Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
1332 posts

Uber Geek
+1 received by user: 152
Inactive user


  Reply # 544567 12-Nov-2011 13:08
Send private message

I like way Kiwibank handle authentication. You set three answers to three questions then they ask for a couple of letters from part of one of the answers each time you want to log in.

This would be an excellent solution for the credit card companies.

8020 posts

Uber Geek
+1 received by user: 386

Trusted
Subscriber

  Reply # 544604 12-Nov-2011 15:44
Send private message

Unlike Sony all sensitive details were hashed/salted/encrypted so while it's bad it's no way near as bad.

Still annoying.


 
 
 
 


1332 posts

Uber Geek
+1 received by user: 152
Inactive user


  Reply # 544629 12-Nov-2011 16:58
Send private message

I heard all the CC data was encrypted with AES256, still...

420 posts

Ultimate Geek
+1 received by user: 75


  Reply # 544632 12-Nov-2011 17:02
Send private message

1080p: I heard all the CC data was encrypted with AES256, still...

420 posts

Ultimate Geek
+1 received by user: 75


  Reply # 544633 12-Nov-2011 17:02
Send private message

1080p: I heard all the CC data was encrypted with AES256, still...


the earth will be swallowed by the sun before they crack it.

1598 posts

Uber Geek
Inactive user


  Reply # 544634 12-Nov-2011 17:04
Send private message

throbb:
1080p: I heard all the CC data was encrypted with AES256, still...


the earth will be swallowed by the sun before they crack it.

It all depends on how strong the keys are. If they had a credit card in here so that they can tell exactly what the output should be then it should be reasonably easy to just run a brute force against that one key. That said there is still the other implications of this: virtually every bodies identity has been stolen here.

8020 posts

Uber Geek
+1 received by user: 386

Trusted
Subscriber

  Reply # 544637 12-Nov-2011 17:06
Send private message

Sony's credit card data was also encrypted, however Sony a used device based root key which was of course leaked/discovered/known before the main hack.

2915 posts

Uber Geek
+1 received by user: 414

Trusted
Subscriber

  Reply # 545276 14-Nov-2011 17:17
Send private message

codyc1515: 
It is in fact two-factor in most cases, you have 1) the card and 2) the pin or 3) the CVC. To combat the real problem what we need is to have the CVC be dynamic rather than static, like, the CVC could be a screen on the card just like the bank tokens and the CVC would only be valid once.

Wouldn't work.  Technically, the CVC is not actually required to process a transaction - the only requirement is that if it is provided, it must be correct.  You don't see this buying from most NZ merchants as all the NZ processors require it, but overseas processors (especially the ones that specialise in "high risk") do not necessarily.  So your solution, though a good start, still wouldn't work.

SaltyNZ: 
There is, and most NZ retailers are picking it up over the next 12 months or so. Basically, whenever the card issuers detect an unusual transaction online they will redirect you to a secondary authentication/verification page to do further checking before allowing you to continue. If the purchase is within your normal patterns, it stays out of the way. But as soon as a red flag is raised, it kicks in.

National Bank are great; I bought some clothes for the kids in San Francisco while I was there. Within 30s of the transaction, they called me and asked me if I was overseas, where I was, and what I had just bought. Having verified the transaction was legit, they asked how long I expected to stay, and the security system was pacified for a week. It was outstanding.


Ah, Verified by Visa and MasterCard SecureCode.  They're great for merchants as any transaction where VbV or MSC was performed grants immunity from "unauthorised charge" reversals (basically making the issuing bank liable).  Unfortunately only one bank in NZ actually issues cards with VbV or MSC enabled.  Slack.




I finally have fibre!  Had to leave the country to get it though.


1574 posts

Uber Geek
+1 received by user: 11


  Reply # 545290 14-Nov-2011 17:55
Send private message

Kyanar:
Wouldn't work.  Technically, the CVC is not actually required to process a transaction - the only requirement is that if it is provided, it must be correct.  You don't see this buying from most NZ merchants as all the NZ processors require it, but overseas processors (especially the ones that specialise in "high risk") do not necessarily.  So your solution, though a good start, still wouldn't work.

Whoa. You're right. I'd never even thought of that. Some online payment processing forms don't even ask for the CVC. Although, those are the ones that usually are asking for billing address details.
But that's another point. When billing address details are actually required, do those details get validated to the nth degree before allowing the transaction to go through?

So, really, the only option is to make the CVC mandatory for a start (i.e. for non-card-present transactions, as they should all require a PIN anyway), and then develop an always changing CVC code system.

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand government to create digital advisory group
Posted 16-Dec-2017 08:47


Australia datum changes means whole country moving 1.8 metres north-east
Posted 16-Dec-2017 08:39


UAV Traffic Management Trial launching today in New Zealand
Posted 12-Dec-2017 16:06


UFB connections pass 460,000
Posted 11-Dec-2017 11:26


The Warehouse Group to adopt IBM Cloud to support digital transformation
Posted 11-Dec-2017 11:22


Dimension Data peeks into digital business 2018
Posted 11-Dec-2017 10:55


2018 Cyber Security Predictions
Posted 7-Dec-2017 14:55


Global Govtech Accelerator to drive public sector innovation in Wellington
Posted 7-Dec-2017 11:21


Stuff Pix media strategy a new direction
Posted 7-Dec-2017 09:37


Digital transformation is dead
Posted 7-Dec-2017 09:31


Fake news and cyber security
Posted 7-Dec-2017 09:27


Dimension Data New Zealand strengthens cybersecurity practice
Posted 5-Dec-2017 20:27


Epson NZ launches new Expression Premium Photo range
Posted 5-Dec-2017 20:26


Eventbrite and Twickets launch integration partnership in Australia and New Zealand
Posted 5-Dec-2017 20:23


New Fujifilm macro lens lands in New Zealand
Posted 5-Dec-2017 20:16



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.