[Cryptography] cost-watch - the cost of the Target breach
hbaker1 at pipeline.com
Sat Dec 6 02:29:32 EST 2014
At 07:49 PM 12/5/2014, Jerry Leichter wrote:
"It's also not at all clear that the banks were the ones who resisted on chip and pin. *They* wouldn't be the ones bearing the costs of replacing all the card readers out there - and they stand to gain from the liability shift that leaves merchants who don't get new terminals stuck with any loses. Over all, win/win for the banks."
Ross Anderson has been analyzing chip&pin for years & found that there are just as many problems with chip&pin as with the magstripe cards.
Ross points out (if I recall his comments correctly) that with chip&pin, the burden of proof moves away from the banks, which is why the banks are so hot for chip&pin. But don't hold your breath waiting for chip&pin to produce any improvement. I just read that the new US chip&pin system has already been hacked, and it isn't even in real service here yet!
More information about the cryptography