  |
||
|
|
||
| Merchant Newsletter - May 20, 2006 | ||
|
PIN Security: Solution or Problem? |
||
|
Both the US and the UK have suffered a breakdown of the PIN system! |
We
congratulate them on their swift notification, and for their offering
a prepaid credit monitoring service. The question we have is what
the heck were they doing with the social security numbers of their member
CPA's? Very few professional associations have any valid need
for the social security numbers of their members. While their letter emphasizes
that there was no credit card information involved, this is really false
security. With these socials, a fraudster could apply for fresh
credit cards that these CPA's know nothing about, and have no reason to
dispute. By the time the cards are all at their limit, the
individuals could be responsible for hundreds of thousands of dollars in
credit card charges (CPA's usually have great credit scores). In
addition, a good fraudster could even take out substantial loans in
addition to maxing our dozens of fresh credit card accounts for each
social taken! Since the Social is the "key" for banking
identification, a good fraudster could even refinance the CPA's home and
run off with the funds, with nothing more than the stolen personal info,
the Social and a fake ID (the kind kids use to get into bars with). To the best of our knowledge, there has been no public announcement of this breach, my wife is a CPA, and I "lifted" this letter off her desk (taking full responsibility so she does not get in hot water with the AICPA for the "leak") |
|
|
Due to a major hack
at a yet-unnamed company, where PIN Numbers were stolen (along with
the decryption key to make them work), Bank of America, Wells Fargo,
Washington Mutual and Citibank have all reissued debit cards after
detecting fraudulent activity. Smaller banks, such as Ohio-based National
City Bank and Pennsylvania-based PNC Bank, have taken similar steps.. The
difference with fraud in dealing with debit cards is that the money stolen
comes out of YOUR account, rather than an account owned by a bank or a
credit card company. As a result, your bank may charge you overdraft
charges if a criminal steals more money than you have. If you have
outstanding checks, the bank may also return those checks and charge you
another overdraft fee. In fact, if you have a lot of checks
outstanding, your bank may charge you more in fees than was stolen by the
criminals! A thief with your PIN can make uncontested debit
purchases or ATM cash withdrawals, and the bank assumes that you are
responsible. Getting a PIN transaction reversed MAY be possible
under some circumstances, but it will take a LONG time, and meanwhile- YOUR
FUNDS ARE GONE. The advertisements stating that your check card is
"protected"- DO NOT COVER PIN TRANSACTIONS! In the UK, where well-meaning legislators have made "Chip and PIN" mandatory, hundreds of Shell (gas) stations across the country had to suspend Chip and Pin payments over the weekend after fraudsters were able to steal more than 2 million dollars from unwitting customers. |
Whenever a particular
security measure is MANDATED, by a government, association, or other body,
it becomes an easy target for the scammer. Here in the US, after the
massive PIN breach, we advised our readers to use SIGNATURE debit only,
which gives the cardholders the same protection under Federal Regulation
"E", that credit card users have, and their personal accounts
are protected! On the bright side, a
new technology, known as "Quantum Encryption" offers hope.
The unbreakability of this technology is based on the laws of physics, and
as long as the laws of the universe remain the same (like gravity sucks),
data transferred under this method would be unbreakable forever. On
the other hand, we are looking at at least 10 years before this technology
can be commercially deployed to merchants at competitive prices.
Until then, keep on your toes, and keep reading our newsletters to stay
one step ahead of the fraudsters! With the lawsuits against banks and the card associations, there is a great motivation to "move" the liability. Currently, the final liability is on the merchant, but many default when hit by large scale fraud, so the banks and underwriters are taking the loss. PIN Debit is one way the banks are moving the liability to the consumer... YOU! We need a system that protects consumers, and also protects merchants. With the card associations and card issuing banks making Billions of dollars, we do not think it unfair that they assume liability when they tell a merchant that a transaction is "Approved". |
|
|
|
||
|
Copyright (c) 2004 Advanced Merchant Solutions, Inc. All Rights Reserved |
||
See all of our newsletters in
our newsletter archive! Get tips and
tricks, previews of new product announcements, tips to prevent fraud, Free
stuff, and much, much more
Merchant Information is a newsletter that is available to all members of MerchantAnywhere.com and Advanced Merchant Solutions, Inc. This newsletter is provided as an informational tool designed to keep you up-to-date on the latest news and tools available for mobile commerce and merchant processing. As with all user information, we do not give or sell your personal information to any outside company for its use in marketing or solicitation. To unsubscribe from this newsletter, please reply with "REMOVE" in the subject line. All of our merchant applicants should be receiving this email newsletter. If you would like to subscribe, send an email with 'SUBSCRIBE' in the subject to: merchantapp@merchantanywhere.com. If you are currently receiving the newsletter, and would like to be removed from the mailing list, send an email with the word 'REMOVE' in the subject to: inform@merchantanywhere.com . Once removed, we cannot reinstate that email address, you must re-subscribe with another. |
||
|
|
||
ORDER
FREE MERCHANT MATERIALS HERE!!!