Tag Archives: card

信用卡的先天缺陷造成盜刷問題

在「Guessing Credit Card Security Details」這邊看到的攻擊手法,基本上無解,除非信用卡的網路交易也全面改成使用晶片... 手法其實很簡單,就是先算出一個合法的卡號,然後分兩階段攻擊取得資訊: 先去找數家只需要「卡號 + 日期」的網站,用暴力法踹出日期 (假設五年就是 60 次)。 再去找數十家需要「卡號 + 日期 + CVV2」的網站,用暴力法踹出 CVV2 (1000 次)。 所以 1060 次就擺平了... 就算所有網站都需要 CVV2,也是 60000 次的嘗試而已 (找數千個網站來踹),算是完全可行的方案。而目前只能靠 workaround 來防止,像是需要多輸入姓名與地址之類的資訊來擋...

Posted in Computer, Financial, Murmuring, Network, Security | Tagged , , , , | 4 Comments

把 CSC (卡片背面的三碼) 變成 OTP (動態密碼)

把信用卡背面的後三碼 (Card security code) 變成動態密碼,雖然一般只會有三碼,但對於網路消費應該會有不少幫助,不過這樣就不能完全不拿出卡片了...:「This high-tech card is being rolled out by French banks to eliminate fraud」。 產品叫做 MotionCode,會先從法國開始: Today both Société Générale and Groupe BPCE, two of France’s largest banking groups, are preparing to roll out these cards across … Continue reading

Posted in Computer, Financial, Hardware, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , , , | 1 Comment

MasterCard 在英國被告收取過高的手續費

在「Mastercard sued for $19 billion in Britain's biggest damages claim」這邊看到的幾個重點,第一個是歐盟對國際手續費 1% 的限制:(雖然 Brexit...) A lawyer working on the case said Mastercard charged shops fees in excess of 1 percent for card use on international transactions between 1992 and 2008.Although the … Continue reading

Posted in Financial, Murmuring, Social | Tagged , , , , , , , , | Leave a comment

Linode 收 PayPal 了,只是...

Linode 宣佈支援 PayPal 了:「PayPal Payments」,只是: While any customer can use PayPal to fund their account, new customers will still need to sign up using a credit card. You can use PayPal from then on. 而原因是: This is in part because … Continue reading

Posted in Computer, Financial, Murmuring, Network | Tagged , , , , , , | 1 Comment

Humble Bundle 對抗信用卡盜刷的方法

Humble Bundle 說明他們如何對抗信用卡盜刷的方法,主要是不斷的降低風險,然後讓人介入的機會降低 (因為人事成本很高):「How Humble Bundle stops online fraud」。 其中第一點是特別想提的: Our first line of defense is a machine-learning-based anti-abuse startup called Sift Science, which we’ve been training for years across 55,000,000 transactions. Given how many orders we process, Sift Science … Continue reading

Posted in Computer, Financial, Murmuring, Network, Science, Security | Tagged , , , , , , , , , , , , , | Leave a comment

超強的萬用信用卡 Plastc 的原型工程版出來了...

剛剛收到 Plastc 通知信說他們更新消息,有 prototype 的示範影片可以看了:「Plastc Prototype in Action」。 先看他們之前的宣傳影片: 而這是工程版的 prototype 示範影片: 比起以前嘴砲來的可信度高多了,雖然還是很有可能沒出貨... Pre-order (預購) 是 USD$155,而寄到台灣要多加 USD$10 的費用,所以是 USD$165。我就當跟當初買挖礦機的風險一樣好了,沒預期會拿到東西。 如果你有興趣,而且也願意承擔最後有可能沒出貨的風險,可以用我的連結購買:https://share.plastc.com/x/NO0S0J,我跟你都會拿到 USD$20 的好處: They’ll receive a $20 discount when they pre-order Plastc, and you’ll receive a $20 Amazon gift card … Continue reading

Posted in Computer, Financial, Hardware, Murmuring, Security | Tagged , , , , , , , , | 1 Comment

四位數密碼的分佈

分析信用卡四位數密碼的分佈:「PIN number analysis」。 透過已經外洩的資料分析: Obviously, I don’t have access to a credit card PIN number database. Instead I’m going to use a proxy. I’m going to use data condensed from released/exposed/discovered password tables and security breaches. 19xx 那邊特別高,拉出來看可以看到分佈:(很像是出生年 XDDD) 相同的 … Continue reading

Posted in Computer, Financial, Murmuring, Security | Tagged , , , , , , , , | Leave a comment

CloudFlare 通過 PCI DSS 3.1 Level 1

CloudFlare 宣佈通過 PCI DSS 3.1 Level 1:「CloudFlare is now PCI 3.1 certified」。 早在去年的時候 CloudFlare 就已經通過 PCI DSS 2.0 Level 1:「CloudFlare is PCI Certified」,這次過 PCI DSS 3.1 主要還是因為 2.0 即將失效,不升級就不能處理信用卡資料了...

Posted in CDN, Cloud, Computer, Financial, Murmuring, Network, Security, WWW | Tagged , , , , , , | Leave a comment

Facebook Messenger 在美國開放轉帳功能

Facebook Messenger 在美國可以直接轉帳了 (銀行帳戶對銀行帳戶):「Facebook Messenger payments are now available to everyone in the US」。 應該會有 SDK 放出來讓大家接起來用?

Posted in Computer, Financial, Murmuring, Network | Tagged , , , , , , , | Leave a comment

PCI DSS 的更新:PCI DSS 3.1

PCI DSS 3.1 出了:「PCI COUNCIL PUBLISHES REVISION TO PCI DATA SECURITY STANDARD — PCI DSS 3.1 and supporting guidance helps organizations address vulnerabilities within SSL protocol that put payment data at risk; PA-DSS revision to follow —」(PDF)。 與 3.0 相比,修正了 … Continue reading

Posted in Computer, Murmuring, Network, Security | Tagged , , , , , , , , , , , , | Leave a comment