http://disqus.com/by/dewald/enFri, 30 Sep 2016 22:15:28 -0000http://thehill.com/blogs/congress-blog/economy-budget/298256-emv-the-cost-of-confusion#comment-2927613493<p>"They reported that American merchants will shoulder an additional $5.8 billion in chargebacks as a result of the card brand’s EMV liability shift." If this is the Aite Group report that Digital Transactions references in their September 2016 issue, then the use of 'additional' is incorrect. 2015 chargebacks were $4.8 billion, the 2016 estimate is $5.8, so 'only' an additional $1 billion this year.</p>dewaldFri, 30 Sep 2016 22:15:28 -0000http://www.bankinfosecurity.com/blogs/alleged-emv-flaw-stirs-debate-p-2210#comment-2830863075<p>"The problem, as Litan points out, is that when the request gets to the issuer, there is a discrepancy. If fraudsters are successfully manipulating the code on the mag-stripe to fool the POS into thinking the card is a mag-stripe, not a chip, then what can be done to detect this kind of manipulation?"</p><p>Presuming 'the problem' is altering the Service Code, then the CVV calculation and comparison will fail (as Randy points out). The issuer will have a very high likelihood of determining that the Service Code has been manipulated. The CVV is calculated with four data elements, one of which is the Service Code.</p>dewaldWed, 10 Aug 2016 14:54:42 -0000http://registerguard.com/rg/opinion/33671507-78/end-the-pin-war.html.csp#comment-2342812081<p>PINs aren't stored on the magnetic stripe.</p><p>PINs MIGHT be stored in the chip, but if they are, they are encrypted.</p>dewaldWed, 04 Nov 2015 13:28:15 -0000http://www.techtimes.com/articles/92969/20151008/emv-credit-cards-require-pin-codes-to-prevent-data-breaches-retailers-say.htm?exe=reporter#comment-2299116908<p>Moving to EMV in the US is neither a requirement, nor was it initiate by the government. The card brands have implemented a card fraud liability shift.</p><p>"...but using a PIN code is a more secure way to prevent data breaches..." Use of a PIN provides no protection from data breaches. Merchants need to lock down their infrastructure to prevent data breaches. A PIN is used to verify the person using the card is a legitimate holder of the card.</p>dewaldFri, 09 Oct 2015 17:57:13 -0000http://money.cnn.com/2014/02/18/technology/security/retail-hack/#comment-1251663712<p>The CVV on the magnetic stripe is NOT the same value as the 'security code' (CVV2) on the back of the card.</p>dewaldWed, 19 Feb 2014 11:20:17 -0000http://www.computerworld.com/s/article/9244995/Kenneth_van_Wyk_Target_breach_underscores_how_backward_U.S._payment_tech_is#comment-1176953050<p>"...The merchant does not gain access to the customer's account number. Since that number doesn't leave the customer's card..."</p><p>Curious as to how this WOULD work. An EMV auth message is much like a magnetic stripe auth message, except there is additional EMV-related data in the meassage.</p>dewaldWed, 25 Dec 2013 22:36:25 -0000http://www.majorleaguesoccertalk.com/donovan-to-bayern-the-right-move/507#comment-3685763<p>@BishopvilleRed: "With everything going pear shaped in Munich"?!?!?! 5-0-1 in their last six Bundesliga games and 2-0-2 in the Champions league.</p><p>@Ian, totally agree, why go if he won't play, and how do they get him on the field with the current FCB squad.</p>dewaldTue, 11 Nov 2008 17:22:36 -0000