Okay, this is a rather old article, but I decided to bring it up when DBS/POSB sent me a notice to inform that there will be a replacement of current debit and credit cards come February, to improve security.
Personally, I am not in computing sciences, so technical comments are limited. However, as a user of the cards, I must say that it is disturbing. And after watching much of the series Lie to Me.. I must say that the interview at the end of the segment, with Sandra Quinn of APACS, doesn't boost consumer confidence at all.
Remember, this research was publised in 2008... at that time, the team from University of Cambridge used a cloned card to process the fraud,... However, after informing the relevant agencies, the responses were as such.
Ingenico said,
"The method identified by the Cambridge University paper requires specialist knowledge and has inherent technical difficulties. This method is therefore not reproducible on a large scale, nor does it take into account the fraud monitoring used throughout the industry."
Visa also commented saying,
"We have seen no evidence from the Cambridge academic paper of anything we did not know or anything that presents a real-world threat to card security."
Brushed aside, the team continued to work on it, in search for a more efficient method. In February 2010, the team has come up with an improvement.
On informing the banks, the responses received were that it was an industry issue and not one pertaining to any one bank... thus, it seemed that the banks wouldn't be taking active action... brushed aside once again, the team published their paper... this time, in December 2010, the banks responded instead that the published paper should be censored... to which the University of Cambridge has denied, supporting the publishing of the controversial paper.
So yeah, guess we just have to wait and see if the banks are going to take positive action... on another note, there has been some positive response from this research, with UK regulations enforcing from 1st November 2009 that the onus is placed on the banks to prove that a customer has been negligent in any dispute...
And yes, there is some telltale small difference in the receipt, but after working with NETS in the past, I can tell from experience that frankly, some cashiers, especially those that don't really speak/read fluent English, only take note of the words "verified" and "transaction approved" on the receipt, and ignore the rest.
So yeah, I guess I can only hope that the new card by DBS/POSB will improve on such security flaws.
0 comments:
Post a Comment