What are the security risks in Barclaycard OnePulse?
Roland Perry
lists at internetpolicyagency.com
Mon Jun 8 19:46:24 BST 2009
In article <MsdWfoDYtTLKFwZV at tigers.demon.co.uk>, Mary Hawking
<maryhawking at tigers.demon.co.uk> writes
>I have been sent a combined credit and Oyster card.
>Is there a security risk in having them combined?
>I.e. how much can be read by a contact-less reader about the credit
>part of the card?
>I don't really have a use for the Oyster part - yet.
I think the credit card and Oyster are disjoint.
But it also has "whatever they are branding the 'paywave' facility on
this card" - which is the ability (if you can find a retailer, which I
never have) to make an up-to-£10 contactless CC charge.
That must send at least the CC number [or a pseudonym], and if it's one
of the transactions which then requires a PIN [apparently a random small
number of transactions do] then I don't know if you have top insert the
card to do that, or whether it's also contactless (which would imply
they also send some sort of hopefully cryptographically obscured version
of the PIN).
--
Roland Perry
More information about the ukcrypto
mailing list