> On 2015-02-02, at 20:02 , Dave Close wrote:
>
> In the US a credit card transaction has better legal protection than
> debit. True, most issuers promise to apply basically the same rules
> to both, but they are not legally required to do so. Credit cards are
> limited to $50 liability, debit c
On Mon, 2 Feb 2015, Dave Close wrote:
Paul Graydon wrote:
Heck, anyone paying for goods in US stores as debit
already type in their pin at the moment. It just changes how you put
the card in the machine.
Derek J. Balling wrote:
Most debit cards have a Visa or MC logo on them, and you can
Paul Graydon wrote:
>Heck, anyone paying for goods in US stores as debit
>already type in their pin at the moment. It just changes how you put
>the card in the machine.
Derek J. Balling wrote:
>Most debit cards have a Visa or MC logo on them, and you can sign. I
>don't know the numbers, but I
On 02/02/15, Brodie, Kent wrote:
> So how is chip-and-signature any more secure that what we have today?
>
> Idiots.Our financial industry is run by idiots.
>
from what I understand, it's more secure b/c the chip produces a one-time use
hash of the number and feeds that into the payment syst
On Mon, 2 Feb 2015, Derek J. Balling wrote:
On 2/2/2015 7:48 PM, David Lang wrote:
I also wonder if they started getting worried about number
exhaustion. I'm sure that when they started that they thought that
10 or so digits was enough to last forever, but unless they re-use
numbers (at which
On Mon, Feb 2, 2015 at 7:13 PM, John Clear wrote:
> On Mon, Feb 02, 2015 at 04:15:50PM -0500, berg...@merctech.com wrote:
> >
> > -100 to AMEX for online/phone purchase fraud prevention.
> >
> > Many years ago, AMEX used to offer (free!) virtual credit card numbers
> > called Private Payments. Th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2/2/2015 7:48 PM, David Lang wrote:
> I also wonder if they started getting worried about number
> exhaustion. I'm sure that when they started that they thought that
> 10 or so digits was enough to last forever, but unless they re-use
> numbers
On Mon, 2 Feb 2015, John Clear wrote:
On Mon, Feb 02, 2015 at 04:15:50PM -0500, berg...@merctech.com wrote:
-100 to AMEX for online/phone purchase fraud prevention.
Many years ago, AMEX used to offer (free!) virtual credit card numbers
called Private Payments. These were good for one-time use
On Mon, Feb 02, 2015 at 04:15:50PM -0500, berg...@merctech.com wrote:
>
> -100 to AMEX for online/phone purchase fraud prevention.
>
> Many years ago, AMEX used to offer (free!) virtual credit card numbers
> called Private Payments. These were good for one-time use, with a
> capped-maximum and 30
> On 2015 Feb 2, at 11:46 , David Lang wrote:
>
> On Mon, 2 Feb 2015, Peter Loron wrote:
>
>> Yep, AMEX is usually pretty on the ball WRT fraud.
>>
>> Do note that EMV (aka Chip + PIN) cards are rolling out in the US this year
>> (finally). I already have my AMEX with the chip. IIRC, vendors
I remember Private Payments -- used it all the time. Too bad they did away
with it.
Nowadays, I have a different problem. One of my kids plays an Internet
game based in France. I'm in the US. Every time she tries to buy game
stuff, the card gets flagged. Every. Time.
AMEX won't let it throu
In the message dated: Mon, 02 Feb 2015 11:46:28 -0800,
The pithy ruminations from David Lang on
were:
=> On Mon, 2 Feb 2015, Peter Loron wrote:
=>
=> > Yep, AMEX is usually pretty on the ball WRT fraud.
That's been my experience too.
=> >
[SNIP!]
=> >
=> > The EMV isn't perfect, but it does
On Mon, 2 Feb 2015, Robert Au wrote:
On Feb 2, 2015, at 12:32 PM, Josh Smift wrote:
I imagine that the signature was originally for non-repudiation: If you go
to a store and say "hey I didn't buy that", and they say "well, here's a
receipt with your signature on it", that makes it a lot harde
On Feb 2, 2015, at 12:32 PM, Josh Smift wrote:
> I imagine that the signature was originally for non-repudiation: If you go
> to a store and say "hey I didn't buy that", and they say "well, here's a
> receipt with your signature on it", that makes it a lot harder for you to
> prove that you didn'
DB> The signature on the receipt was not only not mine, but an altogether
DB> different name (not even an effort at a forgery). Yet the card's fraud
DB> department concluded it was valid.
I had a somewhat similar experience with a check back in around 1990 or
so. I write zeroes from the bottom up,
On 02/02/2015 02:32 PM, Josh Smift wrote:
> I imagine that the signature was originally for non-repudiation: If you go
> to a store and say "hey I didn't buy that", and they say "well, here's a
> receipt with your signature on it", that makes it a lot harder for you to
> prove that you didn't.
>
>
I imagine that the signature was originally for non-repudiation: If you go
to a store and say "hey I didn't buy that", and they say "well, here's a
receipt with your signature on it", that makes it a lot harder for you to
prove that you didn't.
Does anyone who's worked in the payment processing in
On 02/02/15 13:56, John Stoffel wrote:
Derek> Customer service. Americans are used to signing their stuff,
Derek> they will lose their PINs and have to have them re-sent to
Derek> them. They will need to wait for their assigned PIN in order to
Derek> use their card at all, as opposed to just bein
To answer Mario's original 'how they figured it out'. The $1 charge
followed by a large charge is the 'tell'. That is a very common technique
that criminals use to see if a card is good. They figure that $1 won't
raise suspicion. And, to an extant that is true. However, $1 plus $$$ is a
pretty good
On Mon, 2 Feb 2015, Josh Smift wrote:
How does this interact with online transactions?
Has there been much research into how much fraud comes from cardinfo
stolen online vs cardinfo stolen at point-of-sale terminals?
I don't know, but the example that started this thread mentioned that the
So how is chip-and-signature any more secure that what we have today?
Idiots.Our financial industry is run by idiots.
___
Discuss mailing list
Discuss@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the
How does this interact with online transactions?
Has there been much research into how much fraud comes from cardinfo
stolen online vs cardinfo stolen at point-of-sale terminals?
-Josh (iril...@infersys.com)
___
Dis
As someone who many years ago worked for the largest credit card processing
company in the world and learned the ins and outs of it all I am willing to
bet that the #1 reason that the CC companies (incl Amex and the sort) do
not want to move is the amount of money they will lose in charge back fees
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2/2/2015 3:00 PM, Paul Graydon wrote:
> Heck, anyone paying for goods in US stores as debit already type in
> their pin at the moment.
Most debit cards have a Visa or MC logo on them, and you can sign. I
don't know the numbers, but I'd wager th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Chip and Signature requires new terminals as well.
On 2/2/2015 2:56 PM, John Stoffel wrote:
>
> Derek> Customer service. Americans are used to signing their
> stuff, Derek> they will lose their PINs and have to have them
> re-sent to Derek> them.
http://krebsonsecurity.com/2014/10/chip-pin-vs-chip-signature/ for more reasons
(and the point that the cards will still have a magnetic stripe with all the
info in it, and until you don’t accept swipes, those chip + signature cards are
exactly as vulnerable to counterfeit as non-chip versions).
How do they think the rest of the world coped (who have been using it
for several years), or are they really convinced Americans are stupider
than the Canadians, Europeans etc? Having been through the transition
to chip+pin once in my life, it really wasn't that big a deal. There
were some pe
On Mon, 2 Feb 2015, Peter Loron wrote:
Yep, AMEX is usually pretty on the ball WRT fraud.
Do note that EMV (aka Chip + PIN) cards are rolling out in the US this year
(finally). I already have my AMEX with the chip. IIRC, vendors are shifting
liability to merchants who do not have supported te
Derek> Customer service. Americans are used to signing their stuff,
Derek> they will lose their PINs and have to have them re-sent to
Derek> them. They will need to wait for their assigned PIN in order to
Derek> use their card at all, as opposed to just being able to use it
Derek> as soon as they
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Customer service. Americans are used to signing their stuff, they will
lose their PINs and have to have them re-sent to them. They will need
to wait for their assigned PIN in order to use their card at all, as
opposed to just being able to use it as
WTF.. why?
On 02/02/15 11:40, Derek J. Balling wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2/2/2015 2:23 PM, Peter Loron wrote:
Do note that EMV (aka Chip + PIN) cards are rolling out in the US
this year (finally).
Pedantic: My understanding is that the vast majority of chipped
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2/2/2015 2:23 PM, Peter Loron wrote:
> Do note that EMV (aka Chip + PIN) cards are rolling out in the US
> this year (finally).
Pedantic: My understanding is that the vast majority of chipped cards
in the US will be implemented via "Chip + Signa
On Mon, Feb 2, 2015 at 2:23 PM, Peter Loron wrote:
> Do note that EMV (aka Chip + PIN)
Note that many are chip-and-signature, not chip-and-PIN.
--
brandon s allbery kf8nh sine nomine associates
allber...@gmail.com ballb...@sinenom
Yep, AMEX is usually pretty on the ball WRT fraud.
Do note that EMV (aka Chip + PIN) cards are rolling out in the US this
year (finally). I already have my AMEX with the chip. IIRC, vendors are
shifting liability to merchants who do not have supported terminals in
October this year. The intent
We complain enough here about immature systems, it's time for a kudo.
Yesterday I received a simultaneous fraud alert from Amex via text on my cell,
a phone call to my landline, and email.
Some thief did a test charge of $1, and then followed it up with a $377 charge
to an online store located i
> On 30 Jan 2015, at 23:07, Christina Plummer wrote:
>
> I fully blame companies who allow accounts to be created without validating
> the user's email address. AT&T is particularly horrible about this.
I was surprised to find out - someone attempting to use a variant of my gmail
address (my n
36 matches
Mail list logo
