Chip and PIN
Nicholas Bohm
ukcrypto at chiark.greenend.org.uk
Fri, 25 Jan 2008 18:55:27 +0000
The banks have fielded a system that relies on shared secrets. The fact
that the secret has been used in an ATM is evidence either that the
customer used it, or that an insider has purloined the secret from the
bank, or that a third party has intercepted it (shoulder-surfing, skimmers).
In an era in which assymetric cryptography makes reliance on shared
secrets unnecessary, those who field systems that rely on shared secrets
should not be allowed to claim that use of the secret is proof of use by
the customer. That would give them a decent incentive to deploy more
secure systems. In the meantime some crooks would get away with fraud.
But that seems to me better than leaving the banks and the Ombudsman
service to exercise a discretion about who they will believe and who
they will not without any disclosure of any convincing evidence.
Nicholas
--
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK
Phone 01279 870285 (+44 1279 870285)
Mobile 07715 419728 (+44 7715 419728)
PGP public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF