Replacement for Chip n Pin?
- Thread starter iv-tecman
- Start date
Associate
- Joined
- 17 Oct 2003
- Posts
- 1,895
- Location
- Dublin
Vanilla said:Being a southern shandy drinker is it in fact anyone North of Watford who is retarded
exeter is in devon...very very south of watford...
Man of Honour
- Joined
- 5 Jun 2003
- Posts
- 91,549
- Location
- Falling...
If they want to bring biometrics in, iris scanning is better than finger print scanning - but obviously is more expensive, takes a little bit longer (it's more sensitive) to get a proper scan. I've used a lot of iris scanning devices for authentication and authorisation to buildings and security points, along with a smart card initially - works really well. However it doesn't stop someone conking you over the head and forcing your eye open or pushing your finger to the plate. If you had biometrics with a pin number it would be much more secure... but then it's getting very much on the over the topness in my opinion, however more and more people are trying to exploit the electronic and information systems nowdays - so maybe it's justifiable?
Dude, you seriously need to get out more. Just because the majority of people on this forum are aware of it doesn't translate to the wider demographic out there. It is fairly specialised after all. Just because you haven't heard about a problem means only that you aren't aware of it, not that it doesn't exist.Vanilla said:
Wrong. The chip readers aren't that difficult to reverse engineer and get round the technology that way. Also "bugs" which intercept the information as it travels down the wires inside the terminal have been found in petrol pumps, supermarket tills, etc, which is another way to clone cards. Besides which, the information about the PIN is encoded into the chip, so all that happens is that you write your own PIN into the chip, then use that. And look how many shops have security cameras pointing at the till, which is where the C&P terminal is.Vanilla said:
Related BBC story
It's already happened at least once that I know of, where an elderly lady was burgled shortly after coming home from shopping. Her card was taken and used - with the PIN - to buy a load of stuff that she wouldn't buy. She had used her card in a crowded supermarket and believes that someone watched her enter the number and then burgled her home to commit this.Vanilla said:
It may not be widespread yet, but as it's the weakest link in the chain of security, it's the easiest to compromise. No hi-tech equipment to read and clone cards needed, just the willingness to mug or burgle. And we already know how common that is
Excellent posting there treefrog. I agree that “just” because many on this forum are intelligent enough, or even diligent at protecting their pin, doesn’t mean the rest of the populace is as well. You cannot assume that “everyone” or near as damn it everyone is careful as to how they enter their pin.
I make a point of standing well back when I stand in a line to pay for goods, and you’d be surprised how many enter their pins, with little thought as to who is watching. Can you visualise a keypad? Easy to then remember a string of four digits.
When I enter a pin, I make the point to look around my shoulders, and asking anyone who is too close to please back away a little (politely of cause). The system isn’t secure, and can easily be compromised by anyone as rightfully said. If they have the will to look for your pin, and have the same will to hurt you, then it’s easy for them – IF YOU ARE NOT CAREFUL.
Like I have said, and I’ll reiterate this – I never supported the move to chip n pin, as I felt it is just a way for the banks to cover their loses by putting the onus on the card holder. The card after all is the property of the bank, and is provided under a T & C agreement you agree to when you take hold of the card.
Pin numbers need to be GIVEN, whereas a signature can be duplicated easily. Who’s to say my card is stolen and used by signature? I could have even done it, and fibbed about the transaction and got a full refund. CCTV etc might catch me out, but in the end, it’s shop owner against whoever signed, and the banks have historically lost when claims like these are made.
With a pin number they just simply turn this around saying – Pins cannot be guessed, cannot be copied, and therefore “you” must have consented to the purchase. Case lost to the consumer, fraud case to the bank won, not reported. Fraud comes down, consumer looses out.
Pins can be read from the card using card readers, but your everyday opportunist isn’t going to have this type of equipment, therefore highly organised criminals are now going high tech. In effort to combat banks looses, I feel the consumer has now lost as criminals are now finding more avant-garde ways of stealing from you.
Then there is still the issue of thugs, and mugging, as previously explained by trreefrog. I’m sorry, but chip n pin is faster to use in the shops, but isn’t as secure as it’s made out to be.
I make a point of standing well back when I stand in a line to pay for goods, and you’d be surprised how many enter their pins, with little thought as to who is watching. Can you visualise a keypad? Easy to then remember a string of four digits.
When I enter a pin, I make the point to look around my shoulders, and asking anyone who is too close to please back away a little (politely of cause). The system isn’t secure, and can easily be compromised by anyone as rightfully said. If they have the will to look for your pin, and have the same will to hurt you, then it’s easy for them – IF YOU ARE NOT CAREFUL.
Like I have said, and I’ll reiterate this – I never supported the move to chip n pin, as I felt it is just a way for the banks to cover their loses by putting the onus on the card holder. The card after all is the property of the bank, and is provided under a T & C agreement you agree to when you take hold of the card.
Pin numbers need to be GIVEN, whereas a signature can be duplicated easily. Who’s to say my card is stolen and used by signature? I could have even done it, and fibbed about the transaction and got a full refund. CCTV etc might catch me out, but in the end, it’s shop owner against whoever signed, and the banks have historically lost when claims like these are made.
With a pin number they just simply turn this around saying – Pins cannot be guessed, cannot be copied, and therefore “you” must have consented to the purchase. Case lost to the consumer, fraud case to the bank won, not reported. Fraud comes down, consumer looses out.
Pins can be read from the card using card readers, but your everyday opportunist isn’t going to have this type of equipment, therefore highly organised criminals are now going high tech. In effort to combat banks looses, I feel the consumer has now lost as criminals are now finding more avant-garde ways of stealing from you.
Then there is still the issue of thugs, and mugging, as previously explained by trreefrog. I’m sorry, but chip n pin is faster to use in the shops, but isn’t as secure as it’s made out to be.
I'm not sure what you mean there Visage, by one-way hash. Encryption?Visage said:
http://www.google.co.uk/search?hs=0...:en-US:official&q=chip+spin&btnG=Search&meta=
3rd result (.pdf) has some useful info on the strengths and weaknesses of this system.
Treefrog said:
I wasnt claiming that the system is flawless, but the fundamental principle of any secure system is that the cost of breaking the security has to be less than the benefits on offer - i.e you wouldnt spend a thousand pounds cracking an individual card if it had a spending limit of 50 quid - it wouldnt be worth your effort.
C&P makes it harder than mere signature based authentication alone. Not impossible, but harder, and that changes the equation. Now criminals need a correspondingly higher reward to make the effort of breaking the security. ANd that is why they're a good thing.
The only problem i have found with chip and pin so far with the purple shirted retards.
I went in there bought a cheapo Creative mp3 player for £40 as i wanted to give it to the GF then. So i slap my pin in, take the receipt and the goods and walk out of the shop. A couple of days later i notice that they took £80 from my account and the receipt clearly states that i have purchased 2 of the mp3 players. After 3 weeks of calls trying to sort it out i gave up, i know i shouldnt have but there you go.
My point is in shops where the till display is not active or obscured there is no way of checking the amount before you put the pin in. Now i double check my reciepts after ive put my pin in, although imo it was much easier to see the amount on the reciept and then sign for it, oh well....
I went in there bought a cheapo Creative mp3 player for £40 as i wanted to give it to the GF then. So i slap my pin in, take the receipt and the goods and walk out of the shop. A couple of days later i notice that they took £80 from my account and the receipt clearly states that i have purchased 2 of the mp3 players. After 3 weeks of calls trying to sort it out i gave up, i know i shouldnt have but there you go.
My point is in shops where the till display is not active or obscured there is no way of checking the amount before you put the pin in. Now i double check my reciepts after ive put my pin in, although imo it was much easier to see the amount on the reciept and then sign for it, oh well....
I had an idea a whilst back before chip and pin was really in action which would have been cool considering most big stores have big touch screen tills or at least tills which run of some sort of OS.
Instead of the actual cashier having any involvement with checking your signature you sign a touch sensitive signature strip on a little touch screen. (like you do sometimes when you sign for packages sometimes) but instead of there being a signature on the back of the card all signatures are stored on servers at the banks, so the computers check the signature not the cashier.
There used to be so many times I would sign for something and they wouldn't even check
Instead of the actual cashier having any involvement with checking your signature you sign a touch sensitive signature strip on a little touch screen. (like you do sometimes when you sign for packages sometimes) but instead of there being a signature on the back of the card all signatures are stored on servers at the banks, so the computers check the signature not the cashier.
There used to be so many times I would sign for something and they wouldn't even check
MJ said:I had an idea a whilst back before chip and pin was really in action which would have been cool considering most big stores have big touch screen tills or at least tills which run of some sort of OS.
Instead of the actual cashier having any involvement with checking your signature you sign a touch sensitive signature strip on a little touch screen. (like you do sometimes when you sign for packages sometimes) but instead of there being a signature on the back of the card all signatures are stored on servers at the banks, so the computers check the signature not the cashier.
There used to be so many times I would sign for something and they wouldn't even check
And if the comms link went down?
Or if for some reason the computer at the far end didnt recognise your signature? There's no manual fallback.
Snow-Munki said:heard on bbc this morning you can even use play doh to 'fake' someones fingerprint.
Other ways, you can blow on the scanner which brings up the prvious person's scan !
It is simple to incorporate a rotating "lens" that self cleans in between print impressions so that the previous one is cleaned off before the next customer.
I don't think one security system should necessarily replace antoher but instead be in addition to eachother.
Why not have PIN, signature, thumbprint and a user photo on the card ?
Why not have it so that when entered the card displays the users picture on a screen that the cashier can see as well?
Treefrog said:
This forum was a good example as it constitutes a wide range on people. As I said further on -
I disagree, I say that only the few do not. I've never seen anyone who is not careful with their pin, society is at such a stage where everyone knows the importance of the pin number. Reading threads like these shows how clued up people are, shows many people saying how careful they are how they noticed people standing close to them. I say those who are not caseful are the exception.
I've seen nothing but diligence and secrecy in the shops. Likwise just because you hear of a few people having problems doesn't mean it's widespread. So far the Valentines switch over has gone fine I feel.
Any sources or is this speculation? I've not heard of this at all, certainly not so that it is such a problem that it mades the headlines.
That BBC article can easily be realted to skimming, i.e just copying the stripe information and then buying goods by Signing. Chip and Pin instantly stops this skimming practice.
Violence can stop any kind of fraud prevention. They can storm your house, put a knife to your throat and just ask you for your pin - it would take a brave man to lie while his buddy drives off to a cash point, but that's not the point of C&P.
If the point of Chip and Pin is not to reduce violent muggings then it doesn't fail, it is there to reduce fraud while the card is not in the owners possesion which is does so successfully based against writing an easy signature which isn't checked properly anyway.
Use of the Chip will pretty much negate the practice of skimming. They will have the stripe information but not the chip information.
