Not strictly crypto, but a key issue
Nicholas Bohm
nbohm at ernest.net
Fri, 30 Mar 2001 12:42:36 +0100
At 11:16 30/03/2001 +0100, d.biggins@virgin.net wrote:
>-----Original Message-----
>From: Martin Hepworth [mailto:martinh@solid-state-logic.com]
>Sent: Friday, March 30, 2001 10:56
>
>> Hi
>
>> this is now a VISA standard security measure.
>
>Not at HSBC.
>
>There you choose a **10 digit** PIN. And from anecdotal evidence, I
>believe they check to make sure your date of birth isn't 6/8 digits of
>it.
>
>When you use internet, you have to supply the whole thing.
>
>At all other times, they randomly select two digit positions from the
>PIN and you have to supply the corresponding values.
Thus ensuring, for most people, that the user has to write the PIN down in
order to be able to find the digits corresponding to particular positions.
If the bank's contract terms helpfully make writing the PIN down equivalent
to failing to take due care, so that it's the user's fault when a crook is
able to use the card, you're in an awkward corner.
>I'd prefer three,
>but what the hey.
>
>It's still safer than digits that are actually *printed* where everyone
>you use your card with can see them.
At least then the bank can't blame you for having written them there.
Regards
Nicholas
Salkyns, Great Canfield,
Takeley, Bishop’s Stortford CM22 6SX, UK
Phone 01279 871272 (+44 1279 871272)
Fax 01279 870215 (+44 1279 870215)
Mobile 07715 419728 (+44 7715 419728)
PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint:
9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF