We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Internet Banking Security - Card Reader Warning.
James
Posts: 2,059 Forumite
Please don't shoot the messenger:
Card readers for online banking are inherently insecure, according to a new study by Cambridge security researchers.
When Chip & PIN was introduced for point-of-sale, the effective liability for fraud was shifted to customers.
Now that Chip & PIN is used for online banking, we may see a similar reduction of consumer protection.
Article click here.
Card readers for online banking are inherently insecure, according to a new study by Cambridge security researchers.
When Chip & PIN was introduced for point-of-sale, the effective liability for fraud was shifted to customers.
Now that Chip & PIN is used for online banking, we may see a similar reduction of consumer protection.
Article click here.
0
Comments
-
Old news..........I'm not cynical I'm realistic
(If a link I give opens pop ups I won't know I don't use windows)0 -
The tea-leaf would need to be able to access my on line account, have nicked my debit card or "card reader card", know the PIN for that, have a card reader machine for the bank in queston ......
Can't see it myself.Ethical moneysaver0 -
realaledrinker wrote: »The tea-leaf would need to be able to access my on line account, have nicked my debit card or "card reader card", know the PIN for that, have a card reader machine for the bank in queston ......
Can't see it myself.
The reports are that some of the readers are the same across multiple banks.0 -
realaledrinker wrote: »The tea-leaf would need to be able to access my on line account, have nicked my debit card or "card reader card", know the PIN for that, have a card reader machine for the bank in queston ......
Can't see it myself.
Actually the most realistic attack scenario is a real-time man-in-the-middle, whereby someone impersonates your bank, and tricks you into authorising fraudulent transactions.0 -
getmore4less wrote: »The reports are that some of the readers are the same across multiple banks.
Yes, they are - but it doesn't make a difference because you would still need the card, the PIN and the online banking membership number.What would William Shatner do?0 -
Actually the most realistic attack scenario is a real-time man-in-the-middle, whereby someone impersonates your bank, and tricks you into authorising fraudulent transactions.
They'd need to be able to access your internet banking first and then get the transaction set up. That's getting two sets of details.What would William Shatner do?0 -
BarclaysManager wrote: »They'd need to be able to access your internet banking first and then get the transaction set up. That's getting two sets of details.
I don't really understand what you mean. As long as they can fool you in to going to their web site instead of Barclays, all bets are off. Because of the freshness problem in most implementations (does Barclays have a !!!!!!?), it doesn't even need to be a real-time MITM.0 -
I don't really understand what you mean. As long as they can fool you in to going to their web site instead of Barclays, all bets are off. Because of the freshness problem in most implementations (does Barclays have a !!!!!!?), it doesn't even need to be a real-time MITM.
I mean that they'd need to gather two sets of details without alerting someone that something was up first. They'd need the membership/card reader details to get in to online banking, and then a further set to authorize the payment. It's difficult to phish initially, let alone trying to get someone to use the sign function on their card reader and enter an account number and an amount without getting a little bit suspicious...What would William Shatner do?0 -
The entire chip and PIN systems isn't majorly secure - I always can see what people in front of me at shops are typing in, even if they try to cover it.
At least in the days of signatures there was a chance the cashier would look at the card and stop a male using a "Mrs.." card, but not anymore!
I would have thought a simple security measure would be to add a photo of the account holder to the card, and then have a PIN for card not present transactions0 -
I would have thought a simple security measure would be to add a photo of the account holder to the card, and then have a PIN for card not present transactions
The photo idea is lovely but unworkable - for a start, some places now have policies that cashiers cannot handle customers' cards, and even if they don't then they typically won't touch it anyway.
The PIN for card not present transactions is implemented sort-of with MasterCard Securecode and Verified by Visa. Having a PIN in the traditional sense, where it's as good as your signature and hard proof that you authorised a transaction, would fall down as soon as you had to tell the bloke at your local pizza or curry place all your details plus this PIN over the phone.
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards