But since banks recommend to their customers to adopt a policy of avoiding "easy" numbers, fraudsters will also avoid trying easy numbers.
Perhaps a shrewd customer move would be to bluff. Choose an easy number and be confident no fraudster would be daft enough to try it.
Oh, are you talking double-bluff? My word! I don't think that would be a good policy for fraudsters, since they should expect more people to follow the banks' advice than to bluff.
Scripsit Alex
The private key is a part of the thing you're trying to re-create.
Do you have a proposal for how to get practical security in an information-based system, which is not based on keeping something (e.g. an encryption key) secret from potential attackers?
If the attacker knows all information about the system, then there is obviously no way to prevent him from impersonating a legitimate user.
ISTR hearing about UK cards being rejected in France a few years ago as they had no chip - only a mag strip. Some banking person issued a recommended statement of about 5 lines in French saying in effect "My card is valid. It does not have a micro chip it has a magnetic stripe on the back."
So if I used a random number generator and came up with 8894 it's more secure than if I used the year of birth of my two children? What if my children were born in 1988 and 1994? (I'm assuming we're talking about protecting ATM cards from people who find or steal them).
I think it's possible but unlikely that this will be the case in most places. The point is that nowadays people just don't bother to check signatures properly. The cashiers generally don't care if the card you're using is stolen - they just want to serve people as quickly as possible. So signature and pin in reality wouldn't be any more secure than just the pin.
The spec for the machines is one that apparantly includes a description of what the machine should look like, so that fake ones will stand out. Of course, if the fake ones were made to look similar... Also, this is basically expecting the public to study them carefully so fake ones WILL stand out.
Currently (and perhaps permanently) the cashier takes the card in many stores and puts it into a reader, and the customer is told to type the number into another device which is nearer to the customer - I imagine it's possible for this device to not be connected to anything and it would be this device which just remembers the pin entered and later tells the crook.
It would be more secure if you had to put the card into the device yourself - then you could prove it's not a dummy device by entering a wrong number initially - the machine would have to do it's stuff to determine whether or not it was a bad number, and if it correctly identifies the pin as incorrect then you know that at least it's genuinely validating the card. Of course, at some point in the future the system will be cracked and this technique won't help you...
A reasonable source of information, then.
Regular debit/credit cards then? Muggings went up when people switched from carrying cash to carrying cards?
I'm sure if i'd told someone my pin number and someone had taken out more money than they were supposed to i'd probably claim it was a `phantom transaction`. Perhaps we just need more cameras at ATM machines.
Alex wrote: ...
Agreed - from the banks' perspective. But we'd be back to the position where there was some hard evidence the customer could point to and disprove. So for the *customer* it would be more secure -- and the banks would be taking the losses again, which is what they're trying to avoid. Is anyone surprised PIN+signature has not been used as an option?
You'd just need a key logger reading the output from the keypad. I don't imagine this would be too hard to do. You could actually have another keypad physically above the second keypad and some sort of membrane in between the two layers so the second, real keyboard is being physically press as before - there'd be no way for the device to know anything were amiss that way.
Alex wrote: ...
After looking at emvco's spec's, I'm none the wiser. So could someone enlighten me please as to the exchange between PIN terminal and card? Which of them decides the PIN is valid, and what does the data flow between them look like?
Whether or not something is secure would generally be determined by people who know how the system was designed, how it was implemented etc. I'm not sure that you can just look and see if it's secure.
I think the onus would be on the person claiming that they've been sensible with their pin. I guess the Res Ipsa Loquitur ("the thing speaks for itself") aspect of law comes into play here.
Yeah, don't forget that visa/mastercards can be used all over the world, including countries where chip and pin isn't on the cards (sorry!) yet.
I'm not sure this is the case. I have Chip & Sig still on all my cards (not because I've asked for it), and I've noticed that my signature is nearly always studied -- sometimes I even get comments along the lines of "no-one's going to forge that one, are they?!" I've assumed that till operators are now being trained to check signatures more thoroughly because of the changing liability rules.
Matti
UH? Sorry, I meant STRIPE & Sig.
Matti
They're trained to, but often they don't. Obviously they check in some places. Perhaps they check more in the sort of places I visit (larger stores in and around London) than in your area. A friend visited and got away with using a card he'd not yet signed for about 3 days before he signed it - no-one noticed, or if they did they didn't care!
It was a cashier I personally spoke to who told me he doesn't have time to check signatures.
You'll have stripe and sig for some time to come, as you probably have cards which are accepted internationally (visa, maestro, mastercard) and not all countries have chip and pin yet, and won't for some time to come.
Some links here:
Without a hint of irony, john boyle astounded uk.finance on 12 Nov 2004 by announcing:
It has nothing to do with the terminal. Issuer scripts will be quite capable of this*; whether or not they are utilised to change PINs is another matter.
*Notifying the card of a change of PIN, that is. To change it in real time will still require the cardholder to visit an ATM.Without a hint of irony, Alex astounded uk.finance on 13 Nov
2004 by announcing:
This is no more secure. ISO & EMV specs are freely available, and the issuer public keys are also... well... public. It is not too difficult for anyone with the requisite skills to send a PIN to the card for validation and examine the result.
Without a hint of irony, Alex astounded uk.finance on 13 Nov
2004 by announcing:
No. The card locks itself.
No. The PIN is encrypted on the card via PKI. The PIN itself is sent to the card in plain text.
BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.