This is why PAPB "payment application best practices" from Visa should be mandated across the board. It ensures that all sensitive data (Primary account numbers, PINs, etc.) and other user sensitive information is not stored on the system, unless it is encrypted. This could go a long way to saving us alot of headaches!
Just because I go into a bar, doesn't mean I am drinking. What if I am the DD? This just has bad idea written all over it. The scanner should be using this for verification only, and nothing else.
I still use my old 64 from time to time. I find the worst thing about it these days is that the keys are slightly closer together than the PC keyboards of today. I am contantly mis-typing commands! I had no problems with the keyboard back in the day though...
What if she had been in a bank or restaurant that was being held up? The alarm would alert the theives and the person could easily be put in danger. I know a woman this happened to, she was behind the counter when theives broke into a bar to rob it. She hid behind the counter and called 911. If she had this phone, she would most likely be dead.
I work at a 'switch' that the article describes. It would be REALLY hard to do what they are describing, even having inside access. Not to say it couldn't be done, but the person doing it would have to have some serious clearance to get access to the HSM and the system it is on. If they do have that kind of access, it is pretty unlikely that they have the technical know-how to go about doing what the article describes. Usually the people that have the technical know-how don't have userid's or passwords to the production system, never mind the HSM.
I would be much more worried about someone with a hidden camera getting your PIN in a gas station than this. Alot cheaper and easier to pull off.
You are assuming that everybody's PIN is only 4 digits long. PINs can range from 4-12 digits.
That's why netwroks mandated 3DES encryption because 16 digit DES keys are fairly simple to break
Usually only the PIN block is encrypted between an ATM and a Host. This wouldn't really stop anyone from getting the card information, but without the PIN, theoretically that information would be useless.
I've also seen encrypting modems being used between ATMs and Hosts.
Looks like I'm gonna have to get myself a hardwood floor in the bedroom!...For whenever I get someone in there that I could perform that specific act on...
When are people going to learn that not every career field is going to have a 'properly' mixed racial environment? People do what they are interested in, and what they are good at.
Didn't they try this crap with trying to get more girls to go into math and science a while ago?
Just leave people alone, and things will work out just fine.
Besides, CJ is a hero. He didn't want to start that gang crap back up, the crooked cops made him!
I know a guy who bought a $3000 projector for his wedding reception pictures and the returned it the day after. He's lucky I wasn't there, or I would have made sure the unit was non-returnable.
It's always the few scumbag 1% who wreck things for the rest of us.
I don't think it will be a huge deal to patch all of the software out there that relies on this. The main problem will be things like VCRs, TVs, watches and such that change the time for you automatically.
It's nice to see the American government coming up with a solution like this instead of concentrating on and suggesting alternate energies.
With the price of electronics these days, most people can afford to just throw things away. I fix peoples computers on the side, and I am hearing this more and more everyday. People just don't want to bother with the 'hassle' of fixing things. Plus they get the 'bonus' of having the latest and greatest toys.
First they wanted somesort of rating system so that parents could choose what was appropriate for their children. Now that it is in place, they don't seem to care that the appropriate warning is already on the box!
Slashdot Mirror
I was told there would be no math...
http://usa.visa.com/merchants/risk_management/cisp_payment_applications.html/
This is why PAPB "payment application best practices" from Visa should be mandated across the board. It ensures that all sensitive data (Primary account numbers, PINs, etc.) and other user sensitive information is not stored on the system, unless it is encrypted. This could go a long way to saving us alot of headaches!
Just because I go into a bar, doesn't mean I am drinking. What if I am the DD? This just has bad idea written all over it. The scanner should be using this for verification only, and nothing else.
I still use my old 64 from time to time. I find the worst thing about it these days is that the keys are slightly closer together than the PC keyboards of today. I am contantly mis-typing commands!
I had no problems with the keyboard back in the day though...
What if she had been in a bank or restaurant that was being held up? The alarm would alert the theives and the person could easily be put in danger.
I know a woman this happened to, she was behind the counter when theives broke into a bar to rob it. She hid behind the counter and called 911. If she had this phone, she would most likely be dead.
How is the IPhone even classed as an invention? IT is something that already existed (cell-phone) that someone else added some gee-gaws to.
That's like saying the 2008 Chevy Malibu is the top invention for 2008 because it is so cool and hip!
How sad...
I work at a 'switch' that the article describes. It would be REALLY hard to do what they are describing, even having inside access. Not to say it couldn't be done, but the person doing it would have to have some serious clearance to get access to the HSM and the system it is on. If they do have that kind of access, it is pretty unlikely that they have the technical know-how to go about doing what the article describes.
Usually the people that have the technical know-how don't have userid's or passwords to the production system, never mind the HSM.
I would be much more worried about someone with a hidden camera getting your PIN in a gas station than this. Alot cheaper and easier to pull off.
Correct, the issuer of the card is liable for any fraud.
Once EMV comes in, if the terminal is not EMV compliant then all fraud liablity transfers to the terminal owner, not the cardholder.
You are assuming that everybody's PIN is only 4 digits long. PINs can range from 4-12 digits. That's why netwroks mandated 3DES encryption because 16 digit DES keys are fairly simple to break
The TDES encryption only encrypts the PIN block. The PAN and other card information is still in the clear.
This is also mandated in Europe
Usually only the PIN block is encrypted between an ATM and a Host. This wouldn't really stop anyone from getting the card information, but without the PIN, theoretically that information would be useless.
I've also seen encrypting modems being used between ATMs and Hosts.
Don't forget Sword of Fargoal!
Anyone know if it actually verifies card info?
if not you could just change your own CC info just enough to get by. Maybe they are only doing a MOD10 check.
I guess you would only do this if you cared to see this stuff...
Why do I get the image of the Google CEO hanging the ZDNet CEO out of a window by his legs (ala Fish Called Wanda) while reading that apology?
Looks like I'm gonna have to get myself a hardwood floor in the bedroom! ...For whenever I get someone in there that I could perform that specific act on...
That Gorilla game was the only thing that kept me sane at my job back in the day.
It was the only game on the machine (I have no idea why it was even on there).
"If you've got kids who can sit in front of a game for eight hours, then they have the cognitive thought process to learn how to build the game,"
That just about sums up the entire article...
Ummmm no... I've seen some of these kids, trust me they can't do much more than sit in front of a TV for 8 hours.
When are people going to learn that not every career field is going to have a 'properly' mixed racial environment?
People do what they are interested in, and what they are good at.
Didn't they try this crap with trying to get more girls to go into math and science a while ago?
Just leave people alone, and things will work out just fine.
Besides, CJ is a hero. He didn't want to start that gang crap back up, the crooked cops made him!
Has Hillary Clinton been alerted to this yet? We obviously need more warnings on these video games to stop this kind of horrible tragedy!
I know a guy who bought a $3000 projector for his wedding reception pictures and the returned it the day after. He's lucky I wasn't there, or I would have made sure the unit was non-returnable.
It's always the few scumbag 1% who wreck things for the rest of us.
Did someone turn the clock back to the discussion we already had on this issue?
I don't think it will be a huge deal to patch all of the software out there that relies on this. The main problem will be things like VCRs, TVs, watches and such that change the time for you automatically.
It's nice to see the American government coming up with a solution like this instead of concentrating on and suggesting alternate energies.
Really warms the ol' cockles of the heart.
With the price of electronics these days, most people can afford to just throw things away. I fix peoples computers on the side, and I am hearing this more and more everyday. People just don't want to bother with the 'hassle' of fixing things. Plus they get the 'bonus' of having the latest and greatest toys.
First they wanted somesort of rating system so that parents could choose what was appropriate for their children. Now that it is in place, they don't seem to care that the appropriate warning is already on the box!
They just take, and take, and take...
There is also My Space in MSN messenger that does this stuff to.