Breaking

Showing posts with label PIN. Show all posts
Showing posts with label PIN. Show all posts

Saturday, 22 October 2016

18:42

Debit card data breach: How exactly does an ATM work?

Debit card data breach: How exactly does an ATM work?

You probably have walked into a lot of ATMs and transacted on one hundreds of times. But have you ever wondered how exactly does the ATM machine work.
Automated Teller Machine or ATM is a data terminal or rather a digital interface with two input and four output devices. Like any other data terminal, the ATM has to connect to, and communicate through, a host processor.
The host processor is similar to an Internet service provider (ISP) and it is the gateway through which all the various ATM networks become available to the cardholder or in other words (the person wanting the cash). Nearly 99% of ATMs in India communicate through leased lines -- which is a high speed network. Others work on dial-up systems which are slow and are meant for low traffic areas.But before we get into all the technical aspects, one needs to understand who handles the ATM or how is maintained. Any bank that wants an ATM installed contacts an ATM-maker like NCR or Diebold Nixdorf who provides the machine and the software for the bank at its preferred location.
After the ATM is installed, the bank needs to connect it to its servers and allow it to connect to other bank servers to help a consumer get cash.
Here comes in companies like FSS, CMS and Hitachi Payment Services who provide the ‘switch’ -- a technical term for a payment transfer engine that allows the ATM software to connect to interbank networks and in turn bank servers so that it can relay information and cash as and when it is necessary. But most of the switches are placed in remote locations and in other cases bank themselves maintain the interconnection network.
For example, a branch which has an ATM is more prone to managing its own switch
Read more: Banks need to raise firewalls to protect debit cards
But what is an interbank network? An interbank network, also known as an ATM consortium or ATM network, is a computer network that enables ATM cards issued by a financial institution that is a member of that particular network to be used to perform ATM transactions through teller machines that belong to another member of the network.
While Visa, Mastercard/Maestro or Rupay are card service providers, Cirrus, Pulse, Bancs are examples of interbank networks present in the country. This simply means that these card service providers connect to services (that it subscribes or owns) such as Cirrus or Pulse when a transaction is being processed by a user in an ATM.
However, the functions which may be performed at the network ATM vary. For example, special services, such as the purchase of mobile phone airtime, may be available to own-bank but not to network ATM cardholders. Furthermore, the network ATM owner may charge a fee for use of network cards (in addition to any fees imposed by the own-bank).

0
By at No comments:
Labels: , , ,
18:32

ATM compromise: Yes Bank says vendors need to do more

ATM compromise: Yes Bank says vendors need to do more
In wake of a system-wide security scare triggered by a malware attack on systems of its vendor Hitachi Payment Systems, Yes Bank today sought to distance itself from the breach and stressed on need to police service providers in a better way.
"There needs to be a lot more vigilance where there are outsourcing partners to make sure they don't endanger the delivery and system risk, and there's a fair amount of policing as far as outsourcing risks are concerned," its managing director and chief executive Rana Kapoor told reporters here.
According to media reports, systems of Hitachi Payment Systems which counts on Yes Bank as one of its major customers, are suspected to have been breached.
Asserting that there has not been breaches with the bank, Kapoor said there is a need for vigilance on the outsourced aspects because a bank does not do every function in-house.
Kapoor also exuded confidence in the security architecture of the National Payments Corporation of India (NPCI), calling it as the finest in the world.
Following the discovery of the breach, he said the bank has initiated some cautionary measures to ensure that its customers do not get affected.
A bank spokesperson said after the suspected breach came to light for the first time, it had advised all its customers to change their secret personal identification numbers (PINs).
Also, to ensure that they indeed change the PINs and minimise the risk, it capped withdrawal at Rs 5,000 per transaction till the PIN gets changed.
According to reports, over 32 lakh cards stand at risk following the suspected security breach and banks have taken a slew of actions to thwart any untoward possibilities by either replacing the cards or asking them to change the PINs.

0
By at No comments:
Labels: , , , ,

Tuesday, 18 October 2016

20:34

State Bank of India blocks ATM cards over security reasons

State Bank of India blocks ATM cards over security reasons

In view of possible security issues, the State Bank of India (SBI) has blocked some of the ATM debit cards while urging them to contact the bank authorities for changing their pin numbers.
The bank had reportedly asked its customers to change their secret pin number. Those who had not changed the number were asked to contact the bank branch when they tried to withdraw money on Friday and Saturday.
The bank said it blocked the cards which are regularly used at specific ATMs prone to fraudulent activities. The customers whose ATM cards are blocked now have to avail a new card from the bank. The new card will be distributed free, the bank said.
Currently these customers posses magnetic cards and the bank intends to replace it with new chip cards. This is to curb recurrence of the Thiruvananthapuram-style high-tech ATM robbery, the bank said.

0
By at No comments:
Labels: , , ,

Sunday, 6 September 2015

17:22

Authentication Advances May Finally Kill Passwords and PINs

Authentication Advances May Finally Kill Passwords and PINs

More than two decades since a New Yorker cartoon joked that "on the Internet, nobody knows you're a dog," banks are finally replacing old and not-so-reliable methods of authenticating customers — passwords and security questions — with sophisticated alternatives.

Voice biometrics, fingerprint detection, facial recognition and device ID are graduating from the pilot phase to wider deployment at a handful of financial institutions. And more innovative methods, including authentication based on smartphone activity, are being tested in university research labs. If successful, these technologies could deliver the combination of security and convenience that has eluded banks in their struggle to verify user identities and keep out impostors without hassling true customers.

The shift to next-gen authentication methods has been made possible by the convergence of several trends. One is the ubiquity of smartphones with high-quality microphones and cameras that make voice and facial recognition easy, and the availability of Apple's Touch ID fingerprint reader on iPhones for finger scanning.

Public awareness of data breaches and fraud issues has made consumers more willing to provide fingerprints, voiceprints and selfies to secure their financial information. And while financial institutions are driven by the need to make their growing volume of mobile and online transactions secure and convenient, they're also being pushed by a newer, related dynamic: their call centers are swamped with requests from consumers who want to reset lost, stolen or compromised passwords.

"The Target data breach generated more calls than we'd like to have taken in the call center," said Casey Royer, the enterprise voice solutions director at USAA, the poster child for biometrics technology in the U.S. financial services industry. "When we're not planning those calls, it's hard. We need to start barring the doors so we're more secure. We're hoping this [technology] matures so incidents become nonevents."

The Options

One authentication technology banks are starting to deploy is voice recognition.

"Voice recognition has the right combination of characteristics that are unique to the individual," said Dominic Venturo, chief innovation officer at U.S. Bank in Minneapolis. "The voice is easy to use and every mobile phone has the ability to hear a voice." The $404 billion-asset bank has been testing voice biometrics and aims to make it more widely available this year.

According to Opus Research, 41% of all global voice biometrics installations are implemented by financial institutions. Barclays, Santander, Tangerine, Wells Fargo, USAA and ING Netherlands are among those that have adopted this technology.

The quality of smartphones' built-in microphones is high enough to achieve accuracy rates above 90%, according to Brett Beranek, director of product strategy for voice biometrics at Nuance Communications. Barclays' wealth management unit, for instance, says it's achieved a 95% accuracy rate on its use of voice recognition in its call centers.

Fingerprint recognition is another option, one that Apple brought to the forefront by including Touch ID on iPhones and making it part of Apple Pay. First Internet Bank of Indiana, Canada's Tangerine Bank, American Express, Discover and USAA are among those using it to let customers log into mobile banking with the press of a finger.

"There is certainly a strong case for fingerprint and voice," in banking today, Venturo said.

Source:http://www.americanbanker.com/news/bank-technology/authentication-advances-may-finally-kill-passwords-and-pins-1074298-1.html
0
By at No comments:
Labels: , , , , , , ,