Quote:Interesting you bring this up, because....
Originally posted by web2000
I thought the card holder is forced to pay through collection agency if there is any fraud.
Quote:Technically, it's rather easy to configure firewalls at the financial institutions to only allow certain ranges of IP addresses and block others.
I wish if there is any way in online banking where I can control which IP zone should be allowed to do transaction, then all third world IP can be blocked to reduce the attack surface. I don't know if banks do allow to connect through open proxies which most of the hackers do.
-----------------------------------------------------------------
"Mah deah, there is much more money to be made in the destruction of civilization than in building it up."
-- Rhett Butler in "Gone with the Wind"
Quote:
Originally posted by web2000
Quote:
Originally posted by pratickm
Quote:Well, they do - when they lose their money.
Originally posted by web2000
only the victim is held responsible then why would creditor will take any chance to verify the identity of the person before issuing any credit.
All these problems are just because creditors do no suffer from the fraud.
If someone steals a credit card and buys thousands of $$ of stuff and then disappears, both the real card holder and the creditor suffers.
If the card holder is absolved of all responsibility, then only the creditor will suffer because all that money is a loss for them.
If the card holder is held liable and they can't/won't pay-up, then his/her credit is trashed for many years to come but the creditor also doesn't get the money back.
Quote:There is no guaranteed fool-proof protection for sure.
Moral of the story is that you are not protected no matter what precaution u take.
There are always avenues and loop holes for the fraudsters.
And the more complex the protection gets, the more bureaucracy it creates for the common man, and the smarter the fraudsters get.
I read a news story recently that a lot of high-tech fraudsters are exploiting the loopholes in the PCI standards for payment processing and are hacking into the networks of smaller merchants and unmanned kiosks and siphoning off credit card numbers between the merchant and the bank's network.
Once they setup the hack, within a few days, they end up getting hundreds if not thousands of credit card numbers.
The real criminals are often doing this from third-world or remote countries where it is next to impossible to track them down and bring them to justice.
I thought the card holder is forced to pay through collection agency if there is any fraud.
I also read about PCI standards and its loopholes.
I wish if there is any way in online banking where I can control which IP zone should be allowed to do transaction, then all third world IP can be blocked to reduce the attack surface. I don't know if banks do allow to connect through open proxies which most of the hackers do.
I had a similar experience with CIBC online banking. When I tried to use my new laptop to log in to the bank, it prompted me to enter a verification code (which I had selected during sign up). After successful validation of the verification code, it let me in.
thanks
Using a mac address for online banking is a good security step. At least it guarantees that log in will be allowed from that machine only and even if your pwd is stolen (Not possible when the data is on the wire unless someone breaks the SSL encryption) by the key logger spyware, u still be safe.
But the credit card security is still weak. Anybody having your card no and expiry date could be dangerous (I doubt that not all merchants support verified by visa authentication where u have to provide a password while online shopping).
I heard that in TD bank, u have to visit to the bank to do wire transfer. Is it true?
Quote:Correct, however, most of the large scale, bulk security breaches have happened at the merchant back-ends, rather than over the Internet wire between the customer and the payment gateway (which is protected by SSL).
Originally posted by web2000
Using a mac address for online banking is a good security step. At least it guarantees that log in will be allowed from that machine only and even if your pwd is stolen (Not possible when the data is on the wire unless someone breaks the SSL encryption) by the key logger spyware, u still be safe.
But the credit card security is still weak. Anybody having your card no and expiry date could be dangerous (I doubt that not all merchants support verified by visa authentication where u have to provide a password while online shopping).
-----------------------------------------------------------------
"Mah deah, there is much more money to be made in the destruction of civilization than in building it up."
-- Rhett Butler in "Gone with the Wind"
Quote:
Originally posted by pratickm
Quote:Correct, however, most of the large scale, bulk security breaches have happened at the merchant back-ends, rather than over the Internet wire between the customer and the payment gateway (which is protected by SSL).
Originally posted by web2000
Using a mac address for online banking is a good security step. At least it guarantees that log in will be allowed from that machine only and even if your pwd is stolen (Not possible when the data is on the wire unless someone breaks the SSL encryption) by the key logger spyware, u still be safe.
But the credit card security is still weak. Anybody having your card no and expiry date could be dangerous (I doubt that not all merchants support verified by visa authentication where u have to provide a password while online shopping).
So the mac-key or IP addressed based login is a good feature to have, but it doesn't address the bulk of the breaches, which occur at the merchant's end.
This is when hundreds of credit card numbers get stolen out of backend databases of retailers, often by offshore hackers.
The hackers don't use these for themselves - they simply sell these to other fraud companies, who re-sell these multiple times.
These days many new credit cards come with a security chips. If the merchant has latest terminal which accepts such cards, you place it in the terminal and it asks you for your security PIN (like Debit card). For now not many merchants have these terminals and costumers end up using these high-tech cards as a regular card.
There might be secure ways coming in future for online shopping with these high-tech cards. Also I remember with TD VISA you can configure in such way that it asks for a password whenever you shop online. Not sure how I configured it but remember it asked for such option when I used the card for first time online shopping.
Advertise Contact Us Privacy Policy and Terms of Usage FAQ Canadian Desi © 2001 Marg eSolutions Site designed, developed and maintained by Marg eSolutions Inc. |