Creativity and security
leichter_jerrold at emc.com
leichter_jerrold at emc.com
Fri Mar 24 16:31:49 EST 2006
| > If all that information's printed on the outside of the card, then
| > isn't this battle kind of lost the moment you hand the card to them?
|
| 1- I don't hand it to them. I put it in the chip-and-pin card reader
| myself. In any case, even if I hand it to a cashier, it is within my
sight
| at all times.
|
| 2- If it was really that easy to memorize a name and the equivalent of a
| 23-digit number at a glance without having to write anything down, surely
| the credit card companies wouldn't need to issue cards in the first place?
|
| IOW, unless we're talking about a corrupt employee with a photographic
| memory and telescopic eyes, the paper receipt I leave behind is the only
| place they could get any information about my card details....
You're underestimating human abilities when there is a reward present.
Back in the days when telephone calling cards were common, people used
to "shoulder surf", watching someone enter the card number and
memorizing it. A traditional hazing in the military is to give the new
soldier a gun, then a few seconds later demand that he tell you the
serial number from memory. Soldiers caught out on this ... only get
caught out once.
Besides, there's a lot less to remember than you think. I don't know
how your chip-and-pin card encoding is done, but a credit card number is
16 digits, with the first 4 (6?) specifying the bank (with a small
number of banks covering most of the market - if you see a card from
an uncommon bank, you can ignore it) and the last digit a check digit.
So you need to remember one of a small number of banks, a name, and
11 digits - for the few seconds it takes for the customer to move on
and give you the chance to scrawl it on a piece of paper. Hardly very
challenging.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list