has anyone had a read of this?

http://uk.finance.yahoo.com/news/Ban...478931782.html

and this is the publication. quite an interesting read, im sure the crims with a brain will like it too.

http://www.cl.cam.ac.uk/~osc22/scd/

what are your thoughts on it?

 

Does seem a tad irresponsible to publish albeit no wonder if the card companies have been sat on their ***** since 2009

TX.

 

There's not really enough information in that article to tell whether the disclosure was responsible or not. Usual etiquette is for someone uncovering a loophole to disclose it to the owner of the system first, to give them a reasonable amount of time to fix it before the information is made public.

It's not clear to me whether this is how the information was published in this case; I suspect that if it's a student's thesis then probably not - and that's where the complaint has come from.

He does say that the "no pin" software isn't available - and the device does look a bit clunky to covertly use when buying stuff...

 

Its pish easy to get round chip and pin if you know where to look.

 

TBH I always thought the C&P thing was a little bit of waste of time it is as flawed as the signature strip as pins are too easy to see people enter and in some countries they don't use them so it makes them useless.

Really what is needed is a photograph of the card hold put onto the card and the system then linked up to the passprot system so the pics can be matched, this would probably cost too much but what is the cost of the current card frauds....

 

Just press the "customer not present" button on the machine

 

Lloyds used to offer to print your photograph on their Gold cards at one point. Stupid thing was, on certain transactions, people still asked for your passport as ID...even though the credit card clearly had your photograph printed on it!

 

The reason the banks want the information suppressed is that if money is taken from your account and their records say the PIN was used the burden of proof is on you to prove that you have taken reasonable care not to disclose it. If this loophole gets widely known then it will shift the burden back to them.

I gather Barclays was the only bank to fix the problem promptly. I'm assuming the others don't care because it won't be them losing money.

 

I posted similar about 2 years ago, when my wife had her handbag lifted,

they hit three cards, withdrew cash & tried to buy loads of stuff.

Her CC card company's were on the ball, and blocked the cards / detected

fraud within two small transactions.

Her bank on the other hand were useless, and refused to play ball, stating

that because the pin number was used, the transactions were valid/

authorised, and that she had been negligent and allowed her pin to be

compromised / known (left with the cards)

We pointed them to the articles posted re the failings of chip & pin, (Re failed data comms between

merchant payment authoriser , & interception of and modification of data sent) , which is incidentally

referred to in the article and asked them to prove that my other half was negligent.

They decided to refund the losses as a gesture of goodwill.

Mart

 

They tried pics on cards ... when they were testing it, some people had pics of animals on their card & the shop staff were still letting them buy stuff! Not that useful needless to say.

TX.

PS

Mart, just as well you knew the score as you'd have been screwed otherwise

 

Terminator X as said above main reason to move to chip and pin was to move the responsibility back to the individual and away from the bank/retailer.

Now days in a lot of shops the retailer doesn't even touch the card you put it in the machine and take it out so printing anything on it is a waste of time.

 

I suggested that the pictures were on the eletronic part not actually on the cards so the image was digital and linked to the passport system where the images could be cross checked...although the main flaw being not everyone has a passport lol...