Rss

    Archives for : development

    Secure Application Development links

    Hi,

    I have been putting some secure application development documents together recently and have found some good general tutorials and guidelines which I thought I would post here.

    Best Practices

    Other Resources

    Financial Transaction Processing

    I have been recently working inside one of the larger Banks in Australia.
    Through this work, I have been looking at the controls and mechanisms surrounding the processing of credit and debit cards around the Asia Pacific.

    I get to perform many security architecture and payment systems assessments.
    Over the years I have always considered the protection of the card data as one of the key considerations.

    Until yesterday I had never seen an CVV or PVV decryption tools. I think some scripted use of these tools could be very interesting.
    The site hziggurat29.com

    Many of the other tools on this site are also very unique and worth a look.
    Big thanks to ziggurat29 for providing such awesome tools.

    As many of these sites are of this nature are difficult to find and often seem to vanish over the years, I have chosen to replicate the the text from this page and provide local copies on the files.
    It is worth periodically visiting the ziggurat29 site every now and again to see if any additional tools have been posted.

    One of the more extraordinary files is the Atalla Hardware Security Module (HSM)  and BogoAtalla for Linksys emulation (simulation) tools. So I wonder if Eracom and Thales are shaking in their boots. Some how I don’t think so. 😉

    ——– ziggurat29 Text ———

    These are all Windows command-line utilities (except where noted); execute with the -help option
    to determine usage.

    DUKPT Decrypt (<- the actual file to download)

    This is a utility that will decrypt Encrypted PIN Blocks that have been produced via the DUKPT triple-DES method.  I used this for testing the output of some PIN Pad software I had created, but is also handy for other debugging purposes.

    VISA PVV Calculator (<- the actual
    file to download)

    This is a utility that will compute and verify PIN Verification Values that have been produced using the VISA PVV technique.  It has a bunch of auxiliary functions, such as verifying and fixing a PAN (Luhn computations), creating and encrypting PIN blocks, decrypting and extracting PINs from encrypted PIN blocks, etc.

    VISA CVV Calculator (<- the actual file to download)

    This is a utility that will compute Card Verification Values that have been produced using the VISA CVV technique.  MasterCard CVC uses the CVV algorithm, so it will work for that as well.  It will compute CVV, CVV2, CVV3, iCVV, CAVV, since these are just variations on service code and the
    format of the expiration date.  Verification is simply comparing the computed value with what you have received, so there is no explicit verification function.

    Atalla AKB Calculator (<- the actual file to download)

    This is a utility that will both generate and decrypt Atalla AKB cryptograms.  You will need the plaintext MFK to perform these operations.  When decrypting, the MAC will also be checked and the results shown.

    BogoAtalla (<- the actual file to
    download)

    This is an Atalla emulator (or simulator).  This software emulation (simulation) of the well-known Atalla Hardware Security Module (HSM) that is used by banks and processors for cryptographic operations, such as verifying/translating PIN blocks, authorising transactions by verifying
    CVV/CSC numbers, and performing key exchange procedures, was produced for testing purposes.  This implementation is not of the complete HP Atalla command set, but rather the just
    portions that I myself needed.  That being said, it is complete enough if you are performing acquiring and/or issuing processing functions, and are using more modern schemes such as Visa PVV and DUKPT, and need to do generation, verification, and translation.

    This runs as a listening socket server and handles the native Atalla command set.  I have taken some liberties with the error return values and have not striven for high-fidelity there (i.e., you may get a different error response from native hardware), but definitely should get identical positive
    responses.  Some features implemented here would normally require purchasing premium commands, but all commands here implemented are available.  Examples are generating PVV values and encrypting/decrypting plaintext PIN values.

    BogoAtalla for Linksys (<- the actual file to download)

    This is the Atalla emulator ported to Linux and build for installation on an OpenWRT system.  Makes for a really cheap ($60 USD) development/test device.

     

    Local Files

    bogoatalla002
    atallaakbcalc
    bogoatalla_10-1_mipsel
    dukptdecrypt
    visacvvcalc
    visapvvcalc

    Lethal Toxins Entering Your Body

    I recently read an article in a magazine and was shocked to see some of the toxic dangers which modern living introduce. Australian Men’s Health April 2008, by Susan Casey, pg 87.

    I thought I would expand on this article here as a method of analysing some of the things Kerry and I need to be careful of. I hope this also assists others in understanding some of these dangers.

    “Except for the small amount that’s been incinerated every bit of plastic ever manufactured still exists”

    Toxic

    Articles

    Polycarbonate

    Bottles (marked with a #7 in a triangle)

    Cling wrap and plastic takeaway containers (marked with a #7)

    Dangerous

    Ingredients

    Bisphenol A (BPA), a synthetic oestrogen, which can leach into the bottle’s contents when heated.span>

    Phthalates, a probable human carcinogen and endocrine disruptor, can seep into food (especially fatty foods, such as delis meats and cheeses).

    Linked to

    Prostate cancer, reduced sperm count and reproductive-organ abnormalities, according to US studies at the universities of Missouri, Chicago and Cincinnati.

    Reproductive problems like undescended testes and low sperm count, reveal researchers at New York’s University of Rochester and the Centres for Disease Control and Prevention in the US.

    How to reduce your exposure

    Pots, pans and bottles made from stainless steel are a non-toxic alternative. If you’re using polycarbonate, keep it out of the dishwasher and replace it every 60 days or if it’s scratched. Plastic releases toxins over tie when damaged or exposed to high heat.

    Keep it out of microwave and dishwasher. Don’t store fatty or acidic foods in these containers, rather use waxed paper and buy meat wrapped in paper from the butcher. If you use plastic-wrapped cuts, trim the edges off where the product touched the wrapping.

     

    Toxic

    Articles

    Polystyrene cups and takeaway containers (marked with a #6)

    Fast-food containers (with waxy lining) and non-stick (Teflon) pans.

    Polyvinyl chloride (PVC), used in vinyl flooring, shower curtains and car interiors.

    Dangerous

    Ingredients

    Styrene, a possible human carcinogen, can leah into the contents of the cup.

    Perfluoro-octanoic acid (PFOA), a grease-repelling flourotelomer chemical and likely human carcinogen, can transfer from the waxy-plastic coating onto the food inside, especially at high temperatures.

    Vinyl chloride is a known human carcinogen that gives off gas into the surrounding air, so it’s inhaled instead of ingested.span>

    Linked to

    Cancer, warn scientists at the US Environmental Protection Agency’s (EPA) Office of Research and Development and the World Health Organisations International Agency for Research on Cancer.

    Cancer, lung and kidney damage, according to studies at the EPA and Environmental Working Group in the US.

    Cancer and liver damage, predicts both the EA and the Centre for Health and Environmental Justice in the US.

    How to reduce your exposure

    Never drink hot liquids out of polystyrene ups. Use paper ones (those without a wax lining) whenever possible or a ceramic coffee mug. If your takeaway comes in polystyrene, transfer it to ceramic dish or glass as soon as possible.

    The best alternatives to drive-through and delivery are sit-down restaurants and home cooking. At home, never use Teflon-coated pans. If you own any, replace with non-toxic cookware made from copper, cast iron or stainless steel.

    Use natural materials for home flooring. Buy a shower curtain made from hemp, which lasts longer and is naturally mildew-resistant. New vinyl gives off aerial toxins at highly concentrated levels, so open windows to air spaces where this material is present.

     

    These are also great articles:

    http://www.seattlepi.com/local/326907_plastic09.html

    http://www.bravenewleaf.com/environment/2008/02/updated-repeat.html

    http://www.breastcancerfund.org/clear-science/environmental-breast-cancer-links/plastics/

    http://io9.com/how-to-recognize-the-plastics-that-are-hazardous-to-you-461587850

    http://www.smallfootprintfamily.com/avoiding-toxins-in-plastic

    http://articles.mercola.com/sites/articles/archive/2013/04/11/plastic-use.aspx

    ISO 14443 contactless card

    An international standard for proximity or contactless smart card communication

    ISO 14443 contactless card

    ISO 14443 is an international standard which describes how contactless cards and terminals should work to ensure industry-wide compatibility, for example in identity, security, payment, mass-transit and access control applications.

    ISO standards are developed by the ISO, the International Organization for Standardization. Technical committees comprising experts from the industrial, technical and business sectors develop the standards to increase levels of quality, reliability and interoperability on a global scale.

    Gemplus has always had a strong involvement in ISO definition of the chip card standards, and has been represented in the development of this international standard. The ISO 14443 is divided into 4 separate parts outlining physical characteristics, radio frequency power and signal interface, initialization and anti-collision and transmission protocol.

    Gemplus has developed a wide range of contactless payment solutions based on the ISO 14443 international standard. The speed and convenience of contactless technology has created a significant demand for this sort of solution in environments such as fast food restaurants, gas stations, public transport services, banks and many others.

    Bluetooth – Security

    Redirected from Bluetooth

     

    Source

    1 Bluetooth
    2 Wireless- History
    3 Wireless- Technologies
    4 Bluetooth- Technical Introduction
    5 Bluetooth- Advantages
    6 Bluetooth- Applications
    7 Bluetooth- Security Issues
    7.1 The SNARF attack
    7.2 The BACKDOOR attack
    7.3 The BLUEBUG attack
    7.4 Bluejacking
    7.5 Warnibbling
    8 Future of Bluetooth
    9 See also:
    10 Reference List

    Bluetooth

    Bluetooth is a new technology that utilises radio frequency waves as a way to communicate wirelessly between digital devices. It sets up personal area networks that incorporate all of a persons digital devices into one system for both convergence and convenience.

    Wireless- History

    Many people put the invention of [wireless] radio down to Guglielmo Marconi, who in 1895 sent the first radio telegraph transmission across the English Channel. Only twelve years later radio began being used in the public sphere. [Mathias, p.2] Up until then however, many wireless pioneers conducted trials across lakes where the antenna used to transmit the signal was longer than the distance across the lake. [Brodsky, p. 3] After its introduction the main use of wireless radio was for military communications where its first use was for the Boer War. [Flichy, p. 103] The invention of broadcast radio ensured the feasibility of wireless technologies. [Morrow, p. 2] By the 1920s, radio had become a well-recognised mass medium. [Flichy, p. 111] From the 1980s until now, wireless communications have been through several stages, from 1G (analogue signal), 2G (digital signal) and 3G (always on, faster data rate). [Lightman and Rojas, p. 3] The history of Bluetooth is a much more recent one, with the first Bluetooth-enabled products coming into existence in 2000. Named after Harald Blatand the first, king of Denmark around twelve hundred years ago, who joined the Danish and Norwegian kingdoms, Bluetooth technology is founded on this same unifying principle of being able to unite the computer and telecommunication industr[ies]. [Ganguli, p. 5] In 1994 the Ericsson Company began looking into the idea of replacing cables connecting accessories to mobile phones and computers with wireless links, and this became the main inspiration behind Bluetooth. [Morrow, p. 10]

    Wireless- Technologies

    Bluetooth is not the only wireless technology currently being developed and utilised. Other wireless technologies, including 802.11b, otherwise known as Wi-Fi, Infrared Data Association (IrDA), Ultra- Wideband Radio (UWB), and Home RF are being applied to similar technologies that Bluetooth use with mixed results. 802.11 is the most well known technology, excluding Bluetooth, and uses the same radio frequency, meaning that they are not compatible as they cause interference with each other. 802.11 is being implemented into universities in the US, Japan and China, as well as food and beverage shops where they are being used to identify students and customers. Even airports have taken up the 802.11 technology, with airports all over America, and three of Americas most prominent airlines promoting the use of it. [Lightman and Rojas, p. 202-3] Infrared Data Association is extremely inferior to that of Bluetooth. Its limitations include only being able to communicate point-to-point, needing a line of sight, and it has a speed of fifty- six kilobytes per second, whereas Bluetooth is one megabyte per second. [Ganguli, p. 17] The Ultra- Wideband Radio is superior to that of Bluetooth in that it can transmit at greater lengths (up to 70 metres), with only half of the power that Bluetooth uses. [Ganguli, p.17] HomeRF is a technology that is not very well known. It is used for data and voice communication and targeted for the residential market segment and does not serve enterprise- class WLANs, public access systems or fixed wireless Internet access. [Ganguli, p.17-18]

    Bluetooth- Technical Introduction

    Bluetooth is a short- range radio device that replaces cables with low power radio waves to connect electronic devices, whether they are portable or fixed. The Bluetooth device also uses frequency hopping to ensure a secure, quality link, and it uses ad hoc networks, meaning that it connects peer-to-peer. It can be operated worldwide and without a network because it uses the unlicensed Industrial- Scientific Medical (ISM) band for transmission that varies with a change in location. [Ganguli, p. 25-6] The Bluetooth user has the choice of point-to-point or point-to-multipoint links whereby communication can be held between two devices, or up to eight. [Ganguli, p. 96] When devices are communicating with each other they are known as piconets, and each device is designated as a master unit or slave unit, usually depending on who initiates the connection. However, both devices have the potential to be either a master or a slave. [Swaminatha and Elden, p. 49]

    Bluetooth- Advantages

    There are many advantages to using Bluetooth wireless technologies including the use of a radio frequency, the inexpensive cost of the device, replacing tedious cable connections, the low power use and implemented security measures. The use of an unlicensed radio frequency ensures that users do not need to gain a license in order to use it. Unlike Infrared which needs to have a line of sight in order to work, Bluetooth radio waves are omnidirectional and do not need a clear path. The device itself is relatively cheap and easy to use, one can be bought for around ten American dollars, and this price is currently decreasing. Compare this to the expensive cost of implementing hundreds of cables and wires into an office and there is no competition. Of course, this is the main reason for the take -up in Bluetooth -enabled devices; it does away with cables. Another of Bluetooths advantages is its low power use, ensuring that battery operated devices such as mobile phones and personal digital assistants wont have their battery life drained with the use of it. This low power consumption also guarantees minimal interruption from other radio operated and wireless devices that operate at a higher power. Bluetooth has several enabled security measures that ensures a level of privacy and security, including frequency hopping, whereby the device changes radio frequency sixteen hundred times per second. Also within the security tools are encryption and authentification mechanisms that guarantee little interference by unauthorised hackers. [Ganguli, p. 330] One of the best advantages of Bluetooth devices, especially the hands free device that connects to a mobile phone, is that it removes radiation from the brain region. [Tsang, p.1]

    Bluetooth- Applications

    The applications that are in development or current use for the Bluetooth technology include such areas as automotive, medical, industrial equipment, output equipment, digital -still cameras, computers, and communications systems. [Lightman and Rojas, p. 201] Bluetooth is an ad hoc network user, and therefore it may be used for social networking, i.e. people can meet and share files or link their Bluetooth devices together to play games or other such activities. [Smyth, p. 70] Using Bluetooth, a mobile phone can become a three- way phone, where at home it connects to a landline for cheaper calls, on the move it acts as a mobile phone and when it comes in contact with another Bluetooth-enabled phone it acts as a walkie- talkie. This walkie- talkie option allows for free interaction and communication, as Bluetooth is not connected to any telecommunications network. [Gupta, p.1] Bluetooth also allows automatic synchronization of your desktop, mobile computer, notebook and your mobile phone for the user to have all of their data managed as one. [Gupta, p.1]

    Bluetooth- Security Issues

    Bluetooth has several threats which range in level of risk and how widespread the action is. These threats have the ability to provide criminals with sensitive information on both corporate and personal levels. The only way to avoid such threats is for manufacturers, distributors, and consumers to be provided with more information on how they are committed, current attack activity and how to combat them. This information can be used on a technical level for manufacturers, it can be used by distributors at retail levels to teach consumers the risks and it can be used directly by consumers to be aware of the threats. The outcome of such research will allow end users of Bluetooth products to have an upper hand in this wireless warfare. Bluetooth security is in early stages with regards to both the attackers, their techniques and consumers understanding of these attacks. Some research has been conducted into what the attackers are doing and how they do it. Adam Laurie of A.L Digital Ltd http://www.thebunker.net/release-bluestumbler.htm is leading the research race in Bluetooth security and is often linked to academic resources. Laurie’s research has uncovered the following capabilities of Bluetooth attacks:

    • Confidential data such as the entire phone book, calender and the phone’s IMEI.
    • Complete memory contents of some mobile phones can be accessed by a previously trusted (“paired”) device that has since been removed from the trusted list.
    • Access can be gained to the AT command set of the device, giving full access to the higher level commands and channels, such as data, voice and messaging.

    Attacks on Bluetooth devices at this stage are relatively new to consumers, and therefore are not widely seen as a real threat. Attacks such as the Bluejack attack are probably more recognised by consumers due to its perceived humorous and novelty nature as well as the ease to Bluejack someone. Users who allow their phone to be Bluejacked open the door to more serious attacks, such as the Backdoor attack which have a low level of awareness amongst consumers as attackers can attach to the device with out the users knowledge. Corporations are starting to understand the risks Bluetooth devices pose, Michael Ciarochi (in Brewin 2004) stated that ‘Bluetooth radios were included in laptop PCs that were being configured by an IT Engineer. It raises the possibility of opening a wireless back door into data stored on the PCs. Such a security weakness would be extremely attractive to hackers. Although Bluetooth invites hackers to such attacks; Bluetooth Venders are playing down the risks, Brewin (2004) said that ‘Bluetooth advocates last week dismissed growing security fears about the short-range wireless technology, saying any flaws are limited to a few mobile-phone models. They also detailed steps that users can take to secure Bluetooth devices’. There are many methods of Bluetooth attacks, the Snarf, the Backdoor, Bluebug, Bluejack and Warnibbling attack are the only recognised attacks at this early stage. Below are explanations of such attacks.

    The SNARF attack

    It is possible for attackers to connect to the device without alerting the user, once in the system sensitive data can be retrieved, such as the phone book, business cards, images, messages and voice messages.

    http://www.salzburgresearch.at/research/gfx/bluesnarf_cebit2004.pdf

    Local Copy: BlueSnarf_CeBIT2004.pdf

    The BACKDOOR attack

    The backdoor attack is a higher concern for Bluetooth users; it allows attackers to establishing a trust relationship through the “pairing” mechanism, but ensuring that the user can not see the target’s register of paired devices. In doing this attackers have access to all the data on the device, as well as access to use the modem or internet; WAP and GPRS gateways may be accessed without the owner’s knowledge or consent.

    The BLUEBUG attack

    This attack gives access to the AT command set, in other words it allows the attacker to make premium priced phone calls, allows the use of SMS, or connection the internet. Attackers can not only use the device for such fraudulent exercises it also allows identity theft to impersonate the user.

    Bluejacking

    Dibble (2004) explained that ‘Just as SMS was spawned, there’s a new craze that’s spreading across parts of Europe. Reportedly, it’s more prominent in the UK, but popular elsewhere too’. Bluejacking allows attackers to send messages to strangers in public via Bluetooth. When the phones ‘pair’ the attacked can write a message to the user. Although it may seem harmless at first, there is a downside. Once connected the attacker may then have access to any data on the users Bluetooth device, which has obvious concerns. Powell (2004: 22) explained that ‘Users can refuse any incoming message or data, so Bluejackers change their username to a short barb or compliment to beat you to the punch. For example, you might receive something along the lines of “Incoming message from: Dude, you’ve been Bluejacked.” Or, “Incoming message from: ROI is overrated.” Bluejacking is regarded as a smaller threat to Bluetooth as users being attacked are aware they have been Bluejacked. This does not mean however that they are aware that sensitive information is being accessed and used in a malicious manner.

    http://www.bluejackq.com/

    Warnibbling

    Warnibbling is a hacking technique using Redfang, or similar software that allows hackers to reveal corporate or personal sensitive information. Redfang allows hackers to find Bluetooth devices in the area, once found, the software takes you through the process of accessing any data that is stored on that device. Redfang also allows non-discoverable devices to be found. Whitehouse explains when testing Redfang ‘One of the first obstacles we had to overcome was the discovery of non-discoverable devices (it was surprising to see the number of devices that dont by default implement this security measure)’. http://www.atstake.com/research/reports/acrobat/atstake_war_nibbling.pdf

    Future of Bluetooth

    Further information, and somewhat speculation is required for consumers and Bluetooth stakeholders on the future of Bluetooth. Such information will provide a clearer understanding of why security of Bluetooth must be improved. Luo and Lee (2004) provide a short term prediction of where Bluetooth is heading, Europe and Asian countries already offer electronic newspapers, subway tickets, and car parking fees via wireless devices. Collins (2003) says that Bluetooth devices ‘appear to be more secure than 802.11 wireless LANs. However, this situation may not last, as the Bluetooth technology becomes more widespread and attracts greater interest from the hacking community’.

    http://www.arraydev.com/commerce/jibc/0402-10.htm

    See also:

    Reference List

    • Brodsky, I. (1995) Wireless: The Revolution in Personal Telecommunications, Massachussetts, USA: Artech House Inc, ISBN 0890067171 (Erin Watson)
    • Collins, G. (2003) Bluetooth Security. Byte.com [Online], Available: Academic Search Elite, ISSN:0360-5280 [Accessed 6/9/04]. (Ben Henzell)
    • Dibble, T (2003) ‘Bluejack city: a new wireless craze is spreading through Europe’ [Online]. Available: http://www.sys-con.com/Wireless/article.cfm?id=710 [Accessed 4/8/04. (Ben Henzell)
    • Finn, E. (2004) Be carefull when you cut the cord. Popular Science [Online], vol. 264, issue. 5, p30. Available: Ebsco Host: Academic Search Elite, ISSN:0161-7370 [Accessed 6/9/04]. (Ben Henzell)
    • Flichy, P. (1995) Dynamics of Modern Communication, London: Sage Publications, ISBN 0803978502 (Erin Watson)
    • Ganguli, M. (2002) Getting Started with Bluetooth, Ohio: Premier Press, ISBN 1931841837 (Erin Watson)
    • Gupta, P. 1999. Bluetooth Technology: What are the Applications?. http://www.mobileinfo.com/Bluetooth/applic.htm (accessed August 23, 2004). (Erin Watson)
    • Laurie, B & L (2003) Serious flaws in Bluetooth security lead to disclosure of personal data [Online]. Available: http://www.thebunker.net/release-bluestumbler.htm [Accessed 4th Aug 2004]. (Ben Henzell)
    • Lightman, A. and Rojas, W. (2002) Brave New Unwired World, New York, USA: John Wiley and Sons, Inc., ISBN 0471441104 (Erin Watson)
    • Luo, X. Lee, C. (2004). Micropayments in Wireless M-Commerce: Issues, Security, and Trend[Online]. Available: http://www.arraydev.com/commerce/jibc/0402-10.htm [Accessed 4/8/2004] (Ben Henzell)
    • Morrow, R. (2002) Bluetooth Operation and Use, New York, USA: The McGraw- Hill Companies, ISBN 007138779X (Erin Watson)
    • Powell, W. (2004) The Wild Wild Web T+D [Online], Vol. 58, issue. 1, p22. Available: Academic Search Elite, ISSN:1535-7740 [Accessed 6/9/04]. (Ben Henzell)
    • Smyth, P. (ed.)(2004) Mobile and Wireless Communications: Key Technologies and Future Applications, London, UK: The Institute of Electrical Engineers, ISBN 0863413684 (Erin Watson)
    • Swaminatha, T. and Elden, C. (2003) Wireless Security and Privacy: Best Practices and Design Techniques, Massachussetts, USA: Pearson Education, Inc., ISBN 0201760347 (Erin Watson)
    • Tsang, W. et al. Date unknown. Bluetooth Applications. http://ntrg.cs.tcd.ie/undergrad/4ba2.01/group3/applications.html (accessed August 23, 2004). (Erin Watson)
    • Whitehouse, O. (2003).’War Nibbling: Bluetooth Insecurity’ [Online]. Available: http://www.atstake.com/research/reports/acrobat/atstake_war_nibbling.pdf [Accessed 9/8/04] (Ben Henzell)

    Erin Watson 08:47, 8 Sep 2004 (EST) –nhenzell 12:30, 8 Sep 2004 (EST)

    What changes to contactless standards and technology are expected in the future?

    Many vendors are actively developing new technologies to address the increasing market need for secure contactless technologies for a wide variety of applications. Changes in government regulations will also provide opportunities for enhancing contactless technology performance. It is important to note, however, that standards development is a lengthy process so it takes time for new technology developments to be reflected in standards that help to drive the availability of interoperable solutions. A few examples of new technologies that are expected include:

    • Changes to technology based on the ISO/IEC 15693 standard. Contactless cards supporting the ISO/IEC 15693 standard currently operate at 1.65 Kb/sec to meet FCC limits on sideband power in this frequency range. The FCC is expected to lift its restriction in late 2002, which would allow cards based on the ISO/IEC 15693 standard to improve their data rates.
    • Changes for higher speed operation. ISO working groups plan to add higher speed modes of operation to ISO/IEC 14443. This will increase the speed supported by this standard from 106 Kb/sec to the 848 Kb/sec that has already been demonstrated by IC manufacturers.
    • Alternative access control reader networking solutions. Wireless readers offer a significant advantage in lower costs of installation, particularly in older facilities. New security approaches can ensure strong authenticated channels between hosts or panels and new wireless readers. IP readers also permit direct connectivity to LANbased management and control applications.
    • The ability for a single contactless chip in a card to operate in full ISO/IEC 14443 and ISO/IEC 15693 modes.

    Visa Competes with Payment Systems

    27 September 2006
    Kommersant International

    The New System will be Offered to 20 Banks<br>Yesterday, at a press conference dedicated to the five-millionth visa card issued by Sberbank, Visa International representative Oliver Hughes announced that a project introducing a system of card-to-card money transfers in Russia has launched its third stage. The project, called Visa Money Transfer (VMT), is now being tested in six Russian banks. Also yesterday, Rosbank announced its intention to participate in the trial. Twenty credit organizations have expressed interest in joining the program, of which ten will be included in the project within the next year. The trial phase of the program will last another six months, after which the VMT system is expected to be unveiled in its full form. The VMT system allows any Visa cardholder to electronically transfer or receive funds to or from another Visa cardholder via an ATM transaction. To make the transaction, all that is needed is the other cardholder’s card number. Though the company “at this point is not positioning the new service as an alternative to the system of traditional money transfers,” VMT promises to be competition for that system. The only restriction is that the laws of the Russian Federation permit such transfers to be made in Russia only in rubles. Market analysts believe that the success of the system will depend on Visa’s commission policies. Bank commissions for transfers stand at around 1%, and if Visa’s commission is more than 0.5%, it is predicted that banks will find it hard to do business within the project. According to some sources, the commission earned by the bank whose client sends the transfer will be 1% of the transfer sum. The bank whose client receives the money will make $0.48 on each transaction. The commission charged by the payment system will be $0.05 + $1. Many Russian banks have expressed interest in the project, but most for now are observing the program’s development from the sidelines, preferring to judge for themselves its power to attract customers. http://www.kommersant.com/photo/75/DAILY/2006/180/KMO_032838_00111_1h_t75.jpg
    http://www.kommersant.com/photo/512/DAILY/2006/180/KNN_001535_00046_1m.jpg
    http://www.kommersant.com/photo/512/DAILY/2006/180/KMO_073625_00010_1m.jpg
    http://www.kommersant.com/photo/512/DAILY/2006/180/KMO_069500_00019_1m.jpg

    © 2006 ZAO Kommersant Publishing House. All rights reserved.