银行卡盗刷猖狂,过时磁条惹的祸?
开篇:润墨网以专业的文秘视角,为您筛选了一篇银行卡盗刷猖狂,过时磁条惹的祸?范文,如需获取更多写作素材,在线客服老师一对一协助。欢迎您的阅读与分享!
U.S. credit and 1)debit card 2)fraud is on the rise. According to one survey, nearly a third of American consumers have reported credit card fraud in the past five years.
And part of the problem, as Andrea Rock of Consumer Reports tells us, is that U.S. card issuers rely on security systems that lag behind measures taken in other countries.
“The credit and debit cards that most Americans use are really surprisingly vulnerable to fraud,” Rock says. “Because, unlike cards in most of the rest of the world, they rely on outdated technology. The account information that’s needed to make a transaction on American cards is stored, 3)unencrypted, on a magnetic stripe on the back of each card.”
That information is easily copied and reproduced on a 4)bogus card. Rock says that in general, thieves prefer to target debit cards, which allow them to get cash from an ATM, instead of conducting risky transactions in a store.
Other countries moved beyond this technology years ago. The U.K., Canada and Hong Kong are already using chip-based cards, which are considered more secure. (Magnetic stripe technology is decades old.) Cards using the chipand-5)PIN system have an embedded microchip. Instead of swiping the part with a magnetic stripe, you put the card into a terminal, then enter a PIN or sign your name. It’s more expensive for criminals to forge these cards, says Brian Krebs, a security journalist.
The newer chip-and-PIN technology “simply raises the costs for the bad guys,” Krebs said. “It’s not that they can’t break the system―but it makes it more expensive for them to 6)fabricate these cards.”
But why hasn’t the U.S. already adopted this technology?
That’s the wrong question to ask, says Ross Anderson, who has worked on payment technology for almost 30 years and is a professor of security engineering at the University of Cambridge.
“Simply blocking off one of the avenues of attacks by fraudsters isn’t enough to make fraud vanish,” he says.
It can be a game of cat and mouse. Anderson says after it became common to pay with chipbased cards in the U.K., around 2003, the level of fraud went up because thieves turned to schemes involving mail and telephone orders.
Eventually, criminals figured out how to make fake terminals that steal information from the card. Also, the cards still have magnetic strips, in case European cardholders want to travel abroad. According to Krebs, some criminals simply steal the information from the cards in Europe, and because they can’t pay with magnetic stripe cards over there, they send the information to crooks in the U.S. for illegal shopping sprees.
Americans are actually lucky, says Anderson, because they have the thing that matters more than technology―consumer protection.
“If there’s fraud, the issue is who pays for it; is it me or is it the bank? And if the bank is running the system, then I want the bank to pay for the fraud,” Anderson says. “American citizens are lucky because [since the 1970s and early 1980s, they have] very strong consumer protection in the form of 7)Regulation E, Regulation Z and various decided court cases.”
If U.S. cardholders become victims of credit card fraud, they can call their bank and be done with it, losing at most $50 or so. In the U.K., for instance, cardholders have to write a letter to file their claim.
“The U.S. is ahead in terms of consumer protection, and if you’re thinking about the public interest and how things affect you as a bank customer, that’s by far the most important thing,”Anderson says. “How the banks use technical mechanisms to limit their own exposure then simply becomes an engineering problem for them to solve.”
He says this consumer protection is why online shopping took off in the U.S.
Starting Oct. 1, 2015, Visa will encourage the use of the new chip-embedded cards in the U.S. After that, if someone uses a chip card at a store that hasn’t adopted the new terminals for reading chip cards, the store may be responsible for any fraud that happens.
Anderson also says this is an exciting time for payment technology. There hasn’t been much innovation for the past 30 years or so, but he says mobile payment systems like 8)Google Wallet could be widely used in five to 10 years.
美国的信用卡和借记卡诈骗犯罪不断增加。据一项调查显示,在过去的五年里有近三分之一的美国消费者报告过信用卡被盗。
而据《消费者报告》杂志的安德烈亚・洛克向我们所述,问题有一部分源于美国的发卡机构所依赖的安全机制远远落后于其他国家的标准。
“大部分美国人所使用的信用卡和借记卡是相当容易被伪造的,” 洛克说道,“因为,不像世界大部分其他地方的卡,这里的卡依赖的是过时的技术。美国的银行卡片上完成交易所需的账户信息没有经过加密,就储存在卡片背面的磁条中。”
这些信息能够轻易地被复制到伪造的卡片上。洛克认为,通常窃贼更倾向于以借记卡为下手目标,因为这样他们就可以直接从柜员机取得现金,风险比到店里去通过消费来获利更低。
其他国家多年前就提升了这方面的技术。英国、加拿大和香港都已经在使用芯片卡片了,这种卡的安全性被认为更高些。(磁条是几十年前的老技术了。)使用“芯片加密码”系统的卡上带有一个嵌入式芯片。与刷卡上的磁条不同,人们使用这种卡时要把卡插入终端设备,然后输入密码或者签名。安全新闻记者布莱恩・克雷布斯认为,对于诈骗犯来说这种卡的伪造成本要更高些。
这种更新的芯片加密码技术“只是增加了坏人的成本而已,”克雷布斯说道,“不是说他们不能攻破这个系统――但对于他们来说,伪造这种卡片的成本要高一些。”
但是为什么迄今为止美国还没有采用这种技术呢?
这个问题问得有点不当,罗斯・安德森说。他已在支付技术领域工作了近三十年,而且还是剑桥大学安全工程学的教授。
他表示:“仅仅阻挡住诈骗犯们所采取的其中一条攻击路径是不足以消灭欺诈行为的。”
就像是猫捉老鼠的游戏。安德森说,在2003年左右,当使用芯片卡片在英国成为普遍现象时,欺诈的水平也提高了,因为窃贼们转而通过包括邮件和电话订单的方式来进行欺诈。
最终,犯罪分子想到了如何制造能够偷取卡片信息的假冒终端设备。而且,卡上依然带有磁条,以备欧洲持卡人出国旅游时使用。据克雷布斯所说,一些犯罪分子只是从欧洲盗取卡片信息,而因为在那里他们不能用磁条卡进行支付,于是他们把信息发送到美国,让骗子在那里进行疯狂盗刷。
安德森说,其实美国人是幸运的,因为他们拥有比技术更为重要的东西――消费者保护。
“如果发生了诈骗,问题就是谁来为损失买单;是持卡人自己还是银行?如果是银行在运行该系统的话,那么我希望是银行来为诈骗损失买单,”安德森如是说道。“美国公民是幸运的,因为(从上世纪七十年代和八十年代初期起,他们就已经拥有)以《E条例》、《Z条例》和各种已决案例为形式的强有力的消费者保护。”
如果美国持卡人成为了信用卡欺诈罪的受害人,他们可以打电话给银行,然后就万事大吉了,最多损失50美金左右。而在其他地方,比如英国,持卡人则要写信提出索赔。
“从消费者保护方面来说,美国是走在前沿的,且如果你是从公众利益及作为一名银行客户所受的影响这些方面考虑的话,那么这就是目前为止最重要的事了,” 安德森说道。“而银行如何采用技术机制去减低其风险,则不过是他们需要自己去解决的工程问题而已。”
他说这种消费者保护正是网上购物为何会从美国开始兴起的原因。
从2015年10月1日起,维萨信用卡将会在美国推动新型嵌入式芯片卡的使用。届时,要是有人在还未配备新终端读卡设备的店铺里使用芯片卡而发生欺诈事件时,那么该店铺有可能要负责。
安德森还表示,这是支付技术上令人振奋的时刻。在过去的三十多年里都没有过多少创新,但他同样表示移动支付系统,例如谷歌钱包,有可能会在未来的五至十年间得到广泛的应用。