Creativity and security
Olle Mulmo
mulmo at pdc.kth.se
Tue Mar 21 07:18:20 EST 2006
Unfortunately, they haven't. In Europe I get receipts with different
crossing-out patterns almost every week.
And, with "they" I mean the builders of point-of-sale terminals: I
don't think individual store owners are given a choice.
Though I believe I have noticed a good trend in that I get receipts
where *all but four* digits are crossed out more and more often
nowadays.
/Olle
On Mar 20, 2006, at 21:51, leichter_jerrold at emc.com wrote:
> I was tearing up some old credit card receipts recently - after all
> these years, enough vendors continue to print full CC numbers on
> receipts that I'm hesitant to just toss them as is, though I doubt
> there
> are many dumpster divers looking for this stuff any more - when I
> found
> a great example of why you don't want people applying their
> "creativity"
> to security problems, at least not without a great deal of review.
>
> You see, most vendors these days replace all but the last 4 digits of
> the CC number on a receipt with X's. But it must be boring to do the
> same as everyone else, so some bright person at one vendor(*) decided
> they were going to do it differently: They X'd out *just the last
> four
> digits*. After all, who could guess the number from the 10,000
> possibilities?
>
> Ahem.
> -- Jerry
>
> (*) It was Build-A-Bear. The receipt was at least a year old, so for
> all I know they've long since fixed this.
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list