Posts Tagged ‘problems with new credit cards’

How Hackers Found a Way to Thwart Chip and PIN Credit Cards

Make no mistake, the tech is not invulnerable.

credit card closeup blue image www.creditcardseasy.net

After years of preparation, chip and PIN credit cards are finally arriving in the United States. But while a chip and PIN might be much more secure than a signature, hackers have shown that it’s not invulnerable, and now we know how they pulled it off.

As Ars Technica reports, a number of chip and PIN cards were stolen in France back in 2011, and somehow, the fraudsters who took them were able to start using them in Belgium, despite the security enhancements that credit card companies are wont to hold up as unimpeachable. Security researchers expressed their doubts about the tech as early as 2010, but the incident in Belgium was the first (and so far only) instance of an actual exploit.

Now, the researchers behind the investigation have published a paper that explains how the hack worked. At least as well as they can tell; the actual cards are still untouchable due to being evidence in a criminal proceeding. As Ars Technica explains:

The fraudsters were able to perform a man-in-the-middle attack by programming a second hobbyist chip called a FUN card to accept any PIN entry, and soldering that chip onto the card’s original chip. This increased the thickness of the chip from 0.4mm to 0.7mm, “making insertion into a PoS somewhat uneasy but perfectly feasible,” the researchers write.

Essentially, that small extra chip would sit between the card’s actual chip and the point of sale, and assure both sides that everything about the transaction was on the up-and-up, even though it wasn’t.

The problem is solvable, the regulators behind the chip and PIN system say it’s already been solved. But that a vulnerability was present at all is still troubling. The all-around weakness of signature based authentication meant that credit card companies had little choice but to eat the cost of plausible and frequent fraud. But if those same companies hold up chip and PIN as infallible, it could make claiming fraud much harder or virtually impossible.

Yes, chip and PIN will hopefully make credit card fraud much rarer, but if credit card companies continue to treat it as fool-proof when it very well may not be, the next vulnerability could prove very expensive for the victims.

www.clublibido.com (5)

www.intelagencies.com

www.scamsfakes.com

GUKYGT

Henry Sapiecha

CREDIT CARD NEW TECHNOLOGY BRINGS WITH IT A SET OF PROBLEMS

new credit and debit cards image www.creditcardseasy.net

Millions of Americans are getting new credit and debit cards with more secure chip technology, and that’s already leading to headaches for companies that rely on working cards to charge their customers every month.

Video and music streaming companies, dating websites, gyms and other subscription-based companies can take a hit when customers don’t update their accounts after receiving a new card. It’s always been a hassle, but with millions of cards carrying the new being mailed out all at once it’s creating bigger problems.

Netflix this week said large numbers of cards that weren’t updated were partly to blame for slower subscriber growth in their most recent quarter.

The video steaming site said Wednesday that an unusual number of accounts were cancelled during the three months that ended in September. Netflix Inc., which has 69 million members around the world, expects the issue to continue into the next quarter as more new chip cards roll out.

With subscription services gaining in popularity, where customers have funds automatically withdrawn from checking accounts every month for a service, it has become increasingly noticeable when people don’t update the cards that they use for those services, or are unaware that they need to.

Often, the number on the card is still the same, but the expiration date has changed, said Matt Schulz, a senior analyst at credit card comparison site CreditCards.com. Typically, payments won’t go through if the expiration date is different.

Recurly, a San Francisco company that manages bill payments for more than 1,900 subscription businesses, said it has seen a slight increase in card declines. Recurly uses a service for its clients that automatically updates when new card numbers are issued, so the customer doesn’t have to do it themselves, said CEO Dan Burkhart, though not every bank participates in the service. Burkhart said subscription companies will face some “turbulence” as customers get new cards, but those issues typically resolve within a few months.

The problem has hurt Netflix before.

A year ago, the Los Gatos, California, company said a number of customer’s accounts were put on hold due to The Home Depot data breach, which forced many customers who shopped at the home improvements store to get new credit cards.

Similarly, IAC/InterActiveCorp, a New York company which owns dating websites such as Match.com and OkCupid, said last year that credit that were not updated after major security breaches at Target and Home Depot cost it about $5 million in earnings for the year before interest, taxes, depreciation and amortization.

197_banner

www.intelagencies.com

www.scamsfakes.com

UUTU

Henry Sapiecha