Sunday, November 19, 2017

PayPal Reminders

With the holiday season right upon us it seems time to share some PayPal reminders:

Am I the Last Person? - When you use PayPal on another site, it DOESN'T log you out.

PayPal Preapproved Payments - Many merchants send their request to PayPal asking for you to PREAPPROVE any payments to them that they want to make.

While these posts are from some time ago I confirmed today that they are still valid.

Sunday, November 12, 2017

Chip and PIN Cards

So do you have one of the new "Chip and PIN" cards? They are also known as "EMV" for Europay/MasterCard/Visa.

Instead of swiping you're supposed to "dip" them. Currently not all merchants have implemented the "dip" technology. There are fiscal liability implications related to that don't affect the consumer so I won't cover that here.

What I will try to explain is the part of the new EMV cards that is known as the Card Verification Method (CVM).

I have a USAA Visa card. In preparation for a trip to Ireland a couple of years ago I called USAA and asked for an EMV card which they supplied. When I received it I followed up with USAA and set a PIN for the chip.

I successfully used the USAA EMV card during my trip to Ireland. At most merchants I was asked to sign a receipt. This seemed to confuse most merchants but it never impacted the success of the transaction. No merchants' terminals challenged me for a PIN.

Subsequently US merchants have been replacing their credit card terminals with the new "dip" capable ones. These don't challenge me for a PIN and not always even for a signature.

This got more interesting recently at a self-service gas station in Quebec City, Canada.

The card reader on the pump was chip-enabled. It fussed at me in French for inserting and withdrawing my card like I would do in the US. Finally I understood enough French to leave the card in. Then it asked me how much to pre-authorize on the card. In the US this is just done silently. I wasn't ready to perform a quick calculation in a foreign currency so I just chose the largest amount 125$. Then it asked me for the PIN of the chip not the stripe. Thankfully I had activated a PIN on the chip in preparation for my trip to Ireland. It churned for a second and told me to remove the card and begin pumping.

That transaction got me interested in what the process was to determine whether an EMV card transaction will require a PIN or signature or nothing.

At a summary level, each EMV card has a prioritized list of verification methods (CVMs) that may vary with the value of the transaction. This list is processed by the terminal searching for a matching CVM from the card.

SpottersWiki has a database of EMV cards and associated CVM methods. When I searched it for my USAA Visa card it reported the CVM methods were:
1: Signature (paper)
2: Enciphered PIN verified online
3: Enciphered PIN verified by ICC (aka offline PIN)
4: Plaintext PIN verified by ICC (aka offline PIN)
5: No CVM required
There is another database here but it isn't being updated.

The kicker here is that gas pump in Quebec City obviously couldn't accept a signature as verification and therefore required a PIN. It is not clear to me that the chip PIN is necessarily the same as the magnetic stripe PIN. I suggest you contact your card issuer to make sure.

This process is due to be implemented in US gas pumps by October 2020.

A more in depth explanation is here.
Although EMV is often referred to as “Chip and PIN”, in fact EMV supports several different methods of verifying the identity of the cardholder, known as Cardholder Verification Methods (CVM). Every card contains a list of the CVM that it supports, and when they need to be applied (e.g. Use online PIN if the transaction is an ATM cash withdrawal, else use signature).
Whenever an EMV transaction is performed, the terminal’s EMV Level 2 Kernel processes the CVM list in order, until it finds a CVM that it supports and can process. In the event that no supported CVM is found or an error occurs during CVM processing (e.g. the PIN-Pad was malfunctioning), the EMV kernel will flag this in the Terminal Verification Results, which may cause the transaction to be declined or sent online for authorisation by the card issuer.
The CVM that EMV currently supports are Online PIN (required in certain countries for all transactions, and also for all ATM cash withdrawals), Offline PIN verified by the chip card (required in certain countries for all payment transactions), signature (for attended payment terminals in some countries), or a combination of both PIN and signature if additional verification is required.
Also, in some environments it is permissible to use no CVM for low-value transactions or for terminals that do not support any of the CVM on the cards.

Sunday, November 05, 2017

Windows Defender Doesn't Suck

While I realize that's a left-handed compliment there's some meat behind it.

I've mentioned Windows Defender a couple of times recently non-disparagingly. I still believe the best protection for your Windows system is discretion. Just don't go to stupid places.

However it still makes me feel better to have some kind of anti-virus tool lurking in the background just in case somebody tricks me.

The AV-TEST Institute runs a couple of anti-virus bake-offs each year. The most recent results are here.

Tom's Guide has a good summary of the AV-TEST comparison. I love their recap.
Microsoft’s [Windows Defender] Protection score was 5.5 out of 6. For a program that was bottom-of-the-barrel just last year - and comes free with Windows - that’s not bad at all.

Sunday, October 29, 2017

Controlled Folder Access

Windows 10 Fall Creators Update (aka 1709) was released October 17, 2017.
Windows 10 Fall Creators Update includes a number of new features, including a replacement for OneDrive Placeholders, support for Windows Mixed Reality, the ability to more seamlessly connect to Windows PCs from iOS and Android phones and an improved Photos app experience.
ZDNet
I've installed it on a couple of laptops with no issues. I haven't seen any problems with it nor really any new features.

Except...

Windows 1709 has a new Windows Defender capability called "Controlled Folder Access".
A below-the-radar security feature in the Windows 10 Fall Creators Update ... can stop ransomware and other file-scrambling nasties dead.
The controlled folder access mechanism within Windows Defender prevents suspicious applications from changing the contents of selected protected folders.
The Register
To turn it on, click on the Windows key and type "Windows Defender Security Center". Click it and then click on "Virus & threat protection".


Then click on "Virus & threat protection settings".


You're getting warm.

Under "Controlled folder access", slide it to "On" and click on "Protected folders".


You can also add programs to the whitelist.


Here are the folders protected by default:


Add any that Windows didn't choose.

The best write-up I've found is here.

Sunday, October 22, 2017

Chrome Search Engines

I came across this article recently describing how to add a new search keyword to allow you to go directly to Google Maps with an address in the search bar. It's very easy but ...

As I followed the simple steps...
In Chrome, go to Settings, then select “Manage search engines.” Next to “Other search engines,” ...
Whoa!

Look at all the stuff that was already there!


Why would Google let bhphotovideo.com create an entry in my search engines?

Worse yet, the ones that are in the "Other search engines" are active.

The presentation infers that you have to use the Keyword to invoke them but there's a shortcut that lets them sneak in.

For example, the first entry in my "Other search engines" was "bhphotovideo.com" with a keyword of "bhphotovideo.com". But if I enter "bhp" in the address bar and press "Tab" guess where I go? To a Google search of bhphotovideo.com. There are hundreds of these entries in my Chrome "Other search engines". And there's no way to delete them en masse.

Stop that!

There seem to be at least 2 ways these get added. 1) Google will discern that there's a search box on a page and add an entry or 2) the site will use an API to add an entry.

There are discussions of this here and here. Oh, yes, the Chromium developers know about this and have marked it WontFix. See Comment 7.

There's even a Chrome extension that addresses this that I haven't tried.

Sunday, October 15, 2017

iOINK

If you remember my previous comments on iTunes, this post will come as no surprise.

I like to make my own ringtones. With Android, this is a piece of cake. Just find/create an mp3 file and e-mail it to yourself. Save it on the phone and then set it as a ringtone. Done.

As noted in the above referenced post, iTunes can accomplish this in 16 easy steps.

Ok, so I realize that I have to use iTunes with my iPhone 6s.

But I don't have to like it.

Recently I wanted to copy a couple of TV shows that I had recorded to my wife's iPhone SE. I converted them to M4V. Then I added them to my iTunes library.

But they didn't show up in the library. Consequently then they didn't sync to the iPhone.

Why on earth?

After a couple of hours of Google searches I finally came up on this forum post from 5 years ago:
I did believe that I have figured out what is going on though. In Itunes>Preferences>Store there is an option to keep playback synced between devices. I needed to uncheck that before the movies would show up in the itunes interface. Once that happened, I could go in and change the media type and organize it the way I wanted.
So if you want your home videos to sync in iTunes just uncheck the option to "keep playback synced between devices."

Why didn't I think of that?

Oh, now you want to WATCH these videos? Apple has removed the Videos app and put that function in the TV app.

Why didn't I think of that?

Sunday, October 08, 2017

iOS 11.Oh No!

Along with the iPhones 8 and X, on September 19, 2017 Apple released iOS 11. While it was full of new features it seems it is also full of bugs.

Apple quickly released 11.0.1 to fix a problem that Outlook/Exchange users couldn't send e-mail. It also contained other "bug fixes and improvements."

Apparently not enough.

On October 3, 2017 Apple released 11.0.2 to fix problems with iPhone 8 and iPhone 8 Plus users hearing a crackling sound during phone and FaceTime calls.

Now Apple has released a beta of iOS 11.1.

A word to the wise, avoid iOS 11.0.x like the plague.

If you're already getting nagged to upgrade here's some help.

Steve Jobs must be spinning in his grave.