[Gllug] [ot] borked net transaction
Daniel P. Berrange
dan at berrange.com
Sat May 7 10:30:21 UTC 2005
On Sat, May 07, 2005 at 11:23:56AM +0100, Daniel P. Berrange wrote:
>
> Ross Anderson (top-dog security professor at Cambridge) has a very
> interesting book talking about all these kind of things
>
> http://www.amazon.co.uk/exec/obidos/ASIN/0471389226/qid=1115458987/sr=1-1/ref=sr_1_10_1/026-8415144-9298823
Oh and also checkout his website where many papers are published
http://www.cl.cam.ac.uk/users/rja14/
Topically,
"15th March 2005 - The British and Irish banks' chip and PIN'
programme has been widely hyped as a solution for the card fraud problem.
But early figures show fraud rising, not falling. What's going on?"
http://www.chipandspin.co.uk/
"Firstly, Section 12.5 of the code of practice tries to define reasonable
care, but it in fact includes the phrase "Always take reasonable steps to
keep your card safe and your PIN, password and other security information
secret at all times." as one of the conditions. Reasonable care is not
adequately defined."
...
The banking code of practice is thus inadequate to protect the customer. The
signature on receipt system provides much better dispute resolution for
customers. Using a PIN is thus not in the customer's interest."
Dan.
--
|=- GPG key: http://www.berrange.com/~dan/gpgkey.txt -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- berrange at redhat.com - Daniel Berrange - dan at berrange.com -=|
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20050507/61d5810a/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list