Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
1332 posts

Uber Geek
+1 received by user: 152
Inactive user


  Reply # 544567 12-Nov-2011 13:08 Send private message

I like way Kiwibank handle authentication. You set three answers to three questions then they ask for a couple of letters from part of one of the answers each time you want to log in.

This would be an excellent solution for the credit card companies.

7805 posts

Uber Geek
+1 received by user: 336

Trusted
Subscriber

  Reply # 544604 12-Nov-2011 15:44 Send private message

Unlike Sony all sensitive details were hashed/salted/encrypted so while it's bad it's no way near as bad.

Still annoying.


1332 posts

Uber Geek
+1 received by user: 152
Inactive user


  Reply # 544629 12-Nov-2011 16:58 Send private message

I heard all the CC data was encrypted with AES256, still...

240 posts

Master Geek
+1 received by user: 11


  Reply # 544632 12-Nov-2011 17:02

1080p: I heard all the CC data was encrypted with AES256, still...

240 posts

Master Geek
+1 received by user: 11


  Reply # 544633 12-Nov-2011 17:02

1080p: I heard all the CC data was encrypted with AES256, still...


the earth will be swallowed by the sun before they crack it.

1599 posts

Uber Geek
Inactive user


  Reply # 544634 12-Nov-2011 17:04 Send private message

throbb:
1080p: I heard all the CC data was encrypted with AES256, still...


the earth will be swallowed by the sun before they crack it.

It all depends on how strong the keys are. If they had a credit card in here so that they can tell exactly what the output should be then it should be reasonably easy to just run a brute force against that one key. That said there is still the other implications of this: virtually every bodies identity has been stolen here.

7805 posts

Uber Geek
+1 received by user: 336

Trusted
Subscriber

  Reply # 544637 12-Nov-2011 17:06 Send private message

Sony's credit card data was also encrypted, however Sony a used device based root key which was of course leaked/discovered/known before the main hack.

2567 posts

Uber Geek
+1 received by user: 261

Trusted
Subscriber

  Reply # 545276 14-Nov-2011 17:17 Send private message

codyc1515: 
It is in fact two-factor in most cases, you have 1) the card and 2) the pin or 3) the CVC. To combat the real problem what we need is to have the CVC be dynamic rather than static, like, the CVC could be a screen on the card just like the bank tokens and the CVC would only be valid once.

Wouldn't work.  Technically, the CVC is not actually required to process a transaction - the only requirement is that if it is provided, it must be correct.  You don't see this buying from most NZ merchants as all the NZ processors require it, but overseas processors (especially the ones that specialise in "high risk") do not necessarily.  So your solution, though a good start, still wouldn't work.

SaltyNZ: 
There is, and most NZ retailers are picking it up over the next 12 months or so. Basically, whenever the card issuers detect an unusual transaction online they will redirect you to a secondary authentication/verification page to do further checking before allowing you to continue. If the purchase is within your normal patterns, it stays out of the way. But as soon as a red flag is raised, it kicks in.

National Bank are great; I bought some clothes for the kids in San Francisco while I was there. Within 30s of the transaction, they called me and asked me if I was overseas, where I was, and what I had just bought. Having verified the transaction was legit, they asked how long I expected to stay, and the security system was pacified for a week. It was outstanding.


Ah, Verified by Visa and MasterCard SecureCode.  They're great for merchants as any transaction where VbV or MSC was performed grants immunity from "unauthorised charge" reversals (basically making the issuing bank liable).  Unfortunately only one bank in NZ actually issues cards with VbV or MSC enabled.  Slack.




I finally have fibre!  Had to leave the country to get it though.


1572 posts

Uber Geek
+1 received by user: 11

Subscriber

  Reply # 545290 14-Nov-2011 17:55 Send private message

Kyanar:
Wouldn't work.  Technically, the CVC is not actually required to process a transaction - the only requirement is that if it is provided, it must be correct.  You don't see this buying from most NZ merchants as all the NZ processors require it, but overseas processors (especially the ones that specialise in "high risk") do not necessarily.  So your solution, though a good start, still wouldn't work.

Whoa. You're right. I'd never even thought of that. Some online payment processing forms don't even ask for the CVC. Although, those are the ones that usually are asking for billing address details.
But that's another point. When billing address details are actually required, do those details get validated to the nth degree before allowing the transaction to go through?

So, really, the only option is to make the CVC mandatory for a start (i.e. for non-card-present transactions, as they should all require a PIN anyway), and then develop an always changing CVC code system.

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Post your Boat
Created by TimA, last reply by SepticSceptic on 30-Jan-2015 12:16 (25 replies)
Pages... 2


Am I going down? App for the fearful of flying.
Created by networkn, last reply by Sideface on 29-Jan-2015 23:07 (47 replies)
Pages... 2 3 4


I have had enough of Vodafone Customer Service... which ISP is for me?
Created by andrewinwlg, last reply by michaelmurfy on 28-Jan-2015 20:10 (23 replies)
Pages... 2


Police Speed Campaign - Summer 2014/2015
Created by nzkiwiman, last reply by DravidDavid on 30-Jan-2015 12:46 (153 replies)
Pages... 9 10 11


Bad lower back.
Created by TimA, last reply by SepticSceptic on 30-Jan-2015 13:09 (74 replies)
Pages... 3 4 5


New to VDSL and wondering if I can change where the modem connects in the house
Created by Valcor, last reply by quickymart on 29-Jan-2015 20:59 (17 replies)
Pages... 2


AdBlockers on Geekzone
Created by freitasm, last reply by wally22 on 29-Jan-2015 09:55 (69 replies)
Pages... 3 4 5


Police above the law ?
Created by heylinb4nz, last reply by MikeAqua on 26-Jan-2015 14:27 (116 replies)
Pages... 6 7 8



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.