[Gllug] Chip and PIN
Alain Williams
addw at phcomp.co.uk
Wed May 10 14:50:37 UTC 2006
On Wed, May 10, 2006 at 03:42:26PM +0100, Andy McGarty wrote:
> On Wed, 10 May 2006 15:35:03 +0100, t.clarke <tim at seacon.co.uk> wrote:
>
> >Just read an interesting article in the Financial Times on 'chip
> >skimmers'
> >
> >Apparently you can buy a small device for abt 55 quid which will 'skin'
> >card
> >and pin numbers from point of sale terminals.
> >
> >
> >So much for the extra security of Chip and PIN it seems !!
> >
> >
> >Tim
> As predicted on this list a few weeks ago when someone refused to use
> their card to buy petrol on a "remote" terminal despite assurances from
> the staff that they were secure. So secure that at BP anyone coming in
> saying they are maintainers were given free access to take away the units.
What worried me (at Tesco) was that a wire went from the keypad, to the till,
to the keyboard that contained the card. Since tills, today, are programmable
PCs (I know - I have worked with them) it would probably not be too hard to
snoop my pin passing via the PC. That could all be done by remotely downloading an
'extra' module to the till and no one would be any the wiser.
Anyone know what Ross Anderson has to say about the latest debacle ?
--
Alain Williams
Parliament Hill Computers Ltd.
Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
#include <std_disclaimer.h>
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list