Popular Post Photoguy21 Posted January 17 Popular Post Share Posted January 17 With talk of a cashless society and the wide spread use of credit and/or debit cards the question of security is bound to arise. In the past a very simple protocol was used to connect from your ATM or Card Reader to the host server for authentication and approval of the transaction. In the past RS-232 was used but now the protocol used is ISO 8583 a much more robust protocol for handling transactions. So, does this eliminate possible theft from transactions? Well, no it won’t. Granted it will be harder for hackers to gain access to the information on your card but hackers are considerably more intelligent than banks and especially governments. They may hack into the network and download all your information which many hackers have done on many so-called secure links. Once in the data can easily be harvested by them and either used by the hacker or sold on to others who will access accounts and do the nasty for which they are famed. Before we want to obliterate all hackers lets step back and see the type of hackers that exist. There are essentially 2 types (there is a third type but they fall between the two I will list here). Type 1. The white hat hacker – these people hack systems to find vulnerabilities and pass the information to the originating company to the whole can be closed Type 2. The Black hat hacker – these are the bad guys. These people will hack a system for personal gain either by using the information themselves or selling it to others who will use it for themselves. So, how will this affect the “Cashless Society”? Simple the more information that is in digital form the more incentive for hackers to gain access to it. With a cash society it is difficult to hack a person. Credit cards can be stolen and “skimmed” which is a nice word for reading all the information embedded in your credit card. The devices used for this can be found in the darker corners of the web. Word of warning do not go there. A lot of people you would not invite for dinner hang out there. Countries, and governments in particular, are proposing cashless society. This is not a great idea. At present there are serious problems with hackers in every country of the world. Surely, we don’t want to give them a bigger field to play in by going cashless, do we? Every day you read that someone lost money to a hacker accessing their phone or computer and emptying their bank account. My opinion is yes, by all means use your credit card but also use cash. As the saying goes Cash is King and it should remain as such for the foreseeable future 1 2 Link to comment Share on other sites More sharing options...
scubascuba3 Posted January 17 Share Posted January 17 18 minutes ago, Photoguy21 said: With talk of a cashless society and the wide spread use of credit and/or debit cards the question of security is bound to arise. In the past a very simple protocol was used to connect from your ATM or Card Reader to the host server for authentication and approval of the transaction. In the past RS-232 was used but now the protocol used is ISO 8583 a much more robust protocol for handling transactions. So, does this eliminate possible theft from transactions? Well, no it won’t. Granted it will be harder for hackers to gain access to the information on your card but hackers are considerably more intelligent than banks and especially governments. They may hack into the network and download all your information which many hackers have done on many so-called secure links. Once in the data can easily be harvested by them and either used by the hacker or sold on to others who will access accounts and do the nasty for which they are famed. Before we want to obliterate all hackers lets step back and see the type of hackers that exist. There are essentially 2 types (there is a third type but they fall between the two I will list here). Type 1. The white hat hacker – these people hack systems to find vulnerabilities and pass the information to the originating company to the whole can be closed Type 2. The Black hat hacker – these are the bad guys. These people will hack a system for personal gain either by using the information themselves or selling it to others who will use it for themselves. So, how will this affect the “Cashless Society”? Simple the more information that is in digital form the more incentive for hackers to gain access to it. With a cash society it is difficult to hack a person. Credit cards can be stolen and “skimmed” which is a nice word for reading all the information embedded in your credit card. The devices used for this can be found in the darker corners of the web. Word of warning do not go there. A lot of people you would not invite for dinner hang out there. Countries, and governments in particular, are proposing cashless society. This is not a great idea. At present there are serious problems with hackers in every country of the world. Surely, we don’t want to give them a bigger field to play in by going cashless, do we? Every day you read that someone lost money to a hacker accessing their phone or computer and emptying their bank account. My opinion is yes, by all means use your credit card but also use cash. As the saying goes Cash is King and it should remain as such for the foreseeable future Scanning and cardless withdrawals seem the best options here Link to comment Share on other sites More sharing options...
Photoguy21 Posted January 17 Author Share Posted January 17 (edited) 44 minutes ago, scubascuba3 said: Scanning and cardless withdrawals seem the best options here Scanning and cardless (using your phone) can be subject to hacking as well. NFC commonly used is well known for being prone to data theft. Edited January 17 by Photoguy21 Link to comment Share on other sites More sharing options...
BE88 Posted January 17 Share Posted January 17 Let's hope that Thailand is a nice technological flop the so-called 10,000 B of the government Link to comment Share on other sites More sharing options...
scubascuba3 Posted January 17 Share Posted January 17 46 minutes ago, Photoguy21 said: Scanning and cardless (using your phone) can be subject to hacking as well. NFC commonly used is well known for being prone to data theft. NFC isn't used for those i mentioned Link to comment Share on other sites More sharing options...
lkn Posted January 18 Share Posted January 18 On 1/17/2024 at 7:17 AM, Photoguy21 said: Scanning and cardless (using your phone) can be subject to hacking as well. In the case of a wallet app (e.g. Apple or Google Pay), what kind of hacking are you talking about? I.e. is this a case of “someone can see your unlock code, steel your phone, and then spend money via your phone’s wallet app”? In which case, cash has a similar problem (someone can steel it). Or are you talking about an attack against the actual contactless payment protocol? If so, are you aware of any proof-of-concept demonstrations? 1 Link to comment Share on other sites More sharing options...
FritsSikkink Posted January 19 Share Posted January 19 On 1/17/2024 at 12:13 PM, Photoguy21 said: With talk of a cashless society and the wide spread use of credit and/or debit cards the question of security is bound to arise. In the past a very simple protocol was used to connect from your ATM or Card Reader to the host server for authentication and approval of the transaction. In the past RS-232 was used but now the protocol used is ISO 8583 a much more robust protocol for handling transactions. So, does this eliminate possible theft from transactions? Well, no it won’t. Granted it will be harder for hackers to gain access to the information on your card but hackers are considerably more intelligent than banks and especially governments. They may hack into the network and download all your information which many hackers have done on many so-called secure links. Once in the data can easily be harvested by them and either used by the hacker or sold on to others who will access accounts and do the nasty for which they are famed. Before we want to obliterate all hackers lets step back and see the type of hackers that exist. There are essentially 2 types (there is a third type but they fall between the two I will list here). Type 1. The white hat hacker – these people hack systems to find vulnerabilities and pass the information to the originating company to the whole can be closed Type 2. The Black hat hacker – these are the bad guys. These people will hack a system for personal gain either by using the information themselves or selling it to others who will use it for themselves. So, how will this affect the “Cashless Society”? Simple the more information that is in digital form the more incentive for hackers to gain access to it. With a cash society it is difficult to hack a person. Credit cards can be stolen and “skimmed” which is a nice word for reading all the information embedded in your credit card. The devices used for this can be found in the darker corners of the web. Word of warning do not go there. A lot of people you would not invite for dinner hang out there. Countries, and governments in particular, are proposing cashless society. This is not a great idea. At present there are serious problems with hackers in every country of the world. Surely, we don’t want to give them a bigger field to play in by going cashless, do we? Every day you read that someone lost money to a hacker accessing their phone or computer and emptying their bank account. My opinion is yes, by all means use your credit card but also use cash. As the saying goes Cash is King and it should remain as such for the foreseeable future ISO isn't a protocol it is an international standard: The ISO 8583 specification has three parts: Part 1: Messages, data elements, and code values Part 2: Application and registration procedures for Institution Identification Codes (IIC) Part 3: Maintenance procedures for the aforementioned messages, data elements and code values When one stores credit card data you need to get PCI DSS certified: Goals PCI DSS Requirements Build and Maintain a Secure Network and Systems 1. Install and maintain network security controls 2. Apply secure configurations to all system components Protect Account Data 3. Protect stored account data 4. Protect cardholder data with strong cryptography during transmission over open, public networks Maintain a Vulnerability Management Program 5. Protect all systems and networks from malicious software 6. Develop and maintain secure systems and software Implement Strong Access Control Measures 7. Restrict access to system components and cardholder data by business need to know 8. Identify users and authenticate access to system components 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Log and monitor all access to system components and cardholder data 11. Test security of systems and networks regularly Maintain an Information Security Policy 12. Support information security with organizational policies and programs 1 Link to comment Share on other sites More sharing options...
Photoguy21 Posted January 19 Author Share Posted January 19 3 hours ago, FritsSikkink said: ISO isn't a protocol it is an international standard: The ISO 8583 specification has three parts: Part 1: Messages, data elements, and code values Part 2: Application and registration procedures for Institution Identification Codes (IIC) Part 3: Maintenance procedures for the aforementioned messages, data elements and code values When one stores credit card data you need to get PCI DSS certified: Goals PCI DSS Requirements Build and Maintain a Secure Network and Systems 1. Install and maintain network security controls 2. Apply secure configurations to all system components Protect Account Data 3. Protect stored account data 4. Protect cardholder data with strong cryptography during transmission over open, public networks Maintain a Vulnerability Management Program 5. Protect all systems and networks from malicious software 6. Develop and maintain secure systems and software Implement Strong Access Control Measures 7. Restrict access to system components and cardholder data by business need to know 8. Identify users and authenticate access to system components 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Log and monitor all access to system components and cardholder data 11. Test security of systems and networks regularly Maintain an Information Security Policy 12. Support information security with organizational policies and programs You are correct it is but it doesn't alter the security it offers 1 Link to comment Share on other sites More sharing options...
Photoguy21 Posted January 19 Author Share Posted January 19 8 hours ago, lkn said: In the case of a wallet app (e.g. Apple or Google Pay), what kind of hacking are you talking about? I.e. is this a case of “someone can see your unlock code, steel your phone, and then spend money via your phone’s wallet app”? In which case, cash has a similar problem (someone can steel it). Or are you talking about an attack against the actual contactless payment protocol? If so, are you aware of any proof-of-concept demonstrations? Hacking your data, password etc. If you have it on your phone it can be hacked. Link to comment Share on other sites More sharing options...
Popular Post spidermike007 Posted January 19 Popular Post Share Posted January 19 Cash is king, I love to carry a big wad of cash in my pocket and have done so for decades, that is not going to change. Cashless is silliness and using your card to pay for a cup of coffee is the very definition of a wimp. Rarely does a day go by that I'm standing at a register waiting to pay for something with cash, and somebody is in front of me fumbling with their phone for 4 minutes, to try to pay for 20 baht item. Sometimes I just pull out 20 baht and hand it to them and say here here, please just pay and leave already. 1 1 1 1 Link to comment Share on other sites More sharing options...
FritsSikkink Posted January 19 Share Posted January 19 45 minutes ago, Photoguy21 said: You are correct it is but it doesn't alter the security it offers PCI DSS does, the credit card companies have created it to enhance security of credit card data. Link to comment Share on other sites More sharing options...
Chivas Posted January 20 Share Posted January 20 On 1/19/2024 at 6:56 AM, spidermike007 said: Cash is king, I love to carry a big wad of cash in my pocket and have done so for decades, that is not going to change. Cashless is silliness and using your card to pay for a cup of coffee is the very definition of a wimp. Rarely does a day go by that I'm standing at a register waiting to pay for something with cash, and somebody is in front of me fumbling with their phone for 4 minutes, to try to pay for 20 baht item. Sometimes I just pull out 20 baht and hand it to them and say here here, please just pay and leave already. Couldnt agree more with you 1 1 Link to comment Share on other sites More sharing options...
lkn Posted January 20 Share Posted January 20 On 1/19/2024 at 7:56 AM, spidermike007 said: Rarely does a day go by that I'm standing at a register waiting to pay for something with cash, and somebody is in front of me fumbling with their phone for 4 minutes, to try to pay for 20 baht item This is a combination of lousy interface and implementation, for example just opening the KTB app can take upwards of 10 seconds, and then you often have to click through a splash screen before you can activate the scanner. Look instead at how contactless/NFC payments work, this is much much easier and faster. Although here it may also depend on the store, for example in Europe you can mostly just tap the terminal with your phone/watch/fitness tracker the instant the total amount shows on the cash register, and the reader is near instant, but in some supermarkets in Thailand you have to explain you want to pay by card and it takes them a minute or so to “prepare the reader”. 1 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now