Thursday Threads: Payment Card Security, Crap Detection, VoIP in your Hand

 Posted on 
 ·  4 minutes reading time

Welcome to the revival of DLTJ Thursday Threads. With the summer over and the feeling of renewal towards this blog and its topics, I'm happy to be back sharing tidbits of technology that I hope you will find interesting. Today's set of threads covers the gnarly security issues behind the bright-and-shiny chip-on-payment card systems being rolled out by banks and retailers in the U.S., a list of resources for checking things that you read about online, and a heads-up on changes to how your phone will work in the near future.

Feel free to send this newsletter to others you think might be interested in the topics. If you are not already subscribed to DLTJ's Thursday Threads, visit the sign-up page. If you would like a more raw and immediate version of these types of stories, follow me on Mastodon where I post the bookmarks I save. Comments and tips, as always, are welcome.

That Chip in your Credit Card May Not Be as Secure as Your Bank Hopes

According to new research, chip-based “Smartcard” credit and debit cards—the next-generation replacement for magnetic stripe cards—are vulnerable to unanticipated hacks and financial fraud. Stricter security measures are needed, the researchers say, as well as increased awareness of changing terms-of-service that could make consumers bear more of the financial brunt for their hacked cards.

- Black Hat 2014: A New Smartcard Hack, by Mark Anderson, IEEE Spectrum, August 7, 2014

Although U.S. banks are issuing EMV cards now, it will be some time before they start to see a reduction in fraud.

- EMV: Why Payment Systems Fail [postprint, pdf] by Ross Anderson and Steven J. Murdoch, Communications of the ACM, June 2014

The first quote comes from an article that covers a presentation made at this year's Black Hat security conference in Las Vegas. The presenter at Black Hat is also a co-author of the Communications article. The first article gives an overview of some of the problems with the EMV system (an acronym for "Europay-Mastercard-Visa" -- the three companies promoting the chip-on-payment-card system). For the real gory details, read the second article.

The bottom line is this, though -- payment cards with chips are coming to U.S. The big Target data breach from last year only accelerated plans already in place to bring this technology to U.S. consumers. Banks may try to say that you, the consumer, are responsible for any charges made with your card and your PIN because this whole system has been set up to make sure only someone with the card and the PIN could have authorized the charge. As with many things dealing with computer security, reality is not quite so clear cut, so I recommend keeping an eye on this topic as the EMV system rolls out in the U.S.

A Recourse for Information Literacy

This document is a resource for assessing the accuracy or veracity of online information, organized under a number of headings. The objective of the resource is to improve the digital lives of individuals and to improve the quality of the online commons by increasing the number of people who know how to separate good info from bad info. It began as a chapter for my 2012 book, Net Smart: How to Thrive Online.

- A Guide to Crap Detection Resources, by Howard Rheingold

This one crossed my Twitter stream as a retweet from someone else. Author Howard Rheingold has put together a list of places to go to, well, exercise your crap detection skills. With headings for "Political" and "Urban Legends, Hoaxes, and Emails" and "Journalism", it is a resource that you may want to keep close-at-hand for checking into those things that sound too good to be true. The author also takes comments from others in the document, so it is a living document of contributions from others.

The Subsumption of Voice into IP Networks Continues

What in fact is really going on...is that this is the iceberg tip of a massive paradigm shift away from analog calling, at every level across the board. It’s not just a shift from PSTN, or Public Switched Telephone Network, in favor of IP-based calling, either. PSTN is the old-school wireline circuit that uses copper wires for analog voice. Half of residential U.S. wireline service is VoIP, according to a recent FCC report.But all calling, including mobile, is going IP.

- How cellphone calling is going all Internet, by Patrick Nelson, Network World, August 1, 2014

Sure, we have Skype and FaceTime and some have VoIP (Voice-over-IP) phones on our desks. But the world just now getting to the point where VoIP is the way voice calls are made. In this opinion piece, the author outlines the many ways that voice calls are switching from circuit-switched to packet-switched right down to the devices we hold in our hands. (On medium- and long-haul phone circuits, that changeover happened long ago.) If done the right way, you won't notice the change -- except that your calls may be clearer and higher quality.