But can she explain the off-side rule?
Sorry, but I've seen many lines to stand behind. Doesn't even work for the queue at customs. For ATMs all this creates is a corridor for people to walk through between the queue and the ATM. Its just bad manners and the most they will see (assuming you cover your PIN) is the amount you are withdrawing. (btw- this blog was missing the add comment option!)
12 Nov 2008 17:15 Read comment
Oh, yes, and according to the EMUE video, the cards are made by NagraID in Switzerland:
http://www.nagraid.com/anglais/domains/financial.htm
11 Nov 2008 12:41 Read comment
On a previous response, I marvelled at the ability to get a OTP display onto/into a credit card, together with battery and keypad! Amazing. I proposed that RSA (for example) could get the technology onto handsets much easier and do away with the separate token altogether. Well apparently this is already done (for BB, J2ME, Symbian etc) so I might also look for this option to allow the ditching of my token from my man-wallet. RSA OnDemand is also an option - its just a server side generated OTP.
And I found the following video links which show the EMUE unit: http://lab.emue.com/videos/scenario1_2.wmv http://lab.emue.com/videos/scenario2_2.wmv
11 Nov 2008 12:23 Read comment
RSA always had a 'kind of' credit card called a PinPad, which is about 4mm thick, and metal. SecurID is just a Pseudo random number generator which can be implemented in software or embedded. I think the problem was the 'battery' needed to keep the display ticking for 3 years (maybe the Oz product is powered by card reader on demand?). Getting an LCD display onto a standard credit card must also be a stretch.
I think OTPs are fine, and I think they are simple to comprehend and (sometimes) use. RSA could easily put it into a mobile handset, maybe even as a software appl, instead of the 'On Demand' by SMS option they currently have. I use SecurID, and I'd certainly rather have it in my phone.
Talk, text, time & transact !
11 Nov 2008 09:18 Read comment
Its great to see these points of view, and if one must take a position on it and not sit on the fence then I'll agree with the view that 'reducing the fraud' is the issue, and anytime now is a good time to do it.
But as Nick pointed out - its about what is good for the card networks, the issuers and the merchants, 'not' what is good for the consumer (or the planet). To these stakeholders it is affordable collateral damage. There are plenty of simple things that would add security and reduce fraud, and not all of them involve delays at the POS. I for one would just like the option to receive an SMS every time my account is dipped into. I'd be prepared pay for the priviledge of doing my own fraud detection and it wouldn't impact the sales process a jot.
You can argue (correctly) that this doesn't stop the fraud, it just detect it, so why bother? Well because as a customer I would feel better about it as a good option, and it can limit the degree of fraud, especially if combined with other controls like user specified limits.
Now, as a declared interest, I'm into things-mobile, so I am as curious as some of you as to Deans claims. In the meantime, I'm happy to read the entertaining and thought provoking opinions. I too believe the mobile is for more than talk,text,time ; the 4th 't' just has to be 'transact'. It has to be convenient, cheap, trusted and timely (2CT ?) and until someone works out how to deliver this equation and make more money for someone, then adoption of the service is at risk.
Lastly, back to the question of why fraud isn't tackled more than it is - imho someone has to be made liable for the 'loss+cost'. i.e. make it hurt the pocket more and things will be done.
10 Nov 2008 23:13 Read comment
Excellent. They should get one of those in the UK and all us whingeing Poms would have a field day.
Perhaps there's something more therapeutic voicing an opinion compared to commenting on Blogs !? I wonder who gets the lucky job of characterising and defining the comments that are left.
Of course, I love my Bank (because this 'isn't' anonymous!).
10 Nov 2008 16:38 Read comment
So if you use an Oyster card, or an NFC card to pay for your commute, that's a couple of 'not so micro'-billings a day. Nothing compared to the number of SMS messages you probably send some days, and the MNOs manage to bill you for those on a few pieces of paper.
I helped design and deliver a secured statement delivery solution for a major card years ago but they never implemented it. But these days, online banking allows you to download statement details, so where's the need any longer.
-j
21 Oct 2008 22:37 Read comment
Wow, that's a good one. Anyone could fall for that one, when presented with a pucker looking POS terminal. I'd like to think I would never use a card for that amount though.
Come to think of it, why wouldn't some temporary shop set up and do the same thing. One real card reader (for CHIP+PIN maybe), one 'portable' fake one for swipe cards. They open for a week and disappear after.
I know that CHIP+PIN would be safe here, but it does show that the more we use C+P the more we get used to freely keying in a PIN everywhere!
21 Oct 2008 11:11 Read comment
I at least agree to some of this, but I also remember the late 80's early 90's and the rising interest rate was THE KILLER punch.
Sure the banks lent too much. Its not the borrowers fault. If you needed to get on the mortgage ladder and needed 5x joint salary to do it, that's what you asked for. It was up to the banks to make the decision on the risk. The trouble is that little joe smith always loses out. I mean, fo ra starter they had to pay for an 'insurance' policy for the money lent over 85% - a policy for the bank by the way, not the borrower! Then if repossessed, the Bank cashes back what they can in an auction firesale, getting maybe half the real value back quickly. Finally, the borrower is on the hook for the shortfall for life, with interest and costs on top I am sure. The dice were loaded.
Back to the interest rate thing...rising interest rates is what would have happened if the credit crunch pack of cards hadn't happened. That way it would have been the worst off that paid the price and returned assets and a revenue stream to the banks (again, the banks just primed the engine). But instead it was rising fuel costs which tipped the scales. Most mortgages are on the same lowish level of lending they were a couple of years ago, but the cost of everything else went up and up. I mean, a loaf of bread these days is nearly 2 quid, and a packet of crackers (flour and water) is over 1. People got squeezed because of uncounted inflation - thats the real inflation that never seems to be reported in the goverment figures. When month after month they reported <2% inflation, we all could tell different.
Now you have falling fuel prices but the retail prices on everything from crackers to strawberries will take much longer to come down.
Finally, I don't remember salaries jumping to catch up with inflation - I had to jump around in the job market to make that happen. In a recession, companies cut costs wherever they can, and that meant they only paid more for new hires, not existing ones!
Anyway, we always talk in mortgage terms, because its what most of us can relate to. But its all those other loans and investments that are causing this total lack of inter-bank confidence. They loaned to businesses and speculators for all sorts of reasons, and those big loans didn't have the bricks and mortar assets behind them to fall back on, just a business projection which will now never happen. I think those are dwarfing the mortgage issues.
20 Oct 2008 13:57 Read comment
Hi,
Well I couldn't agree more. I said similar in my little rant on my 'blog' observation... https://www.finextra.com/blogs/fullblog.aspx?blogid=2002
I think the processes are outdated, but there is no easy answer. It could be that maybe the 'MasterCard SecureCode' site thingy was a trojan horse - surely it sould only be asking for some of the digits.
Perhaps the best security is not to prevent the theft of credentials, but 'ensure' the likelihood of detection and punishment of those that conduct the online fraud. For example, every online merchant purchase operation should contain the collection of internet/ISP fingerprints which although they wouldn't catch a specific person, would close the noose pretty quickly.
19 Oct 2008 14:51 Read comment
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.