Feeds

Down with Chip 'n PIN, mini-black holes and cyber humans

Technophobes R us

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Letters Ah, chip and PIN. Was there ever a topic more beloved by any readership? We ran a comment piece this week that took a look at the pros and (mainly, in the view of the writer) cons of the new system. We had a whole sackful of letters on this one. Here are the best, and most coherent:

"But why cannot online systems ask for the pin number to be confirmed?"

How, exactly? I can see only two alternatives:

1. You type in a PIN onto a webform, just like the card number. Oops, you've just revealed your PIN to any software running on your computer, and any gateway system in the transaction path (which if you're not using SSL, could be absolutely anyone) as the data travels from client to shop to payment processor to bank.

2. You possess a physical card reader, similar to that used by retail shops. That does the authentication, keeping your PIN safe, and transmits some status code indicating that authentication was successful. How expensive is this box, exactly? How many consumers would get one -- especially when the primary benefit of having one is for the retailer, not the consumer? And if they're widespread enough I doubt it would be too long before someone manages to imitate the "successfully authenticated" signal despite not having a physical card.

Electronic transactions rely on a chain of trust. When you broaden the scope too far, that trust erodes.

Gavin


"But why cannot online systems ask for the pin number to be confirmed?"

You can answer that one for yourself if you think about it. It's not secure enough. You can break it with 1,000 brute force guesses, which is not a lot - I can certainly imagine some criminal group scripting or just brute forcing an attempt to buy something on 1,000 different websites with each possible pin till they hit the right one. And once they've broken the PIN this way, they can go and commit card fraud in person too. It's not practical to try a card at 1,000 different retailers and get the code wrong each time, but it's certainly practical online, so allowing chip-and-PIN to be used online would online compromise it both online *and* offline.

Adam


Hi David,

I also have worked with Credit Card fraud for years. I seem to remember the Chip'n'Pin equivalent online was 'Verified by VISA' - I even heard Mastercard were going to do the same. But I've never seen either.

In theory, you would fill your basket as usual and then checkout. You would then fire off to your billing partner who would then send you back a 3rd party URL for the issuing bank. You then presented this screen to the shopper in a popup window - something like a cash point ATM window. The shopper would then verify their PIN directly with the issuer. This was then confirmed back to your billing partner and everyone was happy.

It's a fairly basic security triangle, and fairly simple to implement - but why have we never seen it?

John


Chip and Pin is basically the biggest con in history. It transfers liability for fraud from card issuers to cardholders and traders. If someone looks over your shoulder at the supermarket and sees your PIN, then picks your pocket on the way out, you are liable for the fraud. If your card is used without the PIN, the retailer is liable. The card issuers are never liable.

There is no reason for the card issuers to do anything to prevent fraud now as they are not liable for it, but can still sit back and take the same 1.5% cut of the money, including 1.5% of any fraudulent transactions, plus interest on any fraudulent transactions until you can pay off the £5000 bill run up by the fraudsters.

The only solution is to do what I do... at any time only keep £100 or so available on any one card. With internet banking I can transfer funds from my savings account to my current and credit card account in seconds.

If someone steals one of my cards, they will be very disappointed, and so will my card issuer.

Nathan


Silicon Valley's leading lights have visited Washington with their begging bowls in hand to ask for more cash from the government to fund R&D. The basic message was that the tech revolution has led to a huge rise in living standards, but that government doesn't spend as much on R&D as it did before, and that this is horrid and unfair.

Oh, poor diddums, you said. Break out the violins:

AMEN BROTHA!

I am an American, I'm in the IT industry, and I'm sick and tired of CEOs getting pampered, paid and then put to pasture with huge retirement plans. I'm SO sick of that that if a CEO happened to sit down next to me at a bar and I found out, I'd probably get thrown out for punching them in the nose.

They are getting to the point of the old royalty of the UK...they can do no evil, yet own everything in sight. It's really a sicko system that allows them to get away with it.

So now (instead of supporting the research on their own multi-million dollar paychecks and profit margins), they want ME to pay for it. F*** that, they can pay for their own research. Frankly, people that drive Hummers usually piss me off anyway, because they really do think they own the road...

Cheers!

Jan


DaimlerChrysler's plans to launch a hydrogen car by 2012 caught a few eyes. Not everyone is convinced that this is a truly altruistic effort by the corporations. No, really:

The main benefit of using hydrogen will be to the corporate entities that control the expensive and tricky technologies needed to make it all work. There is an alternative right now, Biodiesel. Biodiesel burns very cleanly and has a closed carbon cycle. Further, you don't need to be a mega corporation to access the technologies needed to create biodiesel and run you car on it today.

Clearly the corporations are gunning for a hydrogen based economic, once the oil runs out. Hence these fluffy stories disguised as addressing green issues.

Simon


"If you need a power station to obtain the hydrogen in the first place, there is no net environmental gain from switching fuels, after all."

Unless the power station fuel life-cycle (including fuel-production) was more efficient than the average car.

Chris

Fair point. Also, as one or two other readers pointed out, it would be a lot nicer to go for a jog next to a road if the cars were only producing water vapour as they trundled along their merry way.


Just briefly, we'd like to clear up the question of exactly how the Martian rover was cleaned:

"One alternative scenario, of course is that the rover stopped, just for a moment at a red traffic light and a Martian with a squeegee gave it a quick clean, in accordance with that particular universal law. It is not known whether NASA plans to equip future missions with loose change to prevent angering the natives with poor tipping."

Are you SURE that's plausible? :-)

Jesse

Yes.


Our plans for world domination (based on exclusive ownership of the black hole-based domestic product market) have come unstuck. Seems we've lost by a nose, or should that be bill, to a duck:

Hi,

I read the article about the black holes, but at least one of your suggestions cannot be patented: I remember as a kid, reading the Donald Duck, that the inventor (whatever his name in English is, I read it in Dutch), had, in his workshop, a lamp to make sunny places dark. It looked like a black lightbulb.

Otherwise I liked the article.

Regards,

Derk Korevaar


Sadly, I think your plans for the neverflush Black Hole Toilet have a serious flaw.

One characteristic of a black hole is that light can be trapped at the event horizon and it may be that the image of material that has fallen into the black hole may be trapped for some time. This could lead to the rather unsavoury vision of multiple turds on view for days, weeks or even months!

In addition, if you subscribe to the multiverse theory, it may be that material dropping into a black hole reappears in another alternate universe. How would you like it if your newly decorated lounge was suddenly splattered with other beings' waste products?

Keith


Sounds like they need to call Dr.Octavious. I understand he did a similar experiment, but it went a wee bit wrong when those tentacles took over his mind.

Aaron


Hmmm. Researchers tell us (and their presumably paymasters) that they can throw bits of gold at other bits of gold and it creates a black hole into which everything conveniently disappears (as proof, of course), with a bit of fireball that is over so quickly, "sorry, did you miss it. Give us money for some more gold and we'll try again..", "Oops, did you miss it that time too?... Another go perhaps?"

Give me some gold and I can assure you I can replicate the black hole effect. I would also have a nicer car and house. Purely as a relativistic consequence. The phrase "Emperors new clothes" comes to mind.

And physicists say no-one takes them seriously.....

Charles


And now, to cyber-humans. Should we be allowed to tinker with ourselves (no, not like that) to improve on nature's gifts? The EU says non. Spoilsports that they are, they've said we should only be allowed to fix broken stuff. No super powers allowed. Boo Hiss.

I see, so it's OK to use technology to bring everyone up to the same level. For instance glasses are good as they correct defective vision in a large number of cases and bring everyone closer to the same level of visual ability - super.

But does that mean that the EGE would consider binoculars evil and call for them to be banned?

Lester writes: If they were surgically attached to your face, yes...

Well, if it's a surgical thing then surely Jordan, and the other plastic playthings, should be limited to a 38D - or whatever is average/acceptable/just- like-my-mum.

Lee


You say, "Which pretty well sounds the death knell for Warwick's plan to surgically enhance himself for the greater benefit of humanity. Good show."

but as an ex-student of Mr Warwick I belive this will save his plans, "Access to ICT implants for enhancement should only be for the purpose of bringing children or adults into the "normal" range for the population"

I'm not sure if a chip can stop a man talking about football through an hour long cybernetics lecture, but it's gotta be worth a try.

Name withheld


"Access to ICT implants for enhancement should only be for the purpose of bringing children or adults into the "normal" range for the population (normal meaning the conditions that generally prevail and that are not caused by genetic malfunction, disease or deficiency and lacking observable abnormalities), if they so wish and have given their informed consent.

"Which pretty well sounds the death knell for Warwick's plan to surgically enhance himself for the greater benefit of humanity."

On the contrary, i believe that this gives us the green light to 'surgically enhance' Cpt Cyborg out of cloud-cuckoo-land! If only [a] we had an implant for common-sense & [b] could convince him of the social benefit of such an implant.

Paradoxically,

Dean Rz


Happy Fridaying. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Apple's Mr Havisham: Tim Cook says dead Steve Jobs' office has remained untouched
'I literally think about him every day' says biz baron's old friend
Flaming drone batteries ground commercial flight before takeoff
Passenger had Something To Declare, instead fiddled while plane burned
Cops apologise for leaving EXPLOSIVES in suitcase at airport
'Canine training exercise' SNAFU sees woman take home booming baggage
Every billionaire needs a PANZER TANK, right? STOP THERE, Paul Allen
Angry Microsoftie hauls auctioneers to court over stalled Pzkw. IV 'deal'
Jony Ive: Apple iWatch will SCREW UP Switzerland's economy
Apple's chief designer forgot one crucial point about overpriced bling
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.