Re: Times: Fraud victims left in the lurch by banks

At 20:46:14 on 18/01/2006, Tumbleweed delighted uk.finance by announcing:

>
> "Alex" <no.spam@xxxxxxxx> wrote in message
> news:xn0ehe07o4922h006@xxxxxxxxxxxxxxxxxxxxxx
> > At 19:53:56 on 18/01/2006, Tumbleweed delighted uk.finance by announcing:
> >
> > >
> >>"Alex" <no.spam@xxxxxxxx> wrote in message
> >>news:xn0ehdz3e2s14p003@xxxxxxxxxxxxxxxxxxxxxx ><snip> What's to stop a
> >>> fraudster reading the mag track information off the chip and writing a
> >>> cloned card?
> > >
> > > the security protection of the chip itself prevents it being read.
> >
> > Rubbish! Where did you hear that? You cannot read the private area of the
> > card. The track 2 information (the part of the card that holds your card
> > number) is freely available by requesting tag 57, Track 2 Equivalent Data,
> > which contains an exact copy of the track 2 information without the start
> > & end sentinels and the LRC.
>
> I stand corrected. Thats very scary. So you dont even need to read the
> magstripe. I wonder why they didnt make it all private data in the chip?

Because it doesnt need to be! The same data's printed on the front of the
card; it's hardly secret. The same information could be retrieved with a
buttonhole camera - with the benefit that you'd have access to the CVV code
which isn't stored on the chip AFAIK.

> Do you know what protection there is against the firmware in readers being
> hacked?

I know what types of protection there are, yes.
.

Loading