Cashless Society

[Photoguy21]

With talk of a cashless society and the wide spread use of credit and/or debit cards the question of security is bound to arise.

In the past a very simple protocol was used to connect from your ATM or Card Reader to the host server for authentication and approval of the transaction. In the past RS-232 was used but now the protocol used is ISO 8583 a much more robust protocol for handling transactions. So, does this eliminate possible theft from transactions? Well, no it won’t. Granted it will be harder for hackers to gain access to the information on your card but hackers are considerably more intelligent than banks and especially governments.

They may hack into the network and download all your information which many hackers have done on many so-called secure links. Once in the data can easily be harvested by them and either used by the hacker or sold on to others who will access accounts and do the nasty for which they are famed.

Before we want to obliterate all hackers lets step back and see the type of hackers that exist. There are essentially 2 types (there is a third type but they fall between the two I will list here).

Type 1. The white hat hacker – these people hack systems to find vulnerabilities and pass the information to the originating company to the whole can be closed

Type 2. The Black hat hacker – these are the bad guys. These people will hack a system for personal gain either by using the information themselves or selling it to others who will use it for themselves.

So, how will this affect the “Cashless Society”? Simple the more information that is in digital form the more incentive for hackers to gain access to it. With a cash society it is difficult to hack a person.

Credit cards can be stolen and “skimmed” which is a nice word for reading all the information embedded in your credit card. The devices used for this can be found in the darker corners of the web. Word of warning do not go there. A lot of people you would not invite for dinner hang out there.

Countries, and governments in particular, are proposing cashless society. This is not a great idea. At present there are serious problems with hackers in every country of the world. Surely, we don’t want to give them a bigger field to play in by going cashless, do we?

Every day you read that someone lost money to a hacker accessing their phone or computer and emptying their bank account.

My opinion is yes, by all means use your credit card but also use cash. As the saying goes Cash is King and it should remain as such for the foreseeable future

[scubascuba3]

18 minutes ago, Photoguy21 said:

With talk of a cashless society and the wide spread use of credit and/or debit cards the question of security is bound to arise.

In the past a very simple protocol was used to connect from your ATM or Card Reader to the host server for authentication and approval of the transaction. In the past RS-232 was used but now the protocol used is ISO 8583 a much more robust protocol for handling transactions. So, does this eliminate possible theft from transactions? Well, no it won’t. Granted it will be harder for hackers to gain access to the information on your card but hackers are considerably more intelligent than banks and especially governments.

They may hack into the network and download all your information which many hackers have done on many so-called secure links. Once in the data can easily be harvested by them and either used by the hacker or sold on to others who will access accounts and do the nasty for which they are famed.

Before we want to obliterate all hackers lets step back and see the type of hackers that exist. There are essentially 2 types (there is a third type but they fall between the two I will list here).

Type 1. The white hat hacker – these people hack systems to find vulnerabilities and pass the information to the originating company to the whole can be closed

Type 2. The Black hat hacker – these are the bad guys. These people will hack a system for personal gain either by using the information themselves or selling it to others who will use it for themselves.

So, how will this affect the “Cashless Society”? Simple the more information that is in digital form the more incentive for hackers to gain access to it. With a cash society it is difficult to hack a person.

Credit cards can be stolen and “skimmed” which is a nice word for reading all the information embedded in your credit card. The devices used for this can be found in the darker corners of the web. Word of warning do not go there. A lot of people you would not invite for dinner hang out there.

Countries, and governments in particular, are proposing cashless society. This is not a great idea. At present there are serious problems with hackers in every country of the world. Surely, we don’t want to give them a bigger field to play in by going cashless, do we?

Every day you read that someone lost money to a hacker accessing their phone or computer and emptying their bank account.

My opinion is yes, by all means use your credit card but also use cash. As the saying goes Cash is King and it should remain as such for the foreseeable future

Scanning and cardless withdrawals seem the best options here 

[Photoguy21]

44 minutes ago, scubascuba3 said:

Scanning and cardless withdrawals seem the best options here 

Scanning and cardless (using your phone) can be subject to hacking as well. NFC commonly used is well known for being prone to data theft.

Edited January 17 by Photoguy21

[BE88]

Let's hope that Thailand is a nice technological flop the so-called 10,000 B of the government

[scubascuba3]

46 minutes ago, Photoguy21 said:

Scanning and cardless (using your phone) can be subject to hacking as well. NFC commonly used is well known for being prone to data theft.

NFC isn't used for those i mentioned 

[lkn]

On 1/17/2024 at 7:17 AM, Photoguy21 said:

Scanning and cardless (using your phone) can be subject to hacking as well.

 

In the case of a wallet app (e.g. Apple or Google Pay), what kind of hacking are you talking about?

 

I.e. is this a case of “someone can see your unlock code, steel your phone, and then spend money via your phone’s wallet app”? In which case, cash has a similar problem (someone can steel it).

 

Or are you talking about an attack against the actual contactless payment protocol? If so, are you aware of any proof-of-concept demonstrations?

[FritsSikkink]

On 1/17/2024 at 12:13 PM, Photoguy21 said:

With talk of a cashless society and the wide spread use of credit and/or debit cards the question of security is bound to arise.

In the past a very simple protocol was used to connect from your ATM or Card Reader to the host server for authentication and approval of the transaction. In the past RS-232 was used but now the protocol used is ISO 8583 a much more robust protocol for handling transactions. So, does this eliminate possible theft from transactions? Well, no it won’t. Granted it will be harder for hackers to gain access to the information on your card but hackers are considerably more intelligent than banks and especially governments.

They may hack into the network and download all your information which many hackers have done on many so-called secure links. Once in the data can easily be harvested by them and either used by the hacker or sold on to others who will access accounts and do the nasty for which they are famed.

Before we want to obliterate all hackers lets step back and see the type of hackers that exist. There are essentially 2 types (there is a third type but they fall between the two I will list here).

Type 1. The white hat hacker – these people hack systems to find vulnerabilities and pass the information to the originating company to the whole can be closed

Type 2. The Black hat hacker – these are the bad guys. These people will hack a system for personal gain either by using the information themselves or selling it to others who will use it for themselves.

So, how will this affect the “Cashless Society”? Simple the more information that is in digital form the more incentive for hackers to gain access to it. With a cash society it is difficult to hack a person.

Credit cards can be stolen and “skimmed” which is a nice word for reading all the information embedded in your credit card. The devices used for this can be found in the darker corners of the web. Word of warning do not go there. A lot of people you would not invite for dinner hang out there.

Countries, and governments in particular, are proposing cashless society. This is not a great idea. At present there are serious problems with hackers in every country of the world. Surely, we don’t want to give them a bigger field to play in by going cashless, do we?

Every day you read that someone lost money to a hacker accessing their phone or computer and emptying their bank account.

My opinion is yes, by all means use your credit card but also use cash. As the saying goes Cash is King and it should remain as such for the foreseeable future

ISO isn't a protocol it is an international standard:

 

The ISO 8583 specification has three parts:

• Part 1: Messages, data elements, and code values 
• Part 2: Application and registration procedures for Institution Identification Codes (IIC) 
• Part 3: Maintenance procedures for the aforementioned messages, data elements and code values 

When one stores credit card data you need to get PCI DSS certified:

Goals PCI DSS Requirements

Build and Maintain a Secure Network and Systems

1. Install and maintain network security controls

2. Apply secure configurations to all system components

Protect Account Data

3. Protect stored account data

4. Protect cardholder data with strong cryptography during transmission over open, public networks

Maintain a Vulnerability Management Program

5. Protect all systems and networks from malicious software

6. Develop and maintain secure systems and software

Implement Strong Access Control Measures

7. Restrict access to system components and cardholder data by business need to know

8. Identify users and authenticate access to system components

9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Log and monitor all access to system components and cardholder data

11. Test security of systems and networks regularly

Maintain an Information Security Policy

12. Support information security with organizational policies and programs

 

 

[Photoguy21]

3 hours ago, FritsSikkink said:

ISO isn't a protocol it is an international standard:

 

The ISO 8583 specification has three parts:

• Part 1: Messages, data elements, and code values 
• Part 2: Application and registration procedures for Institution Identification Codes (IIC) 
• Part 3: Maintenance procedures for the aforementioned messages, data elements and code values 

When one stores credit card data you need to get PCI DSS certified:

Goals PCI DSS Requirements

Build and Maintain a Secure Network and Systems

1. Install and maintain network security controls

2. Apply secure configurations to all system components

Protect Account Data

3. Protect stored account data

4. Protect cardholder data with strong cryptography during transmission over open, public networks

Maintain a Vulnerability Management Program

5. Protect all systems and networks from malicious software

6. Develop and maintain secure systems and software

Implement Strong Access Control Measures

7. Restrict access to system components and cardholder data by business need to know

8. Identify users and authenticate access to system components

9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Log and monitor all access to system components and cardholder data

11. Test security of systems and networks regularly

Maintain an Information Security Policy

12. Support information security with organizational policies and programs

 

 

You are correct it is but it doesn't alter the security it offers

[Photoguy21]

8 hours ago, lkn said:

 

In the case of a wallet app (e.g. Apple or Google Pay), what kind of hacking are you talking about?

 

I.e. is this a case of “someone can see your unlock code, steel your phone, and then spend money via your phone’s wallet app”? In which case, cash has a similar problem (someone can steel it).

 

Or are you talking about an attack against the actual contactless payment protocol? If so, are you aware of any proof-of-concept demonstrations?

Hacking your data, password etc. If you have it on your phone it can be hacked.

[spidermike007]

Cash is king, I love to carry a big wad of cash in my pocket and have done so for decades, that is not going to change. Cashless is silliness and using your card to pay for a cup of coffee is the very definition of a wimp. 

 

Rarely does a day go by that I'm standing at a register waiting to pay for something with cash, and somebody is in front of me  fumbling with their phone for 4 minutes, to try to pay for 20 baht item. Sometimes I just pull out 20 baht and hand it to them and say here here, please just pay and leave already. 

[FritsSikkink]

45 minutes ago, Photoguy21 said:

You are correct it is but it doesn't alter the security it offers

PCI DSS does, the credit card companies have created it to enhance security of credit card data.

[Chivas]

On 1/19/2024 at 6:56 AM, spidermike007 said:

Cash is king, I love to carry a big wad of cash in my pocket and have done so for decades, that is not going to change. Cashless is silliness and using your card to pay for a cup of coffee is the very definition of a wimp. 

 

Rarely does a day go by that I'm standing at a register waiting to pay for something with cash, and somebody is in front of me  fumbling with their phone for 4 minutes, to try to pay for 20 baht item. Sometimes I just pull out 20 baht and hand it to them and say here here, please just pay and leave already. 

 

Couldnt agree more with you

[lkn]

On 1/19/2024 at 7:56 AM, spidermike007 said:

Rarely does a day go by that I'm standing at a register waiting to pay for something with cash, and somebody is in front of me  fumbling with their phone for 4 minutes, to try to pay for 20 baht item

This is a combination of lousy interface and implementation, for example just opening the KTB app can take upwards of 10 seconds, and then you often have to click through a splash screen before you can activate the scanner.

 

Look instead at how contactless/NFC payments work, this is much much easier and faster. Although here it may also depend on the store, for example in Europe you can mostly just tap the terminal with your phone/watch/fitness tracker the instant the total amount shows on the cash register, and the reader is near instant, but in some supermarkets in Thailand you have to explain you want to pay by card and it takes them a minute or so to “prepare the reader”.