Tagged With "Westin"

You would think the cost of all this fraud would be more than enough to validate new chip and PIN rollout in the USA. Can't quite understand why the US banks are so resistent to this PHeymont. Have you an understanding of what their reasons are?

It's been a long path. For a long time, observers thought it was because they were committed to contactless (RFID) technology as the next step...but that hasn't advances as fast as some predicted, and it has big security issues, too. Now that MC and Visa have set down a "you must comply or you will be responsible for fraudulent charges" rule for next year, we're seeing motion. BUT...so far most issuers have been sticking to chip-and-signature, not and-PIN, which guts the whole process.

I don't quite see why using a pin would prevent fraud of the type we're seeing on a large scale. Presumably, if the hackers continue to target terminals, the pin would be compromised too. Yes, we could change the pin but it would need to be done immediately, before the damage is done. What am I missing?

As I see it, PM, mostly they are just stealing the data off the magnetic strip. Or the PIN in the card has data that can also be copied, but that's a little hard than just scamming the read off the strip. With a PIN, that data, validated by your unique PIN (which you pick) are encrypted and sent off to the bank for approval. Not just the strip data, but the two together are the key. I have a credit card with a Canadian bank (chip and pin) which I prefer to use over the swipe and sign USA...

In the most secure system, the PIN is known to you, the user, but is not in your records at the issuer. That's why if you forget your PIN, a new one can be generated, but no one can send you your "lost" PIN the way that passwords can be. In the PIN system, the first communication takes place at the terminal. The terminal reads the PIN from the chip on your card, and asks you to enter it on the pad. If it matches, the terminal does NOT send the PIN to the clearing house or merchant...it only...

So, if I understand it then, even if the hackers can read the entered pin keystrokes from the terminal keypad which we enter, it cannot be used without the card with the unique chip, which cannot be duplicated as a magnetic strip can be duplicated?

That's correct. It is, of course, not totally impossible to create a duplicate chip, but it takes major equipment, not $5 worth of RadioShack parts...and it would also require much more information than can be harvested easily. The relative security (and it is relative) has driven over 80% of the world's credit card fraud toward the U.S. as other areas become more difficult. And once everyone is on board, the Trojan Horse mag stripe can come off the card as well.

White Lodging, which operates hotels under a number of major brands including Westin, Marriott, Sheraton and Holiday Inn, has acknowledged a major theft of customer credit card information including names, numbers, security codes and more. The breach...