The Return of Popular Electronics Magazine - Page 2

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View
Re: Credit card fraud liability: Verify by Visa
...
Quoted text here. Click to load it

Plano, TX.

--
[Not a farmer:]
[Aussie wheat production is trending higher, but yield is declining]
We've slightly trimmed the long signature. Click to see the full one.
Re: Credit card fraud liability: Verify by Visa
Quoted text here. Click to load it

Thanks Kym, yes I was able to google it.

I just came across something I hadn't seen in google before.

Exchange rates, google:
"1 AUD in USD"
amazing.
http://www.google.com.au/intl/en/help/features.html#currency

Cheers Don...

=================


--
Don McKenzie

Site Map:            http://www.dontronics.com/sitemap
We've slightly trimmed the long signature. Click to see the full one.
Re: Credit card fraud liability: Verify by Visa

"Don McKenzie"
Quoted text here. Click to load it


** The call sign screams that it is a USA one.

 And you can look it up in seconds using:

  http://www.qrz.com /

  KD5YI
  John L Smith
  1717 Laurel Ln
  Planto,  Texas
  75074-5171
  USA



.....  Phil








Re: Credit card fraud liability: Verify by Visa
Quoted text here. Click to load it

Yes, that is correct, Phil (other than the fact that the city is Plano
rather than Planto, a minor point). You can also look it up at arrl.org.
I am not trying to hide.

Even though I am inactive, I put my call sign following my first name
for two reasons:

* My last name is Smith (unfortunately). The John Smith alias is used
here and elsewhere frequently and I do not want to be associated with
that guy who uses it to insult people. What else can I do?

* You can easily look it up.

I'm not sure what I have done wrong here. I was interested in signing up
for the service that Mr. McKinzie mentioned and simply reported my
results. Should I have remained silent?

Sorry for the inconvenience.

Cheers,
John


Re: Credit card fraud liability: Verify by Visa

"John - KD5YI"


Quoted text here. Click to load it

** Nothing.

It was Dopey Don that could not recognise a Yank ham call sign when was
looking right at one.


.....  Phil

 



Re: Credit card fraud liability: Verify by Visa
Quoted text here. Click to load it

Thanks Phil,

I am not a ham radio operator, and I am sure any American non-ham would not
recognise the call sign "VK" as being an
Australian ham call sign, so what is your point?

John,
if you google "phil allison" aus.electronics rude obscene abusive
that will give you a quick rundown on Phil, and why you should ignore his
comments.

Yes, I love you too Phil,

Cheers Don...

=================




--
Don McKenzie

Site Map:            http://www.dontronics.com/sitemap
We've slightly trimmed the long signature. Click to see the full one.
Re: Credit card fraud liability: Verify by Visa
Quoted text here. Click to load it
Thank you, Don, but I don't need a rundown on Phil. I have been
following this group for years and I am beginning to learn the
personalities here. I never ignore messages which contain educational
material.

Cheers,
John


Re: Credit card fraud liability: Verify by Visa

"John - KD5YI"

Quoted text here. Click to load it


 ** You will sure as hell get an " education " from reading my posts.

    On many unexpected topics too.



.... Phil




Re: Credit card fraud liability: Verify by Visa
Quoted text here. Click to load it
If philthy ever manages to supply honest genuine commentary not stilted
by his perverse personality I expect we will all swoon in disbelief

--
X-No-Archive: Yes


Re: Credit card fraud liability: Verify by Visa

Quoted text here. Click to load it


Phil's blow up sheep have turned up, in England:

<http://news.travel.aol.com/2011/01/19/what-do-hotel-guests-leave-behind-in-rooms/?ncid=webmail

--
You can't fix stupid. You can't even put a band-aid on it, because it's
Teflon coated.

Re: Credit card fraud liability: Verify by Visa

"Don McKenzie"
Quoted text here. Click to load it

**  No problemo.


Quoted text here. Click to load it

** Anyone who has been posting on electronics NGs long as you must have seen
dozens of US ham radio call signs included in posters sigs and sig files.

Pays to pay attention.

Fuckhead.


....   Phil



Re: Credit card fraud liability: Verify by Visa
Quoted text here. Click to load it


Thanks for your words of wisdom Dr. Phil,

I promise to try harder in future :-)

Cheers Don...



--
Don McKenzie

Site Map:            http://www.dontronics.com/sitemap
We've slightly trimmed the long signature. Click to see the full one.
Re: Credit card fraud liability: Verify by Visa
Quoted text here. Click to load it


It is used in the UK and it works like a crock of shit. It is a blame
shifting game onto the customer and *not* a genuinely secure system.
When I first encountered it (before they had announced it in the UK) I
reported it to Barclaycard fraud as a possible phishing attack. The
pop-up window is too easy to fake and impossible to verify its origin.

It is a textbook example of how not to implement a secure verification
and authentication system and has been monumentally exposed as very
badly designed by cryptographers including Prof Anderson et Al.

See for example the summary on the register:
http://www.theregister.co.uk/2010/01/27/3d-insecure /

Or for a more technical insight of why the 3D "secure" system is
hopelessly exposed to man-in-the-middle phishing attacks their paper
titled "Veri ed by Visa and MasterCard SecureCode:
or, How Not to Design Authentication" :

http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf

The same team have also completely broken chip&PIN security on bank
cards - demonstrating viable faked cards on BBCs NewsNight programme.

Regards,
Martin Brown

Re: Credit card fraud liability: Verify by Visa

Quoted text here. Click to load it
game onto the customer and *not* a
Quoted text here. Click to load it
announced it in the UK) I reported it to
Quoted text here. Click to load it
to fake and impossible to verify its origin.
Quoted text here. Click to load it
authentication system and has been
Quoted text here. Click to load it
Anderson et Al.
Quoted text here. Click to load it

In Australia, it isn't the merchants pushing it. It is the banks. As a merchant,
I have no choice in the matter. I have
to do what the bank wants, or take my business elsewhere.

The only problem I have found is that customers shy away from it as they think
it may be a phishing attack as they
aren't familiar with the procedure, or can't be bothered registering the
password.

This is where my form ends up:
https://migs.mastercard.com.au/vpcpay

Of course if you try the URL, it will give errors because the transaction
details are not provided on entry, but
Mastercard's secure Australian gateway is the path for all of my credit card
payments, no matter what brand.

If you click on the security key in your browser, you will see that the secure
certificate is owned by Mastercard Worldwide.

The CC data is entered on the Mastercard site, and not on my site.

Cheers Don...

==================




--
Don McKenzie

Site Map:            http://www.dontronics.com/sitemap
We've slightly trimmed the long signature. Click to see the full one.
Re: Credit card fraud liability: Verify by Visa
Quoted text here. Click to load it

Yes. I agree the banks want to be able to blame their customers and
avoid paying out on certain types of customer not present frauds.
Quoted text here. Click to load it

I don't blame them. The whole architecture is flawed.

At least in the UK you have already agreed an amount, input your name, a
credit card number and check digits before the VbV pop-up verification
dialogue shows and it gives you no proof that it really is genuine and
knows who you are.
Quoted text here. Click to load it

Interesting over here the register during a transaction dialoge is owned
by some random named corporate group whose name escapes me (not
Barclaycard) which was how I ended up reporting it as a phishing scam.
My next B'card statement announced this wondrous "improvement" to their
service to me. As far as I can see it only benefits them!
Quoted text here. Click to load it

That certainly varies. A lot of bigger companies take the basic data and
then jump off to the VbV website in a pop-up dialogue.

Regards,
Martin Brown

Re: Credit card fraud liability: Verify by Visa

Quoted text here. Click to load it
jump off to the VbV website in a pop-up
Quoted text here. Click to load it

We definitely land on the mastercard secure page before proceeding with the VbV
stuff.

thanks for detailing that Martin, the systems certainly vary with what they have
set up in Australia, and I would assume
the US, as it uses the same US site certificate.

Cheers Don...

===============



--
Don McKenzie

Site Map:            http://www.dontronics.com/sitemap
We've slightly trimmed the long signature. Click to see the full one.
Re: Credit card fraud liability
Quoted text here. Click to load it

You may well be correct; I'm definitely not up on the details.

I imagine that if it turns out you might still be liable for that first $50,
it would only be because many people who *did* lose their card and knew they'd
be responsible for it would never admit as much.

---Joel


Re: Credit card fraud liability
Quoted text here. Click to load it

That is the whole idea of 3D secure. If they give the correct answer to
the challenge then either you wrote the keyphrase down and were
negligent or you made the transaction. At least that is what they will
claim - unfortunately it isn't necessarily true.

Quoted text here. Click to load it

In the UK if you dispute an invalid bogus charge and still have physical
possesion of the card then they unwind the transaction completely and
cancel the card with immediate effect. Their fraud department sometimes
spots a suspect transaction and rings you up the same day. I have had it
happen a few times over the years. The flip side code is too weak and
these days everyone knows how to generate a legal Barclaycard number. A
direct brute force attack need only try 1000 combinations to be assured
of getting a valid flip side match. And there are plenty of online sites
that do not use 3D secure.

Quoted text here. Click to load it

The card issuer can ask for the card to be returned if they suspect the
owner has physically lost it. This arose in the UK after some payment
machines in petrol stations had been "serviced" to skim cards in bulk.

They were horrified to find their customers did have possession of the
original cards. Now chip & PIN has forced most skimmers to go overseas
and use the magnetic stripe in previous generation cash machines.
However, that is about to change as the encryption has been broken - or
rather a defect in the verification protocol has been found that allows
a PIN is OK signal to be sent no matter what number is typed in!

Regards,
Martin Brown

Re: Credit card fraud liability
On Thu, 20 Jan 2011 11:31:38 -0800 (PST), Greegor

Quoted text here. Click to load it

Suppose you do something risky, perhaps inadvertently, such as an
online purchase from a merchant without a secure website? I could see
a lot of potential gray areas.

It's in their interests to have the customer exhibit at least a bit of
discretetion as to which slots they stick their credit card into.
OTOH, they make money on every transaction so CC promiscuity is in
their interests too.


Re: Credit card fraud liability
Quoted text here. Click to load it

I believe around here the rules say something like, liable for first
200$ if the
PIN code is used. liable for first 1500$ if you don't notify the cc
company
that someone got you PIN the code or by "Gross negligence" enabled the
abuse.
Liable for full amount if you give card and PIN to some and should
have know
they would abuse it, or didn't notify cc company that you lost card as
quick as
possible.

So basically if you have the physical card and/or noone knows the PIN
it is the
banks problem

When I had my cc abused, I immediately got my money back and just had
to fill
out a form describing the case, if I knew the company etc.

At the end of the form was a note that I could report it to
the police if I wanted to I assume that means the CC company doesn't
do it
automatically, guess it isn't worth the effort

-Lasse

Site Timeline