[Gllug] security check
Christopher Hunter
cehunter at gb-x.org
Thu Aug 13 07:25:32 UTC 2009
On Wed, 2009-08-12 at 20:19 +0100, Tethys wrote:
> --------
>
> Christopher Hunter writes:
>
> > ...especially as the PIN is held on the magnetic strip on
the
> > card (albeit "encoded").
>
> No, it's not. The offset from the original PIN is held on the
> card. Unless you know what the original PIN was, the
information
> on the card is of no use to you.
Actually, no. The original PIN and the offset are both held in
hashed form on the card. This is why many of the card-skimming
frauds allow the manufacture of duplicate cards, complete with
known PINs. PIN verification at point of sale DOES NOT require
connection to the bank.
It's not uncommon for businesses to "batch process" a number of
transactions some time after they've been completed. This is
particularly prevalent outside metropolitan areas where data
connections may be unacceptably slow for "real time"
verification.
C.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list