Top Five Causes of Data Compromise 106
Steve writes, "In a key step to help businesses better understand and protect themselves against the risks of fraud, Visa USA and the U.S. Chamber of Commerce announced the five leading causes of data breaches and offered specific prevention strategies. The report states that the most common cause of data compromise is a merchant's or a service provider's encoding of sensitive information on the card's magnetic stripe in violation of the PCI Data Security Standard. The other four are related to IT security, which can be improved simply by following common-sense guidelines." Here is the report on the U.S. Chamber of Commerce site (PDF).
Wow (Score:2, Insightful)
Re:top 5 (Score:3, Insightful)
Yes, but a more interesting question is could your karma whoring be any more obvious?
Didn't the waiter do it?! (Score:5, Insightful)
Re:Chip & PIN (Score:3, Insightful)
In Oz and New Zealand, people buy beer in the pub and pay like that (EFTPOS IIRC) and I don't think they are having a huge problem. They started a good while before us too.
Also, having your PIN doesn't give them your account. They would be limited to whatever your bank has set for the cash limit for the day. Unless they went shopping, and then they would be on all the CCTV cameras in the shops. Lesson 1a: Don't keep all your eggs in one basket.
Re:Wow (Score:3, Insightful)
Re:Didn't the waiter do it?! (Score:3, Insightful)
Thieves steal what's easiest to steal and get away with.
Re:Chip & PIN (Score:4, Insightful)
> would be a 3 stage process, and pretty hard to circumvent in a store
> situation.
Clerks rarely check pictures[1].
> Even ATMs have CCTV these days, so they could use some image recognition
> software to match your image against the registered image before giving you
> cash.
And the software would screw up about 10% of the time, keeping your card and your money.
[1] I knew a guy who spent part of his stint in the Navy sneaking on board warships with an ID card bearing the likeness of a gorilla.
Re:Chip & PIN (Score:2, Insightful)
the chip & pin approach in the UK introduces a smartcard chip into the mix. the chip makes the card difficult to clone. the chip is a mini computer that will only give up the account identifier when given the PIN signed with a cert that's only in authorised hardware..
Re:Didn't the waiter do it?! (Score:4, Insightful)
Re:Chip & PIN (Score:3, Insightful)
Sorry, that's bollocks - there has already been a student that has been able to 'crack' the encryption (I can't cite any references, and it was a month or two ago) But I did find this http://www.hebdos.net/lsc/edition352006/articles.
Despite this, that there is a simple bit flag on the mag stripe that determines "this card is chip and pin" which can be turned off with skimming
A friend of mine came over from the middle east without a chip and pin card, and all the restaurant did was swipe it, and ask for him to sign
Fraud is as easy as ever, now as a consumer I really don't like having to punch my pin in equipment I don't trust, and isn't securely fastened and hardened against abuse. I'm very sure at some point someone will build a device that looks like a normal remote chip+pin terminal, and scam people.
Liability shifting is a bad thing, and chip and pin is no more secure than the old method of signing. It's all blatent smoke and mirrors.