It has been known for thieves to take the genuine card, use it and return it, unnoticed by the rightfull owner. If the bank has security cameras this may be checked.
13 Feb 2009 13:14 Read comment
The IBM idea is not related to OTP, except that it replaces it. In the IBM scenario the device displays important elements of the transaction, such as the amount or the beneficiary, which are authenticated cryptographically between the device and the bank without the user's PC being involved. This means that malware and other attacks (MITM - man in the middle - in the IBM description) cannot change these elements.
31 Oct 2008 08:55 Read comment
"We're mobile phone salesmen, you can trust us".
Why do you think the mobile phone, which uses the same technology as EMV but with less robust crypto, would provide better security?
21 Oct 2008 01:33 Read comment
If the transaction is online, the card cannot be cloned.
With the present state of the technology there is no justification for offline any more.
And the "track 2" information from the chip should be useable magnetically. This has been known and possible for many years.
20 Oct 2008 06:21 Read comment
In the EMV specifications, see Book 3, clause 10.5, Cardholder Verification, and appendix C3, Cardholder Verification Rule Format. There are X and Y amounts, and a condition code that says how they are to be used.
14 Oct 2008 09:00 Read comment
1. Under the current scheme, shops are indeed required to get the PIN if the card indicates so, but may waive the requirement at their own risk. Doing so is not going against any rule.
2. I was suggesting that the rules ought to be changed, and a floor limit established for using the PIN. The EMV specifications do allow this, but the brands and the banks chose not to use this feature.
14 Oct 2008 00:16 Read comment
With an EMV card, the card number is not enough. You need to obtain a cryptographic signature from the card to get an approval.
09 Sep 2008 14:04 Read comment
With EMV you do not need to protect card numbers for card present transactions, and for card not present anyhow the bank and the cardholder have limited liability.
The need to protect card number, and the cost involved, could be saved with EMV.
09 Sep 2008 13:10 Read comment
EMV is not relevant to PIN security at the ATM, as the EMV enabled ATMs use "online PIN".
On the other hand, using the PIN for low value transactions unnecessarily exposes it to various scams.
04 Jul 2008 04:28 Read comment
Trends in Financial Services
Peter JonesChairman at PSE Consulting
Nick OgdenChairman at Ogden Research
Whitman KnappChairman at GTBInsights LLC
Viet Anh Phan TonChairman at Pontus Systems Technology Pte Ltd
Andersen ChengChairman at Post Quantum
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.