Tag Archives: PIN and chip

Secure Payments Arrive For Black Consumers

credit-card-safeHackers have been having a absolute field day breaking into store payment systems and stealing credit card data with impunity. The problem is intolerable for the consumer and costing everyone money everyday. Kaspersky Labs reported that over $1 billon dollars has been stolen from banks using sophisticated malware. Not to mention the additional billions lost in fraudulent credit card purchases and ATM fraud.  Last year that number topped $5 billion. In the end its always the consumer, that’s you and me, that pays for this fraud.

Securing the payment systems of American consumers has become the single most pressing cyber security problem for banks, pay services and merchants. Americans fear cyber crime and identity theft more than being murdered.

Thankfully credit card and technology companies are devising new more technologically advanced ways to combat data breaches and credit and debit card fraud. This is vitally important to African-Americans who are frequent Internet shoppers. And the last thing we tolerate is something funny happening with our money. As I have said many times before, black people don’t play when it comes to our money.

Black consumers, like all American consumers, should learn and quickly adopt the new ways that payments are being secured not only online but in brick mortar stores. Advances in technology allow payments to be made directly from a smartphone, new PIN and Chip technology prevents duplication of credit and debit cards and some systems are implementing single use tokens. The age of secure payments has arrived.

 

US-WhiteHouse-LogoThe White House Summit on Cybersecurity and Consumer Protection

This event, held at Stanford University, saw multiple companies and trade organizations announce new initiatives aimed at securing Internet transactions and reducing fraud.

A White House fact sheet revealed the efforts of the major players in the payment industry. Visa, for example, is committing to tokenization or substituting credit card numbers with randomly generated tokens for each transaction. They plan to initiate this system by the end of March.

The other payment giant, MasterCard, is investing more than $20 million in new cybersecurity tools that include the deployment of Safety Net, a new security solution that will reduce the risk of large-scale cyber-attacks.

SafetyNet is designed to add an extra layer of security by working with a bank or processor’s own security systems and detecting attacks before they happen.

Intel is releasing a new authentication technology that eliminates the password. The technology employs biometrics or personal physical measurements such as fingerprints or retinal patterns. American Express also announced a new multifactor authentication technology for consumers. MasterCard and First Tech Credit Union revealed a new pilot program that would allow consumers to authenticate and verify their transactions using a combination of biometrics, such as facial and voice recognition.

The president launched the BuySecure initiative in October of 2014. The initiative priorities include;

  • Securing payments across the economy, by advancing federal efforts to transition to more secure payment systems, building public-private awareness about more secure authentication, and calling on industry to enhance the security of their own systems and offer more secure options for their customers.
  • Helping Americans secure their good name, by improving resources to identify and remediate identity theft. This includes supporting credit score transparency and improving identity theft resources available to American consumers.
  • Enhanced information sharing, by enhancing the ability of federal agencies and industry to regularly exchange information about consumers’ compromised accounts.

what-kind-of-cr-1

Apple Pay

The AACR wrote back in September of Apple’s debut of the new Apple Pay technology. While everyone was raving about the new iPhone 6 Apple murdered the credit card.

Apple Pay replaces your credit card and the traditional swipe at the register. Apple Pay has made the act of purchasing easier by allowing you to just wave your phone in front of a reader in order to make a payment.  Apple claims the system is more secure than regular credit cards since the number is never stored on the phone or Apple servers and no one ever sees it. The credit card number is replaced by a “unique device number.”

Your credit cards will be stored in Passbook. You can add cards to your phone by taking a picture of the card or typing in the necessary  information like the credit card number, expiration date, and security code. It works with pretty much all credit cards and banks. According to Apple over 220,000 merchants are currently accepting Apple Pay.

MasterCard

MasterCard announced in October 2014 that it was partnering with Zwipe to develop a payment card with a built-in fingerprint authentication sensor.

The card allows customers to make contactless payments, using their fingerprint to confirm their identity. This eliminates the need for PINs and passwords thus increasing security.

VISA

A recent study from Visa Europe indicates that the new generation of banking customers would rather use biometric security devices than PINs and passwords for authentication.

Visa found that 75% of 16- to 24-year-olds said they would have no problem using biometric security, with 69% expecting it to be faster and easier than a password or PIN.

Visa also launched the Visa Token Service (VTS) in September 2014. The one time use token replaces the 16-digit account numbers, expiration dates and security codes, with so-called tokens. The tokens are a unique series of numbers that can be used to make payments without exposing the sensitive credit data such as the numbers, security code and expiration date.

Over 500 financial institutions have already implemented VTS according to Visa. The service will be expanded this year to additional payment environments. Visa also says tech companies and device manufacturers will deploy VTS on mobile devices. Merchants will also start using the solution to secure transactions made through mobile payment applications. Online merchants are also expected to deploy the tokenization service.

American Express

Tokenization has also been embraced by American Express, and the retail industry is seeking to develop a universal tokenization standard.

Amex will replace traditional 16-digit credit card numbers with a digital token. Consumers using the card supporting the token can make purchases online, with a mobile application, or in person using Near Field Communication (NFC) devices similar to Apple Pay technology.

The movement to more secure payments methods comes as retailers see the October 2015 deadline to support chip-and-pin credit payments getting closer. Merchants are being crushed under repeated data breaches costing ten of millions of dollars in repairs and legal costs.

Breaking It Down

Alright so what took so long? If you read this article you saw that the credit card companies have until October of this year to move to the new PIN and Chip cards. They had no choice. This situation is bad for everybody. Everybody is losing money and everybody is getting sick of it and everybody sees that no end was possible as long as the hackers had the upper hand. These payment companies, merchants and banks were locked in a cycle of one data breach after another and each more expensive than the last. The government was going to force a change this so they decided to get ahead of the wave. They had no choice. They could look out from their lofty corporate towers and see the angry flames of consumer torches gathering in the street below. It was not going to be pretty and they knew it. So now after losing hundreds of millions of dollars and looking stupid compared to the hackers, they have decided to act. They had no choice. They want you to believe that they did this on their own. But this could have been done at least two years ago. Europe has had the PIN and Chip technology for at least five years. These companies decided that since no one was making them do it why do it. But then the bleeding started. Hackers were draining the life out of these corporate clowns and their bottomline. The math was starting to swing against them and the government was getting involved. That is the only reason they decided to act. They had no choice.

 

 

 

Congress Not Interested in Cyber Security

President Obama SignatureIn a move to spur the move to pin and chip cards President Obama signed an executive order directing government agencies to shift to the use of chip-and-PIN cards. The order directs the use of the more secure cards for use in consumer benefits programs, including Social Security.

At the Oct. 17 appearance at the federal Consumer Financial Protection Bureau, the President also announced a cyber security and consumer protection summit that will be hosted at the White House. The summit will bring together cabinet members and key industry players  in the consumer financial sector to examine the best practices, advance adoption of stronger security standards and discuss next generation technologies.

“We are also calling on Congress to pass meaningful cyber security legislation that will help the government better protect federal networks and legislation that appropriately balances the need for greater information sharing and strong protection for privacy and civil liberties – respecting the longstanding responsibilities of civilian and military agencies,” Obama says.

President Obama also urged Congress to pass a national data breach notification law. According to the President the numerous differing state laws is unsustainable and benefits no one. “Today we are calling on Congress to act with urgency on data breach legislation, to bring clarity to the expectations consumers should have when their data has been breached, and to mandate steps companies must take to notify their customers of risks after such security breaches,” said the President.

Although the President is urging Congress to act Washington not changed. Many experts do not believe that a national data breach law is possible this year. Experts say that no bill has been introduced on Senate or House floors in the current Congress. Those familiar with the legislative process report that those who promote the law and those who would be subject to it cannot agree. Congress simply cannot agree on key provisions of data breach notification measures. Basically businesses want less stringent data breach notification rules than do consumer advocates.

“In some ways the inaction is remarkable,” says Peter Swire, senior fellow at the Future of Privacy Forum and professor at Georgia Tech’s Scheller College of Business. “We had spectacular data breaches involving tens of millions of consumers, and even that is not enough to prompt Congress into action.”

During the last four Congresses, the Senate Judiciary Committee has approved bipartisan data breach notification legislation. Sadly none of the bills ever came up for a vote. Chances of that happening in the current Congress don’t look good.

Even without federal data breach legislation data breach notification is regulated in most of the United States. Data breach law is enforced on a state-by-state basis. Currently 47 states have enacted data breach notification laws. You can examine your state data breach law at States Advance Breach Notification Laws. These state laws vary from one another and companies suffering data breaches can pick and choose what state laws they wish to follow. Many business groups would prefer to see a single, national statute to cut down on the paperwork involved in reporting data breaches.

Breaking it down

What President is saying is that the ones that are supposed to be working to protect us are clearly failing. Congress has exhibited a pathetic lack of desire to do what they are elected to do. In the past year we have seen massive data breaches that exposed the payment information of hundreds of millions of Americans. Does it look like Congress gives a damn? We have seen our government systems hacked and government employee personal information stolen. Has Congress done anythinh? We see our intellectual property stolen, medical records stolen and even military systems attacked and breached. And what are they doing in Washington? Nothing! Not a single data breach or cyber security law has even reached the floor for a vote. You might want to vote this election year. Why is Congress waiting for security advocates and companies to come to an agreement? We need our elected officials to act in the best interest of the citizens. They should have been up in arms about their constituents information being stolen. They should be but does it look that way to you?

 

MURDER! Apple Pay Kills the Credit Card!

Apple PayApple announced yesterday it was introducing a new mobile payment system. Known as Apple Pay the system will allow the consumer to make purchases by simply waving their iPhone in front of a POS receiver or just tapping the screen.

Apple Pay works with Apple’s Passbook app. The app allows users to digitally store coupons, tickets and merchant loyalty cards. iPhone users can use a stored credit card inside the app. Customers simply wave their phone in front of a terminal to pay.  The technology that delivers the payment is called near-field communication, or N.F.C., via a chip embedded in Apple’s new iPhones.

Technogeeks have been predicting this move for years and Apple seems to have made those predictions come true. Apple announced that it was working with big retailers like Target and restaurants like McDonald’s and the the big credit card companies. The result will be that consumers will be able to purchase a burger, a box of dryer sheets or a riding lawn mower with greater security. Consumers can use the system with the new Apple smartwatch or iPhone 6 to make the purchase.

Apple Pay gives Apple the competitive edge in mobile payments. Forrester Research, a technology analysis firm, expects the mobile payments market to reach $100 billion in the U.S over the next five years. But the question remains; will the consumer accept this new device to use on an everyday basis? And of course if they do will Apple be able to hold significant market share?

Apple’s innovation is slightly different from previous efforts at mobile payments. But Apple has to convince the consumer of the security of this new system. This includes ensuring the user that credit card information will not be stored on the iPhone or other devices or on Apple’s servers. Basically the consumer has to believe that the new system is safer than a credit card.  “We’re totally reliant on the exposed numbers and the outdated and vulnerable mag stripe,” said Timothy D. Cook, Apple’s chief executive at yesterday’s announcement event in Cupertino, Calif. “Which all of us know aren’t so secure.”

Tom Pageler, the chief information security officer at DocuSign, a company that manages digital transactions, agreed that Apple’s payment system appeared to be more secure than the current system. Pageler said another benefit of the N.F.C. technology is that payment companies could more easily identify a purchase made outside a customer’s usual location.

Apple Pay could create a revolutionary shift for the mobile payment systems. Companies like Google, Amazon and Microsoft  will be forced to play against Apple and agree to cut deals with retailers and credit card companies. This would make mobile payments more widespread.

Apple’s announcement was well timed. U.S. retailers are facing a near mandate that they migrate from the current magnetic strip cards to the more secure PIN and chip card by the end of next year. This PIN and Chip system has become the defacto standard in Europe and is much more secure than U.S. cards.  But American retailers have been reisistant to switching simply because they do not want to pay for the new system hardware and installation.   Apple’s new system, if it finds wide spread aceptance, could make the change much more appealing.

According to Cook Apple Pay would only be available on its new smartphones, the iPhone 6 and the larger iPhone 6 Plus, and the new Apple Watch that will reach the market in 2015.

Breaking It Down

Too many people fell for Apple’s “Me Too & Done It Again” show. Yeah, Apple has a new iPhone; so what? Yeah they have a new computer watch. Been there; done that. Among all the hoopla and fanfare Apple murdered the credit card in front of thousands of witnesses.

America has become the favorite patsy of the hacker community because our payment security systems are a joke. A bad, costly joke. Our retailers refused to do anything about it and the government failed us. The credit card is dead and thank you Apple.

The key to what Apple is doing is the fact that Target and the three major credit card companies are on board. That is all you need. These credit card companies and retailers realize that the legal system and legislators are under strain and that sooner or later the dam will break and the law and lawsuits will turn against them. This scares the hell out of them.

For retailers, like Target, the impact of the last data breach was unacceptable. Another breach could destroy them. They know a new payment system is desperately needed and Apple has delivered. Every major retailer in the country is meeting to discus this new payment system and wiping the sweat from their brows. Apple just turned the heat down.

Retailers were fighting the new PIN and Chip system but were being forced to adopt it. They understood the need but fought against the price. But Apple has jumped over any credit card design. The new mobile payment system will secure the purchase process from end to end and this is what the consumer and the retailer demands. It’s the revolution we have all been waiting for. We have suffered too many data breaches, credit card fraud and retail POS hacks to keep doing things the old way. It just became too much.

For black people we can feel, like most Americans, that relief is within site. We can stop feeling so nervous about using our credit or debit cards at stores. We will soon say goodbye to those sliding card POS systems and losing sleep afraid to wake up to a new data breach. Could those days be behind us? It seems so.

Americans should rejoice at the this new way of paying for things. Apple has a history and mandate to innovate and they have delivered again.  The credit card is dead and somewhere in heaven Steve Jobs is smiling.

Pin and Chip Cards Coming Soon

chipcardAmerica is about to make a change. The old way of swiping your credit card and signing your name is dead. Welcome to the pin and chip credit card. Starting in 2015 the new card will  move into the American consumer marketplace.Way too late but welcome just the same. 

With the new pin and chip system the card holder will insert their card into a slot where the machine will read a microchip, not a magnetic stripe. You will sign for the time being, but the new system also enables the use of PIN numbers. Card issuers  will have to decide to add this feature to their cards. 

This is the system that has been in use throughout Europe and the rest of the world for some time now. But America has been left behind in the field of credit card security. The U.S. is the last major market still using the outdated swipe-and-sign card system. That system uses cards with the black magnet strip on the back. This makes American credit cards extremely easy to duplicate once the data has been compromised. The result is that the U.S. accounts for nearly half of all fraudulent credit card charges but only conducts a fourth of all global credit card transactions.

Mastercard and VISA have already begun the implementation of the new pin and chip cards. They have set a deadline of October 2015 to complete the transition for their cardholders.

But Target stores are really pushing the pin and chip technology forward. After suffering one of the most massive data breaches in American history Target is now accelerating the pin and chip point of sale system in its stores. The retailer plans to have the pin and chip card readers in all 1,797 stores by September.

The shift to pin and chip cards was inevitable. Starting in late 2015,  vendors who continue to accept payments from the old magnetic-strip credit cards will be liable for fraudulent purchases. MasterCard’s Carolyn Balfany,who is overseeing the transition to the pin and chip card or EMV (Europay, MasterCard VISA), explains the repercussions to retailers and banks once the new system is in place. 

“If a merchant is still using the old system, they can still run a transaction with a swipe and a signature. But they will be liable for any fraudulent transactions if the customer has a chip card. And the same goes the other way – if the merchant has a new terminal, but the bank hasn’t issued a chip and pin card to the customer, the bank would be liable.”

Belfany went on to say; “The key point of a liability shift is not actually to shift liability around the market. It’s to create co-ordination in the market, so you have issuers and merchants investing in the migration at the same time. This way, we’re not shifting fraud around within the system; we’re driving fraud out of the system.”

Breaking It Down

The change took too damn long! This is something that should have been in place five years ago. But the banks and major American retailers and the credit card providers simply saw credit card fraud as the cost of doing business. Nobody wanted to pay for the new cards  or the point of sales systems. But then Target stores got hammered with a major breach. Then Neiman-Marcus, then eBay, most recently AmericanExpress. The hits just kept coming. Then Congress got interested and the courts started to issue some interesting rulings that began to strip away the precedents many of these companies were hiding behind. Finally they began to sue one another. In 2013 alone there were over 600 credit card system breaches and 70 million cards compromised. The system was on the verge of incineration. To put it mildly; the sh*t hit the fan! And so they had to act. Enter the pin and chip system.

There are a lot black people walking around with credit cards. We purchase as much or more than other people. You’ve heard me say this before, we don’t play when it comes to our money. So we are ready for the new pin and chip cards. I encourage black people to call their banks and anybody else they have a credit card from and ask for that new pin and chip card ASAP! Its imperative you protect yourself because the crooks know the new system is coming and they want to rob as many people as possible before it becomes more difficult.

But there is more to this article to be examined. For example; why is it the option of the company issuing the cards to decide if they will accept PIN numbers with the new pin and chip card? Now in my opinion if they are really interested in protecting you then this would be a no brainer. But they are not so they may not require you to use a PIN. Why? Because the idea is to get you to spend money and eliminate any unnecessary steps between you and your money. Not to mention the cost of setting up systems for that extra layer of security. They are trying to avoid the extra expense.  So you have to demand it for your cards. I want black people all  across America to take the extra few second to use a PIN with that new credit card. Demand that your bank or retailer allow you to implement the PIN. Don’t wait for some really smart hacker to figure how to beat this system and believe me they will eventually. Demand the most stringent security you can get to protect your money. Cause black people don’t play when it comes to our money.

Cyber Security; Its Your Right To Ask Questions

canstockphoto8662069As an African-American consumer you should not shy away from asking the tough questions when it comes to cyber security. You’re banking online, shopping online, even ordering dinner online. All these things require you to expose your bank account or credit card online. You need to know who is protecting you and how. For example; Microsoft stopped supporting Windows XP about a month ago. They no longer offer security updates or other technical support for that operating system. Did you know that 95% of all  ATMs  use Windows XP? That’s right your ATM machine is using outdated software and not many banks have switched to another software. You are vulnerable. Some banks have cut a deal with Microsoft to get extended support but that’s just temporary.

Now my question is has your bank notified you?  Probably not. Why? Because replacing the operating systems on ATMs is a major project that is extremely expensive. In the United States alone there are 210,500 bank affiliated ATMs. Roughly 200,000  run Windows XP according to the London based Retail Banking Research.  According to the National ATM Council there are over 400,000 ATM machines in the U.S. and about  half are owned by Independent ATM Deployers or IADs. That means there are probably a helluva lot more ATMs running the outdated XP operating system. The problem is that banks and IADs must upgrade the software one ATM at a time. And many of them require that the  entire computer inside be replaced.  Add in the cost of the labor and the price could add up to between $1,000 to $3,500 per ATM. Banks are not eager to pay out that much money so they keep quiet. But it’s your right to ask, no demand, answers. Don’t shy away from this because if you happen to get ripped off the bank is not going to replace your money easily.So ask them, what are they doing about the Windows XP issue?

If you have been reading my blog I wrote about the Heartbleed bug.  Federal Regulators warned banks to patch the bug in their servers. Has you bank done so? Have you asked?

You have the right to protect yourself. Those you do business with have an obligation to inform customers how they are going to protect your financial information and your money. That is, if they want to keep you as a customer. So ask questions.

I also suggest you do the occasional web search for information about your bank, credit card company or any merchant you do business with. There is a lot of information about companies especially from consumers. Try Angie’s List or Yelp.com. You can search social media like Facebook. Try www.companynamesucks.com. Believe it or not it usually works and you will see what dissatisfied consumers are saying.

What to ask is probably your first question. Here are a few questions you need to ask your bank, credit card company or online merchant;

1. Does my bank have a plan to update their ATM operating systems? When?

2. Has my bank patched the Heartbleed vulnerability?

3. What level of encryption does my bank use online? The answer should be 128 bit encryption.

4. If there is a security breach when will my bank/credit card company/online merchant inform me? What is the policy?

5. Ask your credit card company when (not if) they will adopt the PIN and chip cards? Any later than October 2015 is the wrong answer.

These are just a few simple questions to ask. The answers should be in writing. Many banks will mail you pamphlets or a letter stating their policies. They may also direct you to their customer service department or website. That’s fine but whatever they tell you make sure you can find it in writing. If you can’t find it then demand it in writing. This is the best way to protect yourself. If something should happen you know exactly what to do and you know what your bank/credit card company/merchant is supposed to be doing.  Don’t take a chance with this. Make sure you know your rights as a cyber consumer. Remember 40 million people had their information stolen in the Target data breach. And I’ll bet that not many knew what to do or what Target was doing. Don’t let that happen to you.