Re: Petrol Station rip off
- From: "Alex" <no.spam@xxxxxxxx>
- Date: 24 Apr 2007 10:51:32 GMT
At 09:21:09 on 23/04/2007, M.I.5Ÿ delighted uk.legal by announcing:
"norm" <norman-biffer@xxxxxxxxxxx> wrote in message
news:nj0n23d4g0db6l8v3fj7irnvjsbjooqvbb@xxxxxxxxxx
The recently exposed 'Sri Lankan' card scam seems to involve someone
scanning the magnetic strip and using a pin entry keyboard that has
been tampered with to get the pin.
I understand that there is a complex authentication and encryption
process between the chip on the card and the combined card-reader
and keypad which should mean that duplication or reading of the
chip's data is rather more difficult.
Be a little careful with the terminology here. Complex
Authentication Protocol (CAP) is the encryption protocol that ties
the account details and the PIN number into an encryption protocol
where the two cannot be separated. It is the protocol used by
virtually all foreign issued chip and PIN cards.
But the UK banks implemented the simpler (and cheaper) Simple
Authentication Protocol (SAP). In this protocol, the account details
are encrypted separately from the PIN number*. As most of the
fraudsters have already found out, the PIN number, or the account
details, are copyable from one card to another (you don't have to
decrypt the information to copy it).
Nonsense. There's no access whatsoever to the PIN, either encrypted or
plain-text. PINs have not been stored on the magnetic strip for years.
.
- Follow-Ups:
- Re: Petrol Station rip off
- From: M.I.5?
- Re: Petrol Station rip off
- References:
- Re: Petrol Station rip off
- From: M.I.5¾
- Re: Petrol Station rip off
- Prev by Date: Re: Ltd company set up
- Next by Date: Re: 'Child porn too easy to locate'
- Previous by thread: Re: Petrol Station rip off
- Next by thread: Re: Petrol Station rip off
- Index(es):
Relevant Pages
|
Loading
