News & Views Detail
Back to Headlines
Jan 2010 - Improving the anti fraud technologyA couple of interesting articles recently have highlighted problems with some of the technology used by card systems. A poll conducted by the European ATM Security Team (EAST) indicated that 60% of respondents felt that European EMV cards should not hold sensitive cardholder data as standard in a magnetic stripe, and suggested two possible solutions to address this: 1. Magnetic stripes on future cards would not be activated unless the card holder planned to travel outside Europe and had contacted their bank. 2. Chip only cards would be issued to cardholders for use in Europe. Any cardholder wishing to travel outside Europe would need to request a second card, with a stripe, for this purpose. The problem here of course is that most ATM card readers would have to be redesigned as they use a magnetic stripe to open the shutter and allow the card to be inserted. Well known banking technology critic Ross Anderson has also had a swipe at something other than EMV by branding 3D Secure as "a textbook example of how not to design an authentication protocol" by ignoring good design principles and presenting "significant vulnerabilities". Anderson says inconsistent implementation at the merchant and bank end confuses customers and undermines standard industry advice on phishing avoidance. Verified by Visa has also been shown to be vulnerable to criminal attacks as the password can easily be reset by simply knowing a cardholder's card details and date of birth. It is probably a reasonable assumption that it is possible to devise a better technical solution and one is certainly needed - the question is who has the drive and incentive to develop it? Back to Headlines
|
