Unlocking Understanding - A Cryptic Introduction

in #security8 years ago (edited)

knowledge is valuable.

T_His blog will focus on producing cl_Ean understanding in areas that invo_Lve security.

Know_Ledge is sophisticated, simple, and highly variable.

M_Ost know to lock doors, check blind _ _Spots and avoid imminent danger.

I_T can b_E r_Elative or subjective.

What is i_Mportant? the forest or the trees?

_I_T is both delicate and powerful

Money can be securely stored and transferred using encryption. That same attribute can lead it to be remotely stolen if keys are compromised.

Being informed is important.

The Case of Bank Card Fraud in North America

Recently, a former colleague contacted me regarding a $12,000 dispute with a bank. An individual was out one night, and woke up the next morning to find their credit card gone. The card had been charged without authorization prior to reporting it lost. A police report was filed, and a standard fraud claim was submitted to have charges reversed. However, the bank subsequently denied the claim, stating that a PIN for the fraudulent transactions. The bank's position was that this victim (their customer) must have been careless in using their PIN and as the transaction was EMV compliant, the merchant is not liable for fraudulent transactions.

Banks have invested heavily in EMV (the standard used in Credit/Debit Chip technology), and it seems some of them no longer wish to write off fraud losses where a transaction has involved the Chip.

Banks are taking a position that it's impossible to fake a Chip transaction. Therefore a customer was either negligent, or is somehow collusive in fraudulent use of the card. It was astonishing that they took this position in spite of an official police report being filed. Particularly since the primary scope of EMV migration was to stop Counterfeit card production (a massive source of loss for banks pre-EMV).

Lost and Stolen cards would be harder to exploit (for those banks who introduced PIN over signature), but theft always was part of the criminal landscape - and there is no reason to believe all the pick-pockets, mail thieves, and the like would stop trying to make a quick low risk buck by charging up a credit card. As a matter of fact, if a crook could score a Chip card and it's associated PIN, there is a good chance they could run up the total significantly as the bank is less likely to flag or decline such transactions for fraud. Many banks have actually scaled down fraud shops because of the assumption that Chip on Chip activity is not worth monitoring. Furthermore, after liability shifted to merchants across North America, magnetic stripe fraud activity can be recovered from the merchants through charge-back.

The problem of fraud opportunity remains - whether someone 'shoulder-surfs' or otherwise records a PIN before stealing the actual card. The marketing slogan of "Zero Liability" for fraud used to reassure consumers and encourage Credit & Debit cards use over cash, doesn't seem to always apply.

The fraud will happen. It is important to be aware of your bank's policy when there is indication that a PIN was used. The individual I was informed about is escalating and fighting the bank. Not everyone will be able or willing to do so (and smaller amounts may not even be worthwhile, given the time and energy required).

If indeed banks are allowed by regulation to push back on fraud reimbursement in certain cases, it is only through transparency, understanding and Knowledge, that misinformation used for profit can be averted.

Thanks for reading.
@cryptoknow.com

#introducemyself #banking #fraud
8 years ago in #security by
$0.00
    3 votes
    Reply 0

    Coin Marketplace

    STEEM 0.19
    TRX 0.16
    JST 0.030
    BTC 63678.85
    ETH 2623.01
    USDT 1.00
    SBD 2.85