Fraud & Chip and PIN
Friday, February 12th, 2010 | Author:

I've always said that Chip & PIN was always about reducing the Bank's liability to Fraud. Not actually really more secure or reducing Fraud. With a signature you can prove it's not you and get the money back, with Chip & PIN you can't. Thus Bank "Fraud" drops. But it gets worse. http://www.theregister.co.uk/2010/02/12/chip_pin_security_unpicked/ Of course RFID for credit/cash cards or Passports is even more stupid. A technology designed to replace Barcodes (which can be photocopied) and RFID is not inherently a technology designed for Secure applications. Because RFID is unique "fingerprint" even if you don't decode it, an RFID "reader" at each location that your "mark" might use lets you track where the RFID is. If the "mark" realises, you could of course be tracking someone else that had the "tag" dumped on them.

 

See also here http://www.lightbluetouchpaper.org/2010/01/26/how-online-card-security-fails/

Category: Consumer Issues