PayPal sending out new cards because of data breaches

[PornDiscounts-V]

Just got an Email from Paypal telling me they are sending me a new card because they fear my information may have been subjected to a data breach. Though they also state they have no evidence it has actually happened. It is more of a precaution.

What I don't understand is why are they going to send me the same fucking card when they really should be sending me a pin and chip card instead which is what Home Depot, Target and others are putting into their stores to thwart this kind of thing?

[CAHEK]

i never got any email yet

[PornDiscounts-V]

Did you shop at a Home Depot with the card?

[DVTimes]

we have chip and pin in the uk for all cards.

its not that secure.

the latest is some swipe thing. you hold the card next to the machine and you do not enter anything.

[iSpyCams]

Quote:

Originally Posted by DVTimes

we have chip and pin in the uk for all cards.

its not that secure.

the latest is some swipe thing. you hold the card next to the machine and you do not enter anything.

Whoopty doo then. I got a shiny new pin and chip card a month or so back, cause of the PF Chang's breach. not much better than my other cards, it was he first one compromised. Pin and chip don't do shit for online purchases.

[rowan]

Quote:

Originally Posted by pompousjohn

Whoopty doo then. I got a shiny new pin and chip card a month or so back, cause of the PF Chang's breach. not much better than my other cards, it was he first one compromised. Pin and chip don't do shit for online purchases.

The future for online purchases is probably some sort of embedded "human" two factor authentication, used for Card Not Present transactions. For example, pressing a button that shows a code number on a display. All contained within the card. The code number is a cryptographic signature that proves you have physical possession of the card.

Only problem is that something like this will take years to be fully implemented, which means that the legacy system will be around for a long time to come.

[iSpyCams]

Quote:

Originally Posted by rowan

The future for online purchases is probably some sort of embedded "human" two factor authentication, used for Card Not Present transactions. For example, pressing a button that shows a code number on a display. All contained within the card. The code number is a cryptographic signature that proves you have physical possession of the card.

Only problem is that something like this will take years to be fully implemented, which means that the legacy system will be around for a long time to come.

A much simpler system would be to text a 6 digit confirmation code to the cardholder's mobile, which is then entered into the page where the purchase is being made. Far from foolproof, it would cut online fraud rates down to about 10% of what they are currently.

[PornDiscounts-V]

Or call you and authenticate with a message you previously gave them in your own voice. Then it gives you a pin you enter into the site.

Or just start hanging people who commit credit card fraud.

[Jel]

Quote:

Originally Posted by vvvvv

Or call you and authenticate with a message you previously gave them in your own voice. Then it gives you a pin you enter into the site.

Or just start hanging people who commit credit card fraud.

that'll work great for the deaf

[Jel]

Quote:

Originally Posted by pompousjohn

A much simpler system would be to text a 6 digit confirmation code to the cardholder's mobile, which is then entered into the page where the purchase is being made. Far from foolproof, it would cut online fraud rates down to about 10% of what they are currently.

except for instance in central london where sms messages are carried differently, so automated systems don't work (as I found out when my car died on me, and was trying to transfer money to a new account from victoria station). To do with the density of the buildings, so that'll kill all purchases made in the middle of london, for a start off.

[iSpyCams]

Quote:

Originally Posted by vvvvv

Or just start hanging people who commit credit card fraud.

Actual credit card fraud is a huge problem sure, but usually that happens overseas or the person to be "hanged" resides in a juristiction where the chances of them ever getting caught or help accountable in any way are slim to none.

At least as big and maybe bigger than credit card fraud is customers who take advantage of card association protections and file fraudulent disputes. For online merchants who deal in virtual goods this is huge, because we don't typically have any of the things required to consistently win a dispute like

1) customer's signature
2) card impression
3) tracking # showing proof of delivery

[iSpyCams]

Quote:

Originally Posted by Jel

except for instance in central london where sms messages are carried differently, so automated systems don't work (as I found out when my car died on me, and was trying to transfer money to a new account from victoria station). To do with the density of the buildings, so that'll kill all purchases made in the middle of london, for a start off.

First of all I can live without central London. but more importantly I am talking about online purchases like adult subscriptions which people generally do in the privacy of their homes with a phone handy, if not actually on the phone itself.

[anexsia]

My Paypal card is still good and I haven't received any info about any breaches.

[Sly]

Quote:

Originally Posted by pompousjohn

A much simpler system would be to text a 6 digit confirmation code to the cardholder's mobile, which is then entered into the page where the purchase is being made. Far from foolproof, it would cut online fraud rates down to about 10% of what they are currently.

I have to do that with my bank to send wires. It's annoying. Can't imagine how annoyed I would get if I had to do that every time I made an online purchase.

[iSpyCams]

Quote:

Originally Posted by Sly

I have to do that with my bank to send wires. It's annoying. Can't imagine how annoyed I would get if I had to do that every time I made an online purchase.

Yes I do it too, also to log into battle.net and play starcraft. But it's not the end of the world, certainly less annoying than digging my wallet out of my pocket and deciding what card to use. - and if I wasn't sending a wire and I got one of those texts I would surely shit bricks.