funsec mailing list archives
RE: UK: Chip and PIN Fraud Hits Lloyds TSB
From: Blanchard_Michael () emc com
Date: Thu, 11 May 2006 14:09:53 -0400
so a "chip and PIN" card/token/whatever has BOTH the account number and the PIN to access it built in? That doesn't sound safe to me at all. I'll bet it's RFID like the shell\Mobil tokens too.... Debit cards are bad enough, but at least they require a PIN number. Michael P. Blanchard Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Fergie Sent: Thursday, May 11, 2006 1:38 PM To: funsec () linuxbox org Subject: [funsec] UK: Chip and PIN Fraud Hits Lloyds TSB This is the second instance of Chip and PIN fraud I've heard this week -- the first was with Royal Dutch Shell, also in the UK. Via El Reg. [snip] Lloyds TSB has admitted that flaws in the new Chip and PIN system recently introduced for debits cards in the UK open up the system to fraud. Conventional fraud may be down because of the system but crooks are still able to use cloned debit or credit cards in foreign ATMS. Instead of authorising debit card transactions by signature Chip and PIN means that customers use a four digit PIN code to give the go-ahead to purchases. Although cloned cards won't have a forged chip the PIN associated with this microchip is the same as that associated with a magnetic stripe. Foreign ATMs only read this magnetic strip and not the PIN. So providing fraudsters obtain the data on the magnetic strip, along with the associated PIN, they are able to make withdrawals overseas using a conventionally cloned card, something that wouldn't work on a UK high street. Delays in identifying foreign ATM cash withdrawals as potentially fraudulent are compounding the problem. [snip] More: http://www.theregister.co.uk/2006/05/11/lloyds_tsb_chip_and_pin_fraud/ - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- UK: Chip and PIN Fraud Hits Lloyds TSB Fergie (May 11)
- RE: UK: Chip and PIN Fraud Hits Lloyds TSB Blanchard_Michael (May 11)
- Re: UK: Chip and PIN Fraud Hits Lloyds TSB David Lodge (May 11)
- RE: UK: Chip and PIN Fraud Hits Lloyds TSB Blanchard_Michael (May 11)