[Owasp-leaders] Executive Order --Improving the Security of Consumer Financial Transactions

Nigel Phair nigel.phair at owasp.org
Sun Oct 19 01:21:50 UTC 2014


Hi Andrew

Yep, full EMV has made big differences to the Australian credit/debit card
landscape (unless you're a waiter, with the hospitality industry
anecdotally recording a 30% drop in tips). The next big step is getting
merchants to adhere to PCI compliance, e.g. request the Card Verification
Number for online transactions, and ensuring they do not store any
cardholder data post transaction.



On Sun, Oct 19, 2014 at 11:53 AM, Andrew van der Stock <vanderaj at owasp.org>
wrote:

> Chip and PIN has worked elsewhere, but it tends to drive fraud to
> other channels, particularly Cardholder not present (CNP) channels.
> History of the fraud stats in Australia over the last 8 years we've
> had EMV shows that EMV works, but fraud generally only drops around
> 20% once fully implemented. For folks on websites that deal primarily
> in CNP transactions, as EMV gains a strong hold, be prepared for ever
> greater attempts at CNP fraud.
>
> If you want to model with actual fraud CP / CNP data, it's here:
>
> http://www.apca.com.au/payment-statistics
>
> EMV started roll out in 2006 in AU, with most FI's replacing all cards
> in the 2008-2012 timeframe. The transition to EMV is all but complete
> today. Most Australian retailers now have pay pass (NFC payments) on
> every EFTPOS terminal, and for purchases under $100, it's nearly
> universal. Paypass / Paywave started roll out in 2010ish, and is
> mostly complete today. I don't have any cards without it.
>
> Is EMV the best alternative? No, but it's far better than mag stripe.
> It prevents double swiping and casual theft. We'll only be truly safe
> once the magstripe is gone.
>
> Andrew
>
> On Sun, Oct 19, 2014 at 11:22 AM, Bev Corwin <bev.corwin at owasp.org> wrote:
> > Thanks Jonathan, Happy to add you to the group, thanks.
> >
> > Bev
> >
> > On Sat, Oct 18, 2014 at 1:40 PM, Jonathan Carter <
> jonathan.carter at owasp.org>
> > wrote:
> >>
> >> I do quite a bit of work around HCE. I'd like to join the conversation
> >> too.
> >>
> >> On Oct 18, 2014, at 4:29 PM, Jim Manico <jim.manico at owasp.org> wrote:
> >>
> >> This is a pretty big deal, thanks for sending this out Bev.
> >>
> >> So what do you think folks, should the free market be making these
> >> decisions, or was this a good use of presidential power? The pres just
> >> forced chip and pin on the entire US federal government, the biggest
> >> "business" in the US.
> >>
> >>
> >>
> http://www.whitehouse.gov/the-press-office/2014/10/17/executive-order-improving-security-consumer-financial-transactions
> >>
> >> Hello from DC one block from the Capitol. :)
> >>
> >> Aloha,
> >> Jim
> >>
> >> On 10/18/14, 10:24 AM, Bev Corwin wrote:
> >>
> >> FYI: Executive Order --Improving the Security of Consumer Financial
> >> Transactions:
> >>
> >>
> >>
> http://www.whitehouse.gov/the-press-office/2014/10/17/executive-order-improving-security-consumer-financial-transactions
> >>
> >> Bev
> >>
> >>
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>
> >>
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141019/112120fb/attachment-0001.html>


More information about the OWASP-Leaders mailing list