Re: Petrol Station rip off

From: "Alex" <no.spam@xxxxxxxx>
Date: 25 Apr 2007 08:32:04 GMT

At 13:31:24 on 24/04/2007, M.I.5? delighted uk.legal by announcing:

"Alex" <no.spam@xxxxxxxx> wrote in message
news:5965pkF2jija2U1@xxxxxxxxxxxxxxxxxxxxx

At 09:21:09 on 23/04/2007, M.I.5Ÿ delighted uk.legal by announcing:

"norm" <norman-biffer@xxxxxxxxxxx> wrote in message
news:nj0n23d4g0db6l8v3fj7irnvjsbjooqvbb@xxxxxxxxxx

The recently exposed 'Sri Lankan' card scam seems to involve

someone >>> scanning the magnetic strip and using a pin entry
keyboard that has >>> been tampered with to get the pin.

I understand that there is a complex authentication and encryption
process between the chip on the card and the combined card-reader
and keypad which should mean that duplication or reading of the
chip's data is rather more difficult.

Be a little careful with the terminology here. Complex
Authentication Protocol (CAP) is the encryption protocol that ties
the account details and the PIN number into an encryption protocol
where the two cannot be separated. It is the protocol used by
virtually all foreign issued chip and PIN cards.

But the UK banks implemented the simpler (and cheaper) Simple
Authentication Protocol (SAP). In this protocol, the account
details are encrypted separately from the PIN number*. As most
of the fraudsters have already found out, the PIN number, or the
account details, are copyable from one card to another (you don't
have to decrypt the information to copy it).

Nonsense. There's no access whatsoever to the PIN, either
encrypted or plain-text.

'fraid, not so.

IF you're talking about EMV, you're just plain wrong. If you're
talking about something else, I don't care because that's not what we
use in the UK.
.

Follow-Ups:
- Re: Petrol Station rip off
  - From: M.I.5?

References:
- Re: Petrol Station rip off
  - From: M.I.5ž
- Re: Petrol Station rip off
  - From: Alex
- Re: Petrol Station rip off
  - From: M.I.5?

Prev by Date: Re: Petrol Station rip off
Next by Date: Re: Possible unfair redundany selection
Previous by thread: Re: Petrol Station rip off
Next by thread: Re: Petrol Station rip off
Index(es):
- Date
- Thread

Relevant Pages

Re: telnet replacement - not ssh?
... > although there are various places in the protocol where either side ... ordinary password authentication; but you do keep all the _other_ ... operate in the absence of encryption, ... and the unique session ID is still generated in such a way ...
(comp.security.ssh)
Re: WEP vs WPA
... WPA-Personal with TKIP encryption and a shared encryption key. ... WPA-Enterprise with TKIP and RADIUS authentication ... there are routers which will accept WPA with AES encryption. ... authentication using EAP (extensible authentication protocol). ...
(alt.internet.wireless)
Re: Petrol Station rip off
... been tampered with to get the pin. ... I understand that there is a complex authentication and encryption ... Authentication Protocol is the encryption protocol that ties ...
(uk.legal)
Re: Petrol Station rip off
... keyboard that has>>> been tampered with to get the pin. ... I understand that there is a complex authentication and encryption ... Authentication Protocol is the encryption protocol that ties ...
(uk.legal)
Re: AD encryption
... > I would just like to add in that the encryption algorithms used by Kerberos ... It's also important to note that authentication!= encryption. ... Kerberos is an authentication protocol, not an encryption protocol, ...
(microsoft.public.win2000.active_directory)