Main » 2011 » Март » 16 » Common misconceptions about bank cards
12:05
Common misconceptions about bank cards
Working for a long time the field of banking software, and in particular on all sorts of electronic payments, along with colleagues I have compiled a mini-FAQ on the subject of bank cards. Many questions are obvious, but some can be rather vague. In Russia, business cards grows, which is nice, and better to be grounded for "materiel."

So, 10 common misconceptions.

1. The amount of money stored on the card.

To the usual credit or debit card (even if the chip) has no meter money. Card - it's just an identifier. There are exceptions in the form of special additional applications purses on the cards with the chip. Usually this can be discounted software, virtual money (eg, liters of gasoline), etc. In general, something unrelated directly with the ordinary use of the card. But such special applications are only accepted in retail outlets involved in supporting this particular type of card.

2. Anyone who wants to accept payments via bank cards can connect directly to Visa, MasterCard or any other international system.

You can not just anyone to connect directly to a Visa or Mastercard. It can only do the rich banks or independent processing centers, as needed special equipment, considerable insurance schemes, certification, security and many other "little things" (even not every bank can afford it). All others wishing to take cards use their services.

3. ATMs and terminals for the payments are directly connected to Visa or Mastercard.

Large international payment systems do not keep your ATM or payment terminal. Any ATM or terminal must belong to some bank, which, in turn, either itself or indirectly (see Section 2) is connected to the payment system.

4. I have a "map" of $ 200. That's all that I can spend.

Account balance and the amount you can spend a day with a card, much unrelated to each other. Constructive to talk about the daily limit on the card. Daily limit depends on many factors and may be less than the account balance, and more. For example, even if on account of a million, you are not likely to give off an ATM more than a few thousand a day (and this is not a limitation of the ATM as a unit). And vice versa, but if you are a VIP-client, which usually account for millions, and now you're in the casino and everything is blown, then after a call to the bank on an individual basis some of the highest managers can give the command set for you personally want limit, so you can still pay off. In this case, the bank assumes the responsibility that you have it then all give.

5. When using the card PIN check himself ATM or payment terminal.

In the overwhelming number of cases, any use of the card refers to a connection with the bank that issued the card. If you rush card in the ATM Savings Bank in Australia, the authorization to issue money would still be sought directly from Sberbank right before your eyes. All this because the PIN can be verified only by the bank that issued the card. The only exceptions are cards with a chip. Such maps can manually check the PIN (as the card-chip - a mini-computer, able to perform cryptographic functions). Also, sometimes to use cards to pay for purchases (not cash advance), a store can not connect with the authorization center for each purchase if the amount is less than a certain limit. This may be true for small amounts, when the purchase amount is less than the cost of the session exchange through the electronic channel. Since the sums are small and are sometimes used daily counts on the cards, authenticated in such manner, and risks of running into heavy losses due to fraudulent transactions too small.

6. On the magnetic strip recorded PIN, which can "steal" any member bank need only look away until your card in his hand.

In fact, on the magnetic strip recorded crypto-convolution of the PIN and card numbers obtained by means of a cryptographic key that is stored inside superohranyaemoy piece of iron at the bank. That is, using data from the magnetic strip can only verify the PIN, and then only if you know the secret key. Typically, the encryption algorithm used 3DES. "Superohranyaemaya piece of iron" - a hardware device for storing keys and cryptographic operations carrying out by them. That is, after the initial input keys (personalization) in this device, they never passed beyond the physical body in its pure form.

In addition to the major measures for the physical protection of these devices, they themselves are protected from intrusion. For example, if you try to open the casing for connecting "sniffer", then all keys will be automatically erased.

An interesting technique of primary input keys. For example, here is a realistic scenario. N is chosen security officers of the bank, for example, 3 (ideally, they even know each other should not personally). Each option generates a key and no it certainly does not show. Then, they in turn go into the room where there is equipment for the storage of keys, and enter each his own key. Then, when all the keys are entered, the device makes the XOR operation between them, and it preserves within itself as a key. It turns out that the key did not know anybody at all. And to restore it, then get the original components from each of the N security staff who must care for konfedetsialnom storage.

As I wrote in the security no half measures, and similar administrative measures are needed when the end strength of cryptography, and starts the human factor.

Important Note: none of the staff of the bank, never, under any circumstances will not ask you a PIN. But if you knew how many times out of ten customers who call in to the bank, to question the operator about their secret word (which was specified when opening the account), saying the PIN.

7. When making a purchase money immediately come directly from customer's account to the account of the store.

Usually, a real exchange of money (albeit electronic), occurs at the end of the day. And at the time of purchase itself is only blocking the amount of available limit (see p.4). Write-offs, however, usually occurs a few days later, when the bank to the account holder reaches the financial performance of the bank, through whose terminal was carried out payment.

8. The amount written on your checks when paying card, just to be deducted from your account.

In fact, the amount written off for the authorization, may differ significantly from the amount that was withdrawn by the financial transaction. This is especially manifested when paying rental cars and pay for hotels, as these outlets can "catch up" to write off the additional costs (for example, shortage of gasoline, or unpaid mini-bar). But not only these types of outlets are also allowed to increase or decrease the final amount.

Also, the amount blocked when the authorization, may differ from the amounts debited from the account if the account currency is different from the currency of the transaction, since the actual transfer of funds from the account occurs within 1-2 days, and during this time conversion rate may change.

9. The sum of the blocked account on your Card, one way or another will write with my account.

The amount blocked when you authorize, can never be deducted from the account. Through 10 (for ATM) or 45 (all other terminals) days without coming to your bank financial confirmation of the payment system, it will be unlocked. This "good" and "bad." This is a "good" when you had the surgery, from which you want to immediately give up. Immediately after the operation, you call the bank, explain the reason for the operator to the refusal, and if it is permissible, the operation is "canceled" and the lock can be removed. In this case, if an operation suddenly comes confirmation from the financial point of sale (a couple of days), then the bank itself will deal with it without you (and your money). This is a "bad" when you did wait a day or two, and the financial evidence has come to the bank before your call, then "undo" operation is already complicated. The Bank will be forced to start formal proceedings in this case, which may last for these 45 days. During this time, the purchase price may remain locked.

10. Owners debit (not credit) cards can not be "owe the bank."

As mentioned in Section 4? logic of authentication purchase is not based on actual amount in the account, and on the daily limit, as well as for credit cards and for debit cards, you can "get into the minus, if the bank puts the daily limit, slightly exceeding the account balance, even for debit cards .

I hope this information will help you avoid some unpleasant surprises when using plastic cards.

Related Posts:
  • KeePass, TrueCrypt, or how to protect their confidential data
Views: 711 | Added by: w1zard | Rating: 0.0/0
Total comments: 0
Имя *:
Email *:
Код *: