Feeds

Unsolicited credit card push irks security researchers

On tin snips and tin-foil hats

Security for virtualized datacentres

A top UK security expert has criticised the practice of issuing unsolicited credit cards.

Professor Ross Anderson of Cambridge University reports how his wife recently received a pre-approved, unsolicited Gold Mastercard from UK store Debenhams with a credit limit of more than £1,000 through the post.

The security implications, as well as the ethics, of these type of inertia sales irk Anderson. Following Debenhams' advice of cutting up the card and throwing it in the bin simply doesn't pass muster, he argues. For one thing, the UK's move to Chip and PIN on plastic cards as an alternative to signature-authorised transactions complicates the problem of disposing of unwanted plastic cards.

"The average customer has no idea how to ‘cut up’ a card now that it’s got a chip in it," he writes .

"Bisecting the plastic using scissors leaves the chip functional, so someone who fishes it out of the trash might use a yescard to clone it, even if they don’t know the PIN. The PIN mailer might be in the same bin.

"Here at the Lab we do have access to the means to destroy chips (HNO3, HF) but you really don’t want that stuff at home. Putting 240V through it will stop it working - but as this melts the bonding wires, an able attacker might depackage and rebond the chip," he adds.

Anderson suggests consumers ought to destroy unwanted cards with either a hack saw or a robust pair of tin snips. "This isn’t foolproof as there exist labs that can retrieve data from chip fragments, but it’s probably good enough to keep out the hackers," Anderson adds. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.