[Cryptography] Insecure Chip 'n' PIN starts tomorrow

[Ron Garret]

On Oct 1, 2015, at 9:31 AM, John Levine <johnl at iecc.com> wrote:

> In article <CAB7TAM=86+aXkfzgdax66JPNQ1GKgzpwqJvwrEeCaOfL=5dLmA at mail.gmail.com> you write:
>> -=-=-=-=-=-
>> 
>>> With chip+signature, you say that's not my signature, and now it's up
>>> to to the merchant and the bank to produce a signature that looks like
>>> yours.
>> 
>> 
>> Here in the USA, you're generally asked to sign a digitizer pad, which
>> means the CC companies have many digitized copies of you signature stored
>> on their computers.  Producing one shouldn't be too difficult, and in the
>> doesn't demonstrate much.
> 
> I always write "not me" or "fluffy" on the digitizer pad.  A while ago
> there was an amusing web site in which a guy wrote ever more egregious
> non-signatures to try to get clerks' attention, with negligible success.
> 
> It's clear that the actual security model of chip+signature or for
> that matter swipe+signature is rather unlike the nominal one, but as
> far as I can tell other than the hidden cost of the banks or merchants
> eating the fraud, it works to the benefit of card users.

The actual security model is: the vast majority of people are honest, and so the actual systemic cost of fraud is low relative to the cost of replacing the infrastructure.  Therefore it makes more economic sense to just use a risk-pool model to pay the cost of fraud rather than replace the infrastructure.

This model is valid in the short term, not in the long term.  Alas, resistance to long-term thinking is not limited to the banking industry nowadays.

rg