Plugging the Breach: Recent, Massive Data Breaches Have Banks Asking How They Can Protect Themselves and Their Customers, in Both Point-of-Sale and Online Payments
Why this work is in the frame
A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.
Bibliographic record
Abstract
[ILLUSTRATION OMITTED] The millions of potentially compromised credit card accounts in the Target, Neiman Marcus, and other recently reported payments breaches are certainly scary, but the fact that such breaches occur isn't new. is new is that all of the partners in the payment chain--banks, card networks, retailers, processors, and newer entrants, such as Google and Paypal--suddenly have cause to talk with each other about potential solutions. Part of this, admittedly, is motivated by congressional interest, with at least one hearing held last month on the subject. Arguably, though, the sheer size of the threat has caused all the players to see the need to adopt countermeasures. It's a shared system, and there are shared risks, says Mike Urban, director, financial crime risk management, at Fiserv. Technology can help us, but we have to have people paying attention to it, mitigating any gaps that start to come along, and having policies in place around what you do when particular things happen. Even apart from the Target incident, the overall numbers are telling. The Identity Theft Resource Center has reported that more than 600 breaches occurred in 2013--a 30% increase compared to 2012. From the perspective of the banking industry, however, since 2005, banks have been responsible for only 8% of all breaches; while in that same period, banks have had to reimburse card members for 62% of their losses, according to Doug Johnson, vice-president and senior advisor, risk management, at ABA. It's hard to protect against data breaches in the payment area unless the entire payments process and all the players within that process have adequate levels of security, Johnson points out. For the time being--absent any new legislation or initiatives by other payment system partners (although inroads are being made in both areas now)--banks should revisit their own protection and mitigation systems. Interviews with various analysts reveal that the payments breach problem is actually two problems: those that occur at the physical point-of-sale (POS), and those that occur online or card-not-present (CNP). Each one poses different circumstances that require different responses. POS fraud The recent, highly reported breaches all occurred through the use of a malware system reportedly developed years ago by a Russian teenager. It generally works by what's called RAM scraping, in which the malware, once installed on a POS device, is able to capture a customer's card number and other information in the milliseconds between when the card is swiped and when the back-office encryption system kicks in. What we've learned is, if at any point it [the information] is in the clear, it's going to be captured, says Matt Herren, fraud specialist, CSI. The general response to this has been the adoption of EMV (Europay MasterCard Visa), otherwise referred to as chip-and-PIN or even just chip. Currently, there's an ongoing industry debate in the United States whether or not the personal identification number should be included, or whether just the presence of the chip would be enough to meet the card associations' liability standard. For example, in the aftermath of the recent Target payments breach, a retailers' association claimed that chip-and-PIN would have deterred the criminals. In response, a group of financial services trade associations, including ABA, pointed out that such a claim distracts from the more complicated issue: The payment systems depend on a chain of providers, and each one has different industry data security standards. Generally, EMV is a technology that uses a microprocessor embedded into the plastic card, which stores payment card data from the issuer and performs cryptographic processing during a payment transaction. It is impervious to access by unauthorized parties. While EMV has seen aggressive adoption overseas as well as in Canada and Mexico, in the United States, its adoption has been slowed due to the complexity of this country's payment and financial system. …
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.002 | 0.000 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.000 | 0.000 |
| Science and technology studies | 0.000 | 0.000 |
| Scholarly communication | 0.000 | 0.001 |
| Open science | 0.001 | 0.001 |
| Research integrity | 0.000 | 0.000 |
| Insufficient payload (model declined to judge) | 0.000 | 0.000 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it