A new chip on the block

rpm said:
http://www.mybroadband.co.za/nephp/?m=show&id=6352
Click to expand...

because we are in africa, 2-3 years behind the USA and europe, you would think we would have the advantage of hindsight, watching others make mistakes and then learning from them. instead it looks like we dont do any of our own homework, relying on the more developed countries to make mistakes, and then following them blindly firmly beliveing that if 1billion flies eat **** it must be good.

i see your "new chip on the block" and raise you one "chip and spin"
http://www.chipandspin.co.uk/
 
I wonder how these cards will work with internet sales? Does anybody know?
 
well the backwards compatibility is a transition that had to be implemented. A few years later all card readers will have migrated and Magnetic cards will be a thing of the past. Asking all merchants to fully implement the new readers and all CC holders to change cards all at once is not a feasible option. Most of the cards around the world is using this method to facilitate a smooth transition.
 
All the chips do is transfer responsibility for some CC fraud from the bank to the user - it's a con.
 
Walter Volker, the general manager for Absa group payment systems, said that Absa would gradually start re-issuing cards to all eight million of its customers, though this could take about two years. He said the familiar magnetic stripe would not disappear immediately, so there should be no problem transacting at points of sale where the new technology is not in place.
Click to expand...
While it is good news that SA is finally starting to see smart cards, smart card readers have been in place in South Africa for a very long time - ABSA in particular going back to 1997|1998 - not just POS but ATMs as well. I also happen to know that NCR had builtin support for EMV in 2001 - mainly bcos I was part of the development team in Dundee Scotland that implemented EMV for SSTs - although nothing to do with POS terminals.

Why has it taken ABSA in particular, so long to roll out smart cards attached to the actual plastic...???
 
derekc said:
well the backwards compatibility is a transition that had to be implemented. A few years later all card readers will have migrated and Magnetic cards will be a thing of the past. Asking all merchants to fully implement the new readers and all CC holders to change cards all at once is not a feasible option. Most of the cards around the world is using this method to facilitate a smooth transition.
Click to expand...

Sure; but while we're in that transition period, the new cards are no more secure than the existing cards. And if it's going to take 2 years to issue the new cards, do you really think they'll start again as soon as they're done, issuing new chip-only cards?

Besides, in many countries the plan is to the leave the mag strip as a fallback, in case the chip or reader is damaged. And as long as you have a fallback which is less secure than your main method, you're vulnerable to all those weaknesses in the fallback as well as the weaknesses in the main method.
 
Uuummm, these cards are still just as unsafe as the old ones, the reason being that they STILL have the mag strip, so if someone gets a hold of your card they can still copy it in 2 secs, and then start transacting with it as much as they like, using the old swip technology!!! :-)


WHAT'S THE POINT?!?!?!
 
risingtide said:
I wonder how these cards will work with internet sales? Does anybody know?
Click to expand...

I had chip and pin cards in the UK and they make life so much easier. You don't have to sign anymore making it quicker and easier to do transactions.

On the internet it is pretty much the same as now but some had a card verify system where you put in a password or pin code
 
Sconners said:
Uuummm, these cards are still just as unsafe as the old ones, the reason being that they STILL have the mag strip, so if someone gets a hold of your card they can still copy it in 2 secs, and then start transacting with it as much as they like, using the old swip technology!!! :-)


WHAT'S THE POINT?!?!?!
Click to expand...

They will be unsafe only on machines that don't allow chips. Otherwise if your machine has a chip facility they have to use the chip when it is fully implemented.
 
The problem why CC are insecure is simply because someone other than the card holder is allowed to carry out a transaction on the account. Create a process whereby the Cardholder is always in charge of the transaction and 99.9% of the problems disappear with all usages of the CC.
 
bekdik said:
The problem why CC are insecure is simply because someone other than the card holder is allowed to carry out a transaction on the account. Create a process whereby the Cardholder is always in charge of the transaction and 99.9% of the problems disappear with all usages of the CC.
Click to expand...

Well, yes. That's the ideal - the question is, how to identify the card holder. Traditionally it's been via signature; now they're swapping over to a PIN. The idea being that a PIN is more secure (i.e. more unique to you) - someone could copy your signature, but no-one will know your PIN unless you tell them.

Of course there are flaws in that approach, but that's the idea behind it.
 
Could the same thing not be achieved with the current cards? I really don't see the point of spending so much if the benefits are so insignificant. If all you do is punch in your PIN, then why didn't they do the same with the current cards? It can be done can't it? They do not store the PIN on the card itself, so even if some thug 'copies/transfers' information from the original card, it should be worthless if they don't have the PIN to transact with. MY point is: this is already done with savings cards, so they can upgrade the credit cards program to prompt for PIN before transferring funds. This is a con...
 
Vice said:
Could the same thing not be achieved with the current cards? I really don't see the point of spending so much if the benefits are so insignificant. If all you do is punch in your PIN, then why didn't they do the same with the current cards? It can be done can't it? They do not store the PIN on the card itself, so even if some thug 'copies/transfers' information from the original card, it should be worthless if they don't have the PIN to transact with. MY point is: this is already done with savings cards, so they can upgrade the credit cards program to prompt for PIN before transferring funds. This is a con...
Click to expand...
In the case of smart cards, the PIN is encrypted and stored in the smart card, whereas the 3 tracks on a magstripe can be read and replicated onto another magstripe, it is currently virtually impossible for syndicates to replicate smart cards...

Not that I advise doing so, but if one had a smart card credit&|debit card, one could refuse to pay via magstripe by zapping it - no one can replicate a magstripe that isn't there anymore, of course that would create problems - not only at POS terminals with no smart card capabilities, but also ATM applications running on machines where there is a smart card reader, would have to be re-coded to not try reading the magstripe tracks - my guess is that the current default is still to read the magstripe even if a smart card card is inserted.
Skeptik said:
Any technology will/can be hacked, cracked and copied given enough time.
Click to expand...
Note my use of the words 'currently' and 'virtually'.
 
Last edited:
ic said:
In the case of smart cards, the PIN is encrypted and stored in the smart card, whereas the 3 tracks on a magstripe can be read and replicated onto another magstripe, it is currently virtually impossible for syndicates to replicate smart cards...

Not that I advise doing so, but if one had a smart card credit&|debit card, one could refuse to pay via magstripe by zapping it - no one can replicate a magstripe that isn't there anymore, of course that would create problems - not only at POS terminals with no smart card capabilities, but also ATM applications running on machines where there is a smart card reader, would have to be re-coded to not try reading the magstripe tracks - my guess is that the current default is still to read the magstripe even if a smart card card is inserted.
Click to expand...
Any technology will/can be hacked, cracked and copied given enough time.
 
Skeptik said:
Any technology will/can be hacked, cracked and copied given enough time.
Click to expand...

*ahem* See: http://news.zdnet.co.uk/security/0,1000000189,39285787,00.htm

It was cracked almost two years ago already. I asked SB about the technology in 2004 when I return from the UK and they said that it would be available "in 6 months". 3.5 yrs later, the technology's been cracked and they still haven't. And yet we happily pay the ridiculous bank charges.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X