[Gllug] OT - chip & pin
Christopher Hunter
chrisehunter at blueyonder.co.uk
Mon Apr 3 15:40:56 UTC 2006
On Monday 03 Apr 2006 10:55, Alain Williams wrote:
> On Friday I filled up my car at Tesco.
> When it came to pay they would not let me put my card into the chip'n'pin
> machine that had the numeric keypad attached, instead they put it into
> their till keyboard & then asked me to enter my number onto the numeric
> keypad.
>
> I refused to do this on the grounds that the chip'n'pin machine was
> validated, having my pin go over some cable that went where I knew not and
> then to my card was not secure since it is possible that the pin could have
> been read through a tampered cable or something. There was much 'this is
> what personnel says that I must do' from the tesco employee - I paid cash &
> left saying that I would not buy anything from tesco again.
>
> Was I being paranoid ?
Not really, but chip and PIN is /really/ insecure as the PIN is held on the
card itself, albeit hashed. There are *huge* numbers of cloned cards about,
and the banks are getting really worried about it, but see no easy (ie:
inexpensive) solution.
Chris
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list