The Bankwatch

Tracking the consumer evolution of financial services

Archive for the ‘Smart Cards’ Category

6 years is too long for elimination of mag strip debit cards


We were just hit today with a case of fraud that affected my family personally, and it just validates my view that the security of our payments networks is a problem being swept under the carpet.  Every day, all banks contact thousands of customers to cancel their debit card because it was or may have been compromised.  This is a well kept secret, and has not made mainstream press yet.

In our situation we actually were the card compromised, and I know enough about the card usage to narrow down the location of the compromise which is why this one worrys me.  The compromise took place at a merchant, either a restaurant or a sporting goods store.  No ATM was involved so the compromise had to be a parasite POS terminal.

In our case the criminals used an ATM to withdraw cash shortly afterwards.  Incidentally thanks to our Bank for picking up on this event within a few hours and dealing with it.

logo_rbc

Chip migration offers hope but only after mag stripe is eliminated, and that is another 6 years off, even though chip cards are now being isued in 2009.  The entire POS terminal fleet in Canada could be replaced quickly if their was a will to do so.

Chip Migration plans | EMV Canada

Interac Association has established migration dates for cards and terminals. Complete card and ABM conversion is required by the end of 2012; complete point of sale (POS) conversion is required by the end of 2015. After 2015, Interac debit magnetic stripe transactions will no longer be accepted at devices in Canada.

and this from Interac

The chip transition timeline

Every Acquirer (or payment service provider) has its own timetable in place for providing chip terminals. In order to ensure a smooth transition, Interac Association has implemented final conversion deadlines that work within merchants’ normal business cycles, so that merchants will be able to transition to chip within the set timeline and with minimum impact.

  • Interac chip cards and terminals are already being rolled out across Canada.
  • Complete migration to chip technology will take several years and the timetable for the introduction of chip will vary from one financial institution, and one service provider to another.
  • All Automated Banking Machines (ABM), point-of-sale (POS) terminals and banking cards across Canada will be upgraded.
  • Magnetic stripe debit card transactions will no longer be accepted at ABMs after December 31, 2012.
  • Magnetic stripe transactions will no longer be accepted at POS after December 31, 2015.
  • Chip cards will continue to carry the magnetic stripe, not only to facilitate the chip transition period, but also to allow cardholders to use their debit cards in other countries that do not use chip technology.

Relevance to Bankwatch:

Chip cards are coming, but the timeline is unacceptably long, out of desire to keep merchants, acquirors and issuers costs down.

In Japan, debit has never taken off.  On the other hand Suica and Pasmo are very popular, and gaining outside the original use of train service only into convenience stores and other small purchase locations.  That includes beer, other alcohol, magazines and movie rentals.

The idea of leaving thousands of dollars in full view with a 4 digit number as the only key is insanity.

suica 250px-Suica

Suica is successful because its handy being a wireless swipe,  and low risk with small amounts stored.

Chip will introduce the security of a non copyable card (we hope), but the 6 year wait in Canada is going to be an unfortunate inconvenience for the thousands that are compromised and have to replace their cards.

Reaearch by Nobuyo Henderson

Written by Colin Henderson

June 20, 2009 at 20:35

Consumers still need convincing on smart cards


Fewer than half of consumers would  switch to smart cards according to a “survey” by  terminal makers Ingenico. They arrive at the conclusion based on surveying people using the cards.

There is an enormous gap between use of cards, and the benefits of the cards.  The simple truth is that people do not associate any benefits with the switch to the smarter cards.

Convenience to drive contactless uptake, but consumers still need convincing | finextra

Convenience, rather than security, will be the driving force behind the UK adopting new payment methods, according to a survey of 1000 British consumers conducted on behalf of Ingenico.

Written by Colin Henderson

February 15, 2009 at 23:04

The smart card olympics commence


The branding olympics are underway now. G&D announce they are supplying a commerative Olympic smart card for Chinese Banks.

Smart Cards for Olympics

The Bank of China and the China Everbright Bank are offering their customers special Visa Olympic-edition credit cards. China Mobile is marketing a gift box containing six prepaid telephone cards, which is the fourth set of commemorative cards for 2008 Beijing Olympic Games launched by China Mobile. The Olympic smart cards are supplied by Giesecke & Devrient (G&D), a leading provider of smart card solutions.

Written by Colin Henderson

June 5, 2008 at 11:56

Posted in Smart Cards

Holland – debit cards eating up smaller transactions


 Some stats from Linkdump indicating that debit cards are achieving scale in the smaller payments, that some had hoped stored value smart cards could achieve.

… the debit-card eats up the low value segment

Source: Linkdump on Payments: Debit card moves in on low-value payments

 

Technorati tags: , ,

Written by Colin Henderson

February 12, 2007 at 10:46

Posted in Smart Cards

Finextra: Bank of America begins contactless m-payments trial


This is a smart move by Bank of America to start testing contactless cell phone payment now.  This is a smart card in a cell phone.  Its quite prevalent now in Japan, but this is the first instance I am aware of in North America.  Many Customers will like this.

Around 500 staff at the bank’s offices in Wilmington, Delaware are expected to take part in the pilot and will use their mobile phones to pay for purchases at vending machines, in a cafeteria and at an internal convenience shop.

Source: Finextra: Bank of America begins contactless m-payments trial

 

Technorati tags: , ,

Written by Colin Henderson

November 5, 2006 at 22:24

Posted in Smart Cards

Did Barclays err in going with card readers for two-factor security?


In a follow up to the earlier announcement from Barclays, David on Zdnet questions if consumers will accept the solution.  I agree with that assessment.

» Did Barclays err in going with card readers for two-factor security? | Between the Lines | ZDNet.com

Are you supposed to bring a bulky card reader with you everywhere you go? In contrast, RSA makes versions of its securID solution that fit on your keychain. Think I’m crazy about the sort of mobility that people want out of their online banking?

As I earlier noted:

Relevance to Bankwatch:
While this will buy some time, it remains to be seen if its a complete solution.  Meantime its an expensive gamble to issue and support the tokens.  The security infrastructure that supports the tokens is expensive.

There is a space for devices that support smart card authentication, and that provides clear ‘something you have’ characteristics.  But I remain convinced this is not a mass solution. 

Finally David notes an intersting anecdote from Target, the US retailer, and their failed attempt.

To boot, card reading solutions as a means for securing online transactions have not been met with consumer enthusiasm.  Way back in 2001, Target (the retailer) announced that it would be issuing card readers (like this Target-branded one on saleTarget-branded “smart Visa Cards” to help secure payments (card readers ensure that the end-user actually has a card as opposed to just the card number).  But, by 2004, the entire smart card program was failing so miserably that Target pulled the plug on the whole thing.

Technorati Tags: , ,

Written by Colin Henderson

August 9, 2006 at 17:24

Posted in Security, Smart Cards

Update on click fraud


Good article at Wired which describes the issue in clear detail. It goes on to conclude as I did earlier, that the real solution is participate in cost per action.

Wired News: Google’s Click-Fraud Crackdown

Google is testing a new advertising model to deal with click fraud: cost-per-action ads. Advertisers don’t pay unless the customer performs a certain action: buys a product, fills out a survey, whatever.It’s a hard model to make work — Google would become more of a partner in the final sale instead of an indifferent displayer of advertising — but it’s the right security response to click fraud: Change the rules of the game so that click fraud doesn’t matter.

Technorati Tags: , ,

Written by Colin Henderson

July 13, 2006 at 19:01

Posted in Marketing, Smart Cards

%d bloggers like this: