|
Finances / Finanzen » uk.finance » C & P from today's FT
| C & P from today's FT [message #390395] |
Di, 23 Mai 2006 17:14 |
|
Boots to pilot chip and pin security device CARD CRIME
Boots to pilot chip and pin security device CARD CRIME
By ALAN CANE
A new device that promises to protect customers' chip and pin numbers
from "shoulder surfing" thieves is being piloted by Boots, the
chemist.
Warwick University re-searchers have invented the specially designed
magnifying lens, which can easily be retrofitted to the keypad.
Designed initially to enable the partially sighted to see the keys,
its
potential as a security device became apparent when it was realised
that only
the customer directly in front of the lens could view the keypad
clearly.
From any other angle the view was distorted beyond recognition.
Tiddy Ogg.
http://www.tiddyogg.co.uk
|
|
|
| Re: C & P from today's FT [message #390396 ] |
Di, 23 Mai 2006 17:37 |
|
On Tue, 23 May 2006 16:14:31 +0100, Tiddy Ogg wrote:
> A new device that promises to protect customers' chip and pin numbers
> from "shoulder surfing" thieves is being piloted by Boots, the
> chemist.
How odd that the "new" device - presumably they mean a Fresnel lens - is
not that new and somewhat inferior to the existing devices fitted to
screens to prevent onlookers surfing for information. The existing devices
are effectively venetian blinds, stripes of opaque material in a
transparent matrix. Viewed edge on the stripes are invisible from a slight
angle they are impossible to see through.
http://www.superwarehouse.com/Kensington_Security_SlimScreen _Fits_14-15/55650/p/144710
|
|
|
| Re: C & P from today's FT [message #390419 ] |
Mi, 24 Mai 2006 10:23 |
|
On Tue, 23 May 2006 16:37:35 +0100, Steve Firth <%steve% [at] malloc.co.uk>
wrote:
>On Tue, 23 May 2006 16:14:31 +0100, Tiddy Ogg wrote:
>
>> A new device that promises to protect customers' chip and pin numbers
>> from "shoulder surfing" thieves is being piloted by Boots, the
>> chemist.
>
>How odd that the "new" device - presumably they mean a Fresnel lens - is
>not that new and somewhat inferior to the existing devices fitted to
>screens to prevent onlookers surfing for information. The existing devices
>are effectively venetian blinds, stripes of opaque material in a
>transparent matrix. Viewed edge on the stripes are invisible from a slight
>angle they are impossible to see through.
Either way, it acknowledges that the often-denied weakness of the
system is genuine.
Tiddy Ogg.
http://www.tiddyogg.co.uk
|
|
|
| Re: C & P from today's FT [message #390425 ] |
Mi, 24 Mai 2006 10:58 |
|
On Wed, 24 May 2006 09:23:41 +0100, Tiddy Ogg wrote:
> it acknowledges that the often-denied weakness of the
> system is genuine.
Yes, given the increasing number of reports that chip and pin is now
allowing the card cloners to swipe cards *and* get hold of the PIN I wonder
if those people posting here that this was "impossible" or even if it was
possible that it was pointless are going to eat their words?
Somehow I doubt it. Although the fact it was going to happen was fairly
obvious. No doubt coming next will be tales of "someone stole my PIN then
picked my pocket" as we also warned would happen.
|
|
|
| Re: C & P from today's FT [message #390426 ] |
Mi, 24 Mai 2006 11:46 |
|
Steve Firth wrote:
> On Wed, 24 May 2006 09:23:41 +0100, Tiddy Ogg wrote:
>
>> it acknowledges that the often-denied weakness of the
>> system is genuine.
>
> Yes, given the increasing number of reports that chip and pin is now
> allowing the card cloners to swipe cards *and* get hold of the PIN I wonder
> if those people posting here that this was "impossible" or even if it was
> possible that it was pointless are going to eat their words?
Of course they won't. They will merely reiterate that if the PIN is
observed by an bystander, it's the user's fault for failing to conceal
it. The problem is that form a purely /technical/ point of view, they'd
be right. From an MMI-engineering POV, they need to rethink. People are
only human after all :-)
>
> Somehow I doubt it. Although the fact it was going to happen was fairly
> obvious. No doubt coming next will be tales of "someone stole my PIN then
> picked my pocket" as we also warned would happen.
Clearly the user's fault again - should have pick-proof pockets.
:-}
--
Please use the corrected version of the address below for replies.
Replies to the header address will be junked, as will mail from
various domains listed at www.scottsonline.org.uk
Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)
|
|
|
| Re: C & P from today's FT [message #390427 ] |
Mi, 24 Mai 2006 11:52 |
|
At 09:58:24 on 24/05/2006, Steve Firth delighted uk.finance by announcing:
> On Wed, 24 May 2006 09:23:41 +0100, Tiddy Ogg wrote:
>
> > it acknowledges that the often-denied weakness of the
> > system is genuine.
>
> Yes, given the increasing number of reports that chip and pin is now
> allowing the card cloners to swipe cards and get hold of the PIN I wonder
> if those people posting here that this was "impossible" or even if it was
> possible that it was pointless are going to eat their words?
I don't recall anyone ever claiming this was impossible.
|
|
|
| Re: C & P from today's FT [message #390440 ] |
Mi, 24 Mai 2006 13:38 |
|
On 24 May 2006 09:52:42 GMT, Alex wrote:
> At 09:58:24 on 24/05/2006, Steve Firth delighted uk.finance by announcing:
>
>> On Wed, 24 May 2006 09:23:41 +0100, Tiddy Ogg wrote:
>>
>>> it acknowledges that the often-denied weakness of the
>>> system is genuine.
>>
>> Yes, given the increasing number of reports that chip and pin is now
>> allowing the card cloners to swipe cards and get hold of the PIN I wonder
>> if those people posting here that this was "impossible" or even if it was
>> possible that it was pointless are going to eat their words?
>
> I don't recall anyone ever claiming this was impossible.
Ah well, no doubt your faulty memory needs a reminder:
Jim Ley claimed:
"The methods to contest fraudalent transactions are well known, indeed
a whole range of fraudalent _and erroneous_ transactions become
impossible - those involving a PIN. "
Jiohn Boyle stated:
"The banks seem toi be going to great lenghts to specifically make the
point that cloning is almost impossible with current technology."
|
|
|
| Re: C & P from today's FT [message #390445 ] |
Mi, 24 Mai 2006 15:53 |
|
At 12:38:38 on 24/05/2006, Steve Firth delighted uk.finance by announcing:
> On 24 May 2006 09:52:42 GMT, Alex wrote:
>
> > At 09:58:24 on 24/05/2006, Steve Firth delighted uk.finance by announcing:
> >
> >> On Wed, 24 May 2006 09:23:41 +0100, Tiddy Ogg wrote:
> >>
> >>> it acknowledges that the often-denied weakness of the
> >>> system is genuine.
> >>
> >> Yes, given the increasing number of reports that chip and pin is now
> >> allowing the card cloners to swipe cards and get hold of the PIN I wonder
> >> if those people posting here that this was "impossible" or even if it was
> >> possible that it was pointless are going to eat their words?
> >
> > I don't recall anyone ever claiming this was impossible.
>
> Ah well, no doubt your faulty memory needs a reminder:
>
> Jim Ley claimed:
>
> "The methods to contest fraudalent transactions are well known, indeed
> a whole range of fraudalent _and erroneous_ transactions become
> impossible - those involving a PIN. "
>
> Jiohn Boyle stated:
>
> "The banks seem toi be going to great lenghts to specifically make the
> point that cloning is almost impossible with current technology."
And it is. The 'current technology' bit meaning the ICC and the equipment
needed to clone one. Cloning a mag stripe is still just as easy as it ever was
and I still don't recall anyone ever claiming otherwise.
|
|
|
| Re: C & P from today's FT [message #390447 ] |
Mi, 24 Mai 2006 16:51 |
|
On 24 May 2006 13:53:37 GMT, Alex wrote:
> At 12:38:38 on 24/05/2006, Steve Firth delighted uk.finance by announcing:
>
>> On 24 May 2006 09:52:42 GMT, Alex wrote:
>>
>>> At 09:58:24 on 24/05/2006, Steve Firth delighted uk.finance by announcing:
>>>
>>>> On Wed, 24 May 2006 09:23:41 +0100, Tiddy Ogg wrote:
>>>>
>>>>> it acknowledges that the often-denied weakness of the
>>>>> system is genuine.
>>>>
>>>> Yes, given the increasing number of reports that chip and pin is now
>>>> allowing the card cloners to swipe cards and get hold of the PIN I wonder
>>>> if those people posting here that this was "impossible" or even if it was
>>>> possible that it was pointless are going to eat their words?
>>>
>>> I don't recall anyone ever claiming this was impossible.
>>
>> Ah well, no doubt your faulty memory needs a reminder:
>>
>> Jim Ley claimed:
>>
>> "The methods to contest fraudalent transactions are well known, indeed
>> a whole range of fraudalent _and erroneous_ transactions become
>> impossible - those involving a PIN. "
>>
>> Jiohn Boyle stated:
>>
>> "The banks seem toi be going to great lenghts to specifically make the
>> point that cloning is almost impossible with current technology."
>
> And it is. The 'current technology' bit meaning the ICC and the equipment
> needed to clone one. Cloning a mag stripe is still just as easy as it ever was
> and I still don't recall anyone ever claiming otherwise.
Then you are blind since I've just posted the quote.
BTW, magnetic stripe *is* current technology.
|
|
|
| Re: C & P from today's FT [message #390451 ] |
Mi, 24 Mai 2006 17:39 |
|
At 15:51:23 on 24/05/2006, Steve Firth delighted uk.finance by announcing:
> On 24 May 2006 13:53:37 GMT, Alex wrote:
>
> > At 12:38:38 on 24/05/2006, Steve Firth delighted uk.finance by announcing:
> >
> >> On 24 May 2006 09:52:42 GMT, Alex wrote:
> >>
> >>> At 09:58:24 on 24/05/2006, Steve Firth delighted uk.finance by announcing:
> >>>
> >>>> On Wed, 24 May 2006 09:23:41 +0100, Tiddy Ogg wrote:
> >>>>
> >>>>> it acknowledges that the often-denied weakness of the
> >>>>> system is genuine.
> >>>>
> >>>> Yes, given the increasing number of reports that chip and pin is now
> >>>> allowing the card cloners to swipe cards and get hold of the PIN I wonder
> >>>> if those people posting here that this was "impossible" or even if it was
> >>>> possible that it was pointless are going to eat their words?
> >>>
> >>> I don't recall anyone ever claiming this was impossible.
> >>
> >> Ah well, no doubt your faulty memory needs a reminder:
> >>
> >> Jim Ley claimed:
> >>
> >> "The methods to contest fraudalent transactions are well known, indeed
> >> a whole range of fraudalent _and erroneous_ transactions become
> >> impossible - those involving a PIN. "
> >>
> >> Jiohn Boyle stated:
> >>
> >> "The banks seem toi be going to great lenghts to specifically make the
> >> point that cloning is almost impossible with current technology."
> >
> > And it is. The 'current technology' bit meaning the ICC and the equipment
> > needed to clone one. Cloning a mag stripe is still just as easy as it ever
> > was and I still don't recall anyone ever claiming otherwise.
>
> Then you are blind since I've just posted the quote.
That quote made no such claim. John stated that the banks "seem to be" trying
to state that cloning is almost impossible. John isn't claiming it's
impossible. I've seen no statement from a bank saying cloning a mag stripe is
impossible. If you have, please enlighten me.
> BTW, magnetic stripe is current technology.
So is pyramid building.
|
|
|
| Re: C & P from today's FT [message #390454 ] |
Mi, 24 Mai 2006 18:30 |
|
On 24 May 2006 15:39:32 GMT, Alex wrote:
> At 15:51:23 on 24/05/2006, Steve Firth delighted uk.finance by announcing:
>
>> On 24 May 2006 13:53:37 GMT, Alex wrote:
>>
>>> At 12:38:38 on 24/05/2006, Steve Firth delighted uk.finance by announcing:
>>>
>>>> On 24 May 2006 09:52:42 GMT, Alex wrote:
>>>>
>>>>> At 09:58:24 on 24/05/2006, Steve Firth delighted uk.finance by announcing:
>>>>>
>>>>>> On Wed, 24 May 2006 09:23:41 +0100, Tiddy Ogg wrote:
>>>>>>
>>>>>>> it acknowledges that the often-denied weakness of the
>>>>>>> system is genuine.
>>>>>>
>>>>>> Yes, given the increasing number of reports that chip and pin is now
>>>>>> allowing the card cloners to swipe cards and get hold of the PIN I wonder
>>>>>> if those people posting here that this was "impossible" or even if it was
>>>>>> possible that it was pointless are going to eat their words?
>>>>>
>>>>> I don't recall anyone ever claiming this was impossible.
>>>>
>>>> Ah well, no doubt your faulty memory needs a reminder:
>>>>
>>>> Jim Ley claimed:
>>>>
>>>> "The methods to contest fraudalent transactions are well known, indeed
>>>> a whole range of fraudalent _and erroneous_ transactions become
>>>> impossible - those involving a PIN. "
>>>>
>>>> Jiohn Boyle stated:
>>>>
>>>> "The banks seem toi be going to great lenghts to specifically make the
>>>> point that cloning is almost impossible with current technology."
>>>
>>> And it is. The 'current technology' bit meaning the ICC and the equipment
>>> needed to clone one. Cloning a mag stripe is still just as easy as it ever
>>> was and I still don't recall anyone ever claiming otherwise.
>>
>> Then you are blind since I've just posted the quote.
>
> That quote made no such claim. John stated that the banks "seem to be" trying
> to state that cloning is almost impossible. John isn't claiming it's
> impossible.
Lift your eyes a little higher up the page.
> I've seen no statement from a bank saying cloning a mag stripe is
> impossible. If you have, please enlighten me.
We weren't tallking about what the banks say.
>> BTW, magnetic stripe is current technology.
>
> So is pyramid building.
Congratulations you just won the "stupid bastard of the week" award.
|
|
|
| Re: C & P from today's FT [message #390456 ] |
Mi, 24 Mai 2006 18:59 |
|
Steve Firth wrote:
>>> BTW, magnetic stripe is current technology.
>> So is pyramid building.
> Congratulations you just won the "stupid bastard of the week" award.
Out of interest who won it the previous 51 weeks?
|
|
|
| Re: C & P from today's FT [message #390460 ] |
Mi, 24 Mai 2006 20:17 |
|
On Wed, 24 May 2006 17:59:26 +0100, Colin Forrester wrote:
> Steve Firth wrote:
>
>>>> BTW, magnetic stripe is current technology.
>
>>> So is pyramid building.
>
>> Congratulations you just won the "stupid bastard of the week" award.
>
> Out of interest who won it the previous 51 weeks?
It was split evenly between Duhg Bollen and Doctor Drivel.
|
|
|
| Re: C & P from today's FT [message #390483 ] |
Do, 25 Mai 2006 08:00 |
|
Mike Scott wrote:
> Steve Firth wrote:
>> On Wed, 24 May 2006 09:23:41 +0100, Tiddy Ogg wrote:
>>
>>> it acknowledges that the often-denied weakness of the
>>> system is genuine.
>>
>> Yes, given the increasing number of reports that chip and pin is now
>> allowing the card cloners to swipe cards *and* get hold of the PIN I
>> wonder if those people posting here that this was "impossible" or
>> even if it was possible that it was pointless are going to eat their
>> words?
>
> Of course they won't. They will merely reiterate that if the PIN is
> observed by an bystander, it's the user's fault for failing to conceal
> it.
Although in the case of Shell it was not observed by a bystander but by the
terminal device itself. An inside job ;-)
Now that someone has proved that you can use genuine terminal equipment in
retail outlets to harvest mag-stripe and PIN data, and that this can be used
steal money from ATMs in the UK and can also be exported to steal it from
ATMs overseas, we can find out the answer to the second question. Is it
worth it? Some multinational has pulled it off, but did they make enough to
make it worthwhile as an ongoing concern? Time will tell. One point to
note is that because the attack takes place inside the shop, and requires
staff who work in the shop to be involved, I would expect most of them to
get caught. I don't know what the going rate for such cannon fodder would
be, but it would have to be taken into account in the cash-flow projections.
|
|
|
| Re: C & P from today's FT [message #390486 ] |
Do, 25 Mai 2006 10:15 |
|
At 07:00:15 on 25/05/2006, rob delighted uk.finance by announcing:
> Now that someone has proved that you can use genuine terminal equipment in
> retail outlets to harvest mag-stripe and PIN data, and that this can be used
> steal money from ATMs in the UK and can also be exported to steal it from
> ATMs overseas, we can find out the answer to the second question. Is it
> worth it? Some multinational has pulled it off, but did they make enough to
> make it worthwhile as an ongoing concern? Time will tell. One point to
> note is that because the attack takes place inside the shop, and requires
> staff who work in the shop to be involved,
They may not have been. There's a possibility that 'engineers' turned up and
replaced the PINpads due to a 'technical fault' or somesuch.
|
|
|
| Re: C & P from today's FT [message #390487 ] |
Do, 25 Mai 2006 10:19 |
|
Colin Forrester wrote:
>> Congratulations you just won the "stupid bastard of the week" award.
>
> Out of interest who won it the previous 51 weeks?
DoodieDoo
|
|
|
| Re: C & P from today's FT [message #390543 ] |
Fr, 26 Mai 2006 00:55 |
|
In message <11324mnjo8cza.zbf9may9z32r.dlg [at] 40tude.net>, Steve Firth
<%steve% [at] malloc.co.uk> writes
>> I don't recall anyone ever claiming this was impossible.
>
>Ah well, no doubt your faulty memory needs a reminder:
>Jiohn Boyle stated:
>
>"The banks seem toi be going to great lenghts to specifically make the
> point that cloning is almost impossible with current technology."
Note the words 'the banks seem', 'almost' and 'current'.
--
John Boyle
|
|
|
| Re: C & P from today's FT [message #390545 ] |
Fr, 26 Mai 2006 01:02 |
|
In message <7lvqgpdr5h9m.1ilflbq9pi3ip.dlg [at] 40tude.net>, Steve Firth
<%steve% [at] malloc.co.uk> writes
>>> Ah well, no doubt your faulty memory needs a reminder:
>>>
>>> Jim Ley claimed:
>>>
>>> "The methods to contest fraudalent transactions are well known, indeed
>>> a whole range of fraudalent _and erroneous_ transactions become
>>> impossible - those involving a PIN. "
>>>
>>> Jiohn Boyle stated:
>>>
>>> "The banks seem toi be going to great lenghts to specifically make the
>>> point that cloning is almost impossible with current technology."
>>
>> And it is. The 'current technology' bit meaning the ICC and the equipment
>> needed to clone one. Cloning a mag stripe is still just as easy as
>>it ever was
>> and I still don't recall anyone ever claiming otherwise.
>
>Then you are blind since I've just posted the quote.
>
>BTW, magnetic stripe *is* current technology.
He isnt blind, perhaps you just dont understand words.
In any event you miss the point . Card Cloning and mag stripe copying
are two different things. You are confusing the two.
Anyway lets go back to your assertion "Yes, given the increasing number
of reports that chip and pin is now allowing the card cloners to swipe
cards *and* get hold of the PIN I wonder if those people posting here
that this was "impossible""
Lets look at the words. The cloning referred to as being almost
impossible is the cloning of the C&P concept. Nicking a PIN and copying
the a magstripe card has never been referred to as impossible, certainly
never by myself.
Retract your statement.
--
John Boyle
|
|
|
| Re: C & P from today's FT [message #390550 ] |
Fr, 26 Mai 2006 09:17 |
|
john boyle wrote:
....
>>> And it is. The 'current technology' bit meaning the ICC and the
>>> equipment
>>> needed to clone one. Cloning a mag stripe is still just as easy as
>>> it ever was
>>> and I still don't recall anyone ever claiming otherwise.
>>
>> Then you are blind since I've just posted the quote.
>>
>> BTW, magnetic stripe *is* current technology.
>
> He isnt blind, perhaps you just dont understand words.
>
> In any event you miss the point . Card Cloning and mag stripe copying
> are two different things. You are confusing the two.
Dictionary time. A lot of people seem to think a 'clone' is an exact
copy, no doubt because of all the sci-fi garbage about cloned creatures.
However, my Collins offers:
"Informal. a person or thing bearing a very close resemblance to another
person or thing."
(Plus related stuff about genetics of course)
So a card with a copied stripe having the same functionality as the
original's is indeed arguably a "clone". IMO, of course.
--
Please use the corrected version of the address below for replies.
Replies to the header address will be junked, as will mail from
various domains listed at www.scottsonline.org.uk
Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)
|
|
|
| Re: C & P from today's FT [message #390551 ] |
Fr, 26 Mai 2006 09:34 |
|
Just to put the cat amongst the pigeons:
I've witnessed exact duplicate (Chipped) credit cards operating in a
Chip only environment. Shouldn't be possible I hear you say.
The real BIG issue with PINs is liability shift and it would appear
that evidence is beginning to grow to confirm this. This is not a shift
on to the C&P retailer who is guaranteed their cash. It doesn't matter
who uses the card as long as the transaction is validated by a PIN.
The libaility shift is on to us, the cardholders.
|
|
|
| Re: C & P from today's FT [message #390561 ] |
Fr, 26 Mai 2006 10:43 |
|
<jjamies [at] tiscali.co.uk> wrote
> I've witnessed exact duplicate (Chipped) credit
> cards operating in a Chip only environment.
How can you be sure the Chip was copied illegally?
[Were you part of the 'gang' that did it? :-( ]
How can you be sure it was a "Chip only"
environment, and didn't fall-back on the magstripe?
<jjamies [at] tiscali.co.uk> wrote
> The real BIG issue with PINs is liability shift ...
> The libaility shift is on to us, the cardholders.
Do you have a legal reference for this assertion?
|
|
|
| Re: C & P from today's FT [message #390566 ] |
Fr, 26 Mai 2006 11:09 |
|
No, Im not part of a 'gang' that did this.
I did witness both cards being used in a Chip only environment, at no
time was the magstrip swiped. Transaction slips produced and these
transactions appearied on the cardhodlers statement.
There was no intent to defraud or deceive and the account paid in full
- just to prove a point. At least one duplicate (Chipped) cards exist!
The cards in question are exact duplicates, same 16 figure account
number, valid from and expiry dates AND same numbers on the signature
strip. How can this happen? Well it has.
Re liability shift - More evidence of victims of PIN based fraud not
being believed is appearing regularly in the press and on other forums.
|
|
|
| Re: C & P from today's FT [message #390570 ] |
Fr, 26 Mai 2006 12:52 |
|
<jjamies [at] tiscali.co.uk> wrote
> I did witness both cards being used in a Chip only environment,
> at no time was the magstrip swiped. Transaction slips produced
> and these transactions appearied on the cardhodlers statement.
>
> There was no intent to defraud or deceive and the account paid in full
> - just to prove a point. At least one duplicate (Chipped) cards exist!
So - just *who* is it, that has managed to copy a Chip?
What equipment did they need?!
<jjamies [at] tiscali.co.uk> wrote
> Re liability shift - More evidence of victims of PIN based fraud not
> being believed is appearing regularly in the press and on other forums.
Not being believed by *whom*? The courts? Can you name a case?
|
|
|
| Re: C & P from today's FT [message #390573 ] |
Fr, 26 Mai 2006 13:06 |
|
Tim wrote:
> <jjamies [at] tiscali.co.uk> wrote
>> I did witness both cards being used in a Chip only environment,
>> at no time was the magstrip swiped. Transaction slips produced
>> and these transactions appearied on the cardhodlers statement.
>>
>> There was no intent to defraud or deceive and the account paid in full
>> - just to prove a point. At least one duplicate (Chipped) cards exist!
>
> So - just *who* is it, that has managed to copy a Chip?
> What equipment did they need?!
Reading between his lines, it seems the chip was not in fact copied,
but was legitimately manufactured twice (presumably in error).
|
|
|
Gehe zu:
aktuelle Zeit: Di Feb 7 18:27:11 CET 2012
Insgesamt benötigte Zeit, um die Seite zu erzeugen: 0,09473 Sekunden |
