Linked by Thom Holwerda on Mon 2nd May 2011 22:27 UTC
Privacy, Security, Encryption "Nikkei.com on Monday reported that an online Sony gaming network has once again fallen victim to a cyberattack. This time, the attack may have exposed the credit card numbers of thousands of Sony customers from around the world. According to the report, over 12,700 customer credit card numbers were stolen during a breach of Sony’s online gaming network, Sony Online Entertainment. According to Nikkei.com, Sony discovered the possible attack on Sunday."
Thread beginning with comment 471620
To read all comments associated with this story, please click here.
Out of band authentication
by Alfman on Tue 3rd May 2011 08:40 UTC
Alfman
Member since:
2011-01-28

Authenticating purchases using static credit card is so stupid, it is unbelievable that we still do it that way.

I agree with kvarbanov that multi-factor/out of band authentication should be used, unfortunately most banks don't seem to genuinely care that credit card numbers by themselves are inherently insecure.


Anyways, posters here seem to be getting confused about pins being a requirement of using debit cards. My bank advertises that I can use my debit card anywhere visa is accepted, even shops only setup to accept "credit cards". This is because Visa handles both ends of the transaction, be it credit or debit.

http://www.ehow.com/facts_6146135_signature-based-debit-card-transa...

In certain grocery stores, the CC machine asks for a pin after I swipe my *credit* card to pay. Another older credit card never asks for a pin.

This leads me to believe that credit/debit and pin/signatures are in fact two independent variables.


I don't know if there are any real technical differences between the transaction types at all, or if the differences are merely a matter of policy?


Edit:
http://www.paymenow.com/html/debit_transactions.html
"Debit cards that have a VISA or MasterCard logo on them can be processed without entering a PIN code. These types of transactions are referred to as 'off-line' debit transactions. In this type of sale the merchant accepts a debit card the same way in which they would accept a normal credit card. The card is swiped through the terminal and the consumer signs the receipt. As far as the merchant is concerned there is no difference in the way a credit card or an off-line debit card is processed."

Edited 2011-05-03 08:45 UTC

Reply Score: 1

Thom_Holwerda Member since:
2005-06-29

Anyways, posters here seem to be getting confused about pins being a requirement of using debit cards. My bank advertises that I can use my debit card anywhere visa is accepted, even shops only setup to accept "credit cards". This is because Visa handles both ends of the transaction, be it credit or debit.


It doesn't work like that here, luckily. Your bank card's payments (debit, PIN required) are handled by Interpay, the organisation that handles the backend. I do believe your bank card can be *compatible* with VISA/MasterCard, and that the backend is compatible with it also. All Dutch banks and virtually every shop/restaurant/etc. accepts bank card payments (swipe/enter pin/press ok).

However, here in The Netherlands, everything is done either in cash, or 'via PIN' (debit card/bank card), as we call it. Credit cards are mostly used when travelling outside of the EU - but even there it isn't necessary, as I was perfectly able to use my bank card at ATMs in Austin and Dallas, TX, 10 years ago.

Reply Parent Score: 2

Alfman Member since:
2011-01-28

"However, here in The Netherlands, everything is done either in cash, or 'via PIN' (debit card/bank card), as we call it."


You keep saying this, and it may be true in your country, but I wouldn't be so positive that visa will always deny signature transactions with merchants outside of your country.


If what you are saying is accurate, I have no idea how you would use your debit card online. Obviously (or hopefully) you do not submit your personal pin on commercial websites.


In regards to the sony case, the loss of this information is very bad for both debit and credit cards.

Reply Parent Score: 2