Chip and PIN
ukcrypto@chiark.greenend.org.uk
ukcrypto at chiark.greenend.org.uk
Thu, 24 Jan 2008 10:20:21 +0100
>i'd like to see legislation that requires the replacement of these
>units on a regular basis, and a guidance that the buttons should be
>responsive, easy to press and large enough that you don't have to
>fiddle with it - that way the user experience of entering your numbers
>can really be over so quickly that registering the number becomes much
>harder.
In the Netherlands there are two major sources of skimming: the one with
ATM machines (which do use a camera to record your pin and a reader to
record your magstripe) and, now that the ATMs get better protection,
a second method where the whole PIN unit is removed, modified and
put back. The modified device records both magstrip and the PIN as entered.
A second surreptitious entry is used to retrieve the data.
For the ATMs it still makes a lot of sense to cover them with your hand
and there isn't a socially awkward situation. But with the latest attack
this does not help.
The devices are now locked away in safes overnight, sealed and inspected
in the morning (or so the merchants claim)
Casper