Creativity and security

Daniel Carosone dan at geek.com.au
Thu Mar 23 23:33:39 EST 2006


On Thu, Mar 23, 2006 at 08:15:50PM -0000, Dave Korn wrote:
> 
>   As we all know, when you pay with a credit or debit card at a store, it's 
> important to take the receipt with you
> [..]
>   So what they've been doing at my local branch of Marks & Spencer for the 
> past few weeks is, at the end of the transaction after the (now always 
> chip'n'pin-based) card reader finishes authorizing your transaction, the 
> cashier at the till asks you whether you actually /want/ the receipt or not; 
> [..] 
>   ... Of course, three seconds after your back is turned, the cashier can 
> still go ahead and press the button anyway, and then /they/ can have your 
> receipt.
> [..]
> I think the better solution would still be for the receipt 
> to be printed out every single time and the staff trained in the importance 
> of not letting customers leave without taking their receipts with them.

Two observations:

 - your preferred solution to a problem of fraudulent cashier staff
   doing the wrong thing ... relies on the cashier staff doing the right
   thing.  Training fraudulent and creative cashiers on the importance
   of this action probably encourages them to come up with other ways
   to do the same thing.

 - even when they've handed you a receipt, on many systems there's a
   good chance they can get a reprint those same three seconds later.
   Paper jams or gets torn, ribbons run out, and sometimes you
   legitimately need a duplicate.

--
Dan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20060324/e398ec06/attachment.pgp>


More information about the cryptography mailing list