Re: hows chip and pin going?


Jack Campin - bogus address wrote:
I work part of the time in a shop which uses a card reader. We are
just getting a new machine. The reason the bank is changing it is
stark raving obvious in retrospect, and I wonder how many people had
been ripped off before the banks got their act together.

The way the old machine worked:

- customer hands retailer the card
- retailer inserts card in reader
- retailer types in amount to be paid
- customer enters PIN
- machine prints out a receipt in self-carbon triplicate:
retailer keeps the top copy, customer gets the middle
one, bottom one is on a roll inside the machine that the
retailer can get at any time. The recipt has the card
number on it.

The new machine will instead print one copy for the retailer
with the card number replaced by stars, and one duplicate for
the customer. No archival carbon, these are unique.

That is, all a retailer needed to do to rip off someone's
card details for an Internet buying spree was memorize the
three-digit security code on the card and watch carefully
at the PIN being typed in - the card number was available
on the carbons. Memorizing seven numbers is no big deal.
Even for those machines where the client inserts the card
themselves, the back of the card faces the retailer as it
goes in, and that's where the security code is.


how's this for reactive mgmt !

The security of banknote storage has been tightened following the £53m
raid on a Securitas depot, the Bank of England has said.
Bank governor Mervyn King commissioned a security review on the day of
the 22 February raid in Tonbridge, Kent.

.

Relevant Pages

  • RE: Defeating Citibank Virtual Keyboard protection using screenshot method
    ... stuff that uses your chipped bank card. ... Providing an independent hardware security module (i.e. with its own ... But at the other end, within the bank, there are usually ... transaction is nearly impossible to maintain. ...
    (Bugtraq)
  • Re: Going to the Dogs (Part 47)
    ... at one point I was even told (by the bank) that this was as an ... additional security check because I hadn't used it for some time. ... A couple of years ago I lost the use of my ATM bank card for some time ... be sent out and didn't say I would no longer be able to access my account ...
    (uk.media.radio.archers)
  • Re: Chip & Pin Fraud
    ... Before Chip and PIN, you could challenge a forged signature; ... before you discovered your card was missing and informed the bank. ... retailer liable for the fraudulent use of your card where Chip and PIN ...
    (uk.finance)
  • Re: Silly query.
    ... I've just got one of those PINsentry extra security card readers for ... accessing my on line bank account. ... debit card and enter 4 digits from my card and then my PIN, ... So how does the bank login page know what the new security ...
    (uk.people.silversurfers)
  • Re: Some questions on credit card usage
    ... >>1) Is the PIN authentication done independently of your bank? ... it cannot accept the card. ... > (except where the retailer only sells one product, ...
    (uk.legal)
Loading