More security please
And no that really doesn't mean NFC.
Four men have been charged with stealing $1.5 million from banks by using electronic devices to secretly record personal identification numbers as customers entered them into automatic teller machines and other gear. Most of the skimming devices used in the 14-month spree involved the use of fraudulent pads that customers use …
And no that really doesn't mean NFC.
Time to start using next-gen cards or (no cards at all) NFC can help here??
Read somewhere that it is possible to embed a chip inside the card which will have the information and it needs a PIN to acess. Also it impossible to copy from the chip as compared to the existing ones..
...all you'll get (at least from the big banks in Britain) is the by-rote repetition of the mantra "There is no problem with our system. Pin & Chip is infallible. You must have disclosed your pin,"...
Again this myth is trotted out - It's actually in law that banks have to *prove* that customers have written down or disclosed their PIN, rather than the customer proving that they haven't.
Also, a chip auth'd transaction isn't evidence that the customer is at fault, beucase they could have been shoulder surfed.
The bank's do not claim that Chip and PIN is infallible, just a lot, lot better than magstripe.
This law doesn't stop the banks coming out with this mantra that it must be your fault and that you must prove you didn't. They work on the fact that most people will just take what they [bank] say as right.
Plus chip and pin was *NEVER* about security and all about moving liability away from the banks to the retailer.
Here will now come the biometric brigade. It will be retina scans, fingerprints and chips implanted in under the skin of the hand...roll on 1984, 666, Revelation / End of the World...
How about we just have permanenty manned / womanned till in most banks with adequate armed robbery protection. OK it will cost, but it will be more secure. While we are at it let's return to the good old check book with a high tech guarantee card with signature, photo and fingerprint that must be properly checked by the shop assistant, otherwise the shop loses out, not anyone else.
As for online purchases, clear funds first via an escrow account - via normal bank transfer or sending them a cheque and waiting for clearance. Yes it will take longer but so what, will it kill us if we don't get our iCrap for another 2 or 3 days due to money clearance?
Let's get ease off a bit on the "I want" and "I want it now" culture.
And, presumably, let's move back to caves and crannogs?!
I suspect the reality was :
they marched in in broad daylight, said "we're from the IT department", and got on with it...
This wouldn't surprise me in the slightest, many (oh gods, many, many, many) years ago I was let into a bank back office to install a new line, about half an hour hunting for the termination point lead me to go outside to trace the cables, and I realised I should have been in the bank next door....
So a cheery "I've just come to update the ATM machines" would probably do the trick
We recently got skimmed to the tune of $1300 from our bank card, and we assumed a similar scam; we figured my wife must have used a compromised ATM machine.
But no, the officer assured us, this guy (he got caught within a week of skimming us) had friends working at restaurants. In the U.S., when you're done eating, you hand your card to your server and they take it off to a centrally-located machine, so your card is out of your possession (and your sight) for several minutes. Apparently this guy had multiple accomplices who scanned the card twice: Once into his reader, and once into the real machine. He then created duplicate cards, and ran off and bought high-resale items (Kindles, smart phones, etc.). The only reason he didn't drain our bank account entirely was that he and my wife used the "same" card at the same time in stores that were over 60 miles apart. The only reason he got caught was because we reported it to the police the same day he was using the card, and they were able to use security footage from one of the stores to I.D. him. (Apparently he's been jailed in the past for the same crime. And yet he still gets caught...)
The point being, as long as it is dirt simple for people in the general public to create duplicate cards, getting skimmed at the ATM is the least of our worries. Why not go the way of Treasury departments and create cards that are truly difficult to make realistic copies of?
You got the police to look at the footage? All lies! Cops won't look at security footage unless you kill a person or two.
Card mag stripes are easy to clone but that is why we have signatures which are supposed to be checked, and why you are asked for your ID when using the credit portion of your card. Internet usage only requires the magic numbers on the backside of the card which are not included in the mag stripe encoding. Then we have the pin for the ATM side of security.
Keypad skimming takes it to a new level where that keypad security is now null and void.