chip and pin system "flawed"
#1
chip and pin system "flawed"
has anyone had a read of this?
http://uk.finance.yahoo.com/news/Ban...478931782.html
and this is the publication. quite an interesting read, im sure the crims with a brain will like it too.
http://www.cl.cam.ac.uk/~osc22/scd/
what are your thoughts on it?
http://uk.finance.yahoo.com/news/Ban...478931782.html
and this is the publication. quite an interesting read, im sure the crims with a brain will like it too.
http://www.cl.cam.ac.uk/~osc22/scd/
what are your thoughts on it?
#3
Scooby Regular
iTrader: (2)
Join Date: Mar 2001
Location: Swilling coffee at my lab bench
Posts: 9,096
Likes: 0
Received 0 Likes
on
0 Posts
There's not really enough information in that article to tell whether the disclosure was responsible or not. Usual etiquette is for someone uncovering a loophole to disclose it to the owner of the system first, to give them a reasonable amount of time to fix it before the information is made public.
It's not clear to me whether this is how the information was published in this case; I suspect that if it's a student's thesis then probably not - and that's where the complaint has come from.
He does say that the "no pin" software isn't available - and the device does look a bit clunky to covertly use when buying stuff...
It's not clear to me whether this is how the information was published in this case; I suspect that if it's a student's thesis then probably not - and that's where the complaint has come from.
He does say that the "no pin" software isn't available - and the device does look a bit clunky to covertly use when buying stuff...
#4
Guest
Posts: n/a
Dave
#6
Scooby Regular
Join Date: Sep 2006
Location: RIP Tam.
Posts: 5,108
Likes: 0
Received 0 Likes
on
0 Posts
TBH I always thought the C&P thing was a little bit of waste of time it is as flawed as the signature strip as pins are too easy to see people enter and in some countries they don't use them so it makes them useless.
Really what is needed is a photograph of the card hold put onto the card and the system then linked up to the passprot system so the pics can be matched, this would probably cost too much but what is the cost of the current card frauds....
Really what is needed is a photograph of the card hold put onto the card and the system then linked up to the passprot system so the pics can be matched, this would probably cost too much but what is the cost of the current card frauds....
#8
Moderator
iTrader: (1)
Lloyds used to offer to print your photograph on their Gold cards at one point. Stupid thing was, on certain transactions, people still asked for your passport as ID...even though the credit card clearly had your photograph printed on it!
Last edited by ALi-B; 29 December 2010 at 07:47 PM.
#9
The reason the banks want the information suppressed is that if money is taken from your account and their records say the PIN was used the burden of proof is on you to prove that you have taken reasonable care not to disclose it. If this loophole gets widely known then it will shift the burden back to them.
I gather Barclays was the only bank to fix the problem promptly. I'm assuming the others don't care because it won't be them losing money.
I gather Barclays was the only bank to fix the problem promptly. I'm assuming the others don't care because it won't be them losing money.
#10
I posted similar about 2 years ago, when my wife had her handbag lifted,
they hit three cards, withdrew cash & tried to buy loads of stuff.
Her CC card company's were on the ball, and blocked the cards / detected
fraud within two small transactions.
Her bank on the other hand were useless, and refused to play ball, stating
that because the pin number was used, the transactions were valid/
authorised, and that she had been negligent and allowed her pin to be
compromised / known (left with the cards)
We pointed them to the articles posted re the failings of chip & pin, (Re failed data comms between
merchant payment authoriser , & interception of and modification of data sent) , which is incidentally
referred to in the article and asked them to prove that my other half was negligent.
They decided to refund the losses as a gesture of goodwill.
Mart
they hit three cards, withdrew cash & tried to buy loads of stuff.
Her CC card company's were on the ball, and blocked the cards / detected
fraud within two small transactions.
Her bank on the other hand were useless, and refused to play ball, stating
that because the pin number was used, the transactions were valid/
authorised, and that she had been negligent and allowed her pin to be
compromised / known (left with the cards)
We pointed them to the articles posted re the failings of chip & pin, (Re failed data comms between
merchant payment authoriser , & interception of and modification of data sent) , which is incidentally
referred to in the article and asked them to prove that my other half was negligent.
They decided to refund the losses as a gesture of goodwill.
Mart
Last edited by mart360; 29 December 2010 at 09:49 PM.
#11
Owner of SNet
iTrader: (7)
Join Date: Oct 2003
Location: Berkshire
Posts: 11,513
Likes: 0
Received 0 Likes
on
0 Posts
TX.
PS
Mart, just as well you knew the score as you'd have been screwed otherwise
Last edited by Terminator X; 29 December 2010 at 10:37 PM.
#12
Terminator X as said above main reason to move to chip and pin was to move the responsibility back to the individual and away from the bank/retailer.
Now days in a lot of shops the retailer doesn't even touch the card you put it in the machine and take it out so printing anything on it is a waste of time.
Now days in a lot of shops the retailer doesn't even touch the card you put it in the machine and take it out so printing anything on it is a waste of time.
#13
Scooby Regular
Join Date: Sep 2006
Location: RIP Tam.
Posts: 5,108
Likes: 0
Received 0 Likes
on
0 Posts
I suggested that the pictures were on the eletronic part not actually on the cards so the image was digital and linked to the passport system where the images could be cross checked...although the main flaw being not everyone has a passport lol...
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM
Mattybr5@MB Developments
Full Cars Breaking For Spares
12
18 November 2015 07:03 AM