Hi Kalle,
Most of the debit cards (in France & in the USA) have an "authorized" overdraft by default.
For example on my french debit card I'm "allowed" an overdraft of 3 000 EUR.
Which is a semi-credit. Meaning you pay a smaller interest than for pure credit. But still... you pay.
On Prepaid cards, it is technically not possible, as the prepaid cards system is not offering a credit or semi-credit possibility. It is really your money that you are spending. The "pre-negociated" overdraft does not exist.
27 Jan 2010 10:51 Read comment
Hi Roberto,
You might want to add that most of these "free hacking tools" contain crimeware themselves.
Meaning there is very often a backdoor in the code of the program that is sending your data to the original hacker who wrote it.
There is no free lunch, especially in crimeware.
Do NOT use these "free tools".
26 Jan 2010 15:36 Read comment
Stephen,
Where is the riddle?
I'm saying clearly and loudly that:
A solution implemented at the merchant level is useless.
Yes, Useless!!!
Worse, it's not worth more than the fraud itself, when BY DEFINITION any new merchant not using the solution is a hole in the system.
Whereas a solution implemented at the issuing bank level is covering the card wherever it is used. Any new merchant is automatically covered.
13 Dec 2009 14:32 Read comment
The simple explanation is that it's like when you try to clean a dashboard. There is always some chalk remaining.
Concerning a hard drive you are also talking about polarisation. You leave a magnetic trace that can be recovered after a simple deletion.
You can assimilate the 30 times to the 30 times your hand goes on the dashboard to erase the remaining chalk on the sides. :-)
10 Dec 2009 10:31 Read comment
The notification by SMS is yet another interesting feature. Of course where is the benefit for the bank? :-)
Regarding the ON/OFF, MasterCard is not the only one interested in this project. But I happen to know that Marite is the inventor of the system and has been granted a patent for it.
Anyway we all know how it works and I'm happy to see that the "big ones" are copying. It's a validation that the idea is good.
There is an expression that describes exactly what "Merchant-Side implementation" is compared to "Issuers-Side":
"Peeing against the wind"
You are giving the fraudsters the perfect weapon to defeat you.
Especially if you provide the list of Merchants that have signed with you.
It's in the Fraudster For Dummies manual.
You just need to defraud the card with any merchant that has not signed up with you.
10 Dec 2009 10:23 Read comment
The anti-fraud solution can not be implemented on the merchants' side.
You are trying to cure the symptoms, not the cause.
By approaching the problem via the issuing banks' side you are protecting your clients at the source.
Suppose we live in wonderland and you have the best system on earth installed with every merchant on the planet. It takes a single new merchant that does not use your system for fraud to happen.
Trying to educate clients is a noble but useless approach.
Our kids would still be educating them before you change their behavior. Besides why should they be educated? They go on the internet to use their hardly earned money. They should not have to follow a 10 000 steps procedure to buy, otherwise they will go back to real life stores with real life peoples to buy with real life money (cash).
The digital experience has to be a pleasant alternative. You should not need a doctorate in computer science to be able to buy.
07 Dec 2009 13:56 Read comment
That's a beautiful Sales Pitch, where is the contract form???
:-)
Fun put aside, any solution that has to be installed on the merchant side can not solve the problem of fraud.
Put yourself in the shoes of the consumers!
If your system is not installed with all the merchants, consumers are not protected all the time! You are forcing them to buy only with the merchants that use your system. You need to be a bit more realistic here.
05 Dec 2009 15:30 Read comment
Hi Stephen,
My sincere apologies if you felt offended. I often get carried away as I'm a passionate person and it's absolutely not my intention to insult you in any manner.
Concerning the ON/OFF system, I think you are using a sledge hammer to kill a fly here.
Can you perform a transaction with this ON/OFF system? The answer is NO.
It works like a "Read only" system.
Aaron Patzer, CEO of Mint.com, explains it so well that I'll use his words to describe what this means in terms of required level of security
http://www.youtube.com/watch?v=qDMG1BA6EnE
In a few words it can do no harm, but it might bring something new to the table. Not only in terms of ON/OFF but also in terms of budgeting. And I've heard that lately it might be something interesting, especially in the USA.
Is there a good authentication system out there? There are certainly plenty but not a single one is universal. Meaning secure, cheap enough to deploy and widely accepted by consumers, merchants and banks.
Besides, even if it arrived today, I'm not sure that banks & payment networks would let it take their slice of the cake without a fight.
I truly believe the discussion about the best authentication system is not over yet...
04 Dec 2009 10:14 Read comment
This discussion about the ON/OFF system should not take place here.
It's a lack of respect for the blog of Roberto and the topic he decided to debate. Please feel free to create another blog and I'm sure a lot of people would like to debate with you on this topic.
To close this discussion, turning ON/OFF might seem too complex for you because you blindly believe in cards (that have proven to be not so smart) and authentication.
Fraud rates all over the world prove that the current authentication methods are really not efficient and things must change, but as long as banks choose short term benefits as a primary goal (in place of quality of service), we'll have crapy systems + the insurances that can be sold to fill the gaps.
03 Dec 2009 10:28 Read comment
Thank you for this blog. Just to mention it, we still have kings and queens in some countries of the world. :-)
Concerning the signature, you are criticizing a monument in our culture. The John Hancock (as called in the US) is still a very powerful way of giving evidence of:
In France, specifically, it is the strongest way of identifying yourself. As we are not using it to pay (except with cheques) but mostly to sign official papers, I think it kept all its strength and meaning to us.
As every authentication system or device, it has its strength and weaknesses.
I would give a vote to signature in a face to face against static PIN codes.
My point of view might change if we were talking about one-time passcodes.
Concerning the idea of Marité, I think that you completely missed the point Stephen.
You focus on the authentication when she is talking about something much more powerful, authorization!!!
As a cardholder, it gives you much more power and control to be able to TURN OFF your card than to have the most complex authentication in the world.
02 Dec 2009 11:53 Read comment
Business Knowledge for IT
Information Security
Innovation in Financial Services
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.