> -----Original Message----- > From: piclist-bounces@mit.edu [mailto:piclist-bounces@mit.edu]On Behalf > Of Hulatt, Jon > Sent: Wednesday, 23 February 2005 8:53 PM > To: Microcontroller discussion list - Public. > Subject: RE: [AD]: Project offer any one interested? ATM scams > > ... > > Yes, the chip & pin system is flawed- if someone sees you enter your pin > in the POS terminal, then they can mug you for your card outside the > store, and use it. But I don't care. If someone wants my card; they can > have it- i'm not getting beaten up for a piece of plastic. UK law does > not regard handing over your card (and even your PIN!) under a threat of > violence as negligent- therefore my losses are the bank's problem. > > IMO the best security would be biometrics- and forget crazy stuff like > fingerprint recognition and retina scanning. Why not just print a photo > on the card? The human brain is *very* good at facial recognition, and > this single measure would probably do more to protect against POS fraud > then anything else (assuming the shopkeeper is not part of the scam > too). A bank in the UK did this a few years ago, but it didn't catch on. > Photo ID on the card has been tried, it doesn't work either. Years ago a newspaper or TV show in the USA tested this idea using cards with picture of dogs, flowers, girls photo on mans card etc. No-one noticed or cared. Now that I think about it, it could be a real promo idea for a bank - get a photo of your dog on your credit card. Beats football teams logos on some I've seen. No-one ever checks my signature, my card is usually back in my pocket before I get the slip to sign. I've demonstrated this by using other peoples (girlfriend etc) cards to buy stuff with. The last person to even make an effort (boss probably watching on CCTV - they trust the staff less than the customers) held the card upside down when 'comparing' signatures. Occasionally banks will track spending habits and call you if there is an 'irregularity' to get confirmation. Old idea too, been around since the '80s. Some telcos were going to do this for mobile telephones as well, back when people were 'sniffing' the codes and making cloned 'phones. Hmm, we noticed you were in New York, Sydney & Paris on the same day... Most security ideas fail because you have a bunch of people on one side that don't care, and a bunch of rather inventive people on the other who'll find a way around your security. Often they don't have to - they just take advantage of the don't care bunch. Unrelated but funny true story: Working at a telco, one day I was asked "Why are we sending top secret brewery construction plans to people all over Asia?". How interesting, I thought. We had a fax-back service that people could ring and have a satellite TV guide sent to them. The TV company was responsible for keeping it up to date; they simply faxed the new schedule to a certain fax number we gave them. Before they could send the fax, they had to key in a 4-digit password; so ring, enter password, hit start. Standard service. They complained about the password step (It's toooooo hard...), so it was eventually removed. All went well until the brewery faxed plans from one state to another, forget to enter the area code, and got our number instead. Hilarity happened, a one website puts it. Tony -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist