PIN Scandal 'Worst Hack Ever'

QuietLagoon writes "The evolving Citibank PIN scandal is getting worse with each passing day. Gregg Keizer of TechWeb News writes: 'The unfolding debit card scam that rocked Citibank this week is far from over, an analyst said Thursday as she called this first-time-ever mass theft of PINs 'the worst consumer scam to date.' ... The problem...is that retailers improperly store PIN numbers after they've been entered, rather than erase them at the PIN-entering pad. Worse, the keys to decrypt the PIN blocks are often stored on the same network as the PINs themselves, making a single successful hack a potential goldmine for criminals: they get the PIN data and the key to read it.'"

Re:Someone has been watching too much Simpsons...

This brings up an issue with financial networks that I just don't understand.

The greatest security online would be to do away with a "pull" charge (where your details are given to the business and the money "pulled" from your account") and adopt a "push" system - where I make an order, get a receipt #, log into MY account with the bank (ie. the SSL connection is between me and my bank) and then I send the money to them. I don't have any extra charges or don't send any money I don't want to. And they don't have my details to lose or get stolen.

But wait, that would mean people would have to do two steps, and people would use their OWN money more often, and not use credit.... can't have that can we. There are a zillion people out there who would sign up for this system, but it's not in the banks interests. Freemarket capitalism (*cough* oligopoly *cough*) fails again.

Supermarkets Defeating Chip & Pin

[Fzz]

Unfortunately, increasingly we're seeing supermarkets insist on swiping your chip'n'pin card, rather than relying on you entering the card into the terminal yourself. Tesco and Sainsburys do this, perhaps others do. From the customer's point of view, this completely defeats the security provided by chip'n'pin. The supermarket now has all the information from the mag stripe, and also has your PIN. Anyone obtaining this information can reproduce your ATM card, and drain your account.

In contrast, if you insert the card yourself, the system seems somewhat harder to defeat, although I don't actually know what information the store then has access to. Presumably less information, or they wouldn't want to swipe the card in the first place.

So what's to do? I think the only sensible thing is to refuse point blank to ever hand over a chip'n'pin debit card. If they don't like this, don't pay, and tell them why. And tell others. The stores don't need to swipe your card, but they'll only learn this if enough people object.

Why only 4 digits?

[matth]

Something I've often wondered about. Why are ATM PINs only allowed to be 4 digits?!?!

Re:Why only 4 digits?

[cimmer]

I couldn't tell you, but I wouldn't feel much safer with a longer pin code. If someone gets your card number, what's the chance they'll guess the right one out of 10,000 before the bank shuts the card down? If someone steals a bunch of pin numbers from a computer system, it doesn't really matter if they are 4 digits or 9 digits - the end result is the same. The one advantage I can see with longer pin numbers is that they'd be harder to shoulder surf, but like I said, that wouldn't make me feel much safer. I think a better question is when ATMs will start using two factor authentication.

Terrorism?

[LordEd]

but of all things we must secure in the war against terrorism, you'd think the bank accounts would be the single greatest priority.

You don't need terrorists to steal bank accounts. Ordinary Americans will be glad to do it instead.

Not everything is linked to terrorism. A stolen bank account or 50 doesn't strike terror into my soul.