Re: Comments.... 7th 16:00
[...drop the magstripe, but it is needed for fallback as certain countries ...don't use chip'n'pin and our cards won't work over there and theirs won't work over here...]
True but surely it makes more sense to offer people the option of a card that does not have a magnetic strip? I can't remember the last time I went to a country that really needed it, and I'd be happy to check if I needed to get a separate 'compatibility' card before going abroad
There is no evidence that a c&p terminal has been sucessfully hacked.
http://software.silicon.com/security/0,39024655,39165665,00.htm
* http://news.bbc.co.uk/2/hi/business/7557956.stm
http://www.silicon.com/financialservices/0,3800010322,39170202,00.htm
http://www.cl.cam.ac.uk/~mkb23/interceptor/
* http://www.theinquirer.net/inquirer/news/1021124/chip-pin-hack-exposed
The ones starred are in my opinion the most interesting
...Obtaining money remotely from a contactless card would be potentially possible, but you kind of have to be a m[e]rchant, so you're not going to get away with it...
Nope - It just makes the crime a little bit more complex, but that will just put off fraudsters who don't have the ability to create dummy companies, shell accounts and forward money to offshore banks. Plenty of crimes already involve such frauds, this will just potentially add to the list.
...Please stop banging on about c&p being a banking conspiracy to make the customer pay, would you rather have rampant fraud being paid for by you, the customer, or have the bank do something about it. There is no evidence that any attack on c&p has worked outside of a lab setting without the customer having handed over their pin in one way or another...
Firstly - see above (especially the comment attributed to Det Ch Insp John Folan, of the Dedicated Cheque and Plastic Crime Unit [chip and pin terminals that have been hacked into have been found in 30 shops in the UK]).
Secondly - In my experience the rampant fraud IS being paid for by the customer, in most cases I have heard of the victim of fraud (the customer) is basically told - 'our systems are perfect, chip and pin is perfect, therefore you are to blame, pay up'. The systems they are implementing, chip and pin, verified by visa etc are flawed and poorly implemented; they all have one thing in common, however - they put the onus of security and proof of fraud on the victim (the customer), more than one person was involved in the decision to do this so by definition it’s a conspiracy.
Thirdly - Make me ;)
Still fail I'm afraid