But, how would you know the original card owner's address?Originally Posted by ExceededGoku
Ye, most e-tailers don't allow the first order to be made to another address unless of course you make 2 orders, one for a mousemat or something to their address and then a second order to your address *imagines what he would do with someone elses credit card
*
And pretty much all order systems logs your IP address so they can trace you back
Workstation 1: Intel i7 950 @ 3.8Ghz / X58 / 12GB DDR3-1600 / HD4870 512MB / Antec P180
Workstation 2: Intel C2Q Q9550 @ 3.6Ghz / X38 / 4GB DDR2-800 / 8400GS 512MB / Open Air
Workstation 3: Intel Xeon X3350 @ 3.2Ghz / P35 / 4GB DDR2-800 / HD4770 512MB / Shuttle SP35P2
HTPC: AMD Athlon X4 620 @ 2.6Ghz / 780G / 4GB DDR2-1000 / Antec Mini P180 White
Mobile Workstation: Intel C2D T8300 @ 2.4Ghz / GM965 / 3GB DDR2-667 / DELL Inspiron 1525 / 6+6+9 Cell Battery
Display (Monitor): DELL Ultrasharp 2709W + DELL Ultrasharp 2001FP
Display (Projector): Epson TW-3500 1080p
Speakers: Creative Megaworks THX550 5.1
Headphones: Etymotic hf2 / Ultimate Ears Triple.fi 10 Pro
Storage: 8x2TB Hitachi @ DELL PERC 6/i RAID6 / 13TB Non-RAID Across 12 HDDs
Consoles: PS3 Slim 120GB / Xbox 360 Arcade 20GB / PS2
Personally I think Chip n PIN is great.. many a time I've been to the shop - espesh when it's minus nothing outsode, and tried to sign me signature with fingers that are frozen solid, and I have difficulty making my fingers hold a pen when they're cold.. whereas stabbing a keypad is no bother. Works for me
Unless you use a proxy or a dynamic IP :SBut, how would you know the original card owner's address?
And pretty much all order systems logs your IP address so they can trace you back
Core 2 Duo E6600 @ 3.2Ghz (400Mhzx8) 1.52V (set in bios, 1.47v real) | 4GB GeIL PC6400 4-4-4-12 | Gigabyte DQ6 @ 1600Mhz | HD2900XT 1GB | Enermax Infiniti 720W | Silverstone TJ07-B with custom watercooling | BenQ FP241WZ
3dmark05 - 13140 | 3dmark06 - 6698 | SuperPi 1M - 15s
The thing that bugs me with chip and pin is how do I know the machine I am putting my card into is secure?
It would be very simple to have a “chip and pin” box that someone uses linked to a PC capturing all the numbers that’s pressed on it. Then once the person has gone, just put the transaction through yourself (you don’t need the card, just the card number which can just be done by a swipe or probably retrieved from the pin itself).
The money comes out of the account, the person knows no different.
Wait 6 months to a year, make a few cloned cards (very easy) and go and have fun (provided the pin has not been changed – which is rare anyway)
It really should have a handshake equivalent. Perhaps the machine shows you 4 numbers first (which is like a second pin), so you know its come direct from the bank, and then you input your number.
Again, no where near foolproof, but a little better.
what agent said its so easy for those people to make a fascia that takes all your details and they rinse.
The strip on the card still has the PIN on it (Chip and PIN isn't used overseas yet). And if you can find a way of reading the chip (someone probably already has) you'll probably be able to get it off there too.
true - but they can't clone the chip, so skimming a card only lets you create a card with just a magstripe on it. This card won't work in Chip and Pin stores though, only abroad..and older ATMs.
So the more retailers that are chip and pin, the safer it is
Last edited by Spud1; 26-07-2006 at 11:25 PM.
Give 'em time. Remember, there's no such thing as complete security.
There are 2 sides to chip and pin - the cardholder, and bank responsibility with fraud refunds. Basically, the theory with chip & pin is, alot of POS (point of sale) fraud (which is where I work) is now the cardholders responsibility and banks do not need to be liable for much. Or so they thought.
As far as I see it, it's been a waste of time and money - fraudsters have always been ahead of the game. We've already seen cloned and counterfeited C&P cards, but equally, there's alot of shifty retailers/cashiers that are up to no good.
I heard that for the same cost they could have implemented finger printing - which is a big step forward from sigs and chip and pin whereas I believe chip and pin is a step down, and we're following suit because the French use it. They call it, Le chip et pin. I call it crap.
Finger printer would be more buggy and harder to implement, but I thought we were a Country of leaders, it's obvious it will go that way (Despite someone in China having the same fingerprints as you) so why not do it? Look at American Immigration - they do it. All day every day.
Funnily enough though I saw so many people when it first come out go to a cash point, and they were asked for their pin they stood there and said it out loud!
In short. Chip and Pin poo. Finger printing rocks.
the chip on the card is needed (afaik) to do verification at the bank end. If your money is stolen in the way you describe, you are covered by your bank
aside from all this, do you realy think you bank would have spent over £1bn implementing this system if it wasn't going to save them some cash?? as for online transactions, 90% of them have to be delivered *somewhere* (wiht the exception of software/porn etc) so you would be tracked down
hughlunnon@yahoo.com | I have sigs turned off..
My point was this - they don't need to log your IP address. If you are going to make use of the stolen card online you need to order things and have them delivered to your actual address, so you'd have to be a pretty stupid crim to do it. All the police have to do is turn up there and arrest you.....And pretty much all order systems logs your IP address so they can trace you back
I thought that the pin definately wasn't on the card, basically the machine collects the card number from the card, and the pin from the user and sends both to the bank, which returns a Yea or Nay response. The machine then coughs up cash or approves your shopping accordingly.
If I can be bothered later I'll google for a bit to verify one way or the other.
They told me I was gullible ... and I believed them.
Ok I'm changing my view now, seems I had been mis-lead by the marketing on this =)
take a look @ http://www.chipandspin.co.uk/
The pin is still stored on the card - in the mag strip and in the chip.
The biggest problem wtih chip and pin is legacy - because our cards still have to work outside of the UK, and in shops without chip and pin (or just 'offline' machines) they still support the old systems of verification. If you cut out all the legacy stuff and just had the chip and pin system - with no mag stripe, each card using public key encryption etc etc then you have a secure system
Fingerprints are a big no-no though, these companies already know too much about me, getting my prints as well just makes me uneasy...
I've never understood this anti-big brother stance. The companies know too much about me, I'm scared of them getting my prints. What you think they're going to do, kill someone and plant a print off of your prints on the body? Forcing you to live like Harrison Ford?!
To end: Finger prints rock.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote