Creativity and security

Anne & Lynn Wheeler lynn at garlic.com
Mon Mar 27 11:15:30 EST 2006


Joseph Ashwood wrote:
> The one I find scarier is the US restaurant method of handling cards.
> For those of you unfamiliar with it, I hand my card to the
> waiter/waitress, the card disappears behind a wall for a couple of
> minutes, and my receipt comes back for to sign along with my card. Just
> to see if anyone would notice I actually did this experiment with a
> (trusted) friend that works at a small upscale restaurant. I ate, she
> took my card in the back, without hiding anything or saying what she was
> doing she took out her cellphone, snapped a picture, then processes
> everything as usual. The transaction did not take noticably longer than
> usual, the picture was very clear, in short, if I hadn't known she was
> doing this back there I would never have known. Even at a high end
> restaurant where there are more employees than clients no one paid
> enough attention in the back to notice this. If it wasn't a trusted
> friend doing this I would've been very worried.
>                Joe

the trivial case from nearly 10 years ago was the waiter in nyc
restaurant (something sticks in my mind it was the Brazilian restaurant
just off times sq) that had pda and small magstripe reader pined to the
inside of their jacket. At some opportunity, they would causally pass
the card down the inside of their lapel (doesn't even really have to
disappear anyplace). This was before wireless and 801.11 ... so the
magstripe images would accumulate in the pda until the waiter took a
break ... and then they would be uploaded to a PC and then to the
internet (hong kong was used as example) ... counterfeit cards would be
on the street (opposite side of the world), still within a few hours at
most.

recent posts mentioning some skimming threats
http://www.garlic.com/~lynn/aadsm22.htm#27 Meccano Trojans coming to
desktop near you

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list