It doesn’t seem that long ago that Chip and Pin was going to cure all evils. I ddn’t want it because I have several cards and can’t remember too many numbers but my security mind won’t let me make them all the same. In the end I still have all the cards but only use two of them when I’m out and about. The others I use on-line. That will change when they start charging.
So from what I understand since Chip and Pin arrived card fraud, via forged signature, has gone down significantly although other fraud has increased more than enough to compensate. Such is life.
Now it appears that Chip and Pin has been compromised and by the sound of it by a method that should be impossible if the security system was implemented correctly.
It seems the tea leaf enters the pin which a hacked stolen card overrides and approves regardless of what is typed on the keypad. Now in a sensible system this flaw should not work. The PIN should be on the banks server and the ATM reads the card number, gets the PIN from the terminal and then checks against the banks mainframe PIN via encryption. No match equals a fail. How anyone should have a card that can override this and approve a transaction is pure folly.
It seems that the human, in this case designer, is still the weakest link. How this got approved is beyond me. I wouldn’t have signed off on this.
But it does show that tea leaves have their uses.
as fat for rendering but nothing else.