Steam Hacked

Forums › Gaming › Steam Hacked

cws82us

788 posts

Ultimate Geek

#93038 11-Nov-2011 17:34

Been ready 3new website and its says steam been hacked
http://www.3news.co.nz/Steam-hacked-credit-card-details-may-be-at-risk/tabid/418/articleID/232414/Default.aspx

join Quic and get free sign up when you click my link https://account.quic.nz/refer/250676

1 | 2

BDFL - Memuneh
79285 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#544341 11-Nov-2011 17:44

Moved to correct forum.

semigeek

1606 posts

Uber Geek

#544343 11-Nov-2011 17:53

freitasm: Moved to correct forum.

Might want to fix up the subject spelling too

DonGould

3892 posts

Uber Geek

#544351 11-Nov-2011 18:42

Bank is going to get so sick of gamers ringing up and canceling credit cards...

Sony... Steam... who's next?

Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

codyc1515

1598 posts

Uber Geek
Inactive user

#544389 11-Nov-2011 20:28

Haha, good luck with that. Not much money left in my account lately... (links to iPhone 4S rant)

SaltyNZ

8230 posts

Uber Geek

Trusted

2degrees

Lifetime subscriber

#544395 11-Nov-2011 20:40

cws82us: Been ready 3new website and its says steam been hacked
http://www.3news.co.nz/Steam-hacked-credit-card-details-may-be-at-risk/tabid/418/articleID/232414/Default.aspx

Haha! If they get my credit card number they lose - no credit left! Wait - awww, man...

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

dontpanic42

1574 posts

Uber Geek

#544399 11-Nov-2011 20:48

This makes me think.

You have the option of the likes of Gmail/Google Accounts having multi-factor authentication (hell, even Steam itself has a multi-factor system), why can't this be implemented for credit cards as well?

I would personally seriously consider this type of system.
I realise there are many factors that would be serious things to think about; such as losing the second multi-factor authentication system (most likely a cellphone/smartphone), and maybe emergency situations where you really need a credit card to get out of any critical situations overseas etc but you have lost your cellphone.

Now, of course, this type of system would need to be opt-in/optional only for a start, but I think it would be quite a good way to combat breaches like these. Could save banks a bit of money in the long run.

Essentially, the technology is already in place for such multi-factor authentication systems (i.e. Google Authenticator, Battle.net, ASB, RaboBank, OATH-OTP etc...) so it probably wouldn't be too much of an investment to make it happen.

I know there are many intricacies involved with credit cards, and I will be the first to admit that I have no idea what these intricacies might be, but just putting the idea out there.

codyc1515

1598 posts

Uber Geek
Inactive user

#544416 11-Nov-2011 22:24

dontpanic42: This makes me think.

You have the option of the likes of Gmail/Google Accounts having multi-factor authentication (hell, even Steam itself has a multi-factor system), why can't this be implemented for credit cards as well?

I would personally seriously consider this type of system.
I realise there are many factors that would be serious things to think about; such as losing the second multi-factor authentication system (most likely a cellphone/smartphone), and maybe emergency situations where you really need a credit card to get out of any critical situations overseas etc but you have lost your cellphone.

Now, of course, this type of system would need to be opt-in/optional only for a start, but I think it would be quite a good way to combat breaches like these. Could save banks a bit of money in the long run.

Essentially, the technology is already in place for such multi-factor authentication systems (i.e. Google Authenticator, Battle.net, ASB, RaboBank, OATH-OTP etc...) so it probably wouldn't be too much of an investment to make it happen.

I know there are many intricacies involved with credit cards, and I will be the first to admit that I have no idea what these intricacies might be, but just putting the idea out there.

It is in fact two-factor in most cases, you have 1) the card and 2) the pin or 3) the CVC. To combat the real problem what we need is to have the CVC be dynamic rather than static, like, the CVC could be a screen on the card just like the bank tokens and the CVC would only be valid once.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

dontpanic42

1574 posts

Uber Geek

#544431 11-Nov-2011 22:48

codyc1515: To combat the real problem what we need is to have the CVC be dynamic rather than static, like, the CVC could be a screen on the card just like the bank tokens and the CVC would only be valid once.

That's actually not a bad idea, and in fact, what I was trying to get at really.
The truest form of multi-factor authentication is something that is always changing, so nearly impossible to guess without the proper device.

A pin can be guessed, a CVC can be guessed.
When credit card details get leaked in cases like these, it would be good to have a multi-factor authentication option which would force another factor to be used as authentication for ANY transaction.

Now that I think about it, the biggest challenge with implementing such a system probably wouldn't be with credit card companies, but with actual merchants.
But surely it can't be that difficult to add another field in online payment forms, and maybe the same code could be used in lieu of a static credit card PIN for bricks and mortar transactions. Actually, no. A static PIN is still probably the best form of security in bricks and mortar situations.

I have heard that the new paywave/paypass credit cards are using a technique of having a unique code dynamically loaded onto the card during each transaction, so that's a start at least.

I would imagine Hotels might have something to say about such a multi-factor system, as it might mean they couldn't do the usual fund allocation.

The reason I suggest using the likes of a smart phone is simply because it would hopefully cost a lot less than your suggestion of integrated screens on the card itself. Your suggestion is a good one though.

codyc1515

1598 posts

Uber Geek
Inactive user

#544434 11-Nov-2011 22:51

dontpanic42:
codyc1515: To combat the real problem what we need is to have the CVC be dynamic rather than static, like, the CVC could be a screen on the card just like the bank tokens and the CVC would only be valid once.

That's actually not a bad idea, and in fact, what I was trying to get at really.
The truest form of multi-factor authentication is something that is always changing, so nearly impossible to guess without the proper device.

A pin can be guessed, a CVC can be guessed.
When credit card details get leaked in cases like these, it would be good to have a multi-factor authentication option which would force another factor to be used as authentication for ANY transaction.

Now that I think about it, the biggest challenge with implementing such a system probably wouldn't be with credit card companies, but with actual merchants.
But surely it can't be that difficult to add another field in online payment forms, and maybe the same code could be used in lieu of a static credit card PIN for bricks and mortar transactions. Actually, no. A static PIN is still probably the best form of security in bricks and mortar situations.

I have heard that the new paywave/paypass credit cards are using a technique of having a unique code dynamically loaded onto the card during each transaction, so that's a start at least.

I would imagine Hotels might have something to say about such a multi-factor system, as it might mean they couldn't do the usual fund allocation.

The reason I suggest using the likes of a smart phone is simply because it would hopefully cost a lot less than your suggestion of integrated screens on the card itself. Your suggestion is a good one though.

Not everyone has a smartphone (not me at least, see the 4S thread....), "card present" fraud (I believe) is much smaller than "card not present" transactions (like online) and like I said earlier assigning a dynamically changing CVC to the card instead of a static CVC would make it drastically more secure and not require any new "fields". Could be a problem with recurring payments though, this would have to be factored in. From a quick glance I could probably patent this.

dontpanic42

1574 posts

Uber Geek

#544442 11-Nov-2011 23:03

codyc1515:
Not everyone has a smartphone (not me at least, see the 4S thread....), "card present" fraud (I believe) is much smaller than "card not present" transactions (like online) and like I said earlier assigning a dynamically changing CVC to the card instead of a static CVC would make it drastically more secure and not require any new "fields". Could be a problem with recurring payments though, this would have to be factored in. From a quick glance I could probably patent this.

You do make a valid point about not everyone having a smartphone. I suppose I was just heading in that direction because the technology already exists, so would be fairly easy to implement.

Re: CVC. That is also a very good point. The field is already there, and you wouldn't have to change much in order for it to work. That being said, it would require banks to develop a whole new card technology.

I would assume the card would have to have some sort of power source as well for the number to be generated. I'm also pretty sure the card would have to have access to a highly accurate time source. This is already being done with the likes of ASB and Rabobank, so the tech already exists there, but to put that into a credit card might be different story.

The smartphone just seems like the easier option at this point, with the possibility of it being integrated into the card itself in the future when the feasibility of such a system proves itself to be worthy.

codyc1515

1598 posts

Uber Geek
Inactive user

#544444 11-Nov-2011 23:06

dontpanic42:
codyc1515:
Not everyone has a smartphone (not me at least, see the 4S thread....), "card present" fraud (I believe) is much smaller than "card not present" transactions (like online) and like I said earlier assigning a dynamically changing CVC to the card instead of a static CVC would make it drastically more secure and not require any new "fields". Could be a problem with recurring payments though, this would have to be factored in. From a quick glance I could probably patent this.

You do make a valid point about not everyone having a smartphone. I suppose I was just heading in that direction because the technology already exists, so would be fairly easy to implement.

Re: CVC. That is also a very good point. The field is already there, and you wouldn't have to change much in order for it to work. That being said, it would require banks to develop a whole new card technology.

I would assume the card would have to have some sort of power source as well for the number to be generated. I'm also pretty sure the card would have to have access to a highly accurate time source. This is already being done with the likes of ASB and Rabobank, so the tech already exists there, but to put that into a credit card might be different story.

The smartphone just seems like the easier option at this point, with the possibility of it being integrated into the card itself in the future when the feasibility of such a system proves itself to be worthy.

I think I have seen cards which do have the ability to function as a credit card and a two-factor device but they used separate codes, though I may be wrong. Can't find links just now. Also, adoption could be slow but I imagine that the banks would really be pushed to have it on offer.

dontpanic42

1574 posts

Uber Geek

#544445 11-Nov-2011 23:25

codyc1515: I think I have seen cards which do have the ability to function as a credit card and a two-factor device but they used separate codes, though I may be wrong. Can't find links just now. Also, adoption could be slow but I imagine that the banks would really be pushed to have it on offer.

I'm intrigued. May have to do a bit a googling on this one.
If anyone knows of any NZ banks that offer this feature I would love to know.

My apologies if this subject has taken this thread too off topic.
Although, I would consider this as fairly relevant to be honest.

dontpanic42

1574 posts

Uber Geek

#544453 12-Nov-2011 00:17

To add something that is actually about the topic at hand, fortunately the credit card I had registered with steam was the same card I used, and subsequently cancelled, on the PS Network.
Never bothered to update it.

KennyM

221 posts

Master Geek

#544522 12-Nov-2011 11:20

Not everyone has a smartphone (not me at least, see the 4S thread....), "card present" fraud (I believe) is much smaller than "card not present" transactions (like online) and like I said earlier assigning a dynamically changing CVC to the card instead of a static CVC would make it drastically more secure and not require any new "fields". Could be a problem with recurring payments though, this would have to be factored in. From a quick glance I could probably patent this.

Im all up for more security. I had my CC details taken in the UK. I have no idea when or how, or if it was simply guess work. (i still have my CC in my wallet!)

Agreed that not everyone has smart phones. But (my opinion) pretty much everyone that has a creditcard will have a cellphone (normal or smart)
Theres banks in europe that every time you log into internet banking they send you a txt with a one time unique code for the final login process.

Why couldnt there be something similar for each time the credit card is used, mastercard (in my case) picks up and active withdrawl, send me a txt with a unique code, I enter it. Job done.

I see this as a use for ONLINE transactions. Would be far to time consuming to have to do everytime ya go and get the groceries. But id guess most fraud is done online.

Id even opt in for a system where mastercard txt's me every time my cards used. Just to let me know when, where, how much.
Sure, it might be a $500 transaction thats not mine.....But at least Id know straight away and be able to cancel it before the next $2000 transaction kicked in....
In saying this I use my card about 5times a month. So id even pay $0.20c a txt (tho im sure they could do cheaper) as it wouldnt really cost me much.

(tho a txt to tell me that they have charged be .20c for the last txt would be an annoying loop!)

SaltyNZ

8230 posts

Uber Geek

Trusted

2degrees

Lifetime subscriber

#544536 12-Nov-2011 11:53

KennyM:

Why couldnt there be something similar for each time the credit card is used, mastercard (in my case) picks up and active withdrawl, send me a txt with a unique code, I enter it. Job done.

There is, and most NZ retailers are picking it up over the next 12 months or so. Basically, whenever the card issuers detect an unusual transaction online they will redirect you to a secondary authentication/verification page to do further checking before allowing you to continue. If the purchase is within your normal patterns, it stays out of the way. But as soon as a red flag is raised, it kicks in.

National Bank are great; I bought some clothes for the kids in San Francisco while I was there. Within 30s of the transaction, they called me and asked me if I was overseas, where I was, and what I had just bought. Having verified the transaction was legit, they asked how long I expected to stay, and the security system was pacified for a week. It was outstanding.

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

1 | 2