MétaCan
Menu
Back to cohort
Record W277986829

Plugging the Breach: Recent, Massive Data Breaches Have Banks Asking How They Can Protect Themselves and Their Customers, in Both Point-of-Sale and Online Payments

2014· article· en· W277986829 on OpenAlex

Why this work is in the frame

A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.

aboutThe title or abstract carries a Canadian signal from the geographic lexicon.
no affNo Canadian affiliation: this work is invisible to an affiliation-only frame.
No Canadian affiliation. An affiliation-only frame, the usual design, would never have seen this work. It is one of the works that make the case for inverting the frame.

Bibliographic record

VenueABA banking journal · 2014
Typearticle
Languageen
FieldComputer Science
TopicCybercrime and Law Enforcement Studies
Canadian institutionsnot available
Fundersnot available
KeywordsIdentity theftData breachBusinessCredit cardPaymentDebit cardPayment cardInternet privacyFinanceComputer science
DOInot available

Abstract

fetched live from OpenAlex

[ILLUSTRATION OMITTED] The millions of potentially compromised credit card accounts in the Target, Neiman Marcus, and other recently reported payments breaches are certainly scary, but the fact that such breaches occur isn't new. is new is that all of the partners in the payment chain--banks, card networks, retailers, processors, and newer entrants, such as Google and Paypal--suddenly have cause to talk with each other about potential solutions. Part of this, admittedly, is motivated by congressional interest, with at least one hearing held last month on the subject. Arguably, though, the sheer size of the threat has caused all the players to see the need to adopt countermeasures. It's a shared system, and there are shared risks, says Mike Urban, director, financial crime risk management, at Fiserv. Technology can help us, but we have to have people paying attention to it, mitigating any gaps that start to come along, and having policies in place around what you do when particular things happen. Even apart from the Target incident, the overall numbers are telling. The Identity Theft Resource Center has reported that more than 600 breaches occurred in 2013--a 30% increase compared to 2012. From the perspective of the banking industry, however, since 2005, banks have been responsible for only 8% of all breaches; while in that same period, banks have had to reimburse card members for 62% of their losses, according to Doug Johnson, vice-president and senior advisor, risk management, at ABA. It's hard to protect against data breaches in the payment area unless the entire payments process and all the players within that process have adequate levels of security, Johnson points out. For the time being--absent any new legislation or initiatives by other payment system partners (although inroads are being made in both areas now)--banks should revisit their own protection and mitigation systems. Interviews with various analysts reveal that the payments breach problem is actually two problems: those that occur at the physical point-of-sale (POS), and those that occur online or card-not-present (CNP). Each one poses different circumstances that require different responses. POS fraud The recent, highly reported breaches all occurred through the use of a malware system reportedly developed years ago by a Russian teenager. It generally works by what's called RAM scraping, in which the malware, once installed on a POS device, is able to capture a customer's card number and other information in the milliseconds between when the card is swiped and when the back-office encryption system kicks in. What we've learned is, if at any point it [the information] is in the clear, it's going to be captured, says Matt Herren, fraud specialist, CSI. The general response to this has been the adoption of EMV (Europay MasterCard Visa), otherwise referred to as chip-and-PIN or even just chip. Currently, there's an ongoing industry debate in the United States whether or not the personal identification number should be included, or whether just the presence of the chip would be enough to meet the card associations' liability standard. For example, in the aftermath of the recent Target payments breach, a retailers' association claimed that chip-and-PIN would have deterred the criminals. In response, a group of financial services trade associations, including ABA, pointed out that such a claim distracts from the more complicated issue: The payment systems depend on a chain of providers, and each one has different industry data security standards. Generally, EMV is a technology that uses a microprocessor embedded into the plastic card, which stores payment card data from the issuer and performs cryptographic processing during a payment transaction. It is impervious to access by unauthorized parties. While EMV has seen aggressive adoption overseas as well as in Canada and Mexico, in the United States, its adoption has been slowed due to the complexity of this country's payment and financial system. …

Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.

Full frame distilled prediction

Teacher imitation

Not calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.

metaresearch head score (Codex)0.002
metaresearch head score (Gemma)0.000
Version: codex-gemma-dda1882f352aValidation status: machine_predicted_unvalidated
Candidate categoriesnone
Consensus categoriesnone
DomainCandidate signal: none · Consensus signal: none
Study designCandidate signal: Other design · Consensus signal: none
GenreCandidate signal: Empirical · Consensus signal: Empirical
Teacher disagreement score0.889
Threshold uncertainty score0.559

Codex and Gemma teacher scores by category

CategoryCodexGemma
Metaresearch0.0020.000
Meta-epidemiology (narrow)0.0000.000
Meta-epidemiology (broad)0.0000.000
Bibliometrics0.0000.000
Science and technology studies0.0000.000
Scholarly communication0.0000.001
Open science0.0010.001
Research integrity0.0000.000
Insufficient payload (model declined to judge)0.0000.000

Machine scores (provisional)

The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.

Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.

Opus teacher head0.041
GPT teacher head0.262
Teacher spread0.221 · how far apart the two teachers sit on this one work
Validation statusscore_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it