Connect with us

Technology

Hack Breaks Your Visa Card’s Contactless Limit For Big Frauds

mm

Published

on

Think that £30 limit on contactless payments is going to protect you from big thefts? Think again. 


Security researchers have found a way to bypass that limit on Visa cards. Their hack, which isn’t limited to U.K. cards, could let opportunistic crooks drain accounts with a single tap, and they claim they don’t even need to steal the credit card. And little on Visa’s side is being done to address this fresh fraud threat.

Forbes let the researchers—Leigh-Anne Galloway and Tim Yunusov from cybersecurity company Positive Technologies—try it out on a personal Visa card. They extracted three successful payments of £31 ($38). On their own cards they made contactless payments as high as £101, though it’s possible more could be stolen with just a tap.

Their hacks show how contactless fraud could get a lot worse. Typically, if a bank sees multiple £30 contactless payments, the card will cease to work, as fraud detection systems suspect it’s in the hands of a thief. But if it’s possible to make large transactions in one tap, the potential for significant frauds rises. 

READ MORE | Is Forex A Scam Or Money Goals?

Card thieves can now make larger payments than they could before. But now, they don’t even need to steal the card. Criminals could, for instance, take a payment from a card when the user wasn’t looking with their own mobile payments machine (though a malicious merchant would eventually be caught by banks’ fraud systems if they used the same terminal).

Or even more dastardly, it’s possible to take a payment reading from a credit card using a mobile phone, send the data to another phone and make a payment on that second device going beyond the limit, the researchers claimed. For the hack to work, all the fraudsters need is to be close to their victim.

“So that means if you found someone’s card or if someone stole your card, they wouldn’t have to know your PIN, they wouldn’t have to impersonate your signature, and they could make a payment for a much higher value,” said Galloway.

There should be some limits on just how much a hacker could steal. Galloway said that while it may be that thieves could go much higher than the £101 they tested, into the hundreds or possibly thousands, fraud detection systems at the banks may be able to spot any wildly high transactions.

“What we found is that actually, we can make reasonably high-value payments. So in the U.K., we’re able to make payments of £100 without any detection,” she added.

They’re still testing whether the hack would work elsewhere in the world, but Galloway confirmed it was not limited to a single country. The limit, of course, differs between nations. For instance, in the U.S., it’s considerably higher at $100.

No fix planned?

That doesn’t detract from the finding that the limit set on Visa cards can be broken. But Visa isn’t planning on updating its systems to deal with the hack. The financial industry giant argued that such a hack wouldn’t be likely to occur in the real world as the criminals would need to have their hands on the card and this doesn’t happen frequently. 

A spokesperson for the company went as far as to say that despite the research there wasn’t a security problem that needed addressing.

“One key limitation of this type of attack is that it requires a physically stolen card that has not yet been reported to the card issuer,” a Visa spokesperson told Forbes, noting that Visa was continually working on improving its fraud detection tech. 

“Likewise, the transaction must pass issuer validations and detection protocols. It is not a scalable fraud approach that we typically see criminals employ in the real world.”

READ MORE| #30Under30: Technology Category 2019

Galloway disagreed that the fraudster would need to steal the card. As their tests showed, the hacker only needs to get close enough to the victim’s card for a short period of time to take a payment. This kind of “skimming” has long been proven possible, even if it relies on the card owner being caught unawares.

The Visa spokesperson also claimed that Visa’s global contactless fraud rate declined by 33% between 2017 and 2018 and in Europe by 40%. But data from UK Finance shows fraud using contactless caused £19.5 million of losses during 2018, up from £14 million in 2017.

UK Finance did, however, note this was “low” in light of total spending of £69 billion over the same year. And neither UK finance nor Visa said they’d ever recorded a case of contactless fraud in which the card hadn’t been stolen.

How the contactless hack works

To carry out their hack, the researchers used a specialized piece of hardware to intercept and insert messages in the communications between the card and the reader. For instance, they could tell the card that verification—like a PIN—wasn’t needed, even though the requested amount was more than £30. They then told the terminal that verification has already been made by another means. 

The researchers said these checks hadn’t been made mandatory by Visa, as they had been by its rivals. And as banks follow the guidelines laid out by Visa, it could be doing more to address the issue, Galloway said. Though Visa said that card issuers are ultimately responsible for validating transactions.

For the attack using two mobiles, Galloway explained that it was possible to use one smartphone to tap a card and effectively clone it for a short period. That first mobile takes what’s known as a “payment cryptogram” from the card. This is essentially a signature that is supposed to guarantee the authenticity of future payments.

READ MORE | Cryptocurrency Thefts, Scams Hit $1.7 Billion in 2018: Report

The cryptogram is sent to the second phone, which simulates the card as if it were making a mobile payment. The hackers can then go beyond the limit by doing the same interception attack as before.

Stephen Ridgway, cofounder and chief technology officer at cybersecurity startup th4ts3cur1ty.company, said that addressing such attacks at a technical level could be problematic.

“There may be no ‘quick fix’ for this, even if the payment providers mandate authentication for payments over £30, if the card and reader are susceptible to a ‘man-in-the-middle’ attack that tricks the system into believing that authentication has already taken place,” he said. 

As for what concerned cardholders can do to protect themselves, keeping cards physically secure is vital. For anyone worried about someone reading their card through their wallet, there are covers that can prevent such “skimming” from working. Ridgway said another cheap solution was to use a phone cover, as they often provide the same protection. And monitoring transactions could help consumers detect fraudulent transactions before banks do.

Improving bank security and fresh new regulation should also improve matters. Ridgway said that should contactless limit bypasses become common, it’s very likely that payment providers will quickly learn to recognize and block them.

And incoming new EU rules could also prove a boon. From September 2019, banks will need to ensure a PIN is required once total contactless payments exceed a value of £130 or when five contactless transactions have been made in a day.

-Thomas Brewster; Forbes

Continue Reading
Advertisement
Comments

Technology

How To Cut The Cord: The Top Smart TVs For Streaming 2019

mm

Published

on

By

Freeing yourself from the shackles of cable or satellite television is easier to do than you might think, especially if you have a smart or connected television.

Smart TVs have integrated internet and interactive features that allow users to stream music and videos, browse the Web and view photos. Almost every new high-end television sold within the last two years or so has smart capabilities. So how do you choose?

If you want to take advantage of streaming services like Netflix, Hulu, Amazon Prime and more, then look at these television sets.

LG C9 OLED 65-inch TV
Best smart TVs
On the streaming front, it provides a single place to browse and search for TV shows and movies from apps like Hulu, Amazon Prime Video, ESPN, PlayStation Vue, and more. LG

In addition to a beautiful, detailed picture and a big soundstage, this 4K OLED sports cutting-edge connectivity, including an HDMI 2.1, and a comprehensive feature set including both Google Home and Amazon Alexa built in. It also comes with Home Dashboard, a new tool that turns the set into the central control hub of all your connected home devices—from doorbell cameras to smart thermostats to appliances like a washing machine or a stove.

On the streaming front, it provides a single place to browse and search for TV shows and movies from sites such as Hulu, Amazon Prime Video, ESPN, PlayStation Vue, and more. It also lets users rent, purchase and watch TV shows and movies from Apple’s iTunes store.

Vizio 55-inch M-Series Quantum
Best smart tVs
This Vizio is equipped with updated SmartCast 3.0 software includes support for Apple AirPlay2 and HomeKit, making it just as suitable for iOS users. VIZIO

At under $700, the 55-inch M-Series Quantum offers a serious value in the smart TV arena. Not only does it deliver an excellent picture and sound, but it is also equipped with updated SmartCast 3.0 software, which includes support for Apple AirPlay2 and HomeKit (making it just as suitable for iOS users).

The update also has a more vibrant selection of locally installed apps, including Netflix, Amazon Video, Hulu and Vudu. Thanks to a partnership with PlutoTV, the Vizio also offers a dedicated streaming channel called WatchFree, which gives you a TV-watching experience with more than 100 free channels, including sports, news, cartoons, and movies. You can also pair the set with an Amazon Echo device for voice control with Alexa.

Sony Master Series 65-inch A9F OLED TV
Best Smart TVs
This 65-incher also comes with Google Assistant capability, which lets you search for content, find online information, use online services and even control smart-home devices.SONY

If money is no object and you want a TV with loads of features, an incredible picture and terrific sound, go with the Sony A9G. The A9F is one of the first Sony Android TVs to ship with the newest version of its smart OS. The most notable names in video are preloaded, including Amazon Prime Video, Google Play Movies & TV, Hulu, Netflix, Sling TV,and YouTube. For music, Google Play Music, Pandora, SiriusXM, Spotify, Tidal and a slew of internet radio stations.

This Sony 65-incher also comes with Google Assistant, which lets you search for content, find online information, use online services and even control smart-home devices. 

TCL 43S517 Roku Smart 4K TV
Best smart TVs
The Roku TV interface is uncluttered and easy to navigate, with big square tiles for all your apps and streaming services, including Netflix and Hulu. TCL

Great things can come in packages costing less than $400. Not only will you get a terrific picture, robust sound and a slew of genuinely exciting features, this TCL 43-inch model sports Dolby Vision HDR, Dolby Atmos audio support and integrated Roku voice search.

The Roku TV interface is uncluttered and easy to navigate, with big square tiles for all of your apps and streaming services, including Netflix and Hulu. There are also apps for major broadcasters, major sports leagues, and premium channels such as HBO and Showtime. Of particular interest to cord-cutters will be support for Sling TV, which provides a cable-like experience without the expense of a cable subscription.

Insignia 43-Inch 4K Fire TV Edition
Best Smart TVs
This under $300 43-incher offers most of the apps you’d expect, like Netflix, Hulu, HBO Go and HBO Now, as well as Amazon Prime Video. INSIGNIA

Amazon finally seems to have a Fire TV that can compete with the Roku-powered smart sets. This 4K television with HDR support is packed with features for the Amazon faithful, with Alexa voice interaction built-in, Amazon’s huge selection of Fire TV apps, and a smart TV experience that puts Prime Video centerstage.  

This 43-incher costs less than $300 and offers most of the streaming apps you would expect, such as Netflix, Hulu, HBO Go and HBO Now, as well as Amazon Prime Video. Plus, Fire TV will soon get an official YouTube app packed with services such as YouTube Kids, YouTube Music and (most critical for cord-cutters) YouTube TV.

-Chuck Tannert, Forbes

Continue Reading

Technology

Multi-Disciplinary Education In The 4IR Era

mm

Published

on

There is an adage that states “if you want to know the future of a nation, study the behavior of its teachers”.

The most potent force for political, economic and social progress in society is education. The measure of how great a nation will rise is determined by how many people in its population are educated. The African continent today has a total purchasing power parity gross domestic product (GDP) of $6.7 trillion, and a population of 1.2 billion people.

According to the United Nations Educational, Scientific and Cultural Organization (UNESCO), in 2016, sub-Saharan Africa had a literacy rate of 76% compared to 89% in South and West Asia, 87% in the Arab states and 98% in the developed nations.

This literacy rate in sub-Saharan Africa is far from adequate, and calls for urgent and practical action to improve it.

READ MORE | Amid Trade Wars, What Africa Must Do

We are living in an era characterized by the fourth industrial revolution (4IR) where technologies such as artificial intelligence (AI) and blockchain are changing all aspects of our lives. Factories are automating. Because of these changes, the nature of work is changing.

Many jobs are disappearing altogether, and new types of jobs are being created. For example, we now have jobs that did not exist 20 years ago, such as Data Scientists. AI is now able to diagnose severe diseases such as pulmonary embolism, epilepsy and leukemia complementing the work of medical professionals. Because of the rapid automation in the medical field, doctors today require an in-depth knowledge of technology.

These changes in society because of 4IR require new sets of skills. Are our education systems ready to capacitate our people with the requisite skills to tackle the problems of 4IR?  Do we have enough teachers at all levels of our educational systems to be able to give our people skills that will make them useful in the 4IR era? Do we have enough educational institutions to be able to skill our people? Unfortunately, the answers to these two questions are in the negative.

READ MORE | Data Is The New Gold

Given that we do not have enough teachers nor educational institutions to provide a critical mass of our people the requisite capabilities that will help them survive in the 4IR, what is to be done? One way of tackling this problem is to take a lesson from the first Indian Prime Minister, Jawaharlal Nehru, who realized that for India to thrive in the 20th century, it needed to invest in elite technical education. In this regard, he introduced the Indian Institutes of Technology (IIT).

Nehru had this to say in 1956 at the first convocation address of the first IIT in Kharagpur, a city in West Bengal: “…Here in the place of that Hijli Detention Camp stands the fine monument of India, representing India’s urges, India’s future in the making. This picture seems to me symbolical of the changes that are coming to India.”

It is vital that African countries create a few elite institutions that will drive the African continent into the 4IR. The Pan-African University supported by the African Union is a good start, but we can do more.

Additionally, these elite institutes should not be limited to higher education only but must also focus on primary and secondary education. One example in Johannesburg is the African Leadership Academy (ALA), which targets gifted 16-to-19-year-olds. Today, the ALA has alumni from 46 different countries making an impact on the political, economic, and social aspects of the African continent.

READ MORE | The 4IR Strategy To Move Forward

For us to thrive in the 4IR era also requires our educational experience to be multi-disciplinary. In our limited institutions of higher learning, students enrolled for programs in the human and social sciences must also study technological subjects.

Those enrolled in technological programs must study human and social subjects. Technological subjects should focus on the issues that confront the African continent, such as affordable and appropriate technology, limited and incomplete data, and cost-effective manufacturing.

The human and social subjects should focus on the urgent issues facing Africa today, such as social cohesion, connectivity, stability, conflict and unity. Due to the limitations of physical infrastructure and good teachers, African countries should pull their resources together and invest in online platforms to facilitate education through modern techniques such as blended and augmented learning.

The outcome of the education system, whether at primary, secondary, or tertiary levels, should be logical, numeracy and verbal skills. These skills will give our people the capacity to tackle the challenges of the 4IR such as coding, problem-solving, critical thinking, creativity and decision-making. 

– Tshilidzi Marwala is a professor, Vice-Chancellor and Principal of the University of Johannesburg. He deputizes President Cyril Ramaphosa on the South African Presidential Commission on the Fourth Industrial Revolution.

Continue Reading

Technology

Creators Rather Than Consumers

mm

Published

on

By

More entrepreneurs are committing to closing the skills gap in Africa’s future job market.


In 2015, an image of a young man, Tankiso Motaung, at a street corner in the middle of Sandton, Johannesburg, holding up a placard, went viral. On the sign were the words, “I have a BTech in electrical engineering. Please help. I need a job,” along with his contact number.

The following year, an image circulated on social media of Anthea Malwandle, a young chemical engineering graduate, standing by the traffic lights, similarly, begging for a job.

What is the future of work in a digitally-led world? Is it this dismal?

The World Economic Forum’s (WEF) 2018 Future Of Jobs Report, reveals nearly 50% of companies expect digitization will lead to a reduction in their full-time workforce. It further estimates that by 2022, 75 million jobs globally would taper off as a consequence of digital business transformation. 

READ MORE | South Africa’s Informal Sector: Why People Get Stuck In Precarious Jobs

South Africa’s unemployment rate is already high. Motaung and Malwandle represent more than 50% of our youth that are unemployed. And according to Statistics South Africa, one out of three graduates will, likewise, enter the job market without any economic prospects.

But Nedbank economist, Isaac Matshego, is full of optimism. He is of the opinion that the initial job losses will be temporary.

“As humans get better acquainted and familiar with the new way of doing things and incorporating the new economic methods of production, we often see a net benefit to humanity overall,” he says.

More so, Matshego advocates that at the beginning, digitization actually requires human skills and so does the maintenance of the technology.

“That means we have to train our information technology staff,” he elaborates.

READ MORE | 4 Ways To Develop Employment-Ready Graduates

The good news is that digital and other tech innovations will directly and indirectly produce new sources of work. The WEF report further suggests that 133 million new jobs may be created by 2022, thanks to industry 4.0.

But, for these opportunities to scale to the extent needed to address South Africa’s current employment crisis, there needs to be a strong supply of quality skills – spanning foundational skills like basic numeracy and literacy, through to advanced tech skills, according to Mark Schoeman, a manager of youth and technology at economic consulting firm Genesis Analytics.

“The first hurdle South Africa has to overcome is closing the skills gap in the short-term. There are an insufficient number of graduates with key skills in STEM being produced by educational pathways, and a qualification-job mismatch which sees graduates taking up work that does not reflect their qualification,” he says. Schoeman asserts this gap is an impediment to the country’s ability to realize new economic opportunities brought forth by technology.

READ MORE | OPINION | Technology Is Useful, But Drones Alone Won’t Save Africa’s Elephants

Government and private interventions have been made to ensure young people are training and learning critical skills to thrive in the changing world of work.

Heeding this call is WeThinkCode, one of the organizations fixated on future-proofing the youth. A non-profit, new-age technology school, WeThinkCode, led by Managing Director, Nyaradzai Samushanga, seeks to eradicate unemployment in the ‘tech’ economy by providing youth with skills sought after in the new world of work.

Headquartered in Johannesburg, the tuition-free school was founded in 2016 by three South Africans: Arlene Mulder, Yossi Hasson, Justinus Adriaanse and French citizen, Camille Agon. The institution enrols 430 students aged 17 – 35 years who are taught technical skills in software development including programming, graphics and algorithms.

“We do not measure success when students graduate. We measure success as placement at employment,” says Samushanga.

“All our graduates have been placed into permanent employment with a minimum entry-level salary of R20,000 ($1,408) per month… It is taking someone who could’ve fallen in between the cracks, and now they are a highly-skilled worker,” says Samushanga.

READ MORE | 5 Ways Tech Can Revolutionize Education

More entrepreneurs are committing to the cause of closing the skills gap in Africa’s job market. Audrey Patricia Cheng, 25, the co-founder and CEO of Moringa School in Nairobi, Kenya, says: “We realized there was a massive gap in terms of access and also quality education. And we are seeing a massive rise in the number of jobs around technical skills because many companies are moving to the digital space.”

Since its inception in 2015, Moringa School has since trained close to 2,000 students with the necessary digital skills. Cheng is confident the continent is moving to a future where Africans would be creators of technology rather than just consumers.

Continue Reading

Trending