Some gas stations still show the credit card number on the receipt as well as a name...

Linki


» Dzieci to nie książeczki do kolorowania. Nie da się wypełnić ich naszymi ulubionymi kolorami.
» 01900–02039: SQL Parsing ORA–02020 too many database links in use Cause The maximum number of active connections to remote databases...
» By default, all text is left aligned and numbers, dates, and times are right aligned...
» One of the most important secondary characters is Bart’s TV hero, Krusty the Clown (voiced by Castellaneta), who is featured in a number of episodes, beginning with...
» note-2004-038-SRF[1] EU contract number RII3-CT-2003-506395 CARE...
» As you’ll see, there are a number of issues that make this a more complicated problem than it seems...
» sleep( ) to cease execution for a given number of milliseconds...
» "writeCheck:" merely notes the next check number, then bumps up the check number, and down the check count...
» Designated by DOUBLE( p, m) where m is the number of digits in the mantissa or decimal portion of the number and p is the precision of the number, or number of places in the entire...
» W mieszkaniu było zimno...
» following the first successful login after password expiration...

Dzieci to nie książeczki do kolorowania. Nie da się wypełnić ich naszymi ulubionymi kolorami.

Unfortunately, someone was staking out this particular gas station, looking for receipts left behind. He simply pumped a few dollars’ worth of gas and took the receipt without raising any suspicion. He was part of a ring and sold Mary’s credit card number, as well as several others he had taken that week, to a New Jersey counterpart. This individual then sold them again to a colleague in the United
© 2000 by CRC Press LLC
Kingdom. Hence, the numbers were used to make illegal purchases in England less than 24 hours after they were stolen. If you did not understand the technology, do you think you would have been able to solve this case? What would you do to further this investigation with your foreign counterparts?
Available Resources
Available resources for such investigations include the U.S. Secret Service, Interpol, and New Scotland Yard in England. Coordinate your efforts with the credit card investigators, as they always have foreign offices that can assist you.
© 2000 by CRC Press LLC
Integrated
Circuit Cards
7

What Are They?
Integrated circuit card (ICC), also known as Chip Cards, Smart Cards, and Memory Cards, refer to a standard plastic card with an embedded integrated circuit. Such cards are used for a variety of applications, such as telephone cards, identification, access control, mass transit, and financial transactions. The vast majority of ICCs in use are telephone cards, which are relatively simple devices having limited functionality and security. Financial transaction cards differ from other cards in that they utilize secure microprocessors that support greater functionality and a high level of security. They are further defined by industry- and issuer-specific standards.
Microprocessor-based ICCs used as financial transaction cards can be thought of as a personal computer within a card, although obviously there are major differences in memory and input/output functionality. All memory in the card is located on the integrated circuit (chip); there is no disk drive or other auxiliary memory. All communication is by means of the contacts on the surface of the card. These contacts are essentially a serial communications channel, which is always under the control of the operating system and security parameters. There are no other input/output devices such as keyboards, displays, printers, etc.
There are typically three kinds of memory on the card: read-only memory
(ROM), electrically erasable programmable read-only memory (EEPROM), and random access memory (RAM). The operating system and application programs are
© 2000 by CRC Press LLC
stored in ROM and EEPROM. Cardholder-specific data and transaction data are stored in EEPROM. RAM is used for temporary storage during the execution of applications.
Memory is also segmented into security levels having various access attributes. As examples, some data (public) can be read by anyone but can only be altered under password control. Other data (private) can be under password control for both reading and alteration. Finally, some data (secret) can never be read externally but can be altered under password control. Cryptography is a key aspect of card security. All financial cards can execute a symmetrical encryption algorithm, currently DES (digital encryption standard). The newest cards can also execute an asymmetrical encryption algorithm, currently RSA (Rivest, Shamir, Adleman; named for the inventors of the public key system). Critical data, such as encryption keys, are unique for each card.
In addition to the software security, there are numerous hardware security features that make examination or alteration of the card logic or data extremely difficult. In combination, these hardware and software security measures create a secure device.
The cost to compromise the card security should exceed any potential economic gain.
How Are They Used?
The activities of any transaction can be grouped into four processes:
1. Authentication of the parties (are they who they say they are, and what privileges do they have?)
2. Authorization of the transaction (do the parties have the resources necessary and are they authorized to expend these resources?)
3. Execution of the transaction
4. Documentation of the transaction
A secure ICC can increase the security and accuracy of each of these processes.
Authentication
Because the card can securely store unique information, such as encryption keys, a cryptographic exchange between the card and terminal is used to ensure the authenticity of both parties. The specifics of this exchange will vary with the algorithms and key management policies being used. Authentication of the cardholder can be accomplished by comparing a PIN or biometrics information supplied by the cardholder with data stored within the card. Thus, with a high level of certainty, the terminal determines that the card is authentic; at the same time, the card detects that the terminal is authentic, and the cardholder is revealed as being the true cardholder. In addition, this authentication process can be accomplished in an “off-line” mode (i.e., the card issuer does not have to be contacted at the time of the transaction). Such authentication is important for face-to-face transactions and will be even more important for the growing number of electronic commerce transactions.
© 2000 by CRC Press LLC
Authorization
Each card can store cardholder-specific risk management parameters. Such parameters might include limits regarding the number and/or value of transactions permitted without going to the issuer for authorization. Also, it is possible to temporarily disable (block) a card. Using another cryptographic exchange, the issuer can instruct the card to refuse further transactions until the correct “unblock” command is used.
Thus, a stolen card can be prevented from executing additional transactions in ICC
mode.
Execution
Once authentication and authorization are accomplished, the transaction can be executed.
Documentation

Powered by MyScript