Design Solution: Coming 05/03/17



Forensic Examination of Chip card Fraud

Published by French security researchers in 2015, the paper details a forensic analysis of cards and chips utilized in a very high-tech case of fraud.   The article contains X-rays scans detailing the sophisticated nature of the forgery.

The original article is first followed by a 10/2015 Wired magazine interview with the researchers.

Forged PIN

Wired magazine story

Visa, Account Identifiers and EMV Acceptance

Sometimes Visa can’t get out of their own way.  In June 2016, Visa issued attempted to “clarify” merchant policies and in the process managed to slow down EMV adoption, anger merchants and frustrate consumers.  Nicely done.

The EMV chip on your Visa, Mastercard or Discover contains two account identifiers (AIDs).  The AID provides information necessary to route the transaction across a payment network.  Two standards exist:  a global AIDs and the US Common Debit AIDs.

  • Global AIDs allow access to only one of the global payment networks.
  • The US Common standard allows access to all US debit networks enabled by the issuer.  There are many payment networks in the US including:  AFFN, ATH, CO-OP, Jeanie, NETS, NYCE, Presto!, PULSE, SHAZAM, and STAR.

The general approach in the industry based on Dodd-Frank regulations is to use the US Common standard for all debit transactions inside the US and the global AIDs for all cross-border transactions.

As EMV terminals rolled out in 2013,  the goal was to permit continued competition and choice by allowing a merchant to choose between global AIDs and US Common standards for routing debit card traffic.

Fast-forward to June 2016.  Does this screen look familiar?


The Visa debit choice required a signature and routed your debit card across Visa’s global AID, overriding the merchant debit payment network.

The bottom line here, like most bottom lines, comes down to money.  Payment networks charge fees.  More use, more fees.

Consumer frustration and complaints to the FTC helped nudge Visa back in the direction of fair competition.    Visa had to back-track in November, 2016.  Read the statement HERE.     You should no longer find the screen prompts in use.



Even the best can get fooled – be alert.

‘cuz we need lerts.  Lotsa lerts.  These days even the best can get fooled by the bad guys.   Brian Krebs provides details on how he and others got scammed by a hacked Amazon account.  Krebs also shows you screen shots from a darkweb crime site selling hacked Amazon accounts:

“But it’s likely to have been from a site like SLILPP, a crime shop which specializes in selling hacked Amazon accounts. Currently, the site advertises more than 340,000 Amazon account usernames and passwords for sale.”

Read the entire story here on Brian’s site

Then go forth and be a lert.