Re: Chip and PIN is Broken!



On 2010-02-16, Jim Watt <jimwatt@xxxxxxxxxx> wrote:
On Sat, 13 Feb 2010 17:37:36 GMT, "nemo_outis" <abc@xxxxxxx> wrote:

<snip>

Although you are right that it shifts responsibility to the
user rather than it being the job of the entity accepting the
card to verify a signature, in practice the signature verification
was often badly done as I found out using someone else's card
by mistake one day and signing with a totally different sig
nobody picked up on it.

If it was badly done, the persons who did it badly paid ( the mercant or
the bank.) If chip and pin is badly done, the user pays. Since it is the
merchant/bank that has the control, forcing the user to pay for their
incompetence seems a bit rich, and puts the rewards in entirely the
wrong place ( the bank gets rewarded for their own incompetence-- they
collect the fees etc, even if they screwed up).


Now in the event it was fraudulent of course its harder for the
bank to claim its the card owners fault. However even if th
bank pays the cost of fraud, that cost comes back to the cardholders
by way of charges.

Maybe, or maybe it comes out of theprofits. If card company A has
competition from B ( visa from mastercard, amex, diners,...) and if
visa's costs are way out of line they cannot pass it on, or they lose
all their customers. Now however, they screw up and they sue you.



I never understood why photoid on cards never took off. That
provides another security feature.

Sure, but it makes issuing and reissuing harder.

--
Jim Watt
http://www.gibnet.com
.



Relevant Pages

  • ID theft: Have you been stolen?
    ... Your identity might be stolen for someone to commit financial fraud and other criminal activities involving car and housing loans, credit card transactions, mobile phone bills, property deals and company registrations. ... The stunned businessman looked with eyes wide open at the bank officer. ... Last July, lorry driver Nasir Yusof received a letter from a finance company, urging him to settle the overdue loan instalment on his car. ... It is now clear that identity theft victim Mohamed Syarizal Wahab is not the only one whose identity had been stolen. ...
    (soc.culture.malaysia)
  • Re: Passwords et al.
    ... The set of three integers above might well become the numbers on an ‘atm’ card say or indeed on any device that is used to control access to anything. ... ciphertext of a single alphanumeric item – lower case letter e – ... midnight say) by the bank or other that owns it. ... might be used as the user's PIN in each case. ...
    (sci.crypt)
  • [Verified Seller] CVV - Transfer WU - Bank Login - Dumps/Track 1&2
    ... If you need CVV please contact me via Contact ICQ: ... And i have software do bug account bank and information western union. ... I have account paypal with high balance good We are a group of hackers Professional ... Hacking for Debit Card and Credit Card. ...
    (rec.audio.misc)
  • Sell CVV GOOD FRESH / Dumps Track 1+2 Rate 80% Check bin / Wu transfer / Bank Login / Paypals Accoun
    ... If you need CVV please contact me via Contact ICQ: ... And i have software do bug account bank and information western union. ... I have account paypal with high balance good We are a group of hackers Professional ... Hacking for Debit Card and Credit Card. ...
    (rec.audio.misc)
  • Re: Card reader
    ... Royal Bank of Scotland and NatWest too. ... The EMV CAP readers are designed to be used ... across any bank and any card that supports the CAP protocol. ... ensure that the card reader I have from NatWest will not ...
    (comp.sys.acorn.misc)