[Gllug] Chip and PIN
Lyons, Myke
Myke.Lyons at cmtww.com
Wed May 10 15:16:02 UTC 2006
> -----Original Message-----
> From: gllug-bounces at gllug.org.uk [mailto:gllug-bounces at gllug.org.uk]
On Behalf
> Of salsaman
> Sent: 10 May 2006 16:21
> To: Greater London Linux User Group
> Subject: Re: [Gllug] Chip and PIN
>
> Alain Williams wrote:
>
> >On Wed, May 10, 2006 at 03:42:26PM +0100, Andy McGarty wrote:
> >
> >
> >>On Wed, 10 May 2006 15:35:03 +0100, t.clarke <tim at seacon.co.uk>
wrote:
> >>
> >>
> >>
> >>>Just read an interesting article in the Financial Times on 'chip
> >>>skimmers'
> >>>
> >>>Apparently you can buy a small device for abt 55 quid which will
'skin'
> >>>card
> >>>and pin numbers from point of sale terminals.
> >>>
> >>>
> >>>So much for the extra security of Chip and PIN it seems !!
> >>>
> >>>
> >>>Tim
> >>>
> >>>
> >>As predicted on this list a few weeks ago when someone refused to
use
> >>their card to buy petrol on a "remote" terminal despite assurances
from
> >>the staff that they were secure. So secure that at BP anyone coming
in
> >>saying they are maintainers were given free access to take away the
units.
> >>
> >>
> >
> >What worried me (at Tesco) was that a wire went from the keypad, to
the till,
> >to the keyboard that contained the card. Since tills, today, are
programmable
> >PCs (I know - I have worked with them) it would probably not be too
hard to
> >snoop my pin passing via the PC. That could all be done by remotely
> downloading an
> >'extra' module to the till and no one would be any the wiser.
> >
> >Anyone know what Ross Anderson has to say about the latest debacle ?
> >
> >
> >
>
>
>
> And it goes without saying: biometric protection will be no safer. All
> that will be needed is to pull the fingerprint/retinal scan data from
> the "send" side of the terminal...
>
>
> Gabriel.
>
>
> --
> Gllug mailing list - Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug
May I ask what people on the list think are better options? (I'm not
implying that I agree that C&P is even the lesser of evils)
.myke
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list