Maybe slightly 'off topic' but perhaps of interest to electronic engineers ?
Has anyone noticed how quickly the PIN number is 'verified' when using a credit card chip & pin reader ? Within 1/2 second of entering your PIN number the reader gives an OK. The actual transaction does take considerably longer however.
This leads me to believe that the the PIN number is actually held on the card and is not being checked against a central database in the first place. So if its on the card and it can be manually changed then just how secure are these cards ? I suppose the question is can these 'verification' exchanges be monitored and thus 'hacked' ?
I still favour the signature as with a PIN there is a 1 in 10,000 chance of getting it right which is considerably better odds than our National Lottery !
One way is to store an encrypted version of the PIN on the card - Like UNIX passwords, the stored version is never decrypted. Instead, the user input is encrypted, and the result of that encryption is checked against the encrypted copy of the PIN on the card. If they match, the transaction gets approved.
With another, more sophistocated method, the machine doesn't need to know the PIN - It runs your card number and PIN through an algorithm that comes up with one value (perhaps "1010", but it could be anything) when the card number and PIN belong together, and some other value when the PIN doesn't go with the card that's being used, and approves/rejects the transaction based on what value it gets out of the algorithm.
Yet another method that doesn't require the PIN to be stored *ANYWHERE, IN ANY FORM*, is to use the PIN as the encryption key to encrypt the card number - If the (specially constructed/chosen) card number encrypts to a certain value, then the PIN is correct, and the transaction is approved. If it encrypts to some other value, either the card number or the PIN is incorrect, and the transaction is rejected.
Of course, don't forget Occam's Razor - The simplest answer is that you and I, with our dreadfully slow "meat" operating speeds, simply cannot perceive all the stuff that's going on at electronic speeds. For all either of us can say, the card number is read, and used to retrieve the PIN from a remote database in the (comparative) eternity that elapses between the time the card is put in the reader, and you start keying the PIN number on the reader's pad.
Basically, the whole "card plus PIN" authorization scheme is pretty airtight. It HAS to be, or the banks and such that use it wouldn't be using it for very long. Sure... Joe Crook can grab your card, and he can start trying numbers for a PIN. But I guarantee you that somewhere in the system, there's a step that says "Hey, wait - Somebody has punched in the wrong PIN for this card number 37 times in a row - Treat this card as invalid until further notice, and tell a human". Now Joe Crook is punching numbers all he likes, and getting nowhere, even if he DOES stumble onto your actual PIN.
(More likely, the machine has swallowed the card after three incorrect attempts, said "contact your financial institution", and that's the end of that.)
--
Don Bruder - dakidd@sonic.net - If your "From:" address isn't on my whitelist,
or the subject of the message doesn't contain the exact text "PopperAndShadow"
somewhere, any message sent to this address will go in the garbage without my
ever knowing it arrived. Sorry... for more info
In principle it can be very secure as the chip is a processor : Terminal tells card the PIN the user entered, card says yes or no. Card also has lockouts to prevent multiple tries.
Whether they have implemented it competently or not is another matter - credit-card companies have a rather poor record on stuff like this....!
Thank you for your comprehensive reply to my perhaps somewhat 'naive' question. Your explanations make me feel a bit happier about this and I can see that it would therefore be extremely difficult to 'crack'. On UK cards we had (still have) magnetic 'stripes' and lo and behold the PIN number was stored on that and is apparently readable. This 'feature' allows criminals to fit an additional reader to a Cash machine (a skimmer') and if they also observe you typing your PIN number in (with a miniature RF video camera) they can then simply 'clone' you card and then proceed to empty your account. This happened in our local supermarket cash machine just a few months ago. Now, strangely, my new chip and PIN card STILL has a magnetic stripe, so what's that for I wonder ?
Finally, I gather that banks prefer chip and PIN as they shift the loss to someone else but this topic now probably belongs somewhere else - it was really just the 'electronic mechanisms' I wondered about and you have answered that for me - thank you.
It *COULD* be, but with the processors that get used, it would likely be set up in such a manner that reading it out of the chip is impossible without *VERY* specialized equipment - equipment that's expensive as hell, and probably not available without 427 forms of "Are you sure you're really who you're claiming to be, and are authorized to have this gizmo?" verification on the "get one" process.
I wouldn't doubt that any such device (never m I can't see a card/PIN system designed by anyone but a *COMPLETE* idiot where the PIN would be stored "in the clear" on the card, whether on the mag-stripe of a conventional "dumb" card, or in the chip of a "smart" card. And assuming such a systemn WERE designed, I can't see it slipping past the multiple layers of testing and refinement that go on before somebody finally says "OK, this system is safe enough to protect millions of from bad guys that want to steal it."
I noticed you mentioned that it was on earlier cards, but... Well, I just can't see it - That's a system flaw so basic that it's on the same order as having the world's greatest deadbolt lock installed on your front door - then somehow making it so that the key is permanently inserted in the cylinder!
--
Don Bruder - dakidd@sonic.net - If your "From:" address isn't on my whitelist,
or the subject of the message doesn't contain the exact text "PopperAndShadow"
somewhere, any message sent to this address will go in the garbage without my
ever knowing it arrived. Sorry... for more info
In the UK the pin has never been encoded on the mag stripe in any form. The pin has always been checked centrally and the appropriate go/no go signal sent back to the atm.
In the early days the account number was recorded "in the clear" on the mag stripe. With account numbers being printed on receipts that were routinely discarded by some users, and by knowing the method of account number coding on the mag stripe you could clone a card. Having a real card from the same issuer or bank branch made this exercise extremely trivial. Combine this cloned card with some shoulder surfing to get the pin and you open the gateway to riches and/or a long time inside.
They closed up the printed receipt loophole by masking some of the numbers on the printout meaning that direct reading of the card mag stripe data would be the only way to obtain this information. Hence the scammers moved to using stripe readers placed over the card slot combined with shoulder surfing. In time people became more aware of the shoulder surfers and so the scammers moved onto sandwich keypads placed direct over the atm that recorded keystrokes. Later on camera techniques with short distance transmission took over from the sandwich keypads.
With chip and pin cards the only known feasible way to use the above techniques now requires the use of the original card. There are devices that can be placed inside the card slot that allow the card to pass through to the atm but trap the card on ejection for the ordinary user. The legitimate user leaves the scene and the card is then removed with the right technique and/or tools by the scammer.
The mag stripe is still used on the card for backwards compatibility with non chip readers.
That is a very comprehensive description of the way these cards work - thank you.
That explains why previously it took so much longer to authorise the cards as the PIN was being checked against a central database. Now, back to my original question - Is the PIN on the card for Chip and Pin cards ? From what you say I would guess yes ? Other posters have assured me (I think) that if it is then it is pretty safe.- - so I won't worry about it.
BTW has anyone seen the following idea for a Panic PIN on Half Bakery - I see that it is the Top Ten !
yes, extracting the chip from a credit card without damaging it and using lasers and a microscope to read the charge pattern in its memory would be a difficult, time-consuming, and expensive process... add to that the fact that you need to steal a credit card with more credit available than the costs incurred and extract and use the data before the card is reported lost.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.