[Owasp-leaders] Executive Order --Improving the Security of Consumer Financial Transactions

Andrew van der Stock vanderaj at owasp.org
Sun Oct 19 00:53:10 UTC 2014


Chip and PIN has worked elsewhere, but it tends to drive fraud to
other channels, particularly Cardholder not present (CNP) channels.
History of the fraud stats in Australia over the last 8 years we've
had EMV shows that EMV works, but fraud generally only drops around
20% once fully implemented. For folks on websites that deal primarily
in CNP transactions, as EMV gains a strong hold, be prepared for ever
greater attempts at CNP fraud.

If you want to model with actual fraud CP / CNP data, it's here:

http://www.apca.com.au/payment-statistics

EMV started roll out in 2006 in AU, with most FI's replacing all cards
in the 2008-2012 timeframe. The transition to EMV is all but complete
today. Most Australian retailers now have pay pass (NFC payments) on
every EFTPOS terminal, and for purchases under $100, it's nearly
universal. Paypass / Paywave started roll out in 2010ish, and is
mostly complete today. I don't have any cards without it.

Is EMV the best alternative? No, but it's far better than mag stripe.
It prevents double swiping and casual theft. We'll only be truly safe
once the magstripe is gone.

Andrew

On Sun, Oct 19, 2014 at 11:22 AM, Bev Corwin <bev.corwin at owasp.org> wrote:
> Thanks Jonathan, Happy to add you to the group, thanks.
>
> Bev
>
> On Sat, Oct 18, 2014 at 1:40 PM, Jonathan Carter <jonathan.carter at owasp.org>
> wrote:
>>
>> I do quite a bit of work around HCE. I'd like to join the conversation
>> too.
>>
>> On Oct 18, 2014, at 4:29 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>> This is a pretty big deal, thanks for sending this out Bev.
>>
>> So what do you think folks, should the free market be making these
>> decisions, or was this a good use of presidential power? The pres just
>> forced chip and pin on the entire US federal government, the biggest
>> "business" in the US.
>>
>>
>> http://www.whitehouse.gov/the-press-office/2014/10/17/executive-order-improving-security-consumer-financial-transactions
>>
>> Hello from DC one block from the Capitol. :)
>>
>> Aloha,
>> Jim
>>
>> On 10/18/14, 10:24 AM, Bev Corwin wrote:
>>
>> FYI: Executive Order --Improving the Security of Consumer Financial
>> Transactions:
>>
>>
>> http://www.whitehouse.gov/the-press-office/2014/10/17/executive-order-improving-security-consumer-financial-transactions
>>
>> Bev
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>


More information about the OWASP-Leaders mailing list