCard Testing New Fingerprint Reader
MasterCard is trying out a contactless payment card with a built-in fingerprint reader that can authorize high-value payments without requiring the user to enter a PIN.
The credit-card company showed a prototype of the card in London on Friday along with Zwipe, the Norwegian company that developed the fingerprint recognition technology.
The contactless payment card has an integrated fingerprint sensor and a secure data store for the cardholder’s biometric data, which is held only on the card and not in an external database, the companies said.
The card also has an EMV chip, used in European payment cards instead of a magnetic stripe to increase payment security, and a MasterCard application to allow contactless payments.
The prototype shown Friday is thicker than regular payment cards to accommodate a battery. Zwipe said it plans to eliminate the battery by harvesting energy from contactless payment terminals and is working on a new model for release in 2015 that will be as thin as standard cards.
Thanks to its fingerprint authentication, the Zwipe card has no limit on contactless payments, said a company spokesman. Other contactless cards can only be used for payments of around €20 or €25, and some must be placed in a reader and a PIN entered once the transaction reaches a certain threshold.
Norwegian bank Sparebanken DIN has already tested the Zwipe card, and plans to offer biometric authentication and contactless communication for all its cards, the bank has said.
MasterCard wants cardholders to be able to identify themselves without having to use passwords or PINs. Biometric authentication can help with that, but achieving simplicity of use in a secure way is a challenge, it said.
PoS Cyber Attacks Up In 2013
June 4, 2014 by admin
Filed under Around The Net
Comments Off on PoS Cyber Attacks Up In 2013
A third of data intrusion investigated by security firm Trustwave last year involved compromises of point-of-sale (POS) systems and over half of all intrusions targeted payment card data.
Even though POS systems remained a significant target for attackers, as suggested by several high-profile data breaches disclosed by large retailers over the past six months, the largest number of data theft incidents last year actually involved e-commerce sites, Trustwave said Wednesday in a report that compiled data from 691 data breach investigations conducted by the company around the world.
E-commerce intrusions accounted for 54 percent of investigated data breaches and POS system intrusions accounted for 33 percent, Trustwave said. A separate report published by Verizon in April also pointed to Web application and PoS attacks as leading causes of security incidents with confirmed data disclosure last year.
According to Trustwave, over half of intrusions targeted payment-card data, with such data being stolen from e-commerce transactions in 36 percent of incidents and from POS transactions in 19 percent of attacks.
In Western Europe in particular, where countries have rolled out EMV — chip-and-PIN payment card transactions — cybercriminals shifted their focus from POS devices to e-commerce platforms, said John Yeo, EMEA Director at Trustwave. “EMV has changed the pattern of compromises when it comes to payment-card-specific data.”
However, a significant increase in the theft of sensitive, non-payment-card data, was also observed last year. This data includes financial credentials, personally identifiable information, merchant ID numbers and internal company communications, and was stolen in 45 percent of incidents, Trustwave said in the report.
Customer records containing personally identifiable information can possibly be used to perpetrate identity fraud and are sought after on the black market, so that’s why there’s been an uptick in attacks focusing on such data, Yeo said.
Only about a third of victim companies were able to self-detect data breaches, Trustwave found. In 58 percent of cases, breaches were identified by regulatory bodies, the credit card companies or merchant banks.
New USB Chip Developed
October 18, 2013 by admin
Filed under Uncategorized
Comments Off on New USB Chip Developed
Silicon Motion says it has begun shipping samples of a new USB 3.0 controller chip for flash drives that could boost performance by up to 50%.
The company said the new SM3267 integrated controller is expected to deliver up to 160MB/s read, and 60MB/s write speeds through a single channel; that would be a 30% to 50% performance improvement over today’s USB 3.0 flash drive technology.
Even though the USB 3.0 specification has the capability to support 4.8Gbps throughput speeds, the speed of a USB 3.0-enabled flash drive is dictated by the speed of the accessing flash devices in the drive. Today, most consumer-USB 3.0 flash drives support about 100MB/s read speeds.
We are pleased to announce that SM3267 has received design-ins from most of our current USB controller customers, including many top-tier OEMs, and we expect SM3267-based USB 3.0 flash drives will be commercially available starting in the fourth quarter of 2013,” Wallace Kou, CEO of Silicon Motion, said in a statement.
The new integrated chip will also be able to run at lower voltages, from 5 volts to 1.2 volts, enabling a 25% to 30% lower USB flash drive device temperature compared with other USB 3.0 flash controller products in the market, Silicon Motion said.
The new IC will support the vast majority of NAND flash technology, including new triple-level cell (TLC), multi-level cell (MLC), high speed Toggle, and ONFI DDR NAND manufactured by Samsung, Toshiba, SanDisk, SK Hynix, Micron and Intel.
The new chip has already passed both USB-IF compliance testing and WHCK (Windows Hardware Certification Kit) tests for Windows 7 and Windows 8.
The new IC is available in a Chip-on-Board (COB) and in a 48-pin QFN green package.
PayPal Unveils New Payment System
PayPal has unveiled a mobile payment product for customers that doesn’t require near-field communication (NFC) technology inside smartphones.
The system relies instead on using smartphones and other mobile devices to scan product bar codes and to authorize payments through PayPal mobile accounts. Shoppers will also be able to use credit-card scanning terminals commonly seen in grocery stores: The user inputs a phone number and PIN on the terminal’s keypad instead of swiping a credit or debit card.
PayPal President Scott Thompson laid out the basics of the plan in a blog posted Wednesday. In the blog, he also took a swipe at competitors, including Google, MasterCard, Visa and others, who are working with NFC in smartphones for a mobile wallet.
“Let’s be clear about something — we’re not just shoving a credit card on a phone,” Thompson said in his blog.
PayPal is already a major global force in online payments, with 100 million customers. While PayPal’s new payment technologies don’t rely on NFC, they do propose making in-store payments possible from any device and support GPS-based offers, according to Thompson’s blog. PayPal will even allow for customers to set up payments on credit after they’ve checked out.
Dozens of merchants got a sneak peak of the technology Wednesday at an event PayPal sponsored. The event was covered by All Things D, which was not allowed to take photographs, but posted a story. In addition to the payment methods shown in the PayPal video, that story said PayPal will allow customers to continue using plastic cards, issued by PayPal, for payment.
In an interview posted on AllThingsD, Thompson said the PayPal approach doesn’t require merchants to install new terminals, nor does it require customers to buy a new smartphone.