[Gllug] Chip and PIN
salsaman
salsaman at xs4all.nl
Wed May 10 15:21:09 UTC 2006
Alain Williams wrote:
>On Wed, May 10, 2006 at 03:42:26PM +0100, Andy McGarty wrote:
>
>
>>On Wed, 10 May 2006 15:35:03 +0100, t.clarke <tim at seacon.co.uk> wrote:
>>
>>
>>
>>>Just read an interesting article in the Financial Times on 'chip
>>>skimmers'
>>>
>>>Apparently you can buy a small device for abt 55 quid which will 'skin'
>>>card
>>>and pin numbers from point of sale terminals.
>>>
>>>
>>>So much for the extra security of Chip and PIN it seems !!
>>>
>>>
>>>Tim
>>>
>>>
>>As predicted on this list a few weeks ago when someone refused to use
>>their card to buy petrol on a "remote" terminal despite assurances from
>>the staff that they were secure. So secure that at BP anyone coming in
>>saying they are maintainers were given free access to take away the units.
>>
>>
>
>What worried me (at Tesco) was that a wire went from the keypad, to the till,
>to the keyboard that contained the card. Since tills, today, are programmable
>PCs (I know - I have worked with them) it would probably not be too hard to
>snoop my pin passing via the PC. That could all be done by remotely downloading an
>'extra' module to the till and no one would be any the wiser.
>
>Anyone know what Ross Anderson has to say about the latest debacle ?
>
>
>
And it goes without saying: biometric protection will be no safer. All
that will be needed is to pull the fingerprint/retinal scan data from
the "send" side of the terminal...
Gabriel.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list