[TriLUG] OT: lack of security at BofA
Heath Roberts
htroberts at gmail.com
Mon Dec 22 14:13:25 EST 2014
On Mon, Dec 22, 2014 at 10:38 AM, <matt at noway2.thruhere.net> wrote:
I would like to see elimination of direct information and access to
> accounts. Transactions should be unique and use a one time cipher and
> authentication where processing a transaction does not give you the
> information or ability to process a future one. Something like Kerberos
> ticket authentication comes to mind.
>
EMV (chip-and-signature or chip-and-PIN) implements this. One problem is
the need for backward compatibility with stripe-only cards and readers.
Another problem is that I think merchants don't like not being able to mine
your purchasing habit data--they use your card number as a common data
element to tie those together (this appears to be one reason some retailers
disabled NFC card readers to keep ApplePay from working).
--
Heath Roberts
htroberts at gmail.com
More information about the TriLUG
mailing list