Scambaiters

Home    Victim´s Story   Fraud Prevention    Project GSO   Hall of Shame   LINKS  

Global Scambaiting Forum  

 
 

 

 

 

 

 

 

 

Scambaiters

   




How bank cards work



Swiping your card sets this process into motion



 

There’s a complex behind-the-scenes process every time you buy something with a credit card, even though it usually only takes a matter of seconds to complete:

A transaction begins when a customer presents a card to pay for a purchase. Bank cards can come in several varieties, including credit cards issued by national banks and debit cards issued by local banks. The magnetic strip on the back of the card stores the information that identifies the cardholder account number, name, and card’s expiration date.


At most stores, the consumer’s card is swiped and the transaction amount is entered. A machine at the cash register electronically reads the cardholder’s account information. Through a phone line connected to the back of the machine, the terminal dials out to the processing network for authorization to complete the transaction.


A similar process occurs on a retailer’s Web site, except the consumer must enter in the data that would normally be picked up by a card reader in a store. Most retailers use an encrypting protocol known as SSL, short for “Secure Sockets Layer.” An encrypted Web site is easy to spot - the start of the address will change from “http” to “https,” and, if you’re using Netscape, a padlock icon appears.

The processing network is responsible for translating and delivering the electronic information sent from the checkout aisle. The transaction data is first routed to the issuing bank for authorization of the cardholder’s account, with the appropriate data then sent to a processing bank as well as back to the terminal.


The consumer’s issuing bank verifies that the account is valid and the sale is within the cardholder’s available credit limit. This triggers the network to send an approval code back to the retailer’s terminal so the transaction can be completed. Transaction details appear on the cardholder’s next account statement.


The completed transaction is saved in the point-of-sale terminal until the business closes out the current batch of stored transactions. This process, called “batching out,” generally occurs automatically at the end of each day.

Sources: National Federation of Independent Business, Smart Computing



A new standard



Credit card companies have begun to respond to heightened concern about security breaches by penalizing member retailers. In December, Visa said it will spend $20 million in incentives to make members’ banks compliant, and begin fining those banks up to $25,000 if large merchants aren’t compliant by the end of August and smaller merchants by year-end.


Experts recommend that merchants maintain a firewall to protect cardholder data, encrypt all data that’s transmitted across public networks, regularly update antivirus software and monitor access to cardholder data.


“It’s a relatively new standard and our membership has been working very hard to get up to speed,” said Liz Oesterle, government affairs counsel for the National Retail Federation.


But critics say Visa’s penalties don’t come close to covering banks’ losses. Issuing a new card costs up to $20 per card for some banks, and a data breach stemming back to July 2005 may have affected the card data of millions of customers.



Solutions



While technology has contributed to the spread of credit card fraud, it also offers potential solutions.

Security consultants are pitching upgraded monitoring programs for retailers designed to flag unauthorized releases of data, rather than the earlier emphasis on keeping out hackers.


“There’s a very telling shift between (monitoring) who’s getting in and what’s getting out,” said David Etue, senior security strategist for Fidelis Security Systems, a Bethesda, Md.-based electronic security company.


More than three-quarters of data breaches are caused by an existing employee, Etue said, either through malice or ignorance.

“Half of the violations are someone who doesn’t know any better and doesn’t realize they’re putting data at risk,” he said.

All of which has consumers such as Drew, the jewelry designer from Boston, wary about how they pay for their purchases.

“I’m very afraid of someone accessing my bank account other than the bank,” she said. “It’s really terrible. In the age of technology, every time you turn around someone’s hacking into somebody’s system. You almost want to go back to the old days of stuffing money in your mattress.”





 More


 
 
 

 Top

 
       
© by GSO •  Contact