Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




685 posts

Ultimate Geek
+1 received by user: 1


Topic # 93038 11-Nov-2011 17:34 Send private message

Been ready 3new website and its says steam been hacked
http://www.3news.co.nz/Steam-hacked-credit-card-details-may-be-at-risk/tabid/418/articleID/232414/Default.aspx




               The Biggest and the Best.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
BDFL
49915 posts

Uber Geek
+1 received by user: 4621

Administrator
Trusted
Geekzone
Subscriber

  Reply # 544341 11-Nov-2011 17:44 Send private message

Moved to correct forum.




1155 posts

Uber Geek
+1 received by user: 35


  Reply # 544343 11-Nov-2011 17:53 Send private message

freitasm: Moved to correct forum.


Might want to fix up the subject spelling too Smile 

Have plan, send $NZD50m
3475 posts

Uber Geek
+1 received by user: 75

Subscriber

  Reply # 544351 11-Nov-2011 18:42 Send private message

Bank is going to get so sick of gamers ringing up and canceling credit cards...

Sony... Steam... who's next?




Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - [email protected]


1599 posts

Uber Geek
Inactive user


  Reply # 544389 11-Nov-2011 20:28 Send private message

Haha, good luck with that. Not much money left in my account lately... (links to iPhone 4S rant)

2848 posts

Uber Geek
+1 received by user: 537

Trusted
Subscriber

  Reply # 544395 11-Nov-2011 20:40 Send private message

cws82us: Been ready 3new website and its says steam been hacked
http://www.3news.co.nz/Steam-hacked-credit-card-details-may-be-at-risk/tabid/418/articleID/232414/Default.aspx


Haha! If they get my credit card number they lose - no credit left! Wait - awww, man...




iPad Air + iPhone 5S + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

1571 posts

Uber Geek
+1 received by user: 11

Subscriber

  Reply # 544399 11-Nov-2011 20:48 Send private message

This makes me think.

You have the option of the likes of Gmail/Google Accounts having multi-factor authentication (hell, even Steam itself has a multi-factor system), why can't this be implemented for credit cards as well?

I would personally seriously consider this type of system.
I realise there are many factors that would be serious things to think about; such as losing the second multi-factor authentication system (most likely a cellphone/smartphone), and maybe emergency situations where you really need a credit card to get out of any critical situations overseas etc but you have lost your cellphone.

Now, of course, this type of system would need to be opt-in/optional only for a start, but I think it would be quite a good way to combat breaches like these. Could save banks a bit of money in the long run.

Essentially, the technology is already in place for such multi-factor authentication systems (i.e. Google Authenticator, Battle.net, ASB, RaboBank, OATH-OTP etc...) so it probably wouldn't be too much of an investment to make it happen.

I know there are many intricacies involved with credit cards, and I will be the first to admit that I have no idea what these intricacies might be, but just putting the idea out there.

1599 posts

Uber Geek
Inactive user


  Reply # 544416 11-Nov-2011 22:24 Send private message

dontpanic42: This makes me think.

You have the option of the likes of Gmail/Google Accounts having multi-factor authentication (hell, even Steam itself has a multi-factor system), why can't this be implemented for credit cards as well?

I would personally seriously consider this type of system.
I realise there are many factors that would be serious things to think about; such as losing the second multi-factor authentication system (most likely a cellphone/smartphone), and maybe emergency situations where you really need a credit card to get out of any critical situations overseas etc but you have lost your cellphone.

Now, of course, this type of system would need to be opt-in/optional only for a start, but I think it would be quite a good way to combat breaches like these. Could save banks a bit of money in the long run.

Essentially, the technology is already in place for such multi-factor authentication systems (i.e. Google Authenticator, Battle.net, ASB, RaboBank, OATH-OTP etc...) so it probably wouldn't be too much of an investment to make it happen.

I know there are many intricacies involved with credit cards, and I will be the first to admit that I have no idea what these intricacies might be, but just putting the idea out there.

It is in fact two-factor in most cases, you have 1) the card and 2) the pin or 3) the CVC. To combat the real problem what we need is to have the CVC be dynamic rather than static, like, the CVC could be a screen on the card just like the bank tokens and the CVC would only be valid once.

1571 posts

Uber Geek
+1 received by user: 11

Subscriber

  Reply # 544431 11-Nov-2011 22:48 Send private message

codyc1515: To combat the real problem what we need is to have the CVC be dynamic rather than static, like, the CVC could be a screen on the card just like the bank tokens and the CVC would only be valid once.


That's actually not a bad idea, and in fact, what I was trying to get at really.
The truest form of multi-factor authentication is something that is always changing, so nearly impossible to guess without the proper device.

A pin can be guessed, a CVC can be guessed.
When credit card details get leaked in cases like these, it would be good to have a multi-factor authentication option which would force another factor to be used as authentication for ANY transaction.

Now that I think about it, the biggest challenge with implementing such a system probably wouldn't be with credit card companies, but with actual merchants.
But surely it can't be that difficult to add another field in online payment forms, and maybe the same code could be used in lieu of a static credit card PIN for bricks and mortar transactions. Actually, no. A static PIN is still probably the best form of security in bricks and mortar situations.

I have heard that the new paywave/paypass credit cards are using a technique of having a unique code dynamically loaded onto the card during each transaction, so that's a start at least.

I would imagine Hotels might have something to say about such a multi-factor system, as it might mean they couldn't do the usual fund allocation.

The reason I suggest using the likes of a smart phone is simply because it would hopefully cost a lot less than your suggestion of integrated screens on the card itself. Your suggestion is a good one though.

1599 posts

Uber Geek
Inactive user


  Reply # 544434 11-Nov-2011 22:51 Send private message

dontpanic42:
codyc1515: To combat the real problem what we need is to have the CVC be dynamic rather than static, like, the CVC could be a screen on the card just like the bank tokens and the CVC would only be valid once.


That's actually not a bad idea, and in fact, what I was trying to get at really.
The truest form of multi-factor authentication is something that is always changing, so nearly impossible to guess without the proper device.

A pin can be guessed, a CVC can be guessed.
When credit card details get leaked in cases like these, it would be good to have a multi-factor authentication option which would force another factor to be used as authentication for ANY transaction.

Now that I think about it, the biggest challenge with implementing such a system probably wouldn't be with credit card companies, but with actual merchants.
But surely it can't be that difficult to add another field in online payment forms, and maybe the same code could be used in lieu of a static credit card PIN for bricks and mortar transactions. Actually, no. A static PIN is still probably the best form of security in bricks and mortar situations.

I have heard that the new paywave/paypass credit cards are using a technique of having a unique code dynamically loaded onto the card during each transaction, so that's a start at least.

I would imagine Hotels might have something to say about such a multi-factor system, as it might mean they couldn't do the usual fund allocation.

The reason I suggest using the likes of a smart phone is simply because it would hopefully cost a lot less than your suggestion of integrated screens on the card itself. Your suggestion is a good one though.

Not everyone has a smartphone (not me at least, see the 4S thread....), "card present" fraud (I believe) is much smaller than "card not present" transactions (like online) and like I said earlier assigning a dynamically changing CVC to the card instead of a static CVC would make it drastically more secure and not require any new "fields". Could be a problem with recurring payments though, this would have to be factored in. From a quick glance I could probably patent this.

1571 posts

Uber Geek
+1 received by user: 11

Subscriber

  Reply # 544442 11-Nov-2011 23:03 Send private message

codyc1515:
Not everyone has a smartphone (not me at least, see the 4S thread....), "card present" fraud (I believe) is much smaller than "card not present" transactions (like online) and like I said earlier assigning a dynamically changing CVC to the card instead of a static CVC would make it drastically more secure and not require any new "fields". Could be a problem with recurring payments though, this would have to be factored in. From a quick glance I could probably patent this.

You do make a valid point about not everyone having a smartphone. I suppose I was just heading in that direction because the technology already exists, so would be fairly easy to implement.

Re: CVC. That is also a very good point. The field is already there, and you wouldn't have to change much in order for it to work. That being said, it would require banks to develop a whole new card technology.

I would assume the card would have to have some sort of power source as well for the number to be generated. I'm also pretty sure the card would have to have access to a highly accurate time source. This is already being done with the likes of ASB and Rabobank, so the tech already exists there, but to put that into a credit card might be different story.

The smartphone just seems like the easier option at this point, with the possibility of it being integrated into the card itself in the future when the feasibility of such a system proves itself to be worthy.

1599 posts

Uber Geek
Inactive user


  Reply # 544444 11-Nov-2011 23:06 Send private message

dontpanic42:
codyc1515:
Not everyone has a smartphone (not me at least, see the 4S thread....), "card present" fraud (I believe) is much smaller than "card not present" transactions (like online) and like I said earlier assigning a dynamically changing CVC to the card instead of a static CVC would make it drastically more secure and not require any new "fields". Could be a problem with recurring payments though, this would have to be factored in. From a quick glance I could probably patent this.

You do make a valid point about not everyone having a smartphone. I suppose I was just heading in that direction because the technology already exists, so would be fairly easy to implement.

Re: CVC. That is also a very good point. The field is already there, and you wouldn't have to change much in order for it to work. That being said, it would require banks to develop a whole new card technology.

I would assume the card would have to have some sort of power source as well for the number to be generated. I'm also pretty sure the card would have to have access to a highly accurate time source. This is already being done with the likes of ASB and Rabobank, so the tech already exists there, but to put that into a credit card might be different story.

The smartphone just seems like the easier option at this point, with the possibility of it being integrated into the card itself in the future when the feasibility of such a system proves itself to be worthy.

I think I have seen cards which do have the ability to function as a credit card and a two-factor device but they used separate codes, though I may be wrong. Can't find links just now. Also, adoption could be slow but I imagine that the banks would really be pushed to have it on offer.

1571 posts

Uber Geek
+1 received by user: 11

Subscriber

  Reply # 544445 11-Nov-2011 23:25 Send private message

codyc1515: I think I have seen cards which do have the ability to function as a credit card and a two-factor device but they used separate codes, though I may be wrong. Can't find links just now. Also, adoption could be slow but I imagine that the banks would really be pushed to have it on offer.

I'm intrigued. May have to do a bit a googling on this one.
If anyone knows of any NZ banks that offer this feature I would love to know.

My apologies if this subject has taken this thread too off topic.
Although, I would consider this as fairly relevant to be honest.

1571 posts

Uber Geek
+1 received by user: 11

Subscriber

  Reply # 544453 12-Nov-2011 00:17 Send private message

To add something that is actually about the topic at hand, fortunately the credit card I had registered with steam was the same card I used, and subsequently cancelled, on the PS Network.
Never bothered to update it.

179 posts

Master Geek
+1 received by user: 2


  Reply # 544522 12-Nov-2011 11:20 Send private message

Not everyone has a smartphone (not me at least, see the 4S thread....), "card present" fraud (I believe) is much smaller than "card not present" transactions (like online) and like I said earlier assigning a dynamically changing CVC to the card instead of a static CVC would make it drastically more secure and not require any new "fields". Could be a problem with recurring payments though, this would have to be factored in. From a quick glance I could probably patent this.


Im all up for more security. I had my CC details taken in the UK. I have no idea when or how, or if it was simply guess work. (i still have my CC in my wallet!)

Agreed that not everyone has smart phones. But (my opinion) pretty much everyone that has a creditcard will have a cellphone (normal or smart)
Theres banks in europe that every time you log into internet banking they send you a txt with a one time unique code for the final login process.

Why couldnt there be something similar for each time the credit card is used, mastercard (in my case) picks up and active withdrawl, send me a txt with a unique code, I enter it. Job done.

I see this as a use for ONLINE transactions. Would be far to time consuming to have to do everytime ya go and get the groceries. But id guess most fraud is done online.


Id even opt in for a system where mastercard txt's me every time my cards used. Just to let me know when, where, how much.
Sure, it might be a $500 transaction thats not mine.....But at least Id know straight away and be able to cancel it before the next $2000 transaction kicked in....
In saying this I use my card about 5times a month. So id even pay $0.20c a txt (tho im sure they could do cheaper) as it wouldnt really cost me much.


(tho a txt to tell me that they have charged be .20c for the last txt would be an annoying loop!)

2848 posts

Uber Geek
+1 received by user: 537

Trusted
Subscriber

  Reply # 544536 12-Nov-2011 11:53 Send private message

KennyM:

Why couldnt there be something similar for each time the credit card is used, mastercard (in my case) picks up and active withdrawl, send me a txt with a unique code, I enter it. Job done.



There is, and most NZ retailers are picking it up over the next 12 months or so. Basically, whenever the card issuers detect an unusual transaction online they will redirect you to a secondary authentication/verification page to do further checking before allowing you to continue. If the purchase is within your normal patterns, it stays out of the way. But as soon as a red flag is raised, it kicks in.

National Bank are great; I bought some clothes for the kids in San Francisco while I was there. Within 30s of the transaction, they called me and asked me if I was overseas, where I was, and what I had just bought. Having verified the transaction was legit, they asked how long I expected to stay, and the security system was pacified for a week. It was outstanding.




iPad Air + iPhone 5S + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

22nd Only: PB Tech BROTHER HL1110 Mono laser Printer $15 shipped(after $30 cashback)
Created by loceff13, last reply by old3eyes on 22-Oct-2014 18:40 (18 replies)
Pages... 2


Who Audits IRD?
Created by gundar, last reply by charsleysa on 22-Oct-2014 15:52 (18 replies)
Pages... 2


Spark Socialiser
Created by freitasm, last reply by freitasm on 22-Oct-2014 18:39 (34 replies)
Pages... 2 3


American legal jurisdiction in New Zealand
Created by ajobbins, last reply by gzt on 21-Oct-2014 14:58 (30 replies)
Pages... 2


HERE Maps beta available to all Android 4.4 devices and up
Created by freitasm, last reply by hamish225 on 22-Oct-2014 17:54 (14 replies)

Another Trade Me competitor: SellShed
Created by freitasm, last reply by SellShed on 22-Oct-2014 11:54 (42 replies)
Pages... 2 3


Abnormal upstream data usage - Vodafone Cable Wellington
Created by otherside, last reply by otherside on 22-Oct-2014 17:11 (12 replies)

Snap have failed our company!
Created by dafman, last reply by toejam316 on 22-Oct-2014 13:03 (25 replies)
Pages... 2



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.