Comments on: What’s Wrong with this Picture? http://qyv.net/jisblog/2008/04/16/whats-wrong-with-this-picture/ Ramblings of a Security Technologist Tue, 06 Jan 2009 10:45:46 +0000 http://wordpress.org/?v=2.7 hourly 1 By: Donald Eastlake 3rd http://qyv.net/jisblog/2008/04/16/whats-wrong-with-this-picture/comment-page-1/#comment-3867 Donald Eastlake 3rd Sun, 24 Aug 2008 02:49:50 +0000 http://qyv.net/jisblog/2008/04/16/whats-wrong-with-this-picture/#comment-3867 The EMV (EuroCard, MasterCard, Visa) protocol which authenticates via a smart card chip in the card, has existed for years. All European cards have these. If/when the losses get big enough, people will move to such technologies. Donald The EMV (EuroCard, MasterCard, Visa) protocol which authenticates via a smart card chip in the card, has existed for years. All European cards have these. If/when the losses get big enough, people will move to such technologies.

Donald

]]> By: M Gettes http://qyv.net/jisblog/2008/04/16/whats-wrong-with-this-picture/comment-page-1/#comment-2232 M Gettes Thu, 17 Apr 2008 14:05:52 +0000 http://qyv.net/jisblog/2008/04/16/whats-wrong-with-this-picture/#comment-2232 I understand and completely agree with your point. As you very well know - changing the system is extremely difficult since it, this fine credit card system, is essentially the basis for commerce. How can we use the current system to better employ security techniques in a way actually usable by human beings with limited understanding of the issues? I like what some banks are doing - offering (on the internet) the ability to obtain short-term credit card numbers with appropriate limits on time and dollars. This is essentially using my current card as a qualifier to obtain other short-term card uses. This is, of course, analogous to short-term PKI certs and so on. If we could do this in a way where the net was not so required - or distribute it via telephones (isn't this what Bank of America and the MIT center for the future of banking should be doing?) so anyone could use it - then we might make the overall system better by limiting exposures. It ain't perfect - but I think it is better. /mrg I understand and completely agree with your point. As you very well know - changing the system is extremely difficult since it, this fine credit card system, is essentially the basis for commerce. How can we use the current system to better employ security techniques in a way actually usable by human beings with limited understanding of the issues? I like what some banks are doing - offering (on the internet) the ability to obtain short-term credit card numbers with appropriate limits on time and dollars. This is essentially using my current card as a qualifier to obtain other short-term card uses. This is, of course, analogous to short-term PKI certs and so on. If we could do this in a way where the net was not so required - or distribute it via telephones (isn’t this what Bank of America and the MIT center for the future of banking should be doing?) so anyone could use it - then we might make the overall system better by limiting exposures. It ain’t perfect - but I think it is better.

/mrg

]]>