Monday, October 20, 2014

Does Apple Pay dent the security problems with credit and debit cards now?

Would Apple Pay be more secure than use of plastic credit cards (and especially debit cards)?  Well, yes, experts say that the concept of “tokenization”, Secure Element, and Touch ID (based on fingerprint) provides security comparable to the European chip system for cards, which US banks are supposed to use starting in 2015.  Apple Pay will start with iPhone 6 and only a minority of stores accept it yet. 
The fingerprint checking would make stolen phones useless for thieves if implemented properly.  There’s a detailed story in CNET by Marguerite Reardon here.

But similar security features may be possible with PayPal applications soon.  The overall implication is that traditional bank accounts might not be the safest way to do business forever.  With PayPal, however, I have to watch out for volumes of email spam.  

Thursday, October 09, 2014

States (at least Virginia) use prepaid debit cards for income tax refunds; another invitation for fraud?

Despite all the criticism of debit cards, the Virginia Department of Taxation sends state income tax refunds in the format of debit cards from MasterCard (which whom VA seems to have made a deal to make a little money), the “Way2GoCard” which sounds like a MasterCard trademark. 

Given all the security problems that will exist until the banks and credit card companies implement the European chip technology in 2015, sending tax refunds this way seems a bit tacky.

But banks can deposit the money into a checking or savings account, by “withdrawing” the entire amount, and then creating a deposit clip.  This requires a teller; it can’t be done alone at an ATM.  I just did it yesterday,   

Wednesday, October 08, 2014

US Government (DEA) pulls off identity theft on Facebook

The DEA, part of the US Justice Department, set up a fake Facebook profile based on the identity of a low-level offender, Sondra Arquitt, of Watertown NY, while she waited to be sentenced to probation.  BuzzFeed has a story by Chris Hamby on the incident here
The Washington Post has covered the incident in a story by Sari Horwitz here . P. A17 on Wednesday.   The government’s behavior was in direct conflict with Facebook’s own policy that a profile must use the person’s real name and identity, and the profile has been removed.   

Picture: Lunar eclipse, before dawn today.  

Monday, October 06, 2014

A debt collector's tale in the New York Times: mine was not as melodramatic

Jack Halpern has a column in the Sunday New York Times “A Debt Collector’s Day”. P. 7 of the Review Section, with the tagline “Poo people pitted against poorer people to benefit the rich”, link here.  I’m not sure that I would concur with his narrative given my experience working for RMA near St. Paul MN (near the airport and Mendotta Bridge) in the summer of 2003.  We actually followed the Fair Debt Collection Practices Act and took it seriously.  Companies that buy debt for pennies on the dollar seem to be more ruthless, and expect their employees to be.  I had an experience with such a company that made a questionable claim on a visa card that had gotten lost in a move, and never gave me a chance to dispute, back in 2000.  There’s a book on the subject that I mentioned here Nov. 6, 2013. 
If you get a call from a debt collector, know your rights.

Saturday, October 04, 2014

I HAVE to use PayPal after all; is Bitcoin next?

Last night, I needed to make a contribution to secure a reservation for a film screening (“Campaign of Hate: Russia and Gay Propaganda”) at HRC.  When I went to the appropriate website (Reel Affirmations) I found the credit card payment links grayed out and only Paypall working.

It turned out that I do have an old PayPal account, which I reinstated.  I had not used it in years, partly because of all the phishing spam pretending to be it.  Then, late at night, I found that to pay with it, I needed to put money in the account, which cannot be done immediately with a bank (an e-check takes 2 business days), and would require a trip to a retail establishment to pick up a MoneyPak card. 
So I went to RiteAid this morning (Saturday) and the clerk didn’t know what it was.  But we found it after a while, and I bought one on a debit card for $100.  There was a $4.95 service fee.  I was able to put the money in the PayPal account when I got home, but I have no way to know if my contribution and ticket reservation went through. 
Smaller retailers or non-profits might start expecting consumers to be able to use PayPal.  It is not practical for them to deal with the security problems of handling their own credit card processing, although in the past practically all non-profits have used ticket-processing companies (like Mission Tickets or Brown Paper Tickets, or Ticketmaster) to process the credit cards.
Maybe there is a social issue going on here.  Some consumers don’t have credit cards or debit cards or even checking accounts, partly because of poor credit scores.  Maybe some of the non-profits want the more affluent clients to experience “how the other half lives”.  I wonder.  I also now wonder if I could suddenly need to have an active Bitcoin account, even for totally legitimate purposes.  

Update:  Oct. 6.  Called HRC and completed the transaction with a credit card.  I was told the credit card link should have worked   There was no intention to force use of "non bank" resources.   But now I'll keep a small amount on PayPal, just in case this happens again somewhere else.

Update: Oct. 14.  The film is reviewed on the Movie Reviews Blog today.