[Cryptography] Insecure Chip 'n' PIN starts tomorrow
Tony Arcieri
bascule at gmail.com
Thu Oct 1 00:57:52 EDT 2015
On Wed, Sep 30, 2015 at 7:38 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
> FYI -- More like Bait 'n' Switch... This isn't about fraud at all, but
> about shifting liability away from the banks.
Do you really think a 4 digit number is the difference between a secure and
insecure system?
The liability shift is only for magstripe cards, not for EMV. Their goal is
to push people onto EMV.
EMV has a ton of issues and attacks against EMV are already commonplace.
But magstripe cards are effectively a 16-digit + 3-digit CVV1 "password"
you give to anyone you can transact business with, who with that knowledge
can thereafter impersonate you on the network. That's clearly not the
greatest authentication scheme in the world.
EMV has a ton of problems, but magstripe cards are a technology that has
outlived its usefulness.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150930/60d8bc82/attachment.html>
More information about the cryptography
mailing list