Credit card Risk Triple Gate: Magnetic stripe card loophole and network payment

Magnetic stripe card technology loophole, network payment risk, bank staff stolen card risk high talk [technology trend faster than everyone imagined.　　One possibility is that China has not yet transitioned to the era of chip card, and then jump directly into the mobile payment era, that is, the credit card directly with the mobile phone, so that people do not have to run around with thick cash, but it also makes people's desire to consume more inflated, let some "hackers" opportunity.　　Shanghai High People's Court data show that in the 2011 Bank financial Business dispute cases, credit card disputes accounted for 73.88%.　　In addition, the Supreme People's Procuratorate data show that 2006 ~2010 years, the national procuratorial organs to accept the transfer of prosecutions of the largest number of financial crimes is the crime of credit card fraud, accounting for up to 38.8%.　　The security risks of the credit card are mainly three, which are the technical loopholes of the magnetic stripe card itself, the risk of credit card network payment and the risk of bank employees stealing cards.　　Magnetic stripe card A major risk of a credit card is the vulnerability of the magnetic stripe card technology itself currently in use.　　At present, the domestic credit card commonly used magnetic stripe technology, the use of magnetic stripe record customer information, users as long as the POS machine or ATM machine card, will be left on the machine card magnetic stripe information. Because the magnetic stripe information has a fixed format, a skilled person familiar with the credit card production process can copy the magnetic stripe information according to the format of card number, use time, etc.　　The magnetic stripe information of one card is known in the same card, and the basic data of other same batch cards can be calculated.　　In addition, the assumption that someone in a POS machine to upload a stolen card device, you can easily obtain the customer's magnetic stripe information; Even some sites specialize in the sale of magnetic stripe information, through the reader to sweep it to the white card, and then hit the card number, cloned a credit card. The phenomenon of stealing magnetic cards is very serious in some Southeast Asian countries. A striking example is the loss of a bank under Malaysian law, a bank that collapsed in the previous few years.　　Chinese tourists are also told to be extra cautious when they travel to Southeast Asia.　　And for cardholders, the best way to deal with credit card theft is afraid to open SMS alert function, in case of abnormal situation immediately call the bank. "The use of SMS alerts to help cardholders immediately detect anomalies, banks can be the fastest speed stop."　　"China Merchants Bank Credit Card Center General manager Liu Gallong told the first financial daily (micro-bo)" Financial quotient.　　Chip card Although more secure than magnetic stripe card, but because of its high cost and delayed promotion. Europay, MasterCard, Visa three international card organizations in 2003 on the joint development of the Bank Chip card Unified technical standard EMV.　　In 2005, the People's Bank of China issued the standard PBOC2.0 Chinese financial chip card compatible with the EMV standard, and ICBC launched its first PBOC2.0 standard credit card in November 2007. According to the central bank's standard PBOC2 of UnionPay.0 Chip Card (IC card) The overall objective of the state-owned commercial banks should be issued before the end of 2013, the full distribution of financial IC card; the National joint-stock Commercial Bank should issue the financial IC card in full before the end of 2015; All newly issued bank cards should be financial IC cards since January 1, 2015.　　However, some people in the industry are not optimistic about the future of chip cards. I love Card network chief executive Zhiyun told reporters: "The speed of technology trend than everyone's imagination." One possibility is that China has not yet transitioned to the era of chip cards, and has jumped into the era of mobile payments, where credit cards are directly tied to mobile phones.　　"The network pays the risk network to pay this not to the invisible person's empty to pay the Ox type payment method, lets the credit card payment increase the risk factor." "After changing the chip card there is still no way to stop the network shopping in the card risk, because the network consumption does not need to see the card." And the use of credit cards in the online purchase ratio has been increasing every year.　　Liu Gallong told reporters. In fact, credit cards have become increasingly networked as payment tools.　　The network economy activity requests the fund payment to pay real time, the fast, the traditional cash, the bill payment and so on the way is difficult to adapt, but on-line payment satisfies the above request very well. According to the statistics, China's Internet payment transactions amounted to 776 billion yuan at the end of the 2012-year quarter, up 112.6% per cent year-on-year, while the global mobile payment volume in 2012 will exceed 172 billion dollars by Gartner data.　　The number of users expected to participate in mobile payment transactions in various ways will also reach 212.2 million. The source of security risks in credit card networks is the theft of account and password information.　　The first level is directly to the cardholder request, said "abnormal account activities", the cardholder to provide the card number and password.　　Upgrade password thieves will create a very similar to the normal website page, in the cardholder online shopping through the phishing website to obtain credit card payment password, and then steal the brush through the network. There is also a situation where the cardholder in the Internet cafes and other public internet sites for online transactions, or the use of Proxy server transactions, midway information was intercepted, "hackers" steal card number and password.　　In this case, even the use of a soft keyboard is still a security risk, because the soft keyboard is only to prevent the keyboard record information, and can not prevent the transmission of the risk. "Final network payment security depends on the service provider's technology for data encryption." If the packet is encrypted, it will be difficult to break even if it is intercepted in the middle.　　A technical person told reporters. In addition, in the credit card network payment, U shield is considered by the industry is the most secure method.　　And since many network payments are actually done through Third-party payment platforms, the Third-party payment platform has also made a lot of innovations in the field of online payment. "The banking system has become more cumbersome to pay because of the overemphasis on security, while Third-party payments have been balancing the convenience and security of use."　　Zhiyun told reporters. At present Alipay (Micro Bo) take the fast payment system, due to the adoption of mobile phone dynamicPassword payment system, make the transaction through mobile phone verification to complete, plus fast trading limit, so the accidental loss control within a certain range; if coupled with the cardholder's instant message reminder, the cardholder can immediately reflect the problem to the bank, with the fastest speed stop. Bank employees steal card risk guzei difficult to prevent.　　The proportion of the crime of the Bank employees in the credit card risk is not negligible.　　Singer Nan once because the PIN card is not sold, by Minsheng Bank Credit Card center staff Ren qi access to personal data, and the name of the diamond credit card, stolen 1.2 million brush. Two striking points in this case are: is there a risk that a credit card has been written off?　　How can the credit card amount be as high as 1.2 million yuan? How can I cancel a credit card if I don't want to use it? Is it all right to submit a cancellation application to the bank?　　Do not be careless, cancellation of credit card is also a risk.　　Many people may think that canceling a credit card cancels the account, but in fact, they are not the same thing.　　A joint-stock bank credit card department head told reporters that the magnetic card transactions need to be sent by the trading terminal information, but also have a bank response to complete the transaction, the card has been written off, because the bank can not respond to the successful transaction. However, if the credit card is simply cancelled and the account is retained, the customer's personal information is retained.　　If these personal information is obtained by illegal elements, you can submit a credit card application to the bank, and if the bank has a loophole in the credit card recovery approval, the application is approved, and the credit card password is reactivated, there is a risk of theft of the brush. How do you avoid similar risks when you are a cardholder in a PIN card? First of all, the waste card should be properly treated, should be cut along the magnetic strip scrap, to avoid the magnetic stripe of personal information leakage.　　In addition, the bank shall properly keep the customer information of the customers of the sales card, so as to avoid the theft of personal information by the criminals. (Intern reporter Lowenwen also contribute to this article) network Payment Safety Notice 1. At any time, do not give your account number and password to others, do not believe any e-mail, text, telephone and other means of asking for card numbers and passwords behavior.　　For those who have already provided the online bank password to the unidentified person or website, you must immediately log on to the online bank to modify the password or to reset the password to the cabinet.　　2. Choose a password that is not easy to guess, lest it be guessed.　　3. Set up a special password for your online banking, distinguish it from the user name and password that you use on other occasions (for example, other online services, ATM, Passbook, bank card, etc.), and avoid the leakage of other passwords due to the loss of a certain password.　　4. Set your online banking password and payment password for external transfers to different passwords, multiple authentication to ensure your financial security. 5. Do not save your password on your computer. Do not write passwords on paper or cards.　　To change the password periodically. 6. View the "Last logon time" on the Welcome page and the actual logon situationConsistent, so that you find anomalies in a timely manner.