[Gllug] OT - chip & pin

Christopher Hunter chrisehunter at blueyonder.co.uk
Mon Apr 3 15:40:56 UTC 2006


On Monday 03 Apr 2006 10:55, Alain Williams wrote:
> On Friday I filled up my car at Tesco.
> When it came to pay they would not let me put my card into the chip'n'pin
> machine that had the numeric keypad attached, instead they put it into
> their till keyboard & then asked me to enter my number onto the numeric
> keypad.
>
> I refused to do this on the grounds that the chip'n'pin machine was
> validated, having my pin go over some cable that went where I knew not and
> then to my card was not secure since it is possible that the pin could have
> been read through a tampered cable or something. There was much 'this is
> what personnel says that I must do' from the tesco employee - I paid cash &
> left saying that I would not buy anything from tesco again.
>
> Was I being paranoid ?

Not really, but chip and PIN is /really/ insecure as the PIN is held on the 
card itself, albeit hashed.  There are *huge* numbers of cloned cards about, 
and the banks are getting really worried about it, but see no easy (ie: 
inexpensive) solution.

Chris
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list