subject:"Korean bank Moves back to Mainframes \(...no, not back\)"

Radoslaw,

I disagree. It is not a rule; it is an agreement between the merchant and
the card company. The merchants must abide by their contract with VISA or
MasterCard, or they should be prepared not to business with the Credit card
company, eh?. In this case cannot means exactly that: Can Not.

If they complete the transaction - do business with me - then there is
nothing to report. If they will not do business with me because I refuse to
give an ID then the onus is on me to report them to VISA or M/C.

What is really daft about Fry's in particular is that before I had a
California Driver's License they would not accept my Australian Passport or
my HK ID card as ID, both of which are much harder to counterfeit than a
Californian Driver's license. They would only accept my Victorian Driver's
License, which is not meant to be used for ID, has no security features, and
can be counterfeited by anyone with a printer and a glue pot. And to top it
off they still did not check the signature!!!

Ron

> -Original Message-
> From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of
> P S
> Sent: Monday, January 11, 2010 9:31 PM
> To: IBM-MAIN@bama.ua.edu
> Subject: Re: [IBM-MAIN] Korean bank Moves back to Mainframes (...no, not
back)
> 
> On Mon, Jan 11, 2010 at 10:13 PM, Ron Hawkins
>  wrote:
> > Jack,
> >
> > According to the web site you referenced they can ask for ID, but for
VISA
> > and MasterCard they cannot refuse to complete the transaction if you do
not
> > comply.
> >
> > I'm tempted to test this the next time I'm asked...
> 
> Be prepared not to buy whatever. "Cannot" may mean "per VISA's rules";
> it doesn't mean they have to do business with you, eh? You could
> report them to VISA, but...
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-11 Thread P S

On Mon, Jan 11, 2010 at 10:13 PM, Ron Hawkins
 wrote:
> Jack,
>
> According to the web site you referenced they can ask for ID, but for VISA
> and MasterCard they cannot refuse to complete the transaction if you do not
> comply.
>
> I'm tempted to test this the next time I'm asked...

Be prepared not to buy whatever. "Cannot" may mean "per VISA's rules";
it doesn't mean they have to do business with you, eh? You could
report them to VISA, but...

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

Jack,

According to the web site you referenced they can ask for ID, but for VISA
and MasterCard they cannot refuse to complete the transaction if you do not
comply.

I'm tempted to test this the next time I'm asked...

Ron

> 
> In California, a merchant is allowed to ask to see ID for a credit card
> purchase, but is not allowed to write down any information from that ID. <
> http://www.privacyrights.org/fs/fs15-mt.htm>
> 
> 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-11 Thread Jack . Hamilton

Ron Hawkins  
> 
> True, but the requirement to sign the slip with a signature that matches 
the
> card would be an equal deterrent. The D/L check would be redundant if 
the
> store checked the signatures in the first place.

Provided that the signature hasn't worn off, which it has on my most 
commonly used credit card.

In California, a merchant is allowed to ask to see ID for a credit card 
purchase, but is not allowed to write down any information from that ID. <
http://www.privacyrights.org/fs/fs15-mt.htm>


> > As for asking for a license, sure, it doesn't guarantee anything -- 
but it
> > probably stops the kid who finds a card and says "Hey, let's go buy an
> XBOX!".
> > So it's not entirely worthless. If you don't think it's worthwhile, 
then I
> > assume you don't bother to lock your car or house -- the true 
professional
> > won't be stopped by a lousy lock, eh?


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-11 Thread Ted MacNEIL

>I'm talking about credit cards, not debit cards. What point are you trying
to make about signatures on credit cards? As for signatures on cheques, it
was the responsibility of the paying Bank to verify the signatures. The

Maybe I'm obtuse, but what is the difference in authentication for a debit or a 
credit card once you go to PINs?
Both, at least in Canada have the EMV chip.
So, my point (poorly expressed) was the fact that credit cards and debit cards 
now have a common exposure/protection regarding authentication.
Signature for debit was done away with around 1981 (when I got my first debit 
card from the Royal Bank of Canada).
Signature for credit card was done away with in Canada, at least, last year.

And, what does a PIN/chip have to do with anything on an INTERNET purchase?
-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

True, but the requirement to sign the slip with a signature that matches the
card would be an equal deterrent. The D/L check would be redundant if the
store checked the signatures in the first place.

> As for asking for a license, sure, it doesn't guarantee anything -- but it
> probably stops the kid who finds a card and says "Hey, let's go buy an
XBOX!".
> So it's not entirely worthless. If you don't think it's worthwhile, then I
> assume you don't bother to lock your car or house -- the true professional
> won't be stopped by a lousy lock, eh?
> 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

Ted,

I'm talking about credit cards, not debit cards. What point are you trying
to make about signatures on credit cards? As for signatures on cheques, it
was the responsibility of the paying Bank to verify the signatures. The
person giving value was required to verify that the person with the cheque
had bona fide entitlement to present it. This is different to a credit card
where the merchant verifies the signature.

I'm not sure what this has to do with internet purchases. Most - not all -
web sites I use require the CVS number, name on the card, and address in
order to verify the transaction. It's not a signature, but it falls in the
category of "things you know."


Ron

> -Original Message-
> From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of
> Ted MacNEIL
> Sent: Monday, January 11, 2010 1:32 PM
> To: IBM-MAIN@bama.ua.edu
> Subject: Re: [IBM-MAIN] Korean bank Moves back to Mainframes (...no, not
back)
> 
> >I disagree.
> >The basic operation of a credit card at the get go was for the
> customer to be authenticated by comparing the signature on the voucher
with
> the one on the card.
> >If they don't match the vendor refuses the transaction.
> >This is still the basic MO for credit card transactions.
> 
> The basic MO for buying, pre-debit card, was with signed cheques.
> Debit cards have PINs, and no signature required.
> With the potential for more money in my bank account than my credit limit,
why
> does this make debit cards secure?
> 
> PS: I'm assuming, possibly wrongly, that you don't order on the INTERNET,
> either.
> -
> Too busy driving to stop for gas!
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

t...@harminc.net (Tony Harminc) writes:
> I'm not sure why this offends you so much. How would it help anything
> if the cashier checked your signature? Such checking is highly
> unreliable, and contributes much less to authentication than does the
> data they already know about the transaction.

at one point, a large merchant looked at automatically discarding all
signed receipts ... since they found that even if they automatically
settled all disputes in the favor of the customer ... those dispute
costs were still less than what they were paying (even in electronic
from) to retain all the signed receipts. The idea was abandoned when
somebody asked what might happen if the public found out that the
merchant was no longer retaining the signed receipts.

for the most part ... merchant associations don't like the idea of
clerks having to be involved in the authentication process ...  partly
because they have little or no training ... partly because they have
little or no authority ... and partly because clerks tend to already
have more than enough to deal with.

in general, merchants also don't like signature debit ... since the
interchange fees (merchant discount fees, the subtracted from the total
for actual paying to the merchant) are much higher

there have been various disputes about the whole signature debit
operation ... latest is:

Best Buy Cuts off Visa Contactless with Little Risk to Sales
http://www.digitaltransactions.net/newsstory.cfm?newsid=2418

above mentions problem with it being signature debit interchange
fees. somewhat older article ...

Study: Signature Debit Fraud Runs 15 Times Higher Than on PIN Debit
http://www.digitaltransactions.net/newsstory.cfm?newsid=738

part of the interchange fee is supposedly related to fraud level of the
corresponding kind of transaction ... and there can be more than an
order-of-magnitude difference (in interchange fee) between the
transactions with lowest fraud and transactions with highest fraud.

Past merchant class action lawsuit (sometimes referred to as the
"Wal-Mart" case) over the high cost of signature debit cards:

MasterCard Puts the 13-Year-Old Wal-Mart Case in the Rear-View Mirror
http://www.digitaltransactions.net/newsstory.cfm?newsid=2256

-- 
40+yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

p...@voltage.com (Phil Smith) writes:
> I've heard of the "YES" cards, and I assume they exist, but they're
> not the norm yet -- cloned magstripes are. So for now, at least,
> chip-and-pin is more secure.

misc. past posts mentioning "YES CARD":
http://www.garlic.com/~lynn/2010.html#71 Korean bank Moves back to Mainframes 
(...no, not back)
http://www.garlic.com/~lynn/2010.html#73 Korean bank Moves back to Mainframes 
(...no, not back)
http://www.garlic.com/~lynn/2010.html#93 Korean bank Moves back to Mainframes 
(...no, not back)
http://www.garlic.com/~lynn/2010.html#95 Korean bank Moves back to Mainframes 
(...no, not back)

chipcards have countermeasures for some random person taking a valid
chip and extracting the necessary information ... a random person can
copy magstripe information significantly easier.

however, by at least the early 90s, there were cases of compromised
end-points recording valid information (done during the process of valid
transactions). these operations tended to be more large scale wholesale
operations ... getting information for tens of thousand (or millions)
... rather than a few tens.

in the end-point compromises ... the process was esssentially identical
for recording magstripe information and recording chipcard
authentication information (for "YES CARD" exploit).

along the way, the criminals added wireless and other remote procedures
for retrieving the skimmed/recorded information (again, little or no
difference between magstripe and chipcard).

part of the issue in the US was that there was fairly large scale
chipcard deployment in the time-frame of cartes2002 (presentation on
"yes card" and the "yes card" presentations at the ATM integrity task
force meetings) ... and then evaporated w/o a trace (which may have also
created some reluctance to try again).

-- 
40+yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-11 Thread Phil Smith

On Mon, Jan 11, 2010 at 10:20 AM, Hardee, Charles H
 wrote:
> I, too, don't see how they can be more secure.
> Possession is supposedly 9/10ths as the saying goes, but unless there's
> something bio-metric in the chip/card/human being relationship, I would
> have to say that the chips cards are no more, if not less, secure than
> the regular plastic we use today.
>
> What really peeves me is when I go into a merchant, present my plastic
> for my purchase and ma told I don't need to sign anything,
> What, no signature? But how do you know it's me? You didn't check my
> signature on the back of the plastic against my signature at the time of
> the purchase.
>
> And the merchant's cashier says that just the way it works.
>
> Personally, I try to make a mental record of where this occurs and then
> attempt to NEVER return there for another purchase unless it is the ONLY
> place to do so and then I pay cash. Can't remember the last time I was
> in at H^&e D&p$t. (don't want to say the merchant's real name)

Why would you blame the store for this?

First, if a store has a no-signature threshold, that doesn't increase YOUR risk 
-- if there's an issue with a charge and there's no signature, it's not your 
loss. In some parts of the country, folks check signatures; where I live, they 
NEVER do -- and I mean NEVER. I only sign the backs of my cards because I 
occasionally travel to areas where they do check, and I often find that when do 
I get asked, the signature has worn off (that tells you how rarely it happens!).

Second, credit card fraud isn't at all of interest to the banks. Credit cards 
make the banks *in the US* something on the order of $150B/year. Loss due to 
fraud is on the order of $1B/year. "Wow", you say, "that's a lot of money". No 
it isn't: loss due to card default (bankruptcy) is 20++ times that amount. This 
is well-documented; I remember reading over 25 years ago about someone who had 
documented evidence of a $400 credit card fraud, and couldn't get the bank 
interested in following it up -- they just wrote it off.

Sometimes it's of interest to the store -- as Tony H notes, if you're buying a 
car, they care. That's because they're in a business where it's going to be 
THEIR loss if you defraud them. If I go through the McDonald's drive-thru and 
rip them off for a Big Mac, they probably accept the liability -- they throw 
out lots of food anyway. If I go through the McDonald's drive-thru and place 
the order from Woody Allen's _Bananas_ (1000 grilled cheese sandwiches, 300 
tuna fish, 200 BLTs... yeah, I know. McD's doesn't make those, but you know 
what I mean) they're going to be a lot more interested in the credit card's 
validity. The same applies to CNP (Card-Not-Present) transactions, such as web 
purchases: some businesses (e.g., used books) don't even ask for the CVV (the 
"magic" 3- or 4-digit number) because their liability is low. Businesses with 
high liability (electronics dealers, for example) care. Note that the 
percentage paid by the merchant is higher for CNP transactions becaus!
 e of the greater potential for fraud -- that's why the local mom&pop 
restaurant may be unhappy if your card won't swipe, even though they know you 
and thus aren't afraid you're ripping them off.

Third, don't confuse credit and debit cards. Credit cards are one thing; debit 
is another. If you haven't read 
http://www.nytimes.com/2010/01/05/your-money/credit-and-debit-cards/05visa.html?hp
 you really should.

Fourth, Magstripe cards are easy to copy; chip-and-pin cards are (supposedly) 
not. So if you have a chip-and-pin card and your number is compromised, it 
doesn't do them any good at an ATM that takes chip-and-pin (unless they get 
lucky and the ATM is offline). So to some extent it's "security by obscurity", 
but in a case where that actually makes sense and works. You need a PIN *and* 
the card. So it satisfies two of the four magic requirements: something you 
have, something you know. Biometrics can (and, I'm sure, will in the near 
future) add the other two: something you are, and something you do.

I've heard of the "YES" cards, and I assume they exist, but they're not the 
norm yet -- cloned magstripes are. So for now, at least, chip-and-pin is more 
secure.

As for asking for a license, sure, it doesn't guarantee anything -- but it 
probably stops the kid who finds a card and says "Hey, let's go buy an XBOX!". 
So it's not entirely worthless. If you don't think it's worthwhile, then I 
assume you don't bother to lock your car or house -- the true professional 
won't be stopped by a lousy lock, eh?

Hope this helps.
--
...phsiii

P.S. This is actually relevant to IBM-MAIN, as the large processors use z/OS 
and z/TPF for transaction processing. And they all use, like, computers. So 
it's more on-topic than a lot of threads on here...

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-11 Thread Sam Siegel

On Mon, Jan 11, 2010 at 9:16 PM, Ron Hawkins
wrote:

> I disagree. The basic operation of a credit card at the get go was for the
> customer to be authenticated by comparing the signature on the voucher with
> the one on the card. If they don't match the vendor refuses the
> transaction.
> This is still the basic MO for credit card transactions.
>
> Shops like Fry's always annoy me when they ask for my Driver's license,
> make
> a cursory comparison of the picture and my name with my face and the card,
> and then complete the transaction without even checking the signature. Even
> for transactions for 1000s of dollars. Can they really spot a counterfeit
> license?
>
> Ron
>
> >
> > the signature isn't a fraud countermeasure ... it is a dispute issue.
> > if you dispute the charge and the merchant doesn't even have signed
> > receipt ... there is nothing demonstrating that you agreed to the
> > charge.
> >
>
> Both Visa and Mastercard rules required they merchant to check the
signature on the back of the card (unless it's PIN or a no-sig type of txn)
and that's it.  Merchants are not supposed to ask for additional
identification.  As Ron pointed out, it is unlikely that a clerk can spot a
phony license.  Also, don't forget the case where a person does not have a
license, etc.



> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-11 Thread Ted MacNEIL

>I disagree.
>The basic operation of a credit card at the get go was for the
customer to be authenticated by comparing the signature on the voucher with the 
one on the card.
>If they don't match the vendor refuses the transaction.
>This is still the basic MO for credit card transactions. 

The basic MO for buying, pre-debit card, was with signed cheques.
Debit cards have PINs, and no signature required.
With the potential for more money in my bank account than my credit limit, why 
does this make debit cards secure?

PS: I'm assuming, possibly wrongly, that you don't order on the INTERNET, 
either.
-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-11 Thread Tony Harminc

2010-01-11 Hardee, Charles H :

> What really peeves me is when I go into a merchant, present my plastic
> for my purchase and ma told I don't need to sign anything,
> What, no signature? But how do you know it's me? You didn't check my
> signature on the back of the plastic against my signature at the time of
> the purchase.

They know with some pretty high certainty that it's you, based on all
kinds of things related to the transaction. If it turns out it wasn't
you, then they are not going to make you pay for it; they will just
write it off, and refine their algorithms a tiny bit. And certainly
they are not going to do a no-signature transaction if you are buying
a car or some other high value item, or if the transaction takes place
5000 miles from where you live, and you haven't used the card outside
your home town in the last few years. In this kind of case they will
probably get you on the phone and ask you some questions. These days
that all works quickly and smoothly even internationally.

> And the merchant's cashier says that just the way it works.

Yup - and it makes a lot of sense. They are authorizing the
transaction; not authenticating you.

> Personally, I try to make a mental record of where this occurs and then
> attempt to NEVER return there for another purchase unless it is the ONLY
> place to do so and then I pay cash. Can't remember the last time I was
> in at H^&e D&p$t. (don't want to say the merchant's real name)

I'm not sure why this offends you so much. How would it help anything
if the cashier checked your signature? Such checking is highly
unreliable, and contributes much less to authentication than does the
data they already know about the transaction.

Tony H.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

I disagree. The basic operation of a credit card at the get go was for the
customer to be authenticated by comparing the signature on the voucher with
the one on the card. If they don't match the vendor refuses the transaction.
This is still the basic MO for credit card transactions. 

Shops like Fry's always annoy me when they ask for my Driver's license, make
a cursory comparison of the picture and my name with my face and the card,
and then complete the transaction without even checking the signature. Even
for transactions for 1000s of dollars. Can they really spot a counterfeit
license?

Ron

> 
> the signature isn't a fraud countermeasure ... it is a dispute issue.
> if you dispute the charge and the merchant doesn't even have signed
> receipt ... there is nothing demonstrating that you agreed to the
> charge.
> 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-11 Thread Schwarz, Barry A

Does that mean you never use self service gasoline pumps?

-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of 
Hardee, Charles H
Sent: Monday, January 11, 2010 7:21 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Korean bank Moves back to Mainframes (...no, not back)

What really peeves me is when I go into a merchant, present my plastic
for my purchase and ma told I don't need to sign anything,
What, no signature? But how do you know it's me? You didn't check my
signature on the back of the plastic against my signature at the time of
the purchase.

And the merchant's cashier says that just the way it works.

Personally, I try to make a mental record of where this occurs and then
attempt to NEVER return there for another purchase unless it is the ONLY
place to do so and then I pay cash. Can't remember the last time I was
in at H^&e D&p$t. (don't want to say the merchant's real name)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

charles.har...@ca.com (Hardee, Charles H) writes:
> What really peeves me is when I go into a merchant, present my plastic
> for my purchase and ma told I don't need to sign anything,
> What, no signature? But how do you know it's me? You didn't check my
> signature on the back of the plastic against my signature at the time of
> the purchase. 

re:
http://www.garlic.com/~lynn/2010.html#93 Korean bank Moves back to Mainframes 
(...no, not back)

the signature isn't a fraud countermeasure ... it is a dispute issue.
if you dispute the charge and the merchant doesn't even have signed
receipt ... there is nothing demonstrating that you agreed to the
charge.

for some low-value purchases, they've eliminated the signature
requirement ... the issue is that there aren't going to be a lot of
crooked consumers disputing low value charges ... and if they do ... it
is trivial amount (convenience offset against crooked consumers).  the
infrastructure countermeasure against crooked consumers disputing large
number of (unsigned) charges ... is they revoke the card.

fraud countermeasure is the name on the piece of plastic and the clerk
checks the name against same/similar name on some other piece of
authentication (like gov. issued picture document).

there was an issue in the EU at one time regarding a privacy directive
... where electronic payment cards should be as anonymous as cash at
point of sale (i.e. no name on the payment card). this somewhat implied
that the financial infrastructure improved the authentication mechanisms
to the point that anti-fraud measures didn't require clerk matching
names on multiple documents.

-- 
40+yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

Howard Brazee  writes:
> We probably need to go bio-metric - but this is including on-line
> purchases.Our current system of random, unique, not-written-down
> passwords does not work.

re:
http://www.garlic.com/~lynn/2010.html#93 Korean bank Moves back to Mainframes 
(...no, not back)

the issue with pin/passwords aren't that they are "something you know"
authentication ... but they are "shared secrets" ... some past posts
http://www.garlic.com/~lynn/subintegrity.html#secrets

the issue is that a unique "shared secret" is required for every unique
security domain ... as countermeasure to cross-domain attacks (say local
garage ISP and some online banking).

in "yes card" scenario ... the PIN wasn't a "shared secret" ... but was
between you and "your" chipcard. the problem was that the chipcard had
the "yes card" vulnerability ... and so the whole infrastructure wasn't
very secure.

it is possible to have a "something you know" authentication ... w/o
requiring what-ever is used ... is not "shared". In the "non-sharing"
scenario ... it would be acceptable to have the same (non-shared)
"something you know" authentication used in multiple different security
domains.

"something you are", biometric authentication is a problem in the online
scenario ... since it can be difficult to assure secure/trusted
sensor/end-point (under constant surveillance by trusted, armed guards)

part of the issue is that biometric (electronic pattern recorded in
backend database) is also frequently implemented as "shared secret".  If
all biometric sensors/end-points aren't constantly secured & validated
...  then the recording of the biometric electronic pattern could be
used to spoof a biometric reading ... by just directly transmitting the
pattern. In the case of a password "shared secret" compromise ... the
password can be replaced with new one ... fingers and iris are a little
harder to replace.

for a little more drift ... because of the cross-domain attack scenario,
for "shared secrets" ... current authentication is extremely
institutional-centric (unique cards & passwords per security domain).
In theory, a biometric "shared secret" implementation would require
unique biometric per security domain ... modulo nobody has quite figured
out how to implement such a thing. As a result, compensating procedures
are required for biometric "shared secrets" ... like secure/trusted
sensors/end-points under constant surveillance by armed guards.

it is possible to design a single "something you have" (like a chip) and
"somethin you know" authentication ... used in multiple different
domains ... analogous to the way that same fingerprint should work in
multiple different domains. part of the inhibitor to moving from
institutional-centric authentication to person-centric authentication
... is when things like institutional-specific business rules are
layered ontop of the authentication mechanism (like in the "yes card"
vulnerability).

In the 90s, I did quite a bit of work on AADS chip strawman for
enabling migration to a person-centric authentication infrastructure
(not limited just to biometrics)
http://www.garlic.com/~lynn/x959.html#aads

-- 
40+yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

charles.har...@ca.com (Hardee, Charles H) writes:
> I, too, don't see how they can be more secure.
> Possession is supposedly 9/10ths as the saying goes, but unless there's
> something bio-metric in the chip/card/human being relationship, I would
> have to say that the chips cards are no more, if not less, secure than
> the regular plastic we use today.

re:
http://www.garlic.com/~lynn/2010.html#71 Korean bank Moves back to Mainframes 
(...no, not back)
http://www.garlic.com/~lynn/2010.html#72 Korean bank Moves back to Mainframes 
(...no, not back)
http://www.garlic.com/~lynn/2010.html#73 Korean bank Moves back to Mainframes 
(...no, not back)
http://www.garlic.com/~lynn/2010.html#77 Korean bank Moves back to Mainframes 
(...no, not back)

as previously mentioned the "yes card" scenario for chipcard resulted in
bigger infrastructure vulnerability and more fraud than traditional
magstripe.

supposedly the chipcard was hard to counterfeit *AND* had two-factor
authentication (chip/plastic: "somthing you have" and PIN: "somthing you
know"). from three factor authentication model, misc. posts
http://www.garlic.com/~lynn/subintegrity.html#3factor

* something you have
* something you know
* something you are

the assumption that multiple factor authentication is more secure than
single factor is based on different authentication factors having
different vulnerabilities.

the problem with skimming (whether for the "yes card" or magstripe) ...
is it is possible to have a single compromise process (end-point
skimming compromise) ... invalidating the assumption about different
factors having different vulnerabilities.  In the case of multi-factor
authentication magstripe (plastic/magstripe & PIN) ... a compromised
end-point skims both the magstripe information and the PIN.

in the "yes card" scenario, a compromised end-point skims the
information used by terminals to establish a valid chipcard. the crooks
then install the skimmed information (similar to information skimmed for
counterfeit magstripe) in a counterfeit "yes card" chip.

once a terminal has accepted the chipcard's validation information, it
then asks the chipcard 1) whether the correct PIN has been entered (a
"yes card" always answers "YES" ... so it isn't necessary to even
know/skim the PIN), 2) whether the transaction should be offline
("YES"), and 3) whether the transaction is within the account credit
limit ("YES").

in counterfeit magstripe scenario, the account number is eventually
invalidated at the backend database (and future transactions are
rejected). In the counterfeit "YES CARD" scenario, the terminal doesn't
go online to find out about any account number invalidation. the greater
counterfeit "YES CARD" fraud is because infrastructure business rules
have been moved into the chipcard (infrastructure relying on the
chipcard to decide whether it is online/offline transaction and whether
the transaction is within the account's credit limit).

misc. past "yes card" posts
http://www.garlic.com/~lynn/subintegrity.html#yescard

one of the issues with "something you are" biometrics ... is that
nominally biometrics information is reduced to some sort of electronic
pattern for matching against value stored in backend database.  If that
value is compromised (analogous to "something you know" PIN/passwords)
... it is difficult to issue a new finger or iris. Frequently biometrics
are most dependable ... when they involve secure sensors/endpoints
... that possibly are under constant surveillance by armed guards.

-- 
40+yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-11 Thread Bruno Sugliani

Well chip cards need a pin number to be entered or they don't work! And i am
the only guy who knows the pin number of my card.
It is not full proof but the merchant generally knows it's you because you
have entered the proper pin number 
Or did i miss something ? 

Bruno Sugliani 
zxnetconsult(at)free(dot)fr

  



On Mon, 11 Jan 2010 10:20:34 -0500, Hardee, Charles H
 wrote:

>I, too, don't see how they can be more secure.
>Possession is supposedly 9/10ths as the saying goes, but unless there's
>something bio-metric in the chip/card/human being relationship, I would
>have to say that the chips cards are no more, if not less, secure than
>the regular plastic we use today.
>
>What really peeves me is when I go into a merchant, present my plastic
>for my purchase and ma told I don't need to sign anything,
>What, no signature? But how do you know it's me? You didn't check my
>signature on the back of the plastic against my signature at the time of
>the purchase.
>
>And the merchant's cashier says that just the way it works.
>
>Personally, I try to make a mental record of where this occurs and then
>attempt to NEVER return there for another purchase unless it is the ONLY
>place to do so and then I pay cash. Can't remember the last time I was
>in at H^&e D&p$t. (don't want to say the merchant's real name)
>
>Chuck

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-11 Thread Hardee, Charles H

I, too, don't see how they can be more secure.
Possession is supposedly 9/10ths as the saying goes, but unless there's
something bio-metric in the chip/card/human being relationship, I would
have to say that the chips cards are no more, if not less, secure than
the regular plastic we use today.

What really peeves me is when I go into a merchant, present my plastic
for my purchase and ma told I don't need to sign anything,
What, no signature? But how do you know it's me? You didn't check my
signature on the back of the plastic against my signature at the time of
the purchase. 

And the merchant's cashier says that just the way it works.

Personally, I try to make a mental record of where this occurs and then
attempt to NEVER return there for another purchase unless it is the ONLY
place to do so and then I pay cash. Can't remember the last time I was
in at H^&e D&p$t. (don't want to say the merchant's real name)

Chuck

-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of Ted MacNEIL
Sent: Thursday, January 07, 2010 12:37 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Korean bank Moves back to Mainframes (...no, not back)

>That's the point of (EMV) "chip" cards.  >They are inherently more
secure.  

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-10 Thread Howard Rifkind

Well loose one gain one.

I saw a post on the z/VM list that the University of Maine just shut down their 
mainframe operation.

--- On Thu, 1/7/10, Chase, John  wrote:

> From: Chase, John 
> Subject: Re: Korean bank Moves back to Mainframes (...no, not back)
> To: IBM-MAIN@bama.ua.edu
> Date: Thursday, January 7, 2010, 1:46 PM
> > -Original Message-
> > From: IBM Mainframe Discussion List On Behalf Of Hal
> Merritt
> > 
> > Concur. It would appear that the consumer electronic
> financial
> infrastructures are quite different
> > outside of the US. Indeed, ours seems pretty primitive
> and a lot less
> consumer friendly. More, they
> > don't seem to have quite as much of a fraud problem as
> we seem to
> have.
> > 
> > I think I read somewhere that they don't use 'credit
> cards' as we know
> them in Asia. Rather, it is
> > more of a 'smart card' strategy.
> > 
> > Wonder how this works without fees?
> 
> Two possibilities come immediately to mind:
> 
> 1.  Interest on loans, and/or
> 2.  Government (tax) subsidy.
> 
> I doubt "corporate altruism" enters into the equation.
> 
>     -jc-
> 
> --
> For IBM-MAIN subscribe / signoff / archive access
> instructions,
> send email to lists...@bama.ua.edu
> with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html
> 


  

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-08 Thread Anne & Lynn Wheeler

The following message is a courtesy copy of an article
that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well.

e99...@jp.ibm.com (Timothy Sipples) writes:
> So it's very important to decode that term whenever having detailed
> conversations about scale, sizing, growth, and other issues. If you don't
> have that common understanding of "transactions," it gets difficult to have
> meaningful conversations. In the context of a press article it's not a big
> issue at all, but when involved in IT design discussions it's quite
> important.

some of the real-time "auths" (authorizations) transactions are measured
in number of transactions that flow thru TPF system (change in name from
airline control program to transaction processing facility was ACP
starting to be used by some financial networks).

in states ... there has tended to still be a bunch of stuff done in the
"overnight batch window" ... some recent posts about doing optimization
work on 450+k statement cobol program that overnight ran on 40+ mainframe fully
tricked-out CECs.
http://www.garlic.com/~lynn/2009d.html#5 Why do IBMers think disks are 'Direct 
Access'?
http://www.garlic.com/~lynn/2009e.html#76 Architectural Diversity
http://www.garlic.com/~lynn/2009f.html#55 Cobol hits 50 and keeps counting
http://www.garlic.com/~lynn/2009g.html#20 IBM forecasts 'new world order' for 
financial services
http://www.garlic.com/~lynn/2009s.html#9 Union Pacific Railroad ditches its 
mainframe for SOA

several places in the financial industry spent billions in the 90s on
failed "straight-through" processing efforts (to replace "overnight
batch window") ... they were planning on using large number of parallel
"killer micros" and some COTS libraries. Problem was that they didn't
actually size the overhead of the COTS libraries (some vague
anticipation that more micros would offset the increased overhead).

it turned out that the COTS libraries had factor of 100 times increase
in overhead (compared to batch COBOL), totally swamping anticipated
thruput improvement with large numbers of killer micros. some past
references to the billions spent on failed "straight-through" processing
implementation:
http://www.garlic.com/~lynn/2009h.html#1 z/Journal Does it Again
http://www.garlic.com/~lynn/2009h.html#2 z/Journal Does it Again
http://www.garlic.com/~lynn/2009i.html#21 Why are z/OS people reluctant to use 
z/OS UNIX?
http://www.garlic.com/~lynn/2009l.html#57 IBM halves mainframe Linux engine 
prices
http://www.garlic.com/~lynn/2009m.html#22 PCI SSC Seeks standard for End to End 
Encryption?
http://www.garlic.com/~lynn/2009m.html#81 A Faster Way to the Cloud
http://www.garlic.com/~lynn/2009o.html#81 big iron mainframe vs. x86 servers
http://www.garlic.com/~lynn/2009q.html#67 Now is time for banks to replace core 
system according to Accenture
http://www.garlic.com/~lynn/2009q.html#68 Now is time for banks to replace core 
system according to Accenture

-- 
40+yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

>What I sometimes find -- and not just in Korea -- is that the term
"transactions" has different meanings depending on whom you're talking to.
>The business users and managers tend to think of measurements like card
swipes, purchases, etc. -- the direct business metrics.
>However, the IT staff tend to think of "number of CICS transactions" and/or 
>"number of database updates," to pick two examples.

That is a common issue across the board.
I've run into it many times in the almost 30 years I've been a capacity analyst.
At the last company I worked at the business worried about invoices/orders 
(86,000/day) and IT worried about CICS transactions (70M/day).
I had to do a lot of work to get them to relate to each other, and to point out 
that daily volumes were not totally related to peak volumes.
The latter was a herculean task.

-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

On Fri, Jan 8, 2010 at 6:08 AM, Timothy Sipples  wrote:

> I should say right up front that I am not an expert on Korean banking.
> Also, I have no idea whether the following remarks apply to BC Card
> specifically.
>
> One commenter in this thread suggested that the number of transactions
> looks strange, if by "transactions" you mean "card swipes," basically. What
> I sometimes find -- and not just in Korea -- is that the term
> "transactions" has different meanings depending on whom you're talking to.
> The business users and managers tend to think of measurements like card
> swipes, purchases, etc. -- the direct business metrics. However, the IT
> staff tend to think of "number of CICS transactions" and/or "number of
> database updates," to pick two examples. Thus it's quite common for one
> card swipe to result in several "transactions," depending on the functional
> requirements and application architecture. Loyalty cards (point
> processing), fraud analysis and prevention, business reporting functions,
> overlimit SMS alerting triggers, PIN processing, interbank debiting and
> crediting, customer service functions, etc., etc. can also add considerably
> to the number of "transactions."
>
> So it's very important to decode that term whenever having detailed
> conversations about scale, sizing, growth, and other issues. If you don't
> have that common understanding of "transactions," it gets difficult to have
> meaningful conversations. In the context of a press article it's not a big
> issue at all, but when involved in IT design discussions it's quite
> important.
>
> Also, I recall that Korea has a lot more "real-time posting" of typical
> bank transactions than most other countries. If you think about U.S.
> banking, there's lots of batch processing for, say, check clearing. I think
> Korea handles their equivalent payments differently, much more like the
> real-time interbank settlements for larger transactions. At least, that's
> the explanation I constructed when someone once tried to educate me on the
> differences in better English than my Korean. Said another way, one Korean
> bank transaction does not equal one U.S. (or Chinese) bank transaction in
> terms of path length (for example). They are different creatures for some
> reason.
>
> South Korea, like many other countries, has had problems with high rates of
> credit card default in the not-too-distant past. That might be a reflection
> of what John is talking about (and which I have also heard), that Korean
> credit card companies have been very effective in saturating the market
> with cards.
>
> - - - - -
> Timothy Sipples
> IBM Consulting Enterprise Software Architect
> Based in Tokyo, Serving IBM Japan / Asia-Pacific
> E-Mail: timothy.sipp...@us.ibm.com
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html
>

I was talking about business transactions.  If the posting was talking about
internal system transactions required to affect the processing of a purchase
then several hundred million transactions per day is easily possible.
 However, the beginning of the article talks about a card holder base of 40
or so million people.  From that it seemed reasonable to think that the
transaction count was was directly related to the cardholders and not to the
internal system activity.  My comments should be viewed from this
perspective.

In the US the large card processors are running billions of internal system
transactions a day on distributed and sysplexed z/OS systems
to support hundreds of millions of card holder initiated transactions.

Regards,
Sam

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: OT smart cards was Re: Korean bank Moves back to Mainframes (...no, not back)

>Is the PIN on the card or is it at the bank where they assigned the
one you already had on the debit card to it?

When I went in to get my (pre-chip) card, there was some processing and 
encoding done on the card after I entered my (new) PIN.

I assume there is something on the card, because you could get up to $200 out 
of ABMs when they went offline to the host processor.
At least, at the bank I used to work at.

-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-07 Thread Timothy Sipples

I should say right up front that I am not an expert on Korean banking.
Also, I have no idea whether the following remarks apply to BC Card
specifically.

One commenter in this thread suggested that the number of transactions
looks strange, if by "transactions" you mean "card swipes," basically. What
I sometimes find -- and not just in Korea -- is that the term
"transactions" has different meanings depending on whom you're talking to.
The business users and managers tend to think of measurements like card
swipes, purchases, etc. -- the direct business metrics. However, the IT
staff tend to think of "number of CICS transactions" and/or "number of
database updates," to pick two examples. Thus it's quite common for one
card swipe to result in several "transactions," depending on the functional
requirements and application architecture. Loyalty cards (point
processing), fraud analysis and prevention, business reporting functions,
overlimit SMS alerting triggers, PIN processing, interbank debiting and
crediting, customer service functions, etc., etc. can also add considerably
to the number of "transactions."

So it's very important to decode that term whenever having detailed
conversations about scale, sizing, growth, and other issues. If you don't
have that common understanding of "transactions," it gets difficult to have
meaningful conversations. In the context of a press article it's not a big
issue at all, but when involved in IT design discussions it's quite
important.

Also, I recall that Korea has a lot more "real-time posting" of typical
bank transactions than most other countries. If you think about U.S.
banking, there's lots of batch processing for, say, check clearing. I think
Korea handles their equivalent payments differently, much more like the
real-time interbank settlements for larger transactions. At least, that's
the explanation I constructed when someone once tried to educate me on the
differences in better English than my Korean. Said another way, one Korean
bank transaction does not equal one U.S. (or Chinese) bank transaction in
terms of path length (for example). They are different creatures for some
reason.

South Korea, like many other countries, has had problems with high rates of
credit card default in the not-too-distant past. That might be a reflection
of what John is talking about (and which I have also heard), that Korean
credit card companies have been very effective in saturating the market
with cards.

- - - - -
Timothy Sipples
IBM Consulting Enterprise Software Architect
Based in Tokyo, Serving IBM Japan / Asia-Pacific
E-Mail: timothy.sipp...@us.ibm.com
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: OT smart cards was Re: Korean bank Moves back to Mainframes (...no, not back)

I believe there are two PINs, 
an online PIN which is at the bank and can be verified for online transactions 
and 
an offline PIN which is on the chip and can be used for small value offline 
transactions.  
The goal is to keep the two in synch and this is done during the next online 
transaction.  

I'm not an expert on this but I believe a lot of the functionality depends on 
the actual application on the chip.  There can be more than one application 
on the same chip so that the card can be both a debit card and a credit card.  
They do this a lot in Europe.  


 

 

 
> Date: Thu, 7 Jan 2010 19:29:56 -0400
> From: cfmpub...@ns.sympatico.ca
> Subject: OT smart cards was Re: Korean bank Moves back to Mainframes (...no, 
> not back)
> To: IBM-MAIN@bama.ua.edu
> 
> Is the PIN on the card or is it at the bank where they assigned the
> one you already had on the debit card to it?
  
_
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
http://clk.atdmt.com/GBL/go/196390709/direct/01/
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

OT smart cards was Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-07 Thread Clark Morris

On 7 Jan 2010 12:27:09 -0800, in bit.listserv.ibm-main you wrote:

>>The chip is not just data; it is a processor.  All data exchanged between the 
>>card (ie. the chip) and the terminal is encrypted.  
>
>Why can't their web-site say that?
>
>>There's obviously a lot more to it than that but, right from that basic 
>>level, the chip is inherently more secure that the stripe.  I don't need 
>>Interac to tell me that.  
>
> I'm not a full-blown security expert; I'm a Jack-of-all-Trades.
>All somebody had to do is answer the question.
>
>(Mind you I'm still concerned that the new card had my 'secret' PIN already 
>allocated when I received it.
>At best, they should have me take the card to the Bank, and enter a new/old 
>PIN)

Is the PIN on the card or is it at the bank where they assigned the
one you already had on the debit card to it?
>-
>Too busy driving to stop for gas!
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

Of course, I meant "wringer"!  


 

 

 
> Date: Thu, 7 Jan 2010 18:03:24 -0500
> From: jayare...@hotmail.com
> Subject: Re: Korean bank Moves back to Mainframes (...no, not back)
> To: IBM-MAIN@bama.ua.edu
> 
> > But, the PIN is supposed to be a secret.
> 
> 
> They make a point of not knowing what your actual PIN is. What they 
> put in the chip is an encrypted PIN block that has to be matched after 
> the PIN that you actually key in has been put through the ringer. 
> 
> Even if you could read the chip, and find your PIN block, unless you knew 
> what cryptographic key(s) were used, and which variant(s), to create it and 
> using which algorithm(s), you wouldn't be able to come up with your clear 
> text PIN. Your clear text PIN is not recorded anywhere unless you wrote it 
> down. 
> 
> 
> 
> 
> > Date: Thu, 7 Jan 2010 22:51:52 +
> > From: eamacn...@yahoo.ca
> > Subject: Re: Korean bank Moves back to Mainframes (...no, not back)
> > To: IBM-MAIN@bama.ua.edu
> > 
> > >I presume they did that for your convenience. (Not anybody else's since 
> > >they wouldn't know the PIN.) 
> > However, being a "smart" card with a processor on it, you should be able to 
> > change your PIN at an ATM. 
> > 
> > Yes!
> > But, the PIN is supposed to be a secret.
> > Give me the chip-card, and have me come in to re-do my PIN would have made 
> > me feel more secure.
> > 
> > They didn't do that!
> > -
> > Too busy driving to stop for gas!
> 
> _
> Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
> http://clk.atdmt.com/GBL/go/196390706/direct/01/
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html
  
_
Hotmail: Trusted email with powerful SPAM protection.
http://clk.atdmt.com/GBL/go/196390707/direct/01/
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

> But, the PIN is supposed to be a secret.


They make a point of not knowing what your actual PIN is.  What they 
put in the chip is an encrypted PIN block that has to be matched after 
the PIN that you actually key in has been put through the ringer.  

Even if you could read the chip, and find your PIN block, unless you knew 
what cryptographic key(s) were used, and which variant(s), to create it and 
using which algorithm(s), you wouldn't be able to come up with your clear 
text PIN.  Your clear text PIN is not recorded anywhere unless you wrote it 
down.  

 

 
> Date: Thu, 7 Jan 2010 22:51:52 +
> From: eamacn...@yahoo.ca
> Subject: Re: Korean bank Moves back to Mainframes (...no, not back)
> To: IBM-MAIN@bama.ua.edu
> 
> >I presume they did that for your convenience. (Not anybody else's since they 
> >wouldn't know the PIN.) 
> However, being a "smart" card with a processor on it, you should be able to 
> change your PIN at an ATM. 
> 
> Yes!
> But, the PIN is supposed to be a secret.
> Give me the chip-card, and have me come in to re-do my PIN would have made me 
> feel more secure.
> 
> They didn't do that!
> -
> Too busy driving to stop for gas!
  
_
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
http://clk.atdmt.com/GBL/go/196390706/direct/01/
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

>I presume they did that for your convenience.  (Not anybody else's since they 
>wouldn't know the PIN.)  
However, being a "smart" card with a processor on it, you should be able to 
change your PIN at an ATM.  

Yes!
But, the PIN is supposed to be a secret.
Give me the chip-card, and have me come in to re-do my PIN would have made me 
feel more secure.

They didn't do that!
-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-07 Thread Anne & Lynn Wheeler

The following message is a courtesy copy of an article
that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well.

Howard Brazee  writes:
> The question is - are they secure enough?It takes more work to
> clone a chip card, but do crooks who have the technology to use
> mag-strip cards have access to the technology to use chip cards?   I
> don't know the answer.

re:
http://www.garlic.com/~lynn/2010.html#71 Korean bank Moves back to Mainframes 
(...no, not back)
http://www.garlic.com/~lynn/2010.html#72 Korean bank Moves back to Mainframes 
(...no, not back)

the compromise of terminal or machine to skim data ... whether magstripe
or chip ... was nearly identical. the cost of magstripe cards is several
cents less than chipcards used for "yes cards" ... but that is
relatively minor compared to the compromise effort to skim&collect the
data ... as well as the avg. fraud ROI per counterfeit card.

as referenced in the cartes2002 presentation ... it was trivial to
create a counterfeit "yes card" ... and the technology and description
was readily available on the internet thru the later half of the 90s.

after having done work with small client/server startup (the startup
also had invented this technology called "SSL" that they wanted to use)
for payment transactions and what is now comingly called "electronic
commerce" ... in the mid-90s we were invited to participate in the x9a10
financial standard working group ... which had been given the
requirement to preserve the integrity of the financial infrastructure
for all retail payments. The "yes card" kind of exploit was one of the
early, easily identifed vulnerabilities by the x9a10 standard working
group (long before any kind of actual deployment of that technology)

-- 
40+yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-07 Thread John Kim

I am so impressed your insight!  Please forgive me for off-line of the
topic.

Although I don't have stats in my hands, I can explain two things for
your understanding how they got over an economic crisis. 
Way back to mid of 1990s the economic crisis in S Korea was almost same
or bigger than last years in US, and it was controlled by IMF.
I experienced a big jump on the commodity price, especially 5 times
increase over the night for the  flour and toilet paper which had never
experienced since I was born in.  That's why I came over here for a
better quality of toilet paper with batter price.

First thing government tried to do was campaigning in order for them to
turn around an economic crisis;
- asking the nation to come out them with Gold from their draw or safe.

At that time I also sold my wedding & my children's baby-shower rings to
government, in a result world gold market was fluctuated, and gold price
was downward.

- Secondly Government tried to let people sign on an application for the
credit cards as many as possible in order to stimulate a financial
infrastructure.  

At that time my high school nephew had dozen cards, and still using it.

Eventually prevailing credit cards worked, and would be able to get over
an economic crisis, although they have a social crisis by over-spending
as fallout.

That's why they need extra wallet for more cards.

Sometime economists also don't understand how Korean economy works.

One thing I know is they are really superb at campaigning!

-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of Sam Siegel
Sent: Thursday, January 07, 2010 11:52 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Korean bank Moves back to Mainframes (...no, not back)

On Thu, Jan 7, 2010 at 6:36 PM, Ted MacNEIL  wrote:

> >That's the point of (EMV) "chip" cards.  >They are inherently more
secure.
>
> Why are they more secure?
> INTERAC Canada has been telling us that they are.
> So far, on their web-site, the proof presented has been: "They are
more
> secure".
>
> When they sent me my new chip card, through the bank I use, nothing
had
> changed.
> They even kept the same PIN, which is supposed to be a secret.
>
> Except for a different slot in the debit machine, the process for
payment
> is the same.
>
> Where is the 'enhanced' security?
> What makes it so?
>
> I honestly don't know if this is off-topic, because debit cards, in
Canada,
> are still processed on mainframes, for the Big Five, at least.
>
> And, the mainframe, if you aren't stupid, is still the most secure
> processing environment, chip cards aside.
>
> (Yes! My bias is showing.)
> -
> Too busy driving to stop for gas!
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html
>

I'm not trying to be argumentative here, but some of the number still
don't
just add up.

On a global basis the largest card processor in the world clears and
settles
about 10 billion USD on 250 to 300 million transactions per day..  Or
about
40 USD per transaction.  Assuming that the average in S. Korea
transaction
is 5 USD.  Then 200 million per day is a billion USD per day cleared and
settled.  This is over 360 billion USD per year.  The S. Korean economy
is
1.3 Trillion USD (2008) according to the CIA fact book.  That would mean
that 28% of the S. Korean economy is handled via Credit Card
transactions.
 This is more than 5 times the rate of the rest of the world.

If an average transaction rate of 20 USD was used it would be even more
extreme.  If a lower average transaction value was used, then fees and
charges would be a large portions of the profits that merchant would be
giving up.

Something does not balance.

That would

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

The information transmitted is intended only for the addressee and may contain 
confidential, proprietary and/or privileged material. Any unauthorized review, 
distribution or other use of or the taking of any action in reliance upon this 
information is prohibited. If you receive this in error, please contact the 
sender and delete or destroy this message and any copies.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

> Why can't their web-site say that?


Dunno!  Too much information maybe?  


 

> (Mind you I'm still concerned that the new card had my 'secret' PIN already 
> allocated when I received it.
> At best, they should have me take the card to the Bank, and enter a new/old 
> PIN)


I presume they did that for your convenience.  (Not anybody else's since they 
wouldn't know the PIN.)  
However, being a "smart" card with a processor on it, you should be able to 
change your PIN at an ATM.  


 

 

 
> Date: Thu, 7 Jan 2010 20:26:39 +0000
> From: eamacn...@yahoo.ca
> Subject: Re: Korean bank Moves back to Mainframes (...no, not back)
> To: IBM-MAIN@bama.ua.edu
> 
> >The chip is not just data; it is a processor. All data exchanged between the 
> >card (ie. the chip) and the terminal is encrypted. 
> 
> Why can't their web-site say that?
> 
> >There's obviously a lot more to it than that but, right from that basic 
> >level, the chip is inherently more secure that the stripe. I don't need 
> >Interac to tell me that. 
> 
> I'm not a full-blown security expert; I'm a Jack-of-all-Trades.
> All somebody had to do is answer the question.
> 
> (Mind you I'm still concerned that the new card had my 'secret' PIN already 
> allocated when I received it.
> At best, they should have me take the card to the Bank, and enter a new/old 
> PIN)
> -
> Too busy driving to stop for gas!
  
_
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
http://clk.atdmt.com/GBL/go/196390706/direct/01/
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

On 7 Jan 2010 12:22:08 -0800, eamacn...@yahoo.ca (Ted MacNEIL) wrote:

>I got flagged once, at work, for using a very vile word in an e-mail.
>I didn't. I was just discussing Soccer and a town that ended in "thorpe'.
>The word was pulled out of the middle of a larger word, without delimeters.

I forgot the details where it took a while to figure out how to change
a business document to get by the Spam filters to a co-worker. Getting
rid of one innocuous (to me) word did it, but it wasn't at all
obvious.

I feel sorry for people who need to use their computers to search for
medical and other help for issues that get flagged as dirty (I'm not
wanting to use words to get this message filtered). 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

On 7 Jan 2010 11:16:06 -0800, jayare...@hotmail.com (J R) wrote:

>> Why are they more secure?
>
> 
>
>On a mag-stripe card, the data is right there, unencrypted for anyone to read 
>and, 
>if they so desire, clone.  
>
>The chip is not just data; it is a processor.  All data exchanged between the 
>card (ie. the chip) and the terminal is encrypted.  
>
>There's obviously a lot more to it than that but, right from that basic level, 
>the chip is inherently more secure that the stripe.  I don't need Interac to 
>tell me that.  

The question is - are they secure enough?It takes more work to
clone a chip card, but do crooks who have the technology to use
mag-strip cards have access to the technology to use chip cards?   I
don't know the answer.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

On 7 Jan 2010 11:44:55 -0800, john.mck...@healthmarkets.com (McKown,
John) wrote:

>Perhaps the Korean banks are competent? And they can make money by not paying 
>the account 
>holder all the income that the bank makes on the money entrusted to them? U.S. 
>banks used to 
>be user friendly and competent. They are, like most, now run by greedy fools.

There are two big issues with US banks here - one is how much money
they spend on regulatory issues.Why should banks and credit unions
have different rules to follow?

And the 2nd issue is much bigger, it's a business culture issue that
is by no means limited to banks.   That is we have lots of people
running businesses who don't have the same risk/rewards as the
businesses themselves have.Making decisions that will bankrupt the
company in 5 years won't stop a CEO from getting wealthy now,
especially if the company gets bailed out by taxpayers.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

>The chip is not just data; it is a processor.  All data exchanged between the 
>card (ie. the chip) and the terminal is encrypted.  

Why can't their web-site say that?

>There's obviously a lot more to it than that but, right from that basic level, 
>the chip is inherently more secure that the stripe.  I don't need Interac to 
>tell me that.  

 I'm not a full-blown security expert; I'm a Jack-of-all-Trades.
All somebody had to do is answer the question.

(Mind you I'm still concerned that the new card had my 'secret' PIN already 
allocated when I received it.
At best, they should have me take the card to the Bank, and enter a new/old PIN)
-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

>It also discussed programs done by anti-terrorists and anti-fraud
units which check for suspicious withdrawals.
>Everything gets tracked.I haven't worked for a bank IS, but it could be
interesting to develop such programs.

Banks, at least in Canada, have been running DSS/AI/Anti-Fraud/Terrorist 
detection for years.
But, they have put in arbitrary thresholds, such as $1000, or the like.

The biggest issue is the number of false positives.

A similar issue showed up with the scanning of e-mails for violent/terrorist 
lamguage on the INTERNET.
Every teenage kid playing World of Warcraft got flagged.

I got flagged once, at work, for using a very vile word in an e-mail.
I didn't. I was just discussing Soccer and a town that ended in "thorpe'.
The word was pulled out of the middle of a larger word, without delimeters.

Another example, not financial, is at a company I used to work for.
The service provider had introduced a SPAM filtering package that kept 
suspected SPAM away from the recipient, so the intended recipient could not 
verify that it was SPAM.
So, there was no Human Intervention and approval.
But, the provider was using the percentage rejected as a performance metric.
When I asked about false positives, they told me I didn't understand the issue.

The whole point is, any AI algorithm needs a human overseer.
It's not good enough on its own, yet.
-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-07 Thread Anne & Lynn Wheeler

The following message is a courtesy copy of an article
that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well.

Howard Brazee  writes:
> Yep.   This isn't always bad.   We didn't get on the bandwagon with
> analog HDTV, but waited until the digital variety came out.Maybe
> now that we see higher security and privacy needs, we will get a
> better model here as well.

re:
http://www.garlic.com/~lynn/2010.html#71 Korean bank Moves back to Mainframes 
(...no, not back)

there was actually a rather large deployment in the NE about the time of
the cartes2002 presentation (and the atm integrity task force meetings)
... which then seemed to disappear w/o a trace. There has been some
concerned expressed about the much larger deployment costs for the US
... but it may actually not so much be about the cost of a single
deployment ... but that there may have to be a large number of
deployments.

-- 
40+yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-07 Thread Anne & Lynn Wheeler

The following message is a courtesy copy of an article
that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well.

jayare...@hotmail.com (J R) writes:
> That's the point of (EMV) "chip" cards. They are inherently more secure.

modulo when there are significantly less secure ...

"yes card" vulnerability reference ... basically compromise POS terminal
(or other swipe mechanism to skim the data ... effectively same kind of
exploit used to skim magstripe data) ... and then "trivially" create
counterfeit "yes card" ... original reference gone 404 ... but can be
found at the wayback machine referencing presentation at cartes2002:
http://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/resources/articles/cartes2002.html

about the same time there was presentation on the vulnerabilities at the
ATM integrity task force meetings (prompting somebody in the audience to
comment that they managed to spend billions of dollars to prove that
chips are less secure than magstripe) ... a couple recent posts
with references:
http://www.garlic.com/~lynn/2009q.html#78 70 Years of ATM Innovation
http://www.garlic.com/~lynn/2009r.html#16 70 Years of ATM Innovation

lots of past posts mentioning "yes card":
http://www.garlic.com/~lynn/subintegrity.html#yescard

--
40+yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

That's why I actually made two statements:  

1. 
> ... they don't seem to have quite as much of a fraud problem as we seem to 
> have. 
 
That's the point of (EMV) "chip" cards. They are inherently more secure. 
 
 2.
> ... they don't use 'credit cards' as we know them in Asia. Rather, it is more 
> of a 'smart card' strategy. 
 
The US is at least 12 years behind Europe, Australia/NZ and parts of Asia in 
deploying chip cards. 


 

You can have your choice:  
(1)  Address security and have less fraud  
-or-  
(2)  Wait for the technology to be perfected before adopting it.  


 

 
> Date: Thu, 7 Jan 2010 12:35:38 -0700
> From: howard.bra...@cusys.edu
> Subject: Re: Korean bank Moves back to Mainframes (...no, not back)
> To: IBM-MAIN@bama.ua.edu
> 
> On 7 Jan 2010 10:26:24 -0800, jayare...@hotmail.com (J R) wrote:
> 
> >> ... they don't use 'credit cards' as we know them in Asia. Rather, it is 
> >> more of a 'smart card' strategy. 
> >
> > 
> >
> >The US is at least 12 years behind Europe, Australia/NZ and parts of Asia in 
> >deploying chip cards. 
> 
> Yep. This isn't always bad. We didn't get on the bandwagon with
> analog HDTV, but waited until the digital variety came out. Maybe
> now that we see higher security and privacy needs, we will get a
> better model here as well.
  
_
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
http://clk.atdmt.com/GBL/go/196390706/direct/01/
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

On 7 Jan 2010 10:31:19 -0800, dennis.ro...@lmco.com (Roach, Dennis  ,
N-GHG) wrote:

>The number is not that surprising when you stop and think about the no cash on 
>hand philosophy. 
>Think of using your debit/bank/credit/atm card for everything you buy.  
>Morning coffee, newspaper, breakfast. 
>Transportation - gas, parking, bus, cab, train, subway. 
>Lunch
>Snack (even from a vending machine)
>Transportation
>All shopping
>5 transactions on average is not that much.

Most days, I buy nothing at all.But today I stopped at Panera
Bread and was asked if I could pay by card as their cash machine
wasn't yet ready.

I was reading SuperFreakonomics and it had a portion about the
economics of prostitution - and the high end call girl charged $500,
mainly to married men.I wondered how many men can get a hold of
that cash without wives seeing the withdrawal.

It also discussed programs done by anti-terrorists and anti-fraud
units which check for suspicious withdrawals.   Everything gets
tracked.I haven't worked for a bank IS, but it could be
interesting to develop such programs.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-07 Thread McKown, John

> -Original Message-
> From: IBM Mainframe Discussion List 
> [mailto:ibm-m...@bama.ua.edu] On Behalf Of Hal Merritt
> Sent: Thursday, January 07, 2010 12:00 PM
> To: IBM-MAIN@bama.ua.edu
> Subject: Re: Korean bank Moves back to Mainframes (...no, not back)
> 
> Concur. It would appear that the consumer electronic 
> financial infrastructures are quite different outside of the 
> US. Indeed, ours seems pretty primitive and a lot less 
> consumer friendly. More, they don't seem to have quite as 
> much of a fraud problem as we seem to have. 
> 
> I think I read somewhere that they don't use 'credit cards' 
> as we know them in Asia. Rather, it is more of a 'smart card' 
> strategy. 
> 
> Wonder how this works without fees? 

Perhaps the Korean banks are competent? And they can make money by not paying 
the account holder all the income that the bank makes on the money entrusted to 
them? U.S. banks used to be user friendly and competent. They are, like most, 
now run by greedy fools.

--
John McKown 
Systems Engineer IV
IT

Administrative Services Group

HealthMarkets(r)

9151 Boulevard 26 * N. Richland Hills * TX 76010
(817) 255-3225 phone * (817)-961-6183 cell
john.mck...@healthmarkets.com * www.HealthMarkets.com

Confidentiality Notice: This e-mail message may contain confidential or 
proprietary information. If you are not the intended recipient, please contact 
the sender by reply e-mail and destroy all copies of the original message. 
HealthMarkets(r) is the brand name for products underwritten and issued by the 
insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance 
Company(r), Mid-West National Life Insurance Company of TennesseeSM and The 
MEGA Life and Health Insurance Company.SM

 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-07 Thread John Mattson

Be not the first by whom the new are tried, 
Nor yet the last to lay the old aside. 
- Alexander Pope 


Howard Brazee  
Sent by: IBM Mainframe Discussion List 
01/07/2010 11:35 AM
Please respond to
IBM Mainframe Discussion List 
Expire Date: 01/07/2012


To
IBM-MAIN@bama.ua.edu
cc

Subject
Re: Korean bank Moves back to Mainframes (...no, not back)




On 7 Jan 2010 10:26:24 -0800, jayare...@hotmail.com (J R) wrote:
>>> ... they don't use 'credit cards' as we know them in Asia. Rather, it 
is more of a 'smart card' strategy. 
>>The US is at least 12 years behind Europe, Australia/NZ and parts of 
Asia in deploying chip cards. 
>Yep.   This isn't always bad.   We didn't get on the bandwagon with 
analog HDTV, but waited until the digital variety came out.Maybe now 
that we see higher security and privacy needs, we will get a better model 
here as well.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

On 7 Jan 2010 10:26:24 -0800, jayare...@hotmail.com (J R) wrote:

>> ... they don't use 'credit cards' as we know them in Asia. Rather, it is 
>> more of a 'smart card' strategy. 
>
> 
>
>The US is at least 12 years behind Europe, Australia/NZ and parts of Asia in 
>deploying chip cards.  

Yep.   This isn't always bad.   We didn't get on the bandwagon with
analog HDTV, but waited until the digital variety came out.Maybe
now that we see higher security and privacy needs, we will get a
better model here as well.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

> Why are they more secure?

 

On a mag-stripe card, the data is right there, unencrypted for anyone to read 
and, 
if they so desire, clone.  

The chip is not just data; it is a processor.  All data exchanged between the 
card (ie. the chip) and the terminal is encrypted.  

There's obviously a lot more to it than that but, right from that basic level, 
the chip is inherently more secure that the stripe.  I don't need Interac to 
tell me that.  

 

 

> Date: Thu, 7 Jan 2010 18:36:37 +
> From: eamacn...@yahoo.ca
> Subject: Re: Korean bank Moves back to Mainframes (...no, not back)
> To: IBM-MAIN@bama.ua.edu
> 
> >That's the point of (EMV) "chip" cards. >They are inherently more secure. 
> 
> Why are they more secure?
> INTERAC Canada has been telling us that they are.
> So far, on their web-site, the proof presented has been: "They are more 
> secure".
> 
> When they sent me my new chip card, through the bank I use, nothing had 
> changed.
> They even kept the same PIN, which is supposed to be a secret.
> 
> Except for a different slot in the debit machine, the process for payment is 
> the same.
> 
> Where is the 'enhanced' security?
> What makes it so?
> 
> I honestly don't know if this is off-topic, because debit cards, in Canada, 
> are still processed on mainframes, for the Big Five, at least.
> 
> And, the mainframe, if you aren't stupid, is still the most secure processing 
> environment, chip cards aside.
> 
> (Yes! My bias is showing.)
> -
> Too busy driving to stop for gas!


  
_
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
http://clk.atdmt.com/GBL/go/196390709/direct/01/
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

On Thu, Jan 7, 2010 at 6:36 PM, Ted MacNEIL  wrote:

> >That's the point of (EMV) "chip" cards.  >They are inherently more secure.
>
> Why are they more secure?
> INTERAC Canada has been telling us that they are.
> So far, on their web-site, the proof presented has been: "They are more
> secure".
>
> When they sent me my new chip card, through the bank I use, nothing had
> changed.
> They even kept the same PIN, which is supposed to be a secret.
>
> Except for a different slot in the debit machine, the process for payment
> is the same.
>
> Where is the 'enhanced' security?
> What makes it so?
>
> I honestly don't know if this is off-topic, because debit cards, in Canada,
> are still processed on mainframes, for the Big Five, at least.
>
> And, the mainframe, if you aren't stupid, is still the most secure
> processing environment, chip cards aside.
>
> (Yes! My bias is showing.)
> -
> Too busy driving to stop for gas!
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html
>

I'm not trying to be argumentative here, but some of the number still don't
just add up.

On a global basis the largest card processor in the world clears and settles
about 10 billion USD on 250 to 300 million transactions per day..  Or about
40 USD per transaction.  Assuming that the average in S. Korea transaction
is 5 USD.  Then 200 million per day is a billion USD per day cleared and
settled.  This is over 360 billion USD per year.  The S. Korean economy  is
1.3 Trillion USD (2008) according to the CIA fact book.  That would mean
that 28% of the S. Korean economy is handled via Credit Card transactions.
 This is more than 5 times the rate of the rest of the world.

If an average transaction rate of 20 USD was used it would be even more
extreme.  If a lower average transaction value was used, then fees and
charges would be a large portions of the profits that merchant would be
giving up.

Something does not balance.

That would

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-07 Thread Chase, John

> -Original Message-
> From: IBM Mainframe Discussion List [On Behalf Of Roach, Dennis
(N-GHG)
> 
> The number is not that surprising when you stop and think about the no
cash on hand philosophy.
> Think of using your debit/bank/credit/atm card for everything you buy.
> Morning coffee, newspaper, breakfast.
> Transportation - gas, parking, bus, cab, train, subway.
> Lunch
> Snack (even from a vending machine)
> Transportation
> All shopping
> 5 transactions on average is not that much.

Still need cash for the "side pots" in bowling leagues.  :-)

   -jc-

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-07 Thread Chase, John

> -Original Message-
> From: IBM Mainframe Discussion List On Behalf Of Hal Merritt
> 
> Concur. It would appear that the consumer electronic financial
infrastructures are quite different
> outside of the US. Indeed, ours seems pretty primitive and a lot less
consumer friendly. More, they
> don't seem to have quite as much of a fraud problem as we seem to
have.
> 
> I think I read somewhere that they don't use 'credit cards' as we know
them in Asia. Rather, it is
> more of a 'smart card' strategy.
> 
> Wonder how this works without fees?

Two possibilities come immediately to mind:

1.  Interest on loans, and/or
2.  Government (tax) subsidy.

I doubt "corporate altruism" enters into the equation.

-jc-

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

>That's the point of (EMV) "chip" cards.  >They are inherently more secure.  

Why are they more secure?
INTERAC Canada has been telling us that they are.
So far, on their web-site, the proof presented has been: "They are more secure".

When they sent me my new chip card, through the bank I use, nothing had changed.
They even kept the same PIN, which is supposed to be a secret.

Except for a different slot in the debit machine, the process for payment is 
the same.

Where is the 'enhanced' security?
What makes it so?

I honestly don't know if this is off-topic, because debit cards, in Canada, are 
still processed on mainframes, for the Big Five, at least.

And, the mainframe, if you aren't stupid, is still the most secure processing 
environment, chip cards aside.

(Yes! My bias is showing.)
-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-07 Thread John Kim

I wouldn't agree that the financial structure in the US seems primitive,
but it's quite sure a lot less customer friendly.  The most tedious
thing was to participate in a campaign ' Customer is the king' on a
daily basis, although I was a computer guy there. No exception at all.

I can feel they have a lot less fraud incidents than Norte America.
Their system is kind of bureaucratic structure; instead Banks hire lots
of retired law-enforcement to look after who are fallen behind their
card payment.  

People over there has a perception that no pay to the bank, unless
borrow money.
Which means I am a king of the feeder for Banks, and Banks still makes
pretty big fortune with fees.  

Honestly I don't know how much portion in their profits from the fees if
they charge.
I was a system programming guy...

Regards John Kim

-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of Hal Merritt
Sent: Thursday, January 07, 2010 11:00 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Korean bank Moves back to Mainframes (...no, not back)

Concur. It would appear that the consumer electronic financial
infrastructures are quite different outside of the US. Indeed, ours
seems pretty primitive and a lot less consumer friendly. More, they
don't seem to have quite as much of a fraud problem as we seem to have. 

I think I read somewhere that they don't use 'credit cards' as we know
them in Asia. Rather, it is more of a 'smart card' strategy. 

Wonder how this works without fees? 

-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of Sam Siegel
Sent: Thursday, January 07, 2010 11:42 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Korean bank Moves back to Mainframes (...no, not back)

I will bow to the man with direct experience ... Base on reading the
article
it appeared to be talking about traditional Credit Card processing.  It
was
not clear to someone without directly knowledge of the S. Korean banking
system (me) that Credit Cards handle such a broad scope of financial
transactions.

Even then, it means an average of 5 transaction per day per card they
manage.  This is a very impressive number of transactions per card per
day.

Regards,
Sam

On Thu, Jan 7, 2010 at 5:19 PM, John Kim  wrote:

> I am a positive side they process hundreds of millions of Credit Card
> transactions a day. I used work for the one of national banks (BC card
> member).
>
> Their banking system also quite remarkable that more than dozen of
> accounts from each bank are all connected to the card account;
> - They almost do every thing through banking systems - pay tax,
utility,
> cell phone,
>   Speeding ticket, home shopping, air-line ticket, and wiring to
> another bank...etc
> - Bus pass, Sub-way or toll-gate fare also paid from your bank
accounts
> directly when you screen the system in on-site.
>
>
>  All these transactions are linked to card account via banking
> accounts, but customers pay nothing to bank for transaction fee or any
> other service changes...
> No balance limits for waiver a service charges... not at all (but wire
> to other countries). Instead they stand up & bow to you when you step
> into the bank and advice you opening more accounts & cards.
>
> You don't even have to open the door because your first encounter is a
> door man.  He / She will hand out you pamphlets & asking the opening
> accounts & cards.
>
> We used hire university kids as a summer job. They were pretty good
> except random accident, some times bumped heads when they bowed each
> other.
>
>
> It can't be a simple comparison unless by population (45 million vs
> ??? million). Their system is quite different than US card companies;
I
> used have 7 BC cards from different banks that allowed more credit
> limits from each banks.
>
> - And also their changed attitude populates more cards; they used gift
> their children savings accounts for entering kindergarten or
> birthday...etc.  But now it has switched to credit cards & cell-phone
> (it's called hand-phone in S Korea).
>
>
>
>
> -----Original Message-
> From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
> Behalf Of Sam Siegel
> Sent: Thursday, January 07, 2010 4:15 AM
> To: IBM-MAIN@bama.ua.edu
> Subject: Re: Korean bank Moves back to Mainframes (...no, not back)
>
> There are other business related inaccuracies in the article as well.
> The
> article indicates that they process hundreds of millions of Credit
Card
> transactions a day.  Having previously worked at a large credit card
> processor in the US, it can be said with certainty that the S. Korean
> credit
> card volumes are orders of magnitude smaller than US volumes.  Th

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-07 Thread Roach, Dennis (N-GHG)

The number is not that surprising when you stop and think about the no cash on 
hand philosophy. 
Think of using your debit/bank/credit/atm card for everything you buy.  
Morning coffee, newspaper, breakfast. 
Transportation - gas, parking, bus, cab, train, subway. 
Lunch
Snack (even from a vending machine)
Transportation
All shopping
5 transactions on average is not that much.


Dennis Roach
GHG Corporation
Lockheed Martin Mission Services
Facilities Design and Operations Contract
Strategic Technical Engineering
NASA/JSC
Address:
   2100 Space Park Drive 
   LM-15-4BH
   Houston, Texas 77058
Mail:
   P.O. Box 58487
   Mail Code H4C
   Houston, Texas 77258-8487
Phone:
   Voice:  (281)336-5027
   Cell:   (713)591-1059
   Fax:(281)336-5410
E-Mail:  dennis.ro...@lmco.com

All opinions expressed by me are mine and may not agree with my employer or any 
person, company, or thing, living or dead, on or near this or any other planet, 
moon, asteroid, or other spatial object, natural or manufactured, since the 
beginning of time.

> -Original Message-
> From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
> Behalf Of Sam Siegel
> Sent: Thursday, January 07, 2010 11:42 AM
> To: IBM-MAIN@bama.ua.edu
> Subject: Re: Korean bank Moves back to Mainframes (...no, not back)
> 
> I will bow to the man with direct experience ... Base on reading the
> article
> it appeared to be talking about traditional Credit Card processing.  It
> was
> not clear to someone without directly knowledge of the S. Korean banking
> system (me) that Credit Cards handle such a broad scope of financial
> transactions.
> 
> Even then, it means an average of 5 transaction per day per card they
> manage.  This is a very impressive number of transactions per card per
> day.
> 
> Regards,
> Sam
> 
> On Thu, Jan 7, 2010 at 5:19 PM, John Kim  wrote:
> 
> > I am a positive side they process hundreds of millions of Credit Card
> > transactions a day. I used work for the one of national banks (BC card
> > member).
> >
> > Their banking system also quite remarkable that more than dozen of
> > accounts from each bank are all connected to the card account;
> > - They almost do every thing through banking systems - pay tax,
> utility,
> > cell phone,
> >   Speeding ticket, home shopping, air-line ticket, and wiring to
> > another bank...etc
> > - Bus pass, Sub-way or toll-gate fare also paid from your bank
> accounts
> > directly when you screen the system in on-site.
> >
> >
> >  All these transactions are linked to card account via banking
> > accounts, but customers pay nothing to bank for transaction fee or any
> > other service changes...
> > No balance limits for waiver a service charges... not at all (but wire
> > to other countries). Instead they stand up & bow to you when you step
> > into the bank and advice you opening more accounts & cards.
> >
> > You don't even have to open the door because your first encounter is a
> > door man.  He / She will hand out you pamphlets & asking the opening
> > accounts & cards.
> >
> > We used hire university kids as a summer job. They were pretty good
> > except random accident, some times bumped heads when they bowed each
> > other.
> >
> >
> > It can't be a simple comparison unless by population (45 million vs
> > ??? million). Their system is quite different than US card companies;
> I
> > used have 7 BC cards from different banks that allowed more credit
> > limits from each banks.
> >
> > - And also their changed attitude populates more cards; they used gift
> > their children savings accounts for entering kindergarten or
> > birthday...etc.  But now it has switched to credit cards & cell-phone
> > (it's called hand-phone in S Korea).
> >
> >
> >
> >
> > -Original Message-
> > From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
> > Behalf Of Sam Siegel
> > Sent: Thursday, January 07, 2010 4:15 AM
> > To: IBM-MAIN@bama.ua.edu
> > Subject: Re: Korean bank Moves back to Mainframes (...no, not back)
> >
> > There are other business related inaccuracies in the article as well.
> > The
> > article indicates that they process hundreds of millions of Credit
> Card
> > transactions a day.  Having previously worked at a large credit card
> > processor in the US, it can be said with certainty that the S. Korean
> > credit
> > card volumes are orders of magnitude smaller than US volumes.  The US
> > volumes are in the range of 100 to 200 million per day depending on
> the
> > time
> > of t

Re: Korean bank Moves back to Mainframes (...no, not back)

> ... they don't seem to have quite as much of a fraud problem as we seem to 
> have. 

 

That's the point of (EMV) "chip" cards.  They are inherently more secure.  

 

 

> ... they don't use 'credit cards' as we know them in Asia. Rather, it is more 
> of a 'smart card' strategy. 

 

The US is at least 12 years behind Europe, Australia/NZ and parts of Asia in 
deploying chip cards.  

 

 

 

> Date: Thu, 7 Jan 2010 12:00:20 -0600
> From: hmerr...@jackhenry.com
> Subject: Re: Korean bank Moves back to Mainframes (...no, not back)
> To: IBM-MAIN@bama.ua.edu
> 
> Concur. It would appear that the consumer electronic financial 
> infrastructures 
> are quite different outside of the US. Indeed, ours seems pretty primitive and
> a lot less consumer friendly. More, they don't seem to have quite as much of 
> a fraud problem as we seem to have. 
> 
> I think I read somewhere that they don't use 'credit cards' as we know them 
> in Asia. Rather, it is more of a 'smart card' strategy. 
> 
> Wonder how this works without fees? 
> 
> 


 
  
_
Hotmail: Powerful Free email with security by Microsoft.
http://clk.atdmt.com/GBL/go/196390710/direct/01/
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-07 Thread Hal Merritt

Concur. It would appear that the consumer electronic financial infrastructures 
are quite different outside of the US. Indeed, ours seems pretty primitive and 
a lot less consumer friendly. More, they don't seem to have quite as much of a 
fraud problem as we seem to have. 

I think I read somewhere that they don't use 'credit cards' as we know them in 
Asia. Rather, it is more of a 'smart card' strategy. 

Wonder how this works without fees? 

  

-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of 
Sam Siegel
Sent: Thursday, January 07, 2010 11:42 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Korean bank Moves back to Mainframes (...no, not back)

I will bow to the man with direct experience ... Base on reading the article
it appeared to be talking about traditional Credit Card processing.  It was
not clear to someone without directly knowledge of the S. Korean banking
system (me) that Credit Cards handle such a broad scope of financial
transactions.

Even then, it means an average of 5 transaction per day per card they
manage.  This is a very impressive number of transactions per card per day.

Regards,
Sam

On Thu, Jan 7, 2010 at 5:19 PM, John Kim  wrote:

> I am a positive side they process hundreds of millions of Credit Card
> transactions a day. I used work for the one of national banks (BC card
> member).
>
> Their banking system also quite remarkable that more than dozen of
> accounts from each bank are all connected to the card account;
> - They almost do every thing through banking systems - pay tax, utility,
> cell phone,
>   Speeding ticket, home shopping, air-line ticket, and wiring to
> another bank...etc
> - Bus pass, Sub-way or toll-gate fare also paid from your bank accounts
> directly when you screen the system in on-site.
>
>
>  All these transactions are linked to card account via banking
> accounts, but customers pay nothing to bank for transaction fee or any
> other service changes...
> No balance limits for waiver a service charges... not at all (but wire
> to other countries). Instead they stand up & bow to you when you step
> into the bank and advice you opening more accounts & cards.
>
> You don't even have to open the door because your first encounter is a
> door man.  He / She will hand out you pamphlets & asking the opening
> accounts & cards.
>
> We used hire university kids as a summer job. They were pretty good
> except random accident, some times bumped heads when they bowed each
> other.
>
>
> It can't be a simple comparison unless by population (45 million vs
> ??? million). Their system is quite different than US card companies; I
> used have 7 BC cards from different banks that allowed more credit
> limits from each banks.
>
> - And also their changed attitude populates more cards; they used gift
> their children savings accounts for entering kindergarten or
> birthday...etc.  But now it has switched to credit cards & cell-phone
> (it's called hand-phone in S Korea).
>
>
>
>
> -Original Message-
> From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
> Behalf Of Sam Siegel
> Sent: Thursday, January 07, 2010 4:15 AM
> To: IBM-MAIN@bama.ua.edu
> Subject: Re: Korean bank Moves back to Mainframes (...no, not back)
>
> There are other business related inaccuracies in the article as well.
> The
> article indicates that they process hundreds of millions of Credit Card
> transactions a day.  Having previously worked at a large credit card
> processor in the US, it can be said with certainty that the S. Korean
> credit
> card volumes are orders of magnitude smaller than US volumes.  The US
> volumes are in the range of 100 to 200 million per day depending on the
> time
> of the year.
>
> On Thu, Jan 7, 2010 at 8:39 AM, Timothy Sipples
> wrote:
>
> > That's not the correct headline.
> >
> > BC Card isn't moving *back* to mainframes. In its 27+ year history, BC
> Card
> > has never had a mainframe -- nothing in the System z lineage, anyway.
> They
> > are now replacing HP and Sun UNIX servers, and Oracle databases, with
> (a
> > presumably small number of) IBM mainframes. They are new in almost
> every
> > possible mainframe-related way: new z/OS customer, new CICS
> Transaction
> > Server for z/OS customer, new WebSphere Application Server for z/OS
> > customer, new System z10 customer, new mainframe customer.
> >
> > There are some things in the article I disagree with, but there's one
> fact
> > in particular that is most certainly not correct. The article says
> this:
> >
> > "Sources at IBM say that this is the first Unix-to-m

Re: Korean bank Moves back to Mainframes (...no, not back)

I will bow to the man with direct experience ... Base on reading the article
it appeared to be talking about traditional Credit Card processing.  It was
not clear to someone without directly knowledge of the S. Korean banking
system (me) that Credit Cards handle such a broad scope of financial
transactions.

Even then, it means an average of 5 transaction per day per card they
manage.  This is a very impressive number of transactions per card per day.

Regards,
Sam

On Thu, Jan 7, 2010 at 5:19 PM, John Kim  wrote:

> I am a positive side they process hundreds of millions of Credit Card
> transactions a day. I used work for the one of national banks (BC card
> member).
>
> Their banking system also quite remarkable that more than dozen of
> accounts from each bank are all connected to the card account;
> - They almost do every thing through banking systems - pay tax, utility,
> cell phone,
>   Speeding ticket, home shopping, air-line ticket, and wiring to
> another bank...etc
> - Bus pass, Sub-way or toll-gate fare also paid from your bank accounts
> directly when you screen the system in on-site.
>
>
>  All these transactions are linked to card account via banking
> accounts, but customers pay nothing to bank for transaction fee or any
> other service changes...
> No balance limits for waiver a service charges... not at all (but wire
> to other countries). Instead they stand up & bow to you when you step
> into the bank and advice you opening more accounts & cards.
>
> You don't even have to open the door because your first encounter is a
> door man.  He / She will hand out you pamphlets & asking the opening
> accounts & cards.
>
> We used hire university kids as a summer job. They were pretty good
> except random accident, some times bumped heads when they bowed each
> other.
>
>
> It can't be a simple comparison unless by population (45 million vs
> ??? million). Their system is quite different than US card companies; I
> used have 7 BC cards from different banks that allowed more credit
> limits from each banks.
>
> - And also their changed attitude populates more cards; they used gift
> their children savings accounts for entering kindergarten or
> birthday...etc.  But now it has switched to credit cards & cell-phone
> (it's called hand-phone in S Korea).
>
>
>
>
> -Original Message-
> From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
> Behalf Of Sam Siegel
> Sent: Thursday, January 07, 2010 4:15 AM
> To: IBM-MAIN@bama.ua.edu
> Subject: Re: Korean bank Moves back to Mainframes (...no, not back)
>
> There are other business related inaccuracies in the article as well.
> The
> article indicates that they process hundreds of millions of Credit Card
> transactions a day.  Having previously worked at a large credit card
> processor in the US, it can be said with certainty that the S. Korean
> credit
> card volumes are orders of magnitude smaller than US volumes.  The US
> volumes are in the range of 100 to 200 million per day depending on the
> time
> of the year.
>
> On Thu, Jan 7, 2010 at 8:39 AM, Timothy Sipples
> wrote:
>
> > That's not the correct headline.
> >
> > BC Card isn't moving *back* to mainframes. In its 27+ year history, BC
> Card
> > has never had a mainframe -- nothing in the System z lineage, anyway.
> They
> > are now replacing HP and Sun UNIX servers, and Oracle databases, with
> (a
> > presumably small number of) IBM mainframes. They are new in almost
> every
> > possible mainframe-related way: new z/OS customer, new CICS
> Transaction
> > Server for z/OS customer, new WebSphere Application Server for z/OS
> > customer, new System z10 customer, new mainframe customer.
> >
> > There are some things in the article I disagree with, but there's one
> fact
> > in particular that is most certainly not correct. The article says
> this:
> >
> > "Sources at IBM say that this is the first Unix-to-mainframe
> application
> > migration in nearly a decade."
> >
> > I hate to disagree with "sources at IBM," but no, that's just
> factually
> > incorrect. I have personal knowledge of another such customer (in
> Japan)
> > who migrated their applications from distributed UNIX to z/OS with
> Parallel
> > Sysplex, and they never had a mainframe before. Quite possibly their
> entire
> > industry has never had a mainframe before, partly explaining why
> they're
> > not public. I suspect there are others.
> >
> > Which is not to say that this isn't significant news from Korea. It
> is,
> > ve

Re: Korean bank Moves back to Mainframes (...no, not back)

2010-01-07 Thread John Kim

I am a positive side they process hundreds of millions of Credit Card
transactions a day. I used work for the one of national banks (BC card
member).

Their banking system also quite remarkable that more than dozen of
accounts from each bank are all connected to the card account;
- They almost do every thing through banking systems - pay tax, utility,
cell phone,
   Speeding ticket, home shopping, air-line ticket, and wiring to
another bank...etc
- Bus pass, Sub-way or toll-gate fare also paid from your bank accounts
directly when you screen the system in on-site.

  All these transactions are linked to card account via banking
accounts, but customers pay nothing to bank for transaction fee or any
other service changes... 
No balance limits for waiver a service charges... not at all (but wire
to other countries). Instead they stand up & bow to you when you step
into the bank and advice you opening more accounts & cards.   

You don't even have to open the door because your first encounter is a
door man.  He / She will hand out you pamphlets & asking the opening
accounts & cards.  

We used hire university kids as a summer job. They were pretty good
except random accident, some times bumped heads when they bowed each
other.  

It can't be a simple comparison unless by population (45 million vs
??? million). Their system is quite different than US card companies; I
used have 7 BC cards from different banks that allowed more credit
limits from each banks. 

- And also their changed attitude populates more cards; they used gift
their children savings accounts for entering kindergarten or
birthday...etc.  But now it has switched to credit cards & cell-phone
(it's called hand-phone in S Korea).  

-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of Sam Siegel
Sent: Thursday, January 07, 2010 4:15 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Korean bank Moves back to Mainframes (...no, not back)

There are other business related inaccuracies in the article as well.
The
article indicates that they process hundreds of millions of Credit Card
transactions a day.  Having previously worked at a large credit card
processor in the US, it can be said with certainty that the S. Korean
credit
card volumes are orders of magnitude smaller than US volumes.  The US
volumes are in the range of 100 to 200 million per day depending on the
time
of the year.

On Thu, Jan 7, 2010 at 8:39 AM, Timothy Sipples
wrote:

> That's not the correct headline.
>
> BC Card isn't moving *back* to mainframes. In its 27+ year history, BC
Card
> has never had a mainframe -- nothing in the System z lineage, anyway.
They
> are now replacing HP and Sun UNIX servers, and Oracle databases, with
(a
> presumably small number of) IBM mainframes. They are new in almost
every
> possible mainframe-related way: new z/OS customer, new CICS
Transaction
> Server for z/OS customer, new WebSphere Application Server for z/OS
> customer, new System z10 customer, new mainframe customer.
>
> There are some things in the article I disagree with, but there's one
fact
> in particular that is most certainly not correct. The article says
this:
>
> "Sources at IBM say that this is the first Unix-to-mainframe
application
> migration in nearly a decade."
>
> I hate to disagree with "sources at IBM," but no, that's just
factually
> incorrect. I have personal knowledge of another such customer (in
Japan)
> who migrated their applications from distributed UNIX to z/OS with
Parallel
> Sysplex, and they never had a mainframe before. Quite possibly their
entire
> industry has never had a mainframe before, partly explaining why
they're
> not public. I suspect there are others.
>
> Which is not to say that this isn't significant news from Korea. It
is,
> very.
>
> - - - - -
> Timothy Sipples
> IBM Consulting Enterprise Software Architect
> Based in Tokyo, Serving IBM Japan / Asia-Pacific
> E-Mail: timothy.sipp...@us.ibm.com
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

The information transmitted is intended only for the addressee and may contain 
confidential, proprietary and/or privileged material. Any unauthorized review, 
distribution or other use of or the taking of any action in reliance upon this 
information is prohibited. If you re

Re: Korean bank Moves back to Mainframes (...no, not back)