NatWest card reader
in [UK Linux]
|
From: David Aldred on 14 Jul 2007 02:33 Joxroach wrote: > If you really want to know how to deter card fraud and Identity theft. > Remove any liability issues from the cardholder AND the retailer (for > face to face or Online transactions) and scare the life out of > fraudsters then have a read of the following, from Marint Lewis's > Money Saving Expert Forum. > > http://forums.moneysavingexpert.com/showthread.html?t=484305 > I really don't see how that suggestion helps. A key vulnerability of signature based cards is that the average cashier in a supermarket, looking at a dodgy signature and faced with a potentially aggressive customer, a long queue and a harassed supervisor, is likely to accept the signature and thus the transaction. Chip & PIN removes the personal decision from the equation. Is it really likely that the said cashier will have the time and the confidence to make a forensic-style examination of two thumbprints? -- David Aldred
From: Ian on 14 Jul 2007 03:59 On 14 Jul, 07:33, David Aldred <n...(a)familyaldred.org.uk> wrote: > Is it really likely that the said cashier will have the time and the > confidence to make a forensic-style examination of two thumbprints? Any vaguely intelligent crook - and I realise that that rules out quite a few - will have the sense to squidge his/her thumb round slightly as they make the print, thereby smearing the print. Will your harassed cashier have time and confidence to ask for a second thumbprint? I doubt it. Ian
From: Martin Gregorie on 14 Jul 2007 05:41 Alex Butcher wrote: > On Fri, 13 Jul 2007 20:12:01 +0100, Martin Gregorie wrote: > >> Its made in China by Xiring, model XI6PA0040. Does this help anybody tell >> us more about it? > > I suspect something from their Xi-Sign range: > <http://www.xiring.com/en-GB/pageLibre00012b91.php> > Possibly, but unfortunately it doesn't look like anything on that page or anywhere else in the Xiring product list for that matter. -- martin@ | Martin Gregorie gregorie. | Essex, UK org |
From: Daniel James on 14 Jul 2007 10:47 In article news:<slrnf99mpl.df6.h(a)realh.co.uk>, Tony Houghton wrote: > I read somewhere that shifting the blame was the real motivation behind > chip & pin. I don't think that's ever been the motivation, but it is to some extent a side-effect. The point of chip and PIN is that it removed the onus of checking the signature on the payment slip from the shop staff. The shop doesn't really care whether a transaction is fraudulent or not, they just want to shift goods and receive payment; they have no incentive to perform the signature check with any diligence. Some banks issued cards with the cardholders' photos on them, for a while, but it became clear that shops didn't check those either. A large part of what Chip and PIN does is to automate that check by replacing the written signature with a PIN-entry that is automatically verified by the Point-of-sale terminal (the other part involves making the cards very significantly more difficult to falsify or clone). However, while C&P makes it harder to use someone else's card without knowing the PIN, it does mean that if you have a stolen card and do know the PIN there is almost no chance that anyone will challenge you when you use it (even if, say, the fraud is obviously male and the name on the card starts "Miss"). That means that the banks need to ensure that all cardholders take good care that their PINs are not revealed, and that they need to reserve the right to refuse to reimburse customers who are the victims of fraud if they have any reason to believe that the fraud was made possibly by negligence of complicity on the part of the customer. It's not really a shift of the blame. There's been a shift of risk, and a shift in the mechanisms for possible attacks, and the blame naturally lies in a different place. -- Cheers, Daniel.
From: Martin Gregorie on 14 Jul 2007 11:43
Daniel James wrote: > In article news:<slrnf99mpl.df6.h(a)realh.co.uk>, Tony Houghton wrote: >> I read somewhere that shifting the blame was the real motivation behind >> chip & pin. > > I don't think that's ever been the motivation, but it is to some extent a > side-effect. > I just had a thought while reading this post (snipped the rest). Does anybody know if there's anything in the card reader that's locked to the bank account, or can I use any Natwest card reader with my card and generate a valid authorization code? If the card reader is not account-specific then the activation process boils down to a simple check can read your card and that it works correctly. Even if this is the way it works there's a degree of improved security because you are in effect supplying an 8 digit PIN rather than a 4 digit one and also avoiding playback attacks. I've always thought the 4 digit PIN is too short for comfort. -- martin@ | Martin Gregorie gregorie. | Essex, UK org | |