Isn't a multi-year-valid sixteen digit number such a stupid insecure way to manage electronic credit? The credit card industry "scrapes" about 3% of all store retail sale value and puts almost nothing back into R&D. That's criminal too.
Jailed for seven years: Cyber-crook who broke into Big Biz to steal bank card info for FIN7 super-gang
An expert penetration tester working for the notorious cyber-crime gang FIN7 was sent down for seven years on Friday and told to cough up $2.5m for breaking into corporate computer systems. Andrii Kolpakov, 33, a Ukrainian national, was cuffed by authorities in Lepe, Spain, in 2018, and extradited to the US in 2019. He was a …
Saturday 26th June 2021 08:48 GMT MachDiamond
It's that 16 digit code, a name, a three/four digit security code and a postal code in addition to an expiration date. The want to add biometrics, but I'm really not keen on having that digitized and stored online. Getting new fingerprints, eyeballs and having one's ears lowered for a new facial recognition profile sounds painful.
I prefer cash. It works when the power is off. It's anonymous. You can only lose what you have on your person in a robbery and they can't have it off you from the other side of the planet. As soon as money is digitized, The Man or others have a better chance of acquiring it without your consent. I've had my debit card compromised and found out that the bank really didn't care to do anything to help me. What made is worse was that I was out of town at a conference. I had to borrow money from coworkers and withdrawal most of the money from my account when I got home as the bank said it would be 7-10 business days to reissue me a card, two weeks. I learned my lesson and don't rely on banks as much anymore. I always have enough cash for gas and food when traveling so I can get home. I also don't do all of my banking at one bank.
Sunday 27th June 2021 07:58 GMT Pascal Monett
Credit card security is improving.
Here in Europe, I have a OTP token assigned to my credit card. When I make online purchases, I must authenticate and provide the password given by the token at that time.
Works pretty well and it seems to me that that will very much thwart any miscreant's attempt to fleece me if he ever does manage to snaffle my credit card number somehow.
Plus, there's the fact that, if I ever do detect suspicious activity on my credit card ledger, I can report it and my bank will block it and send me a replacement credit card at no extra cost.
Monday 28th June 2021 06:55 GMT Anonymous Coward
EU is light years ahead of US in terms of card security, magstripe and impression machines is still often used over their and chip and pin is rarely encountered. I just use a prepaid card if I have any business over the pond.
That said its very relative in terms of security, their are certain brands of chip and pin devices I will not use outside of a lab environment due to flaws in secure channel implementations.
AC former developer/systems integrator of POS systems