[Gllug] [ot] borked net transaction
Christopher Hunter
chrisehunter at blueyonder.co.uk
Sat May 7 11:23:04 UTC 2005
On Saturday 07 May 2005 10:31, Matthew Thompson wrote:
> Agreed - I don't believe that the chip and pin cards contain the pin
> at all - I think that they contain a public key based signature which
> can be used to verify the PIN offline.
>
> Visa are currently using either 1024bit and 1152bit key lengths, the
> smaller of which will be withdrawn at the end of 2009 and POS
> terminals are meant to be capable of 1984bit key length transactions.
>
> There's some decent information at http://www.chipandpin.co.uk/info/
> reference.html
Nope. The PIN is actually held on the card as some of the banks don't
actually have properly working verification yet. The situation is a real
mess, and doesn't look like being rectified in the near future.
All the banks claim publicly that "Chip and PIN" is the answer to the security
problems associated with Credit (and Debit) Cards, but internally they
realise that nothing has improved. The banks won't admit the level of
fraudulent transactions, as it's not in their commercial interest, but it has
remained a pretty static proportion, despite the introduction of "C & P".
Some observers claim that the rate of fraud has actually increased lately....
Chris
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list