[Cryptography] cost-watch - the cost of the Target breach

Henry Baker hbaker1 at pipeline.com
Sat Dec 6 02:29:32 EST 2014

At 07:49 PM 12/5/2014, Jerry Leichter wrote:
"It's also not at all clear that the banks were the ones who resisted on chip and pin.  *They* wouldn't be the ones bearing the costs of replacing all the card readers out there - and they stand to gain from the liability shift that leaves merchants who don't get new terminals stuck with any loses.  Over all, win/win for the banks."
Ross Anderson has been analyzing chip&pin for years & found that there are just as many problems with chip&pin as with the magstripe cards.

Ross points out (if I recall his comments correctly) that with chip&pin, the burden of proof moves away from the banks, which is why the banks are so hot for chip&pin.  But don't hold your breath waiting for chip&pin to produce any improvement.  I just read that the new US chip&pin system has already been hacked, and it isn't even in real service here yet!

More information about the cryptography mailing list