[Gllug] security check
James Laver
gllug at jameslaver.com
Tue Aug 11 08:12:56 UTC 2009
On 11 Aug 2009, at 08:25, JLMS wrote:
>
> Your Linux computer is the least likely place where your information
> can be compromised.
>
> Poorly paid or disgruntled workers are known to sell credit card
> information that they manage to extract in call centers or badly
> administered IT departments. There is precious little you can do about
> this, checking your statements is the only measure that ensures bogus
> transactions are spotted.
And yet with chip and pin, the liability rests on you.
> Another source of fraud is the establishments accepting cards. Every
> time you lose sight of your card you are giving the opportunity to
> somebody to obtain your card details.
Again, as a chip and signature user my bank is forced to protect me
from this. Not that I let people walk away with my card etc.
> Another potential problem is cash machines. Sophisticated thieves
> install card readers or cameras to get as much information as
> possible from your card, or the card itself. Every time I need to use
> a cash machine I make sure there are no strange devices. I pull and
> push the slot where the car is read and check manually for any cameras
> or strange objects. Then I cover the keypad when I type my pin in case
> somebody is behind me "rubber necking".
But what about residual heat on the keypad? Are you touching all of
the numbers for random periods of time afterwards in order to mask the
thermal signature?
> Also how you dispose of your banks statements could be an issue. Are
> you shredding them? No document with sensitive information leave my
> house unshredded...
I recently sorted my desk out and was horrified to discover that I
filled an entire crate with shreddables, and that's without counting
all of the paperwork I've filed into another crate. Who'd've known my
desk could get *that* bad?
Anyway, time for the obligatory chip and signature talk. With chip and
pin, you are liable for fraud. There is another option, chip and
signature. Chip and signature indemnifies you against fraud because it
shifts the liability back to the bank to check your signature to
detect fraud.
There are downsides, you can't use a cashpoint for example. And while
stores have an obligation to accept it, smaller retailers can be very
arsey about it and some flat refuse to take it.
Getting one can also be quite an adventure as well. They are designed
for mentally disabled people who may have difficulty remembering their
pin. The disability discrimination act forces them to make any
concessions for disabled people available to non-disabled people as
well.
I somehow convinced a lloyds bank worker to show me their guidelines
for chip and signature issue. Apparently they expect a mentally
disabled person who can't remember their pin to talk about the nature
of their disability. How inhuman (and completely illegal!), but they
really don't want to give them out.
Anyway, if you don't desperately need a cashpoint, chip and signature
is the way forward. Shift the liability back to where it ought to be,
with the bank! Because they can, y'know, do something about it. Until
the chip and pin system is properly discredited (or the law is changed
to shift liability back to the bank), I'll stick with signature,
thanks. And yes, I like my chequebook.
--James
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list