[Gllug] natwest fantasticness

Tethys tet at createservices.com
Tue Apr 6 08:53:38 UTC 2004 

Peter Childs writes:

>    Its like this new Chip and Pin. If thats more secure than a personal 
>thing like a signiture then I'm not a computer programmer. In this age 
>where we think seriously of using a 128 bit encription the creditcard 
>company go and use a 10bit key! Rather than a much large key that they 
>were using before ie somones signiture. True passwords are not much 
>stronger than a pin but they are usally twice the length with twice the 
>number of different letters.

It's simple, really. If they actually made it secure enough, then most
people wouldn't be able to use it. Yes, the great unwashed really are
that stupid[1]. People struggle with a 4 digit PIN. Giving them a full
alphabet from which to choose would just confuse them. Plus, it's more
convenient for the retailer to only have a numeric keypad, rather than
a full keyboard.

Chip and PIN may or may not reduce fraud (it does, but probably not
by as much as the banks would have you believe). What it *does* do is
reduce the bank's exposure by passing the liability onto the customer.
If you previously had a fraudulent transaction, you could demand that
the bank produce the slip of paper, and compare the signature to the
one on file[2]. Now they can just claim that the correct PIN was entered,
and it's your responsibility to prove that it wasn't you that entered it
(which is mostly impossible, short of getting hold of CCTV footage of
the transaction, which is next to impossible anyway).

I wouldn't mind so much if I could demand an increase of my key length.
But I can't even do that -- it's fixed at 4 digits.

Tet

[1] As an example, we have some users phoning our helpdesk, complaining
    not only that they've forgotten their password, but they've forgotten
    their username as well -- our logins are firstname.lastname...

[2] As it happens, they were likely to just give you the money back at
    that point -- the costs for them of retrieving the right bit of
    paper from their warehouses full of them generally outweigh the
    cost of a refund anyway.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list