22 August 2017
Cedric Pariente

IT and Market Finance

Cedric Pariente - Racine Alpha

23Posts 137,897Views 45Comments
Finextra community

Transaction Fraud Systems and Analysis

A community for discussion of Transaction Fraud systems and anlaytical techniques for bank card and financial services organisations.

VBF - Verified by Fraudster

22 July 2009  |  3371 views  |  0

 

Current authentication methods proposed by payment schemes are a joke for fraudsters. Not only are the credentials information static, but also very easy to get on the web.

The fact that the code is static makes it replayable. Meaning once found, the fraudster can use it several times until he gets caught (if he gets caught).

The fact that it’s an easy to get static passcode makes it even easier. The fraudster has the choice between phishing the static credentials or he can make a deal with a friend, asking him for his VBV or UCAF/SPA credentials then disputing all charges with the issuing bank after.

Registration methods used by VBV or UCAF/SPA ask the user to enter a static password. So far, I’ve been asked a few times to fill in personal information, such as my birthdate. And each time it made me laugh. What is easier than a birthdate to get with all the social networks available today?

Not only this, but what prevents a fraudster to ask a friend to register a valid card with VBV or UCAF/SPA, to pass to him these credentials, to perform several online payments with online merchants that use VBV or UCAF/SPA, then the friend can dispute all these online payments with the Issuing Bank? How can the bank prove that the cardholder is part of the fraudulent action? There is simply no way.

Either the security system has to make sure that the user and only the user can perform a transaction, or it becomes not only useless but also dangerous for cardholders and issuing banks.

 

Feel free to leave your comments and feedback.

Cédric Pariente, CEO of B32TRUST

 

TagsPayments

Comments: (0)

Comment on this story (membership required)

Latest posts from Cedric

Home Equity Loan and Home Equity Line Of Credit

12 February 2010  |  4312 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationGroupOnline Banking

How to Crack WiFi Network - Video Tutorial

30 January 2010  |  8754 views  |  0 comments | recomends Recommends 0 TagsSecurityGroupOnline Banking

Credit Without a Purpose is Dangerous!

26 January 2010  |  5227 views  |  1 comments | recomends Recommends 0 TagsCardsGroupOnline Banking

Social Suicide 2.0

05 January 2010  |  4699 views  |  1 comments | recomends Recommends 0 TagsSecurityGroupOnline Banking

MC2009

25 December 2009  |  6681 views  |  0 comments | recomends Recommends 0 TagsCardsGroupOnline Banking

Cedric's profile

job title Stanford Certified Project Manager
location Paris
member since 2009
Summary profile See full profile »
I'm Cedric Pariente, a Stanford Certified Project Manager, working in both IT and Market Finance.

Cedric's expertise

Member since 2008
23 posts45 comments
What Cedric reads
Think Tank
Cedric's blog archive
2010 (4)2009 (19)

Who's commenting on Cedric's posts