Re: Chip and PIN is Broken!

From: unruh <unruh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 17 Feb 2010 02:04:07 GMT

On 2010-02-16, Jim Watt <jimwatt@xxxxxxxxxx> wrote:

On Sat, 13 Feb 2010 17:37:36 GMT, "nemo_outis" <abc@xxxxxxx> wrote:

<snip>

Although you are right that it shifts responsibility to the
user rather than it being the job of the entity accepting the
card to verify a signature, in practice the signature verification
was often badly done as I found out using someone else's card
by mistake one day and signing with a totally different sig
nobody picked up on it.

If it was badly done, the persons who did it badly paid ( the mercant or
the bank.) If chip and pin is badly done, the user pays. Since it is the
merchant/bank that has the control, forcing the user to pay for their
incompetence seems a bit rich, and puts the rewards in entirely the
wrong place ( the bank gets rewarded for their own incompetence-- they
collect the fees etc, even if they screwed up).

Now in the event it was fraudulent of course its harder for the
bank to claim its the card owners fault. However even if th
bank pays the cost of fraud, that cost comes back to the cardholders
by way of charges.

Maybe, or maybe it comes out of theprofits. If card company A has
competition from B ( visa from mastercard, amex, diners,...) and if
visa's costs are way out of line they cannot pass it on, or they lose
all their customers. Now however, they screw up and they sue you.

I never understood why photoid on cards never took off. That
provides another security feature.

Sure, but it makes issuing and reissuing harder.

--
Jim Watt
http://www.gibnet.com

References:
- Re: Chip and PIN is Broken!
  - From: Gerard Bok
- Re: Chip and PIN is Broken!
  - From: nemo_outis
- Re: Chip and PIN is Broken!
  - From: Gerard Bok
- Re: Chip and PIN is Broken!
  - From: nemo_outis

Prev by Date: Re: Crypt ascii text in file
Next by Date: Re: Recommendation for portable hard drive with hardware level encryption for backups
Previous by thread: Re: Chip and PIN is Broken!
Next by thread: Re: Chip and PIN is Broken!
Index(es):
- Date
- Thread

Relevant Pages

ID theft: Have you been stolen?
... Your identity might be stolen for someone to commit financial fraud and other criminal activities involving car and housing loans, credit card transactions, mobile phone bills, property deals and company registrations. ... The stunned businessman looked with eyes wide open at the bank officer. ... Last July, lorry driver Nasir Yusof received a letter from a finance company, urging him to settle the overdue loan instalment on his car. ... It is now clear that identity theft victim Mohamed Syarizal Wahab is not the only one whose identity had been stolen. ...
(soc.culture.malaysia)
Re: Passwords et al.
... The set of three integers above might well become the numbers on an ‘atm’ card say or indeed on any device that is used to control access to anything. ... ciphertext of a single alphanumeric item – lower case letter e – ... midnight say) by the bank or other that owns it. ... might be used as the user's PIN in each case. ...
(sci.crypt)
Re: IIgs peculiarities
... permanently shadowing from bank 0 would have corrupted whatever was ... Same for a ROM 1 or ROM 3. ... Memory cards which support more than four "rows" do so via a mechanism ... so a memory card which uses this technique is ...
(comp.sys.apple2)
Re: Card reader
... Royal Bank of Scotland and NatWest too. ... The EMV CAP readers are designed to be used ... across any bank and any card that supports the CAP protocol. ... ensure that the card reader I have from NatWest will not ...
(comp.sys.acorn.misc)
Re: Desperate for business bank account
... renewals, updates and corrections, you ... so the local subset can be gathered in advance. ... For the bank or similar this WILL be cheaper, ... to use the ID card scheme as they get money both ways. ...
(uk.consultants)