Credit Card Fraud: A New Perspective On Tackling An Intransigent Problem

This article offers a new perspective on battling credit card fraud. It departs from a focus on post factum liability, which characterizes most legal scholarship and federal legislation on credit card fraud and applies corrective mechanisms only after the damage is done. Instead, this article focuses on preempting credit card fraud by tackling the root causes of the problem: the built-in incentives that keep the credit card industry from fighting fraud on a system-wide basis. This article examines how credit card companies and banks have created a self-interested infrastructure that insulates them from the liabilities and costs of credit card fraud. Contrary to widespread belief, retailers, not card companies or banks, absorb much of the loss caused by thieves who shop with stolen credit cards. Also, credit card companies and banks earn fees from every credit card transaction, including those that are fraudulent. In addressing these problems, this article advocates broad reforms, including legislation that would mandate data security standards for the industry, empower multiple stakeholders to create the new standards, and offer companies incentives to comply by capping bank fees for those that are compliant, while deregulating fees for those that are not compliant

Analysis and evaluation of security developments in electronic payment methods

This master thesis with the name "Analysis and Evaluation of Security Developments in Electronic Payment Methods," aims to make a compendium of the technologies and standards used on today's payment card transactions since there is no such compendium available today. This thesis also evaluates the security of the technologies used and the amount of effort required by merchants for the compliance of the Payment Card Industry Data Security Standard (PCI DSS). With the results of these evaluations, it was possible to make recommendations to the merchants using payment cards as a form of payment and to the manufacturers of payment cards. Recommendations that its intention is to increase the security of the card payment transactions

Heartland Payment Systems: lessons learned from a data breach

On August 13, 2009, the Payment Cards Center hosted a workshop examining the changing nature of data security in consumer electronic payments. The center invited the chairman and CEO of Heartland Payment Systems (HPS or Heartland), Robert (Bob) Carr, to lead this discussion and to share his experiences stemming from the data breach at his company in late 2008 and, as important, to discuss lessons learned as a result of this event. The former director of the Payment Cards Center, Peter Burns, who is acting as a senior payments advisor to HPS, also joined the discussion to outline Heartland's post-breach efforts aimed at improving information sharing and data security within the consumer payments industry. In conclusion, Carr introduced several technology solutions that are under discussion in payment security circles as ways to better secure payment card data as they move among the different parties in the card payment systems: end-to-end encryption, tokenization, and chip technology. While HPS has been very supportive of end-to-end encryption, each of these alternatives offers its own set of advantages and disadvantages.Payment systems ; Data protection ; Electronic commerce

ON DEMAND DIGITAL CARD DISPLAY

Disclosed herein is an outline of processes for accessing account information linked to a payment card, free from dependence on an issuer application. In this process a computing device first acquires a deep link from the payment network and then receives input from the user. Subsequently, an application clip is invoked in response to the user input, prompting the user for identity verification. Upon successful verification, the account information is displayed through the application clip, deep link or with in the native application

TRAVEL PREDICTION APPLICATION

The present disclosure is directed to a method and system for predicting cardholder\u27s travel behavior using payment transaction data such as credit card transaction data. The method comprises receiving, by a server computer, a plurality of authorization request messages from a plurality of access devices. Thereafter, the method comprises storing, by the server computer, data relating to the plurality of authorization request messages. Further, the method comprises generating, by the server computer, a model from the stored data. Once the model is generated, the method comprises receiving, by the server computer, a request relating to a user or a - class of users. Thereafter, server computer determines a predicted travel behavior for the user, or the class of users using the model and sends a response to the request, the response comprising the predicted travel behavior

TRAVEL PREDICTION APPLICATION

The present disclosure is directed to a method and system for predicting cardholder\u27s travel behavior using payment transaction data such as credit card transaction data. The method comprises receiving, by a server computer, a plurality of authorization request messages from a plurality of access devices. Thereafter, the method comprises storing, by the server computer, data relating to the plurality of authorization request messages. Further, the method comprises generating, by the server computer, a model from the stored data. Once the model is generated, the method comprises receiving, by the server computer, a request relating to a user or a - class of users. Thereafter, server computer determines a predicted travel behavior for the user, or the class of users using the model and sends a response to the request, the response comprising the predicted travel behavior

SYSTEM AND METHOD FOR AUTHENTICATION USING MOBILE DEVICE

The methods and system disclosed in present disclosure is to perform authentication of a user device before provisioning card details in a digital wallet. In present disclosure, user taps user device on mobile device, upon tapping interaction data is sent to user device. The user device further generates cryptogram using interaction data and credentials of user device. The cryptogram generated is sent to server computer, which verifies whether card details can be provisioned by sending token request to token service computer which further sends authentication request to authentication server system. The authentication server system authenticates received cryptogram and generates validation result either to be successful or to be a failure. The validation result is sent to token service system which in turn sends token response to server computer. Further, server computer decides whether to provision and store the card details and the token received based on token response. Finally, result of provisioning is updated to the user through the mobile device. Hence, the method and the system of the present disclosure eases the provisioning process for cardholders by removing the need to manually enter card details or take a photo of the card and provides assurance that the genuine card is in the possession of individual initiating the provisioning request

Akceptace platebních karet na zařízeních s OS Android

Hlavním cílem této diplomové práce je ověřit, zdali mohou být k akceptaci platebních karet používána běžně dostupná zařízení, jako např. mobilní telefony. Z tohoto důvodu se práce nejdříve zaměřuje na to, jakým způsobem funguje placení kartami, které využívají technologii EMV, a poté popisuje standardy SPoC a CPoC. Dále jsou zde také popsány rozdíly mezi mobilními aplikacemi Google Pay a Apple Pay umožňující použití mobilních telefonů namísto karet. V neposlední řadě je rozšířena komerční aplikace Dotypay tak, že může být provozována k akceptaci karet na mobilních telefonech a zařízeních Nexgo, které používají platformu Android. Pomocí specializovaného testovacího nástroje UL Brand Test Tool, který se v odvětví platebních karet běžně používá, je pak ověřeno, že aplikace správně zpracovává platební transakce.ObhájenoThe main goal of this master's thesis is to find out whether non-specialized devices, such as mobile phones, could be used to accept payment cards. Therefore, it covers the SPoC and CPoC standards and the way payment transactions utilizing the EMV technology are processed. Additionally, the differences between the Google Pay and Apple Pay mobile payment applications are described there. The commercial application Dotypay is extended in such a way that it can be used on mobile phones and Nexgo devices running the Android OS to accept cards. Finally, using the industry-standard UL Brand Test Tool product, it is verified that the extended application is able to correctly process payment transactions

The changing nature of U.S. card payment fraud: industry and public policy options

As credit and debit card payments have become the primary payment instrument in retail transactions, awareness of identity theft and concerns over the safety of payments has increased. Traditional forms of card payment fraud are still an important threat, but fraud resulting from unauthorized access to payment data appears to be rising, and we are only beginning to get a sense of the dimensions of the problem. ; Thus far, the role of public policy has been to encourage the card payment industry to limit fraud by developing its own standards and procedures. Whether this policy stance is sufficient depends on the effectiveness of industry efforts to limit fraud in light of the dramatic shift toward card payments. ; Sullivan provides an overview of card payment fraud in the United States. He develops a preliminary estimate of the rate of U.S. card payment fraud and suggests that such fraud is higher than in several other countries for which data are available. The U.S. payment industry is taking steps to combat payment fraud, but progress has been slowed by conflicts of interest, inadequate incentives, and lack of coordination. Thus, policymakers should monitor the card payment industry to see if it better coordinates security efforts, and if not, consider actions to help overcome barriers to effective development of security.