Chancer Posted January 21, 2011 Share Posted January 21, 2011 I have just transferred some money from my Flex account using the cardreader as usual which until now I have always thought was a good security measure.What has just occured to me perhaps is obvious and common knowledge but I had never considered that chip and pin cards must carry the PIN number within the card. I can see no other way that my little plastic reader can know whether I have inputted the correct code or otherwise, thinking about it PIN terminals in shops must operate in the same way, the code verification or otherwise is immediate its the authorisation that needs the connection and takes the time.So if I am right and my card does indeed somehow carry the PIN number or is programmed to respond to it in some way and that a throw away NW cardreader can verify it how difficult would it be for the fraudsters to extract the PIN numbers from a card?With the new log in procedures using a cardreader I now wonder if it would be possible for someone to empty your account?Hopefully someone will be able to explain what the security of chip n pin is. Link to comment Share on other sites More sharing options...
Jako Posted January 21, 2011 Share Posted January 21, 2011 The card does not carry the pin number.The cardreader is universal and actually does not know whether the pin is correct. It uses an algorithm to run a check and the outcome is in reality: "the pin is not wrong" instead of "correct". Three wrong pins should invalidate the card making it impossible for fraudsters to find the code using trial-and-error. More pin numbers fit the algorithm and are "not wrong" , only one is "correct"Pin terminals first use the algorithm trick followed by a true verification as the transaction is done.Try using a ATM machine when the system is down: you'll get your money even when you are too far in the red. The ATM will fall back to just the algorithm without checking your bank nor your bank account. But the interest you pay...There might/will be other securities built in that I am not aware of. Banks are not generously giving that kind of information. [:)] Link to comment Share on other sites More sharing options...
Chancer Posted January 21, 2011 Author Share Posted January 21, 2011 Thanks for the reply, I thnk I understand it but now I dont know whether I should feel more or less secure that someone could empty my account with a "neither wrong nor right" PIN number.A bit hypothetical as I never carry much money in the account unless I am in the process of what is now the annual merry go round of changing savings account to get better than 1/4% interest in which case it has to pass via the NW nominated account. Link to comment Share on other sites More sharing options...
allanb Posted January 21, 2011 Share Posted January 21, 2011 [quote user="Jako"]The card does not carry the pin number.The cardreader is universal and actually does not know whether the pin is correct. It uses an algorithm to run a check and the outcome is in reality: "the pin is not wrong" instead of "correct"... PIN terminals first use the algorithm trick followed by a true verification as the transaction is done. [/quote]So if I understand you correctly, when the terminal says "code bon" it only means "this is a valid PIN" - it doesn't know whether it's mine, since it's not matching it with anything on the card. Is that right?If so, where does the system find my PIN to do the "true verification"? Link to comment Share on other sites More sharing options...
DorothyJ Posted January 21, 2011 Share Posted January 21, 2011 I could not find my barclays card reader but I had one from Nationwide. I put in my details for Barclays and I was so pleased to find it worked for both! Link to comment Share on other sites More sharing options...
pitway Posted January 21, 2011 Share Posted January 21, 2011 Not quite sure I understood any of that!! think I understand the algorithm bit in as much as it gives you the encryption so for it to work the algorithm must be the same to come up with the correct result?? no doubt it is a very closely guarded secret and uses other clever techniques to stop illicit transactions. not sure that makes me feel safer or not[:)] Not quite the same subject but my UK card has for sometime required a second follow up confirmation when used on line. Just got a letter from my french bank to say that starting soon I will be required to confirm any online transaction via a SMS message, if I don't give them a mobile number then I won't be able to use the card online?? Does everyone have a mobile phone ??, in my case I do, but reception at home is a bit dodgy so could become a problem trying to use it on line as I do to pay many of my bills.Sound like it is going to be a lot of hassle to me, but I suppose it is there for my securityTim Link to comment Share on other sites More sharing options...
Baz Posted January 21, 2011 Share Posted January 21, 2011 [quote user="DorothyJ"]I could not find my barclays card reader but I had one from Nationwide. I put in my details for Barclays and I was so pleased to find it worked for both![/quote]All UK card readers are universal and therefore can be used for any Bank.Baz Link to comment Share on other sites More sharing options...
DorothyJ Posted January 21, 2011 Share Posted January 21, 2011 Now I know! Thankyou. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now