Chip ‘n’ Pin

Last month the BBC ran a story about how nice and safe card readers involved in the ‘Chip ‘n’ Pin’ process for purchases were.  These devices had been amended to enable the card information and the ‘Pin’ Number to be stolen.  In effect acting in a manner similar to a key logger.  This is quite a problem as most people are not in a position to ensure that no one tampers with the device that you are placing your card and pin number into.  One of the reasons that this is even possible is down to limited security between the card and reader.  This is not secured in earlier cards (apparently if your card has been issued since the start of 2008 then the ‘improved technology’ will protect you…) why would you not encrypt  all data sent from the card and keypad to the banking system?  Why would you not make the devices tamper proof?

I have never understood why the banks and retailers did not take the opportunity to combine the ‘Chip ‘n’ Pin’ technology with the existing technology…A Signature!  By combining the two you would reduce the threat further as duplicate cards made with the stolen electronic data would have to have all of the signature foils as well.

If you have ever implemented 2 factor authentication systems you will be familiar with the addition of the token information to your existing authentication details such as a uniques username and (strong!)password.  Try convincing an accreditor that the new system with a token no longer needs the strong password.

~ by Simon Hancock on April 11, 2008.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: