Connect with us

Technology

Hack Breaks Your Visa Card’s Contactless Limit For Big Frauds

mm

Published

on

Think that £30 limit on contactless payments is going to protect you from big thefts? Think again. 


Security researchers have found a way to bypass that limit on Visa cards. Their hack, which isn’t limited to U.K. cards, could let opportunistic crooks drain accounts with a single tap, and they claim they don’t even need to steal the credit card. And little on Visa’s side is being done to address this fresh fraud threat.

Forbes let the researchers—Leigh-Anne Galloway and Tim Yunusov from cybersecurity company Positive Technologies—try it out on a personal Visa card. They extracted three successful payments of £31 ($38). On their own cards they made contactless payments as high as £101, though it’s possible more could be stolen with just a tap.

Their hacks show how contactless fraud could get a lot worse. Typically, if a bank sees multiple £30 contactless payments, the card will cease to work, as fraud detection systems suspect it’s in the hands of a thief. But if it’s possible to make large transactions in one tap, the potential for significant frauds rises. 

READ MORE | Is Forex A Scam Or Money Goals?

Card thieves can now make larger payments than they could before. But now, they don’t even need to steal the card. Criminals could, for instance, take a payment from a card when the user wasn’t looking with their own mobile payments machine (though a malicious merchant would eventually be caught by banks’ fraud systems if they used the same terminal).

Or even more dastardly, it’s possible to take a payment reading from a credit card using a mobile phone, send the data to another phone and make a payment on that second device going beyond the limit, the researchers claimed. For the hack to work, all the fraudsters need is to be close to their victim.

“So that means if you found someone’s card or if someone stole your card, they wouldn’t have to know your PIN, they wouldn’t have to impersonate your signature, and they could make a payment for a much higher value,” said Galloway.

There should be some limits on just how much a hacker could steal. Galloway said that while it may be that thieves could go much higher than the £101 they tested, into the hundreds or possibly thousands, fraud detection systems at the banks may be able to spot any wildly high transactions.

“What we found is that actually, we can make reasonably high-value payments. So in the U.K., we’re able to make payments of £100 without any detection,” she added.

They’re still testing whether the hack would work elsewhere in the world, but Galloway confirmed it was not limited to a single country. The limit, of course, differs between nations. For instance, in the U.S., it’s considerably higher at $100.

No fix planned?

That doesn’t detract from the finding that the limit set on Visa cards can be broken. But Visa isn’t planning on updating its systems to deal with the hack. The financial industry giant argued that such a hack wouldn’t be likely to occur in the real world as the criminals would need to have their hands on the card and this doesn’t happen frequently. 

A spokesperson for the company went as far as to say that despite the research there wasn’t a security problem that needed addressing.

“One key limitation of this type of attack is that it requires a physically stolen card that has not yet been reported to the card issuer,” a Visa spokesperson told Forbes, noting that Visa was continually working on improving its fraud detection tech. 

“Likewise, the transaction must pass issuer validations and detection protocols. It is not a scalable fraud approach that we typically see criminals employ in the real world.”

READ MORE| #30Under30: Technology Category 2019

Galloway disagreed that the fraudster would need to steal the card. As their tests showed, the hacker only needs to get close enough to the victim’s card for a short period of time to take a payment. This kind of “skimming” has long been proven possible, even if it relies on the card owner being caught unawares.

The Visa spokesperson also claimed that Visa’s global contactless fraud rate declined by 33% between 2017 and 2018 and in Europe by 40%. But data from UK Finance shows fraud using contactless caused £19.5 million of losses during 2018, up from £14 million in 2017.

UK Finance did, however, note this was “low” in light of total spending of £69 billion over the same year. And neither UK finance nor Visa said they’d ever recorded a case of contactless fraud in which the card hadn’t been stolen.

How the contactless hack works

To carry out their hack, the researchers used a specialized piece of hardware to intercept and insert messages in the communications between the card and the reader. For instance, they could tell the card that verification—like a PIN—wasn’t needed, even though the requested amount was more than £30. They then told the terminal that verification has already been made by another means. 

The researchers said these checks hadn’t been made mandatory by Visa, as they had been by its rivals. And as banks follow the guidelines laid out by Visa, it could be doing more to address the issue, Galloway said. Though Visa said that card issuers are ultimately responsible for validating transactions.

For the attack using two mobiles, Galloway explained that it was possible to use one smartphone to tap a card and effectively clone it for a short period. That first mobile takes what’s known as a “payment cryptogram” from the card. This is essentially a signature that is supposed to guarantee the authenticity of future payments.

READ MORE | Cryptocurrency Thefts, Scams Hit $1.7 Billion in 2018: Report

The cryptogram is sent to the second phone, which simulates the card as if it were making a mobile payment. The hackers can then go beyond the limit by doing the same interception attack as before.

Stephen Ridgway, cofounder and chief technology officer at cybersecurity startup th4ts3cur1ty.company, said that addressing such attacks at a technical level could be problematic.

“There may be no ‘quick fix’ for this, even if the payment providers mandate authentication for payments over £30, if the card and reader are susceptible to a ‘man-in-the-middle’ attack that tricks the system into believing that authentication has already taken place,” he said. 

As for what concerned cardholders can do to protect themselves, keeping cards physically secure is vital. For anyone worried about someone reading their card through their wallet, there are covers that can prevent such “skimming” from working. Ridgway said another cheap solution was to use a phone cover, as they often provide the same protection. And monitoring transactions could help consumers detect fraudulent transactions before banks do.

Improving bank security and fresh new regulation should also improve matters. Ridgway said that should contactless limit bypasses become common, it’s very likely that payment providers will quickly learn to recognize and block them.

And incoming new EU rules could also prove a boon. From September 2019, banks will need to ensure a PIN is required once total contactless payments exceed a value of £130 or when five contactless transactions have been made in a day.

-Thomas Brewster; Forbes

Continue Reading
Advertisement
Comments

Health

How Virtual Therapy Apps Are Trying To Disrupt The Mental Health Industry

mm

Published

on

By

Millions of Americans deal with mental illness each year, and more than half of them go untreated. As the mental health industry has grown in recent years, so has the number of tech startups offering virtual therapy, which range from online and app-based chatbots to video therapy sessions and messaging. 

Still a nascent industry, with most startups in the early seed-stage funding round, these companies say they aim to increase access to qualified mental health care providers and reduce the social stigma that comes with seeking help. 

While the efficacy of virtual therapy, compared with traditional in-person therapy, is still being hotly debated, its popularity is undeniable. Its most recognizable pioneers, BetterHelp and TalkSpace, have enrolled nearly 700,000 and more than 1 million users respectively. And investors are taking notice.

Funding for mental health tech startups has boomed in the past few years, jumping from roughly $100 million in 2014 to more than $500 million in 2018, according to Pitchbook. In May of this year, the subscription-based online therapy platform Talkspace raised an additional $50 million, bringing its total funding to just under $110 million since its 2012 inception.

The ubiquity of smartphones, coupled with the lessening of the stigma associated with mental health treatment have played a large role in the growing demand for virtual therapy. Of the various services offered on the Talkspace platform, “clients by far want asynchronous text messaging,” says Neil Leibowitz, the company’s chief medical officer.

Users seem to prefer back-and-forth messaging that isn’t restricted to a narrow window of time over face-to-face interactions. At BetterHelp, founder Alon Matas notes that older users are more likely to go for phone and video therapy sessions, whereas younger users favor text messaging.

“Each generation is getting progressively more mobile-native,” says John Prendergass, an associate director at Ben Franklin Technology Partners’ healthcare investment group, “so I think we’re going to see people become increasingly more accustomed, or predisposed, to a higher level of comfort in seeking care online.”

The ease and convenience of virtual therapy is another draw, particularly for busy people or those who live in rural areas with limited access to therapy and a range of care options.

Alison Darcy, founder and CEO of Woebot, a free automated chatbot that uses artificial intelligence to provide therapeutic services without the direct involvement of humans, says that with Woebot and other similar services, there is no need to schedule appointments weeks in advance and users can receive real-time coaching at the moment they need it, unlike traditional therapy. The sense of anonymity online can also lead to more openness and transparency and attracts people who normally wouldn’t seek therapy.

Along with stigma, the cost of therapy has historically acted as a barrier to accessing quality mental-health care. Health insurance is often unlikely to cover therapy sessions. In most cities, sessions run about $75 to $150 each, and can go as high as $200 or more in places like New York City. Web therapists don’t have to bear the expense of brick-and-mortar offices, filing paperwork or marketing their services, and these savings can be passed on to clients. 

BetterHelp offers a $200-a-month membership that includes weekly live sessions with a therapist and unlimited messaging in between, while Talkspace’s cheapest monthly subscription at $260-a-month, offers unlimited text, video and audio messaging.

But virtual therapy, particularly text-based therapy, is not suitable for everyone. Nor is it likely to make traditional therapy obsolete. “Online therapy isn’t good for people who have severe mental and relational health issues, or any kind of psychosis, deep depression or violence,” says Christiana Awosan, a licensed marriage and family therapist. 

At her New York and New Jersey offices, she works predominantly with black clients, a population that she says prefers face-to-face meetings. “This community is wary of mental health in general because of structural discrimination,” Awosan says. “They pay attention to nonverbal cues and so they need to first build trust in-person.”  

Virtual therapy apps can still be beneficial for people with low-level anxiety, stress or insomnia, and they can also help users become aware of harmful behaviors and obtain a higher sense of well-being. 

Sean Luo, a psychiatrist whose consultancy work focuses on machine learning techniques in mental health technology, says: “This why some of these companies are getting very high valuations. There are a lot of commercialization possibilities.” He adds that from a mental health treatment perspective, a virtual therapy app “isn’t going to solve your problems, because people who are truly ill will by definition require a lot more.”

Relying on digital therapy platforms might also provide a false sense of security for users who actually need more serious mental-health care, and many of these apps are ill-equipped to deal with emergencies like suicide, drug overdoses or the medical consequences of psychiatric illness. “The level of intervention simply isn’t strong enough,” says Luo, “and so these aspects still need to be evaluated by a trained professional.

Ruth Umoh, Diversity and Inclusion Writer, Forbes Staff.

Continue Reading

Technology

AI 50 Founders Say This Is What People Get Wrong About Artificial Intelligence

mm

Published

on

By

Forbes’ new list of promising artificial intelligence companies highlights how the technology is creating real value across industries like transportation, healthcare, HR, insurance and finance.

Naturally, the founders of the honoree companies are excited about the technology’s benefits and, in their roles, spend a lot of time thinking and talking about its strengths and limitations. Here’s what they think people get wrong about artificial intelligence.

Affectiva CEO Rana el Kaliouby says she’s too often encountered the idea that AI is “evil.”

“AI—like any technology in history—is neutral,” she says. “It’s what we do with it that counts, so it’s our responsibility, as an AI ecosystem, to drive it in the right direction.” 

Companies need to be aware of how AI could widen bounds of inequality, she adds: “Any AI that is designed to interact with humans—Affectiva’s included—must be evaluated with regards to the ethical and privacy implications of these technologies.”

Sarjoun Skaff, CTO and cofounder of Bossa Nova Robotics, says that the biggest misconception he encounters is that artificial intelligence is actually, well, intelligent. 

“The truth is much more mundane,” he says. “AI is a very good pattern-matching tool. To make it work well, though, scientists need to understand the details of how it internally works and not treat it as an ‘intelligent’ black box. At the end of the day, making good use of great pattern matching still belongs to humans.”

Similarly, Aira cofounder Suman Kanuganti says that the public has “over-inflated expectations” for artificial intelligence.

“Garry Kasparov sums it up nicely: ‘We are in the beginning of MS-DOS and people think we are Windows 10,’” Kanuganti says. “AI realistically is still like a 3-year-old child at this stage. When it works, it feels magical. It does some things well, but there’s still a long way to go.”

So, no, we are nowhere close to “artificial general intelligence,” or AGI, where machines are actually as smart as humans.

“We’re still a long way from AI having the general intelligence of even a flea,” says David Gausebeck.

Despite the tendency to overestimate what artificial intelligence can do, the difficulty of building an effective system is often underestimated, some founders say.

“The systems you need to implement and manage machine learning in production are often much more complex than the algorithms themselves,” says Algorithmia CEO Diego Oppenheimer. “You can’t throw models at a complex business problem and expect returned value. You need to build an ecosystem to manage those models and connect their intelligence to your applications.” 

Put another way, you can’t just “sprinkle on some artificial intelligence like a magic sauce,” says Feedzai CEO Nuno Sebastiao.

One of the most common tropes that a handful of founders brought up was the idea that artificial intelligence is primarily a job killer.

People.ai founder Oleg Rogynskyy says that AI should be seen as a creator of new opportunities instead of a destroyer of jobs.

“In a nutshell, AI does two things: It automates repetitive low-value-add work for humans (which will indeed take low-complexity jobs away), which we think of as ‘Autopilot,’  and it guides people on how to do their work or other activities better (which makes humans more effective at what they do), which we call ‘Copilot,’” he says. “While Autopilot can take simple, repetitive and boring jobs away, Copilot is absolutely the best way to guide, train and educate humans on how to do new things.”

– By Jillian D’Onfro, Forbes

Continue Reading

Technology

‘AI Is A Powerful Tool’

Published

on

Research forecasts that by 2025, machines will perform more current work tasks than humans. Murat Sonmez, member of the managing board, and Head of the Centre for the WEF Fourth Industrial Revolution Network, expands on the role humans might play.


The Fourth Industrial Revolution (4IR) is at the center of the current economic frontier. In reality, is Africa prepared for such changes?

Moving quickly and being agile are key principles of success in the 4IR. Any country can succeed if they take on this mindset. A few years ago, Rwanda saw the opportunities drones, a 4IR technology, brought to their country.

They helped save over 800 lives by delivering blood to remote villages. To scale this, the government worked with the World Economic Forum’s (WEF) drones’ team to create the world’s first agile airspace regulation. Now, we see countries in Africa and around the world looking to the Rwandan model.

READ MORE | 5 Ways Tech Can Revolutionize Education

What feasible solutions can  artificial intelligence (AI) offer in terms of forecasting natural disasters, droughts food security on the African continent?

AI can help predict diseases, increase agriculture yields and help first responders. It is a powerful tool for governments and businesses, but it needs a lot of data to be effective.

For AI to be all that it can be, countries and companies need to work together to build frameworks for better management and protection of our data and ensure that it is shared and not stored in silos. Data is the oxygen of the (4IR). If countries do not leverage data and have their policies in place, they will be left behind.

There is a growing concern that the 4IR will strip people of jobs, of which there is already a shortage. How true is this?

The world is going through a workplace revolution that will bring a seismic shift in the way humans work alongside machines and algorithms.

Latest research from the WEF forecasts that by 2025, machines will perform more current work tasks than humans, compared to 71% being performed by humans today.

READ MORE | Roadmap For African Startups

The rapid evolution of machines and algorithms in the workplace could create 133 million new roles in place of 75 million that will be displaced between now and 2022.

Consumers have real concerns around the potential harm technology can cause in areas such as privacy, misinformation, surveillance, job loss, environmental damage and increased inequality. What ethical precautions are being considered in the robotics space?

Now more than ever, it is important to incorporate ethics into the design, deployment and use of emerging technology. Innovating in the 4IR requires addressing concerns around privacy and data ownership, while attracting the skills and forward-looking thinkers of the future.

There are big challenges and bigger opportunities ahead. We have seen many companies and countries create ethical and human rights-based frameworks. What’s important is they are co-designed with members of both communities along with academia, civil society and start-ups.

A multi-stakeholder approach will result in a more holistic set of guidelines and principles that can be adopted in many different industries and geographies.

READ MORE | It’s Time For Africa’s Gazelles To Shine

What changes need to take place for the African continent to be on par with global developments, and are there tangible goals set?

The 4IR provides governments the opportunity to be global leaders in shaping the next 20 to 30 years of science and technology. It is important they create an environment where companies can innovate.

The other tenet is to be open to working across borders and learning from each other. The global health industry has access to mountains of data on rare diseases, but it is trapped within countries and sometimes even within the hospital walls.

If we can build trust and find innovative ways to share the data while protecting privacy, we can employ tools like AI to help us cure disease faster. Countries and companies need to have the right governance frameworks and mechanisms in place for these breakthroughs to happen. It is possible to do these things now, but we need to work together to make it happen.

Continue Reading

Trending