[Owasp-leaders] Executive Order --Improving the Security of Consumer Financial Transactions

Bev Corwin bev.corwin at owasp.org
Thu Nov 6 18:11:53 UTC 2014


FYI: More on this discussion follows:

New Executive Order Provides Enhanced Security for Financial and Citizen-to
Government Transactions
<http://www.electrosoft-inc.com/electroblog/2014/10/29/new-executive-order-provides-enhanced-security-for-financial.html>
:
http://www.electrosoft-inc.com/electroblog/2014/10/29/new-executive-order-provides-enhanced-security-for-financial.html

Bev


On Sat, Oct 18, 2014 at 9:21 PM, Nigel Phair <nigel.phair at owasp.org> wrote:

> Hi Andrew
>
> Yep, full EMV has made big differences to the Australian credit/debit card
> landscape (unless you're a waiter, with the hospitality industry
> anecdotally recording a 30% drop in tips). The next big step is getting
> merchants to adhere to PCI compliance, e.g. request the Card Verification
> Number for online transactions, and ensuring they do not store any
> cardholder data post transaction.
>
>
>
> On Sun, Oct 19, 2014 at 11:53 AM, Andrew van der Stock <vanderaj at owasp.org
> > wrote:
>
>> Chip and PIN has worked elsewhere, but it tends to drive fraud to
>> other channels, particularly Cardholder not present (CNP) channels.
>> History of the fraud stats in Australia over the last 8 years we've
>> had EMV shows that EMV works, but fraud generally only drops around
>> 20% once fully implemented. For folks on websites that deal primarily
>> in CNP transactions, as EMV gains a strong hold, be prepared for ever
>> greater attempts at CNP fraud.
>>
>> If you want to model with actual fraud CP / CNP data, it's here:
>>
>> http://www.apca.com.au/payment-statistics
>>
>> EMV started roll out in 2006 in AU, with most FI's replacing all cards
>> in the 2008-2012 timeframe. The transition to EMV is all but complete
>> today. Most Australian retailers now have pay pass (NFC payments) on
>> every EFTPOS terminal, and for purchases under $100, it's nearly
>> universal. Paypass / Paywave started roll out in 2010ish, and is
>> mostly complete today. I don't have any cards without it.
>>
>> Is EMV the best alternative? No, but it's far better than mag stripe.
>> It prevents double swiping and casual theft. We'll only be truly safe
>> once the magstripe is gone.
>>
>> Andrew
>>
>> On Sun, Oct 19, 2014 at 11:22 AM, Bev Corwin <bev.corwin at owasp.org>
>> wrote:
>> > Thanks Jonathan, Happy to add you to the group, thanks.
>> >
>> > Bev
>> >
>> > On Sat, Oct 18, 2014 at 1:40 PM, Jonathan Carter <
>> jonathan.carter at owasp.org>
>> > wrote:
>> >>
>> >> I do quite a bit of work around HCE. I'd like to join the conversation
>> >> too.
>> >>
>> >> On Oct 18, 2014, at 4:29 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> >>
>> >> This is a pretty big deal, thanks for sending this out Bev.
>> >>
>> >> So what do you think folks, should the free market be making these
>> >> decisions, or was this a good use of presidential power? The pres just
>> >> forced chip and pin on the entire US federal government, the biggest
>> >> "business" in the US.
>> >>
>> >>
>> >>
>> http://www.whitehouse.gov/the-press-office/2014/10/17/executive-order-improving-security-consumer-financial-transactions
>> >>
>> >> Hello from DC one block from the Capitol. :)
>> >>
>> >> Aloha,
>> >> Jim
>> >>
>> >> On 10/18/14, 10:24 AM, Bev Corwin wrote:
>> >>
>> >> FYI: Executive Order --Improving the Security of Consumer Financial
>> >> Transactions:
>> >>
>> >>
>> >>
>> http://www.whitehouse.gov/the-press-office/2014/10/17/executive-order-improving-security-consumer-financial-transactions
>> >>
>> >> Bev
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141106/9e2580cc/attachment-0001.html>


More information about the OWASP-Leaders mailing list