[OWASP-South Africa] Fwd: [Owasp-leaders] Flaw in New ‘Secure’ Credit Cards Would Let Hackers Steal $1M Per Card

Brett Russell brettr at paycorp.co.za
Thu Nov 20 09:22:51 UTC 2014


Hi Wellington,

I am in Payments, and they are both right.

The vulnerability is there and the virtual money can be retrieved from the card. However, in order to turn that in actual currency, you need a merchant account. This is not so easy to get and the extensive fraud checking that both Visa and MasterCard do, mean that even if you get an account, you are not likely to get away with much, if anything at all. In the end, all that happens is you will end up being Blacklisted on the MATCH system.

Something to watch out for and know about, and certainly something to be fixed, but not the end of the world for NFC (yet?).

Regards,
Brett

From: owasp-southafrica-bounces at lists.owasp.org [mailto:owasp-southafrica-bounces at lists.owasp.org] On Behalf Of Wellington Mekhoe
Sent: 19 November 2014 07:31 PM
To: Brett Russell
Cc: OWASP South Africa
Subject: Re: [OWASP-South Africa] Fwd: [Owasp-leaders] Flaw in New ‘Secure’ Credit Cards Would Let Hackers Steal $1M Per Card


Hi Brett

Thank for the article.

Just wondering who do we believe, Visa or the Researchers?

Kind regards
Wellington Mekhoe
On 13 Nov 2014 11:40 AM, "Brett Russell" <brett.russell at owasp.org<mailto:brett.russell at owasp.org>> wrote:


---------- Forwarded message ----------
From: Bev Corwin <bev.corwin at owasp.org<mailto:bev.corwin at owasp.org>>
Date: Thursday, 6 November 2014
Subject: [Owasp-leaders] Flaw in New ‘Secure’ Credit Cards Would Let Hackers Steal $1M Per Card
To: "owasp-leaders at lists.owasp.org<mailto:owasp-leaders at lists.owasp.org>" <owasp-leaders at lists.owasp.org<mailto:owasp-leaders at lists.owasp.org>>, OWASP IDecosystem List <owasp_nni_initiative at lists.owasp.org<mailto:owasp_nni_initiative at lists.owasp.org>>

FYI: Flaw in New ‘Secure’ Credit Cards Would Let Hackers Steal $1M Per Card:

http://www.wired.com/2014/11/chip-n-pin-foreign-currency-vulnerability/

Bev



--

Kind Regards,
Brett Russell
OWASP South Africa Chapter Leader


_______________________________________________
OWASP-SouthAfrica mailing list
OWASP-SouthAfrica at lists.owasp.org<mailto:OWASP-SouthAfrica at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-southafrica
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-southafrica/attachments/20141120/f052356e/attachment.html>


More information about the OWASP-SouthAfrica mailing list