[OWASP-Ireland] chip & pin

Chris Madden chris.madden at trintech.com
Tue Oct 11 06:55:35 EDT 2005 

More "chip and spin" methinks...

As covered in the presentation, chip & pin address Card Present
transactions, not Card Not present transactions. (Though there is some
work/pilots underway that address CNP transactions with the aid of an
additional "box" that the user plugs their chip and pin card into to buy
their goods online or whatever.)

So as the article reports, fraud has reduced 29% for CP transactions.
However... if we look at the bigger picture then it tells a different story.

 

Some key statements from the article:

"However, the figures are incomplete as they do not include card fraud over
the telephone or internet." i.e. CNP. 

In addition, the figures do not include fraud committed when cards go
missing in the post. " 

Those missing figures (from the same APACS report) are as follows:

*          "CNP fraud continues to be the biggest fraud type, rising 24%
last year to GBP150.8m approx 30% of total card fraud."

*          "Fraud on cards stolen before the genuine cardholders receive
them grew sharply - up 62% to GBP 72.9m - as criminals took advantage of the
unusually high number of cards sent out due to the rollout of new chip and
pin cards": 280,000 cards sent per day at peak.

Chris

 

  _____  

From: Eoin.Keary at allianz.ie [mailto:Eoin.Keary at allianz.ie] 
Sent: 11 October 2005 12:28
To: OWASP-Ireland at lists.sourceforge.net
Subject: [OWASP-Ireland] chip & pin

 


http://news.bbc.co.uk/2/hi/business/4320072.stm         

BBC has an article on Chip and Pin and the affect it has had on card fraud,
as mentioned by Chris at his PCI presentation last meeting. 
- might be "marketing guff"? Chris, any comments? 

Eoin 




BTW, Next OWASP meeting (End of NoV) 


Wishlist for next meeting (end of November) 

1. WebGoat tutorial/walkthrough.
2. WebScarab walkthrough. - DONE
3. Secure Code practices and pitfalls.
4. PCI (Credit card standard) - DONE
5. Integration of security into the SDLC.
6. OWASP Top 10
7. Forensics + best practice for incident response 


Eoin Keary





xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allianz Ireland p.l.c. and Allianz Corporate Ireland p.l.c. are companies of
the Allianz Group, Europe's leading global insurer and provider of financial
services. 
For more information on our products and services log on to www.allianz.ie
or call us on (01)613 3000.

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action or reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you have
received this in error, please contact the sender and delete the material
from your computer.

Allianz Ireland p.l.c. trading as Allianz is regulated by the Irish
Financial Services Regulatory Authority (IFSRA). 
Allianz Corporate Ireland p.l.c. trading as Allianz is regulated by the
Irish Financial Services Regulatory Authority (IFSRA).
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-ireland/attachments/20051011/b09a2f67/attachment.html

More information about the Owasp-ireland mailing list