Creativity and security
Daniel Carosone
dan at geek.com.au
Thu Mar 23 23:33:39 EST 2006
On Thu, Mar 23, 2006 at 08:15:50PM -0000, Dave Korn wrote:
>
> As we all know, when you pay with a credit or debit card at a store, it's
> important to take the receipt with you
> [..]
> So what they've been doing at my local branch of Marks & Spencer for the
> past few weeks is, at the end of the transaction after the (now always
> chip'n'pin-based) card reader finishes authorizing your transaction, the
> cashier at the till asks you whether you actually /want/ the receipt or not;
> [..]
> ... Of course, three seconds after your back is turned, the cashier can
> still go ahead and press the button anyway, and then /they/ can have your
> receipt.
> [..]
> I think the better solution would still be for the receipt
> to be printed out every single time and the staff trained in the importance
> of not letting customers leave without taking their receipts with them.
Two observations:
- your preferred solution to a problem of fraudulent cashier staff
doing the wrong thing ... relies on the cashier staff doing the right
thing. Training fraudulent and creative cashiers on the importance
of this action probably encourages them to come up with other ways
to do the same thing.
- even when they've handed you a receipt, on many systems there's a
good chance they can get a reprint those same three seconds later.
Paper jams or gets torn, ribbons run out, and sometimes you
legitimately need a duplicate.
--
Dan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20060324/e398ec06/attachment.pgp>
More information about the cryptography
mailing list