Archive for the ‘SAFEGUARDS’ Category

Credit card minimum repayments the hidden danger in your post-Christmas bill

Beware the minimum payment as you contemplate that post-Christmas credit card balance.

Economists have found the minimum payments that appear on monthly credit card statements act as an “anchor” causing many consumers to pay off less debt than they otherwise would – and should.

Putting a price on Christmas

Australians will spend billions this Christmas, with the largest percentage spent on food.

A study by American researchers Benjamin Keys and Jialan Wang shows that almost a third of card borrowers in the US make payments at or near the monthly minimum. Their findings suggest a substantial proportion of consumers – up to one in five – settle for the lowest possible payment even though they could afford to pay more.

“A large fraction of near-minimum payers appear to treat the minimum as an anchor,” the study published by America’s National Bureau of Economic Research said.

credit-cards-image-www-creditcardseasy-net

That means higher balances, higher interest costs and eventually greater financial risk for many card holders. At the national level the influence of the minimum payments may be helping to elevate household debt, which makes the whole economy more vulnerable to shocks.

Australian credit card users are also susceptible. A consultation paper released this year by the Australian Treasury said “a growing body of experimental research and field studies have shown that some consumers make a smaller repayment than they otherwise would have simply due to the presence of the minimum repayment.”

The Treasury paper said card issuing companies set minimum repayment amounts as a very small proportion of the outstanding balance, “so that households making the minimum repayment will only pay off their balance over a very long period and incur very large interest costs.”

Gerard Brody, chief executive of Consumer Action Law Centre, said that credit card users should focus on the total amount outstanding on their credit card statement and pay off as much as possible rather than the minimum payment.

“The minimum payment might look easy to pay but that’s all the bank wants you to pay,” he said.

“They know that if you do that, they will make a lot of money from you in interest payments. What you should be focused on is the full amount outstanding and paying that before the due date when the interest payments come through.”

There are no regulations that determine how credit card minimum payments are set. The Treasury’s paper said they are typically 2-3 per cent of the outstanding balance.

Consumer advocacy groups including the Consumer Action Law Centre and CHOICE say minimum repayments should be lifted to ensure consumers aren’t lumbered with high interest debt for decades.

CHOICE spokeswoman Nicky Breen said card issuers should also be required to “proactively contact customers” who are only making minimum payments and drawing out their debt.

“The federal government has had a consultation on broad credit card reform but no decisions have been made as of yet,” she said.

Some card users simply don’t have enough money to repay any more than the minimum. But Dr Keys and Dr Wang observe that when American credit card companies lifted their minimum payments, consumers paid the higher amount most of the time, suggesting they could have contributed that much all along.

Bessie Hassan, from financial comparison website finder.com.au, said card users with the means to make payments above the minimum payment should make a conscious effort to do so.

“Many borrowers fall into the mentality of thinking they just need to make the minimum payment on their credit card, or some may simply be unaware that they can make overpayments,” she said.

“Typically, there’s no cost involved for making overpayments so you’ve got nothing to lose and everything to gain.”

Ms Hassan said that if a consumer with an average credit card debt of $3073 (and average card purchase interest rate of 17.31 per cent) paid the minimum repayment of $62, it would take 24 years to settle the debt and a total of $6000 in interest would be paid.

“However, if you increased your minimum monthly repayments by $50 to $112…you’d pay it off within three years and only pay a total of $867 in interest,” she said.

Since 2011 Australian card issuers have been required to tell customers on statements how long it will take to repay debt if only the minimum payment is made.

But Mr Brody said there has not yet been any “rigorous analysis” of what impact this requirement has had on the behaviour of credit card users.

6RKUYooo

Henry Sapiecha

Apple Pay bridging bricks-and-mortar and online credit card fraud

The Apple Watch will be able to make payments using Apple Pay.

The Apple Watch will be able to make payments using Apple Pay. Photo: Reuters

Lost amid the Apple media firestorm these past few weeks is a stark and rather unsettling reality.

Apple Pay – the company’s answer to a mobile (and wearable) wallet – makes it possible for cyber thieves to buy high-priced merchandise from bricks-and-mortar stores using stolen credit and debit card numbers that were until now only useful for online fraud.

To understand what’s going on here, a quick primer on card fraud first: If you’re a fraudster and you wish to walk into a big retailer and walk out with a big screen TV or Xbox console on someone else’s dime, you’re going to buy “dumps” which are data stolen straight off the magnetic stripe on the backs of cards.

Typically, dumps are stolen via malware planted on point-of-sale devices, as in the breaches at brick-and-mortar stores like TargetHome Depot and countless others over the past year. Dumps buyers encode the data onto new plastic cards, which they then use in-store at retailers and walk out with armloads full of high-priced goods that can be easily resold for cash. The average price of a single dump is between $US10-$30, but the payoff in stolen merchandise per card is often many times that amount.

R7IG5

SOME 8 WAYS TO SEE IF YOUR CREDIT CARD IS BEING SCAMMED BELOW-CLICK LINK

http://creditcardseasy.net/2015/01/21/credit-card-fraud-eight-ways-to-get-your-info-hijacked/

When fraudsters want to order something online using stolen credit cards, they go buy what the crooks call “CVVs” — card data stolen from hacked online stores. CVV stands for “card verification code,” and refers to the three-digit code on the back of cards that’s required for most online transactions. Fraudsters buying CVVs get the credit card number, the expiration date, the card verification code, as well as the cardholder’s name, address and phone number. Because they’re less versatile than dumps, CVVs cost quite a bit less — typically around $US1-$5 per stolen account.

So in summary, dumps are stolen from main-street merchants, and are sought after by crooks mainly for use at main street merchants. CVVs, on the other hand, are stolen from online stores, and are useful only for fraud against online stores.

Enter Apple Pay, which potentially erases that limitation of CVVs because it allows users to sign up online for an in-store payment method for their iPhone or Watch using little more than a hacked card account and CVVs. That’s because most banks that are enabling Apple Pay for their customers do little, if anything, to require that customers prove they have the physical card in their possession.

Avivah Litan, a fraud analyst with Gartner, explained in a blog post published earlier this month that Apple provides banks with a fair amount of data to aid in their efforts at “identity proofing” the customer, such as the customer’s device name, its current geographic location, and whether or not the customer has a long history of transactions with iTunes.

All useful data points, of course, unless the iTunes account that all of this information is based on is hijacked by fraudsters. And as we know from previous stories, there is a robust cybercrime underground trade for hijacked iTunes accounts, which retail for about $US8 each.

tjygtiu6

Litan’s column continues:

“Interestingly, neither Apple nor the banks get any useful identity information out of the mobile carriers – at least that I know or heard of. And mobile carrier data could be particularly helpful with identity proofing. For example the banks could compare the mobile service’s billing address with the card account holder’s billing address.

“For years, we have been briefed by vendors offering a plethora of innovative and strong user authentication solutions for mobile payments and commerce. And for years, we have been asking the vendors touting them how they know their mobile app is being provisioned to a legitimate user rather than a fraudster. That always appeared to me to be the weakest link in mobile commerce –making sure you provide the app to the right person instead of a crook.

“Identity proofing in a non-face-to-face environment is anything but easy but there are some decent solutions around that can be stitched together to significantly narrow down the population of fraudulent transactions and identities. The key is reducing reliance on static data – much of which is PII data that has been compromised by the crooks – and increasing reliance on dynamic data, like reputation, behavior and relationships between non-PII data elements.

“This problem is only going to get worse as Samsung’s LoopPay and the MCX/CurrentC (supported by Walmart, BestBuy and many other major US retailers) release their mobile payment systems, without the customer data advantages Apple has in their relatively closed environment.”

Sure, the banks could pressure Apple Pay to make their users take a picture of their credit cards with the iPhone and upload that data before signing up. That might work for a short while to deter fraud, at least until the people at underground document forgery sites like Scanlab see a new market for their services.

RUI

But in the end, most banks coming online with Apple Pay are still using customer call centers to validate new users, leveraging data that can be purchased very cheaply from underground identity theft sites. If any of you doubt how easy it is to buy personal data on just about anyone, check out the story I wrote in December 2014, wherein I was able to find the name, address, Social Security number, previous address and phone number on all current members of the US Senate Commerce Committee.

The irony here is that while Apple Pay has been touted as a more secure alternative to paying with a credit card, the way Apple and the banks have implemented it actually makes card fraud cheaper and easier for fraudsters.

Even more deliciously ironic, as noted in Cherian Abraham’s insightful column at Droplabsis how much of the fraud stemming from crooks signing up stolen credit cards with Apple Pay was tied to purchases of high-dollar Apple products at Apple’s own brick-and-mortar stores. That banks end up eating the fraud costs from this activity is just the cherry on top.

Abraham said the banks are in this mess because they didn’t demand more transparency and traceability from Apple before rushing to sign customers up (or “provision” them, in banker-speak) for Apple Pay.

“One of the biggest gripes I have heard from issuers is the lack of transparency from Apple (what did they expect?) and the makeshift reporting provided to issuers that is proving to be woefully inadequate,” Abraham wrote. “As long as issuers fall back on measures easily circumvented by freely available PII – this problem will continue to leech trust and large sums of cash. And alongside of the latter, there is much blame to go around as well.”

Both Abraham and Gartner’s Litan say banks need to take a step back and take the time to develop more robust, thoughtful and scalable solutions to identity proofing customers, particularly as other mobile providers begin rolling out their mobile payment systems without the customer data advantages that Apple has in their relatively closed environment.

“The vendors in the mobile user authentication space have consistently answered that they are leaving account provisioning policies to the banks or other consumer service providers provisioning the apps,” Litan wrote. “Well maybe it’s time for them to reconsider and start helping their client banks and service providers by supporting identity proofing solutions built into their apps. Whoever does this well is surely going to win lots of customer support… and revenue.”

www.clublibido.com (5)

www.intelagencies.com

www.scamsfakes.com

Henry Sapiecha

Fraud-proof credit cards now possible with quantum physics

WASHINGTON, Dec. 15, 2014–Credit card fraud and identify theft are serious problems for consumers and industries. Though corporations and individuals work to improve safeguards, it has become increasingly difficult to protect financial data and personal information from criminal activity. Fortunately, new insights into quantum physics may soon offer a solution.

As reported in The Optical Society’s (OSA) new high-impact journal Optica, a team of researchers from the Netherlands has harnessed the power of quantum mechanics to create a fraud-proof method for authenticating a physical “key” that is virtually impossible to thwart.

This innovative security measure, known as Quantum-Secure Authentication, can confirm the identity of any person or object, including debit and credit cards, even if essential information (like the complete structure of the card) has been stolen. It uses the unique quantum properties of light to create a secure question-and-answer (Q&A) exchange that cannot be “spoofed” or copied.

optica symbol card defraud block system image www.creditcardseasy.net

A team of researchers from the Netherlands has harnessed the power of quantum mechanics to create a fraud-proof method for authenticating a physical ‘key’ that is virtually impossible to thwart. Credit: The Optical Society (OSA) and MESA+ Institute for Nanotechnology, Complex Photonic Systems Department of the University of Twente

creditkarmaelegantwoman image www.creditcardseasy.net

The “Question-and-Answer” Security Game

Traditional magnetic-stripe-only cards are relatively simple to use but also simple to copy. Recently, banks have begun issuing so-called “smart cards” that include a microprocessor chip to authenticate, identify and enhance security. But regardless of how complex the code or how many layers of security, the problem remains that an attacker who obtains the information stored inside the card can copy or emulate it.

The new approach outlined in this paper avoids this risk entirely by using the peculiar quantum properties of photons that allow them to be in multiple locations at the same time to convey the authentication questions and answers. Though difficult to reconcile with our everyday experiences, this strange property of light can create a fraud-proof Q&A exchange, like those used to authorize credit card transactions.

“Single photons of light have very special properties that seem to defy normal behavior,” said Pepijn Pinkse, a researcher from the University of Twente and lead author on the paper. “When properly harnessed, they can encode information in such a way that prevents attackers from determining what the information is.”

The process works by transmitting a small, specific number of photons onto a specially prepared surface on a credit card and then observing the tell-tale pattern they make. Since — in the quantum world — a single photon can exist in multiple locations, it becomes possible to create a complex pattern with a few photons, or even just one.

Due to the quantum properties of light, any attempt by a hacker to observe the Q&A exchange would, as physicists say, collapse the quantum nature of the light and destroy the information being transmitted. This makes Quantum-Secure Authentication unbreakable regardless of any future developments in technology.

UGCEUT

Making Cards Quantum Secure

To provide security in the real world, a credit card — for example — would be equipped with a paper-thin section of white paint containing millions of nanoparticles. Using a laser, individual photons of light are projected into the paint where they bounce around the nanoparticles like metal balls in a pinball machine until they escape back to the surface, creating the pattern used to authenticate the card.

If “normal” light is projected onto the area, an attacker could measure the entering pattern and return the correct response pattern. A bank would therefore not be able to see a difference between the real card and the counterfeit signal projected by the attacker.

However, if a bank sends a pattern of single “quantum” photons into the paint, the reflected pattern would appear to have more information – or points of light – than the number of photons projected. An attacker attempting to intercept the “question” would destroy the quantum properties of the light and capture only a fraction of the information needed to authenticate the transaction.

“It would be like dropping 10 bowling balls onto the ground and creating 200 separate impacts,” said Pinkse. “It’s impossible to know precisely what information was sent (what pattern was created on the floor) just by collecting the 10 bowling balls. If you tried to observe them falling, it would disrupt the entire system.”

massive vault for money image www.money-au.com

Quantum, But Not Difficult

According to Pinkse, this unique way of providing security is suitable for protecting government buildings, bank cards, credit cards, identification cards, and even cars. “The best thing about our method is that secrets aren’t necessary. So they can’t be filched either,” he said.

Quantum-Secure Authentication could be employed in numerous situations relatively easily, since it uses simple and cheap technology — such as lasers and projectors — that is already available.

www.clublibido.com (8)

www.intelagencies.com

www.scamsfakes.com

Henry Sapiecha