This really makes me mad someone just placed an order for Nike products using my credit card!

[G+_Rud Dog]

This really makes me mad someone just placed an order for Nike products using my credit card! All that needs doing has been done what this post is asking is the availability of a home usable online tap and pay similar to what vendors use is this available for the consumer. From what I hear this keeps all the information hidden and very secure. I would pay for the unit in an eyeblink but for any service.

[G+_Eddie Foy]

Thank you chip and pin (sig)!!  Doesn't help for card not present when it was developed and 90%+ of CC was card present.

 

Chip pin validation is done to the card NOT the bank.

 

And what do you care?  Your not on the hook for any of it.  Unless you git a crappy card that holds you for the first $50.

[G+_Travis Hershberger]

The only thing you can realistically do is create a credit lock.  Brian Krebs has a guide: http://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/

 

Sounds like they have your address and card number.  Nothing to do in order to prevent that.

 

It's absurdly easy to guess what a credit card number could be.  All I have to do is get a halfway decent guess at the number and know your address.  http://visual.ly/cracking-credit-card-code-0

[G+_Rud Dog]

All I want is to not have it happen and in the real world that is asking a lot which I am aware of but if the exchange between my cellphone and the equipment at, for example, starbucks is secure due to the fact the exchange between my phone and vendors equipment has no usable infor for thieves then I want that technology when using my cards on line. You would think that tech is available today.

[G+_Eddie Foy]

Yes, it is a lot to ask for.  WAY too many hands in the proverbial pot. Vendor, bank, CC processor, clearing house, ISP, backbone, POS vendor, OS vendor, related software/firmare vendors.

[G+_Travis Hershberger]

Rudy Trujillo Open wifi networks are not and never will be secure.  Assume everything you do on open wifi you are shouting on a street corner.  If you want to be able to look at bank information and order things at open hotspots then figure out some sort of vpn to use (I set a personal only one up on a $5/month vps service.)

[G+_Eddie Foy]

CC fraud is not a problem for the comsumer.  Just the banks. And now for the retailer if they are lacking. 

Banks now how to make and keep money.  If CC fruad was an issue, the US would have gone to chip-n-pin long time ago.  The BILLIONS to change now to an old technology is just a dog and pony show for the masses.

 

And if you think the CEO of Target got fired for the breach, you are seriously mistaken.  He got fired for losing over a BILLION in a failed expansion into Canada.  (CEO's don't do infosec, they delegate that task)

[G+_Eddie Foy]

CC fraud is NOT identity theft.

[G+_Rud Dog]

Travis, sorry if I gave you the impression my shopping was done over an open wifi connection this is not the case. The vendor tap and pay which is what I am advocating is not done over open wifi that I know of so that is not a problem

And Eddie I just smiled when I saw the reply to CC verus IT but who am it to point that out  simply re-reading my post would clear that up. Cheers

[G+_Travis Hershberger]

Rudy Trujillo Yep, I know.

 

Online credit card transactions are just stupid in how complex they made the system, and chip'npin isn't going to change anything about online transactions.

 

Just to give you a small idea of how silly it is.  Both the issuing bank and the company accepting payment have another company they are contracted with to provide the online transactions, those two 3rd party companies then have yet another company that they use to process a transaction.  The customer (you) and the payment processor (Amazon) can only talk to the company they are contracted to.  All any of the 3rd and 4th party companies involved are only around to skim money from each transaction and provide addition points of attack for the bad guys.

 

Yes, years of dealing with this has made me just a little bitter over the whole thing.

[G+_Rud Dog]

Yeah talked with bank and asked about more secure method of online purchases and they are looking into it rest assured I am not holding my breath.

Hell even a request for a txt message generated number would help stop this kind of crap.

[G+_Akira Yamanita]

You really don't need any extra hardware if you have a smartphone. I've thought about the process before and Steve Gibson has something meant for authentication (SQRL) but I believe that it could easily be extended to credit card authorization. A transaction code appears on the screen, you launch an app (a Visa app, for example), login, scan the code. The site name and transaction amount are shown for your approval. You approve the transaction and that's it. You never send the credit card info nor do you have to fill in the billing address. Of course, this changes the attack vector to your account. There should be a PIN in addition to the login for payment transactions.

[G+_Rud Dog]

Aika, it appears gaming is far ahead of other consumer products. Long ago was into World of Warcraft and I would log onto my account normal stuff username and password then the little dongle they provided would generate a number to complete my login. Much like google uses but instead of a dongle my phone provides the number as the second verification.

[G+_Akira Yamanita]

Rudy Trujillo I use 2 factor authentication for my most critical accounts. It would certainly mitigate the risk of login based payments. Even just requiring it for credit card not present transactions would be fantastic. A lot of infrastructure would need to be upgraded to make this possible everywhere though.

[G+_Rud Dog]

Someone had to taste the first egg so let us move forward towards the benefits of at least this level of comfort when it comes to online purchases. Guess it is not urgent till bitten.