AndyKent
Member
Registered: 3rd Sep 05
User status: Offline
|
Got to side with Paul and Chris here.
I can see that its a bit more secure, though not at all convinced its '100x' safer but I don't think it stacks up somehow.
Lots of fraud goes on mostly because people are careless - they hand their card over to assistants in petrol stations for them to put it in the PIN machine for them. Its not difficult to put a card in a slot but they do so anyway - I've even seen an assistant apparently readjust their shirt whilst holding someones card and putting their hand below the counter.
The person whos card it was didn't even bat an eyelid whereas I would have gone mental.
Basically, I can't see the benefits this system would bring being outweighed by the massive cost of implementing it, only for people to still be careless anyway.
|
AndyKent
Member
Registered: 3rd Sep 05
User status: Offline
|
In fact if half the fraud is commited via the internet (which I imagine it is) wouldn't it be far cheaper and easier for banks to force online retailers to ask for the customers current PIN number during verification?
At the moment they just ask for the last 3 digits on the back of the card.
[Edited on 24-02-2009 by aPk]
|
Cosmo
Member
Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
|
quote: Originally posted by aPk
Got to side with Paul and Chris here.
I can see that its a bit more secure, though not at all convinced its '100x' safer but I don't think it stacks up somehow.
Lots of fraud goes on mostly because people are careless - they hand their card over to assistants in petrol stations for them to put it in the PIN machine for them. Its not difficult to put a card in a slot but they do so anyway - I've even seen an assistant apparently readjust their shirt whilst holding someones card and putting their hand below the counter.
The person whos card it was didn't even bat an eyelid whereas I would have gone mental.
Basically, I can't see the benefits this system would bring being outweighed by the massive cost of implementing it, only for people to still be careless anyway.
The point is people are ALWAYS going to be careless.
With the current PIN system if they are careless a person could clone a card and go home and spend using it. Or they could watch you then enter your pin and go and spend anywhere with it.
With this new system (or something like it) a card could be cloned and it be of no use to anyone. They couldnt go and spend anywhere as they'd need to enter the new type of pin. They could watch you enter the pin and they couldnt go and spend in shops as they couldnt enter the same 4 numbers they saw you enter.
|
Cosmo
Member
Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
|
quote: Originally posted by aPk
In fact if half the fraud is commited via the internet (which I imagine it is) wouldn't it be far cheaper and easier for banks to force online retailers to ask for the customers current PIN number during verification?
At the moment they just ask for the last 3 digits on the back of the card.
Partly yes, in fact a lot of places now ask for various parts of your password.
This would take that further as this PIN has been proven to be more secure than a password for 4 digit PIN.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
Chip implanted in your finger and a PIN would work imo.
If somebody wants to go to the lengths of cutting your finger off then they deserve it.
|
Cosmo
Member
Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
|
quote: Originally posted by John
Chip implanted in your finger and a PIN would work imo.
If somebody wants to go to the lengths of cutting your finger off then they deserve it.
That is the ultimate way, and more than likely where it will end up in years to come.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
In years to come i'm sure it'll be easy to make the chip die when the blood supply is lost.
Somebody will probably always crack whatever method you use though.
|
Paul_J
Member
Registered: 6th Jun 02
Location: London
User status: Offline
|
quote: Originally posted by Cosmo
quote: Originally posted by Paul_J
Costs are a assumption, but having to change the whole infrastructure of every bank ATM, every person's Pin and every chip and pin machine is going to be costly.
ATM's are easy, as its purely a software change. The software on ATMs is updated constantly with new security patches, etc. and Im guessing is remotely done - ie. not a big job at all.
You have to be fairly nieve to think that changing the entire system that our current ATM's use world wide would be a simple and cheap process.
How come some ATM's have nice new fancy interfaces and some are still the old green and black text interfaces? They'll always be old hardware out there that won't be able to cope with the new system that needs updating.
If you replace the PIN we all use, with a brand new pin with symbols, EVERY (not some) machine will need to be updated...
A cost you have seem to not thought about is the fact that, if you change every ATM to a new system over night, how will people know what the fuck is going on and how to use it?
Massive advertising will be needed to ensure people know what it is, how they use it etc.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
Although it's good people are trying to combat fraud I still have the same opinion of this as I did when we were discussing it originally, it will be difficult to implement and criminals will find a way around it anyway.
|
Paul_J
Member
Registered: 6th Jun 02
Location: London
User status: Offline
|
quote: Originally posted by John
In years to come i'm sure it'll be easy to make the chip die when the blood supply is lost.
Somebody will probably always crack whatever method you use though.
To be honest, thumb scanners already check for pulse in high security usage.
I'd invest in a system like this, much more secure...
Well unless people hold you at gun point and walk you to the machine of course or clone you and insert a identical chip into the clones finger
|
Cosmo
Member
Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
|
quote: Originally posted by Paul_J
quote: Originally posted by Cosmo
quote: Originally posted by Paul_J
Costs are a assumption, but having to change the whole infrastructure of every bank ATM, every person's Pin and every chip and pin machine is going to be costly.
ATM's are easy, as its purely a software change. The software on ATMs is updated constantly with new security patches, etc. and Im guessing is remotely done - ie. not a big job at all.
You have to be fairly nieve to think that changing the entire system that our current ATM's use world wide would be a simple and cheap process.
How come some ATM's have nice new fancy interfaces and some are still the old green and black text interfaces? They'll always be old hardware out there that won't be able to cope with the new system that needs updating.
If you replace the PIN we all use, with a brand new pin with symbols, EVERY (not some) machine will need to be updated...
Indeed - you do still get some of these old machines. I dont come across them often round here (round here being out in the sticks where I was brought up and in both Manchester and Liverpool) but Im sure you'll tell me lots of them exist around you.
Maybe they'll update them, maybe they'll run both systems (pin and symbols) alongside each other for a number of years. I have no idea, as said though, banks are actively looking to replace PINs so they would of considered everything they'd have to change and the costs involved.
quote:
A cost you have seem to not thought about is the fact that, if you change every ATM to a new system over night, how will people know what the fuck is going on and how to use it?
Massive advertising will be needed to ensure people know what it is, how they use it etc.
Of course it would, just like when PINs came into play.
It again comes back to my point above, banks are actively looking to replace it, they know the costs involved and still wanting to do so.
[Edited on 24-02-2009 by Cosmo]
|
Brett
Premium Member
Registered: 16th Dec 02
Location: Manchester
User status: Offline
|
quote: Originally posted by Paul_J
or clone you and insert a identical chip into the clones finger
Someone watched the 6th day last night
Surely with regards to ATMs it wouldn't need to be these fancy touch screen keypads that change symbols? Couldn't the current key confirguration just been shown on screen and then the relevant number pressed on the pad? The machine could remain the same cosmetically. Like cosmo says, a software change would be easy.
|
Cosmo
Member
Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
|
quote: Originally posted by loafofbrett
quote: Originally posted by Paul_J
or clone you and insert a identical chip into the clones finger
Someone watched the 6th day last night
Surely with regards to ATMs it wouldn't need to be these fancy touch screen keypads that change symbols? Couldn't the current key confirguration just been shown on screen and then the relevant number pressed on the pad? The machine could remain the same cosmetically. Like cosmo says, a software change would be easy.
Exactly, thats not a big job at all really.
The biggest cost is the pin machines in shops, but even these are being replaced on a regular basis (given my experience in our shops) at the moment anyway.
|
Paul_J
Member
Registered: 6th Jun 02
Location: London
User status: Offline
|
quote: Originally posted by Cosmo
maybe they'll run both systems (pin and symbols) alongside each other for a number of years. I have no idea,
^^
This is what I said earlier... I can see it as the only viable solution of easily using your new form of PIN in a real world application (well for now anyway). However, it means it'll just be another pin people have to remember.
That said, I won't be surprised if it gets implemented in the near future as a new secure pin, where either can be used, or if not available your old low tech one is used instead. So it puts the choice of security in to the persons court, they can use the symbol based one if they want to protect themselves and can be bothered to remember it. But for the lazy / dumb people they can continue being idiots and using standard pin.
|
Cosmo
Member
Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
|
quote: Originally posted by Paul_J
quote: Originally posted by Cosmo
maybe they'll run both systems (pin and symbols) alongside each other for a number of years. I have no idea,
^^
This is what I said earlier... I can see it as the only viable solution of easily using your new form of PIN in a real world application (well for now anyway). However, it means it'll just be another pin people have to remember.
That said, I won't be surprised if it gets implemented in the near future as a new secure pin, where either can be used, or if not available your old low tech one is used instead. So it puts the choice of security in to the persons court, they can use the symbol based one if they want to protect themselves and can be bothered to remember it. But for the lazy / dumb people they can continue being idiots and using standard pin.
I dont think they'll ever leave the choice up to the user, its not in the banks interest.
If they did it they'd only allow the use of the simple pin where the new one cant be used, but Id expect this would only be on old cash machines where it hasnt been replaced yet and in places where the chip and pin machine hasnt been replaced.
It would be in the banks best interests, if they were going to implement this technology at all, to replace what they could straight away.
|
Paul_J
Member
Registered: 6th Jun 02
Location: London
User status: Offline
|
quote: Originally posted by Cosmo
quote: Originally posted by loafofbrett
quote: Originally posted by Paul_J
or clone you and insert a identical chip into the clones finger
Someone watched the 6th day last night
Surely with regards to ATMs it wouldn't need to be these fancy touch screen keypads that change symbols? Couldn't the current key confirguration just been shown on screen and then the relevant number pressed on the pad? The machine could remain the same cosmetically. Like cosmo says, a software change would be easy.
Exactly, thats not a big job at all really.
It was based on the above style system I still think it'll cost a lot to change. No exterior changes to the machine.
However, if you're changing the fundamentals of how the system works and when people go to use it, you have to explain to people that A ) it has been changed and B ) how to use the new system - hence it being costly. Plus the fact there'll always be old tech out there somewhere that needs to be replaced.
- which could be countered by running both old PIN and new secure PIN side by side for years until old tech is phased out.
|
Cosmo
Member
Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
|
quote: Originally posted by Paul_J
However, if you're changing the fundamentals of how the system works and when people go to use it, you have to explain to people that A ) it has been changed and B ) how to use the new system - hence it being costly.
Its not a massive job though really, its still a 4 digit pin that you get from your bank and learn. Then go to a machine, find the symbols and enter them.
Now thats fairly simple really, not rocket science and isnt like you're teaching someone to use the new rocket ship provided to everyone to get around in as tarmac has suddently become deadly.
|
Paul_J
Member
Registered: 6th Jun 02
Location: London
User status: Offline
|
Running old and new systems side by side helps greatly...
It allows people to adjust and realise the better system is superior and start using it. It also allows old uncompatible tech to be phased out and new to be introduced and implemented... It allows bugs or problems to be ironed out, rather than a major flaw found straight away...
Having both run together for a while would be an ideal way of implementing it imo...
Same way we have Ipv6 and Ipv4 running side by side as not everything is compatible with Ipv6
And originally with Chip and Pin, you could sign for stuff if you didn't know your pin.
And with digital freeview tv, they've kept both systems running for years and are only now turning analogue off.
Etc... If you're going to make a MAJOR change to something fundamental in people's lives, it's better to do it gradually with both in parrallel than instantly switch over.
|
Cosmo
Member
Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
|
Agreed - at the end of the day though thats upto the banks or whoever. It would be how Id do it though.
All PinOptic does is provide the solution, allows the banks to use it under license and then they implement it however they see fit.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Haven't read the whole thread, but i remember when research was started into this about 9 years ago and it fell on it's arse then.
Plus, let's be honest, uk government and banks aren't the smartest when it comes to implementing security - just look at our current system, the encryption has already been broken. If they splashed out a few more million on the Chip&Pin system that's used in majority of the EU then it would be pretty secure.
Nice idea, but it's certainly nothing new and just seems to be another hurdle tagged onto the current system. Instead money and development should be put into other areas like retinal, finger print and/or DNA recognition.
|
James
Member
Registered: 1st Jun 02
Location: Surrey
User status: Offline
|
quote: Originally posted by Dom
Haven't read the whole thread, but i remember when research was started into this about 9 years ago and it fell on it's arse then.
You must have been the dullest 14 year old ever
|
Cosmo
Member
Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
|
quote: Originally posted by Dom
Haven't read the whole thread, but i remember when research was started into this about 9 years ago and it fell on it's arse then.
Plus, let's be honest, uk government and banks aren't the smartest when it comes to implementing security - just look at our current system, the encryption has already been broken. If they splashed out a few more million on the Chip&Pin system that's used in majority of the EU then it would be pretty secure.
Nice idea, but it's certainly nothing new and just seems to be another hurdle tagged onto the current system. Instead money and development should be put into other areas like retinal, finger print and/or DNA recognition.
I'd guess it has been looked into at some point, but strange that we own the patent to this if it has been looked into as much as you suggest? Also a bit strange why a very inferior product (simple chip and pin) got implemented when a better alternative was out there.
Again, its also strange that banks would actively seek an alternative to chip and pin when they were so unwilling to pay that bit extra for the better version you mention?!
Finger print/DNA wont happen on the mass market for many many years due to the cost to implement, as well as the problems you face when looking to securely store this information.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
I remember an article (probably in some mag like New Scientist) about the idea of using picture based pins as the brain stores pictures/images better than it does numbers etc. So the idea certainly has been looked into before, I’m sure a quick Google will bring up ideas and theories on this. Plus there's plenty of ways to implement such an idea.
And our version of chip and pin is pretty inferior to what they use on the continent, with their system storing the data differently and having better encryption (not 100% on the details).
And, is it really that hard to believe that the banks/government didn't want to spend the extra?
They penny pinched believing that our system was solid even when people stated that the system was inferior and how we should adopt the same system as used in the EU (I’m sure The Register had an article about this).
Our system was cracked within a few months of it going live and you can buy hacked chip and pin terminals like Dione or Hypercom, just the case of knowing where to look.
Either way, a picture based pin is a good idea (although i was slower entering picture pins than straight numbers, ~2secs slower) and it has its uses, but it's not the ultimate protection, especially not for banking. If it does make it mainstream, it wouldn't be long before the system it cracked (with it being the same principle as the current system).
And i agree, DNA/finger print/retinal recognition is expensive (currently) to implement, but investment, research and development would see the cost drop considerably. Again, storing data does have its potential problems but the military has systems in place for securing their data, so it's certainly not impossible (i doubt it's costly either if money is spent wisely). Plus these systems are the only effective solution to securing vital information, but again it comes down to how much banks/governments are willing to invest.
|
Cosmo
Member
Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
|
Picture based pins/passwords have been about for years and years - but the way this one is implemented with the moving figures onto different keys is certainly a new idea, hence the patent and it not having been used anywhere before. The fact that it moves makes the security from a viewable level much better than that of current systems.
Now the actual encryption on the chip is another matter!
|
Cosmo
Member
Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
|
First major order - 11m units ordered by a major Gas supplier (Id say who but Im not sure which it is yet!)
|