massive data theft at MasterCard processor
Florian Weimer
fw at deneb.enyo.de
Tue Jun 21 01:51:17 EDT 2005
* Peter Fairbrother:
> No, it isn't! A handwritten signature is far better, it gives post-facto
> evidence about who authorised the transaction - it is hard to fake a
> signature so well that later analysis can't detect the forgery,
Apparently, handwritten signatures can be repudiated, at least I've
heard of a few cases where this likely was the case (but naturally,
graphologists didn't agree if the signature was genuine).
You can even use a signature machine to facilitate repudiation at a
later date.
> Also there are several attacks on Chip n' PIN as deployed here in the UK,
> starting with the fake reader attacks - for instance, a fake reader says you
> are authorising a payment for $6.99 while in fact the card and PIN are being
> used to authorise a transaction for $10,000 across the street.
In Germany, there's a widely used system based on PIN and a magnetic
stripe, and you can buy used reader devices on Ebay. 8-( This makes it
rather easy to mount a MITM attack.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list