Magstripe

Mondo46

adouglasmhor wrote: »

So how is it reset after being blocked?

You would go to an ATM after you know what the PIN is, go to PIN services and and press UNBLOCK PIN.

Hence why ATMS will read the chip first and the OPs card will be read by chip anyway. Maybe go onto the LINK ATM finder and find one which doesn't have PIN services?

That probably isn't a chip and pin AMT.

adouglasmhor

So if you had a reader/writer and cracking software you could crack the pin?

Mondo46

adouglasmhor wrote: »

So if you had a reader/writer and cracking software you could crack the pin?

In theory yes but no one to date has been able to crack it.

DevCoder

Mondo46 wrote: »

In theory yes but no one to date has been able to crack it.

You're kidding right?

The TPM keys have been able to be cracked for about 2 years now.

One such paper (very interesting if you're a bit techie)
http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf

pqrdef

But if the PIN is also on the magstripe, which it is, it makes no difference how clever the chip is. If I know the encryption method, all I have to do with a stolen card is read the magstripe once and try the 10,000 possibilities.

DevCoder

I dont think the PIN is stored on the magstripe (well it can be but at layer 3 which is not mandatory and is non standard).

The CCV is stored on the magstripe however and that is paramount to any "online" attack as I mentioned above, offlline attacks can use any CCV generated by the cracker as this isn't checked.

If you get the CCV secret key then you can circumvent online and offline transaction checks.

dalesrider

Mondo46 wrote: »

You would go to an ATM after you know what the PIN is, go to PIN services and and press UNBLOCK PIN.

Hence why ATMS will read the chip first and the OPs card will be read by chip anyway. Maybe go onto the LINK ATM finder and find one which doesn't have PIN services?

That probably isn't a chip and pin AMT.

A atm will only unblock a card that has been blocked at a retailer. If you get it blocked at a atm you need to contact your card provider for a new PIN.

UK atms only read the mag stripe to see if the card should have a chip. They will then read the chip. If it can't read the chip it will not allow you to use the card in the atm.
This has been set up to block counterfeit cards at UK atms.

PIN's have been hacked from cards by tech wizz's with masses of equipment. So is never going to be something your average fraudster is going to have to hand.

DevCoder

It's about £300-400 worth of equipment to defeat an offline transaction

It's the same but you would also need the processing power to calculate the secret key and also the digital certificate for online transactions.

It's this computing power that would cost a lot, a lot of PS3's would be ideal.

this is why offline transactions are a more preferred attack method.

Gromitt

I thought NVidia Graphics cards were the latest attack vector, as you could install more in a smaller space and get more computing power. Still, your not going to bother for a card you found or stole from a typical average person. Your going to want to know its at least worth the effort.

Likewise, the average thief isn't going to have a bedroom full of the latest graphics cards for hacking the digital signatures.

chattychappy

I found the stripes robust unless you keep the card next to a mobile phone. I appear to have blanked a few that way. Presumably something about a strong changing electrical field changing a magnetic field.

Someone told me that all the data is encoded twice so there is some redundancy in case of damage. No idea if that's true.