Rss

    Archives for : type

    Technology is always being challenged

    I read a very interesting paper created by the University of Massachusetts, RSA Laboratories and Innealta, Inc.<<

    This paper primarily relates to the compromise of contact less payment technologies (RFID) if the RFID and/or reader have not been implemented correctly or the solution provider has used an inappropriate type of RFID and discusses the challenges around Chip and Pin with respect to financial transactions e.g. EMV standards and compliance.

    Additionally, the paper describes a RFID relay method which is being discussed within many forums around the world and we have now begun to see equipment being produced for the RFID skimmers/clonners to use for malicious means.

    The overarching point of this paper is to use an appropriate RFID & Chip solutions which supports the security/privacy of the user and purpose of the transaction (financial or non financial)<<

    The paper can be found at http://prisms.cs.umass.edu/~kevinfu/papers/RFID-CC-manuscript.pdf

    In modern payment RFID & Chip solutions, newer devices can be used which possess a high degree of processing power and are therefore able to execute strong cryptographic methods (such as digital signatures) to protect the identification and payment information whilst the transaction is occurring.

    These systems often utilise bidirectional authentication between the RFID/Chip scanner and the RFID tag/Chip prior to performing the transaction. These methods and cryptographic algorithms are accepted and proven to work within the traditional payment markets.

    As mentioned in the paper, some solution store static digitally signed and/or encrypted data which is provided to the RFID/Chip reader when queried, but this data never changes from one transaction to another. This may allow a malicious individual to capture and re-inject the data into the reader at a later stage. The alternative to storing static digitally signed and/or encrypted data is to negotiate a key exchange at the time of the transaction in which the card/value information is encrypted and subsequently transmitted. With this method the transmitted data
    changes on every transaction and therefore even if a malicious individual was to capture the encrypted transaction data from one transaction, this would not be accepted by the reader if re-injected at a later stage.

    Although this is the case today, older RFID/Chip solutions often use technologies which are not appropriate for financial transactions and therefore may be compromised easily and in some cases without the knowledge of the card holder, merchant or acquirer.

    I find this interesting how some of these less secure solution have been approved for use by acquiring banks and the card schemes around the world (if they were told) in recent years, where it has been seen that these solutions have utilised techniques or deployment methods which can be compromised. These technologies and techniques would never be approved within the Point of Sale (PoS) or traditional banking markets.

    It can only be assumed that the need to get product to market quickly at the expense of proper testing, understanding and with due consideration to industry lessons learnt has succeeded again.

    WordPress Dust-317 Theme Tweeks

    I recently had a couple of complaints in regards to the new Website. It turns out the site looks OK in Firefox but does not seem to work very well with Internet Explorer.

    I ran the W3C Validator located at http://validator.w3.org/

    When executed against the site it found 11 errors. The files and fixes (highlighted in RED) are described below.

    File: Header.php

    Error: required attribute “type” not specified

    <script type=”text/javascript” src=”<?php bloginfo(‘template_directory’); ?>/js/addEvent.js”></script>

    <script type=”text/javascript” src=”<?php bloginfo(‘template_directory’); ?>/js/sweetTitles.js”></script>

    I have also seen some other errors in Header.php, but they don´t seem to be a big problem.

    Error: document type does not allow element “li” here; missing one of “ul”, “ol”, “menu”, “dir” start-tag.

    Update

    I finally worked out what was going on…

    It was the mod_rewrite (RewriteEngine) in the .htaccess file.

    I´m running WPSuperCache, so I thought this may have caused some issues.

    As it turned out it was the WordPress section of the .htaccess which was causing the problems. I probably modified it at some stage…

    Another Problem Found and Fixed

    I have been having problems when placing graphics into a posting, where although the WYSIWYG editor shows the correct layout, the text below the image wraps around the graphic when the site is viewed.

    After some looking around, I found a similar article written in relation to a different theme. As it turns out the fix for the DUST-317 Theme is the same.

    Edit the DUST-317 Theme style.css located in the DUST-317 theme directory. Search for this line.

    #content p img{float:left;border:none;margin-right:10px;margin-bottom:10px;}

    Remove the float:left; for the above line, making it look like this.

    #content p img{border:none;margin-right:10px;margin-bottom:10px;}

    ThatÅ› it… now the text sits under the graphics OK.

    Are MIFARE and ISO/IEC 14443 Type A the same?

    MIFARE and ISO/IEC 14443 Type A are not the same. While MIFARE is often viewed as an extension to or subset of ISO/IEC 14443 Type A, it is a proprietary encryption/conditional access protocol owned and licensed by Philips Semiconductors to multiple vendors of card ICs and reader ICs.

    Because MIFARE has been so predominantly used with products employing ISO/IEC 14443 Type A technology, it has mistakenly become synonymous with the standard. However, ISO/IEC 14443 Type A is a completely open standard when used independently of the MIFARE encryption/conditional access scheme.

    New e-Commerce and Payment Technologies Company

    Recently I came across a new e-Commerce company called EFT Networks, which seems to have an exciting future in the Global Payments Market.

    It looks like they have a good mix of consulting and solution design.

    www.eftnetworks.com

    Services

    Electronic Payment

    Designed to enable both credit card and direct debit, EFT Networks electronic payment solutions work effectively across multiple sales channels—including Web, Contact Call Centre, IVR and EFTPOS. Manage your payment processing system in-house or outsource, depending on your business needs.

    Global Payments

    International commerce requires fully integrated global payment and risk management solutions. Requirements span the gamut of payment acceptance considerations from accepting local payment types, pricing in local currencies and dynamically updating prices with changes in exchange rates (dynamic currency conversion), authorising and settling in multiple currencies, to managing fraud and compliance issues such as tax and export regulations. EFT Networks offers a single interface to the global payment network to handle all of these considerations as your business grows.

    ICE – Reporting & Management

    The EFT Networks Enterprise Business Center gives you a single, easy-to-use interface for managing and configuring payment processing services.

    ICE caters for each area of the payment transaction cycle from authentication, authorisation, settlement, dispute resolution and reconciliation – enabling our clients to reduce transaction costs, eliminate fraud, minimise risk, maximise cash flow and increase profitability.

    Integrations

    EFT Networks provides flexible and secure payment and risk management integrations in to host and legacy systems as well as industry-leading software.

    Using industry standards and protocols, our solutions can be customised to suit your exact business requirements

    Products

    ICE (Intelligent Communications Exchange)

    At the core is our Intelligent Communications Exchange (ICE) which enables all known transaction enablers from EFTPOS to eCommerce to be routed directly to a client’s bank without intervention for real time acceptance and authentication.

    The EFT Networks ICE operates under a philosophy of total System and Physical redundancy delivering the highest uptime rates possible, whilst the transaction network is protected using Solid State and Application Firewalls on all points of ingress and egress.

    Every transaction processed through EFT Networks is encrypted using 128 bit Secure Socket Layer (SSL) encryption and submitted for authorisation through EFT Networks “Secure Virtual Private Network” (SVPN).

    Our commitment to security is also reflected in our swift compliance with Card Schemes security initiatives such as VerifiedByVisa and MasterCard SecureCode.

    EFT Networks comprehensive suit of online reporting tools combined with daily transaction reports will ensure that our clients always have access to up-to-date management information allowing Business Managers to make quick and well-informed business decisions. The decision making process is simplified even further with the power of daily reports that are customised to be imported into most existing legacy systems.