Chip n'pinday
- Thread starter empip
- Start date
Sponsored Links
because the assumption was made in the form of a question and i was hoping someone with more technical knowledge of the system might be able to clarify how it works.Softus said:
I'm now interested to find out how the system works on a more technical level as this may point out how secure the system really is ( or perhaps not as it may let those more devious get an understanding?
)
2
2scoops0406
kendor said:
Nope, and an unfortunate acroynm if I may add.
Sponsored Links
2
2scoops0406
Have you tried in an ATM as well, you can't change your PIN in an off line PIN pad, leads to PIN mismatches.
However:kendor said:
So, in what way have I made an assumption, in reading the above and then asking you the following questions:kendor said:I'm now interested to find out how the system works on a more technical level as this may point out how secure the system really is ( or perhaps not as it may let those more devious get an understanding?
Softus said:
The rest of what I wrote is one of the following:
(a) my knowledge;
(b) my opinion;
(c) a question for you.
I made no assumptions. However, I'm in danger of assuming that you find it impossible to be open, honest and straighforward on this topic.
OK - you go ahead and assume something that it makes no sense for anyone to assume. FYI, flash memory and WORM are two distinct types of technology, are not the same, and do not offer the same features. It's getting increasingly obvious how little you know about anything to do with this subject at all.kendor said:
Sorry Softus but you are making a lot of assumptions about what i'm thinking and i'm not thinking any of that apart from the fact that to burn a pin into a card reliably and for that matter a technology that uses flash as opposed to volatile Ram one must assume that it is WORMSoftus said:Okaaay, so you assumed that a particular piece of memory technology was used, in order to attract the attention of someone who knows more about the technology? Do you feel that your ruse worked?kendor said:because the assumption was made in the form of a question and i was hoping someone with more technical knowledge of the system might be able to clarify how it works.Softus said:
I'm now interested to find out how the system works on a more technical level as this may point out how secure the system really is ( or perhaps not as it may let those more devious get an understanding?
While you're pondering on that one, it's not very likely that the knowledge you seek is going to posted here for all to see. We're talking about software knowledge from the financial IT industry that would be potentially useful to criminals in cracking stolen cards and PINs.
Specifics aside, it's obvious how it works. Given that the PIN is stored on the card, in encrypted form, verification of the PIN involves using something similar to what is now run-of-the-mill software PKI technology to authenticate what equates to a 4-character digital signature. The retailers' EPOS machines, the banks' servers, and the connections between them, all represent a trust heirarchy.
Maybe you're worried about precisely what encryption method is used? Maybe you want to know whether the PIN is decrypted at the EPOS terminal or at the bank? Or how strong the PIN encryption is, and how easily/quickly someone could crack a stolen card? This information isn't generally distributed, and if you became someone who has that knowledge that you would also become someone who is automatically a suspect when a fraud occurs.
The bottom line is, as long as you act responsibly in protecting your card and your PIN, you're not liable for any loss.
2
2scoops0406
It can't be decrypted, it is one way encryption. It cannot be cracked, full
stop. Actually when I say canot, I mean it cannot be cracked with other than diminishgly small probability.
No there is absolutely no trust heirarcy. And it doesn't work like that anyway really.
Jesus H. Christ! Why are you making such a meal out of WORM?kendor said:
1. Just because something could be implemented using WORM memory, it doesn't mean that it has been.
2. It's not very likely that you're right about the one PIN change. For you to be right, a forgotton PIN would mean that the whole card has to be re-issued.
3. Do you actually need to change your own PIN, or are you going on and on and ON about this for another reason?
2
2scoops0406
I'm guessing that was aimed at kendor. The WORM acroynm is only unfortunate 'cos to many people it may smack of viruses, trojans, worm etc. Anyhoe if it was a Write once Read many, how come you can change it once? wouldn't that make it a write twice, read many WTRM?
Anything that is encrypted may be subsequently decrypted.Eddie M said:
In other words, it can be cracked.Eddie M said:
I believe you took me too literally. I said that a trust heirarchy was represented. I don't actually care for the details of the workings to be published here.Eddie M said:
kendor said:
1. You're not sorry.
2. I haven't made any assumptions, I've just asked you questions.
3. The assumption that it's WORM is yours, not "one's".
4. Flash and WORM are different technologies with different features.
5. It isn't WORM.
6. If you say that it's WORM, then you're wrong.
7. If you assume that it's something that it isn't, and for no good reason, then you're stupid.
To try and move on from Kendor And Softus' dispute . . .
I thought you could have as many PIN changes as you like.
The new PIN must therefore be written to the chip as many times as you need. As well as being stored on the bank's computer.
Someone mentioned the PIN is on the magstripe too - think it was woodyoulike - though i may have misunderstood him. Dont think this is true - only the "front of card" details are on here, think there's 3 rows of numbers. PIN on card has to be encrypted - magstripe cant hold enough data for encription
The magstripe will also tell the card machine/till whether it is a chip card. Usually if a chip card is swiped, the till will tell the operator to insert the card into the chip reader - unless you're in Tesco, of course - obviously theirs do it by design.
I thought you could have as many PIN changes as you like.
The new PIN must therefore be written to the chip as many times as you need. As well as being stored on the bank's computer.
Someone mentioned the PIN is on the magstripe too - think it was woodyoulike - though i may have misunderstood him. Dont think this is true - only the "front of card" details are on here, think there's 3 rows of numbers. PIN on card has to be encrypted - magstripe cant hold enough data for encription
The magstripe will also tell the card machine/till whether it is a chip card. Usually if a chip card is swiped, the till will tell the operator to insert the card into the chip reader - unless you're in Tesco, of course - obviously theirs do it by design.
Sponsored Links
