Turn on thread page Beta

Chip and PIN watch

Announcements
    Offline

    1
    ReputationRep:
    Trains use blure tooth to do card transactions if i remmeber rightly.
    Offline

    10
    ReputationRep:
    I'll ask the guard next time I'm on the train.
    Offline

    1
    ReputationRep:
    OMG no, it would be so insecure if it checked your PIN code all the time over a public network!

    When the card goes into the reader, the chip on the card is activated and acts like a little computer - the PIN pad tells the card the PIN that's been entered, and the card tells the unit if that PIN is correct or not. Then the transaction is authorised with the merchant's bank (where there is a live link for online auths) and you get a receipt (with an auth code on it).

    You don't _need_ to authorise all transactions - some shops just accept cards on face value and then authorise them at the end of the day, but this is rare - the till/card payment terminal in the shop is usually linked to a card merchant bank by either normal phone line (using modem) or secure internet link (by leased line network, etc.).

    Remember the old credit card imprint machines from before electronic card terminals came out? You had to ring up to get authorisation codes for transactions on those - it would be a hassle to do each one manually, so there's usually a limit that the shop sets, above which you need to phone up for a code - say £20 or something.

    Some shops don't authorise online for certain cards (e.g. WHSmith with American Express). If you spend a low amount, the till just accepts it - if it's more than a certain amount then the person behind the counter gets pissed off because they have to phone up for authorisation :lol:
    Offline

    16
    ReputationRep:
    (Original post by Kingspharm)
    OMG no, it would be so insecure if it checked your PIN code all the time over a public network!

    When the card goes into the reader, the chip on the card is activated and acts like a little computer - the PIN pad tells the card the PIN that's been entered, and the card tells the unit if that PIN is correct or not. Then the transaction is authorised with the merchant's bank (where there is a live link for online auths) and you get a receipt (with an auth code on it).

    You don't _need_ to authorise all transactions - some shops just accept cards on face value and then authorise them at the end of the day, but this is rare - the till/card payment terminal in the shop is usually linked to a card merchant bank by either normal phone line (using modem) or secure internet link (by leased line network, etc.).

    Remember the old credit card imprint machines from before electronic card terminals came out? You had to ring up to get authorisation codes for transactions on those - it would be a hassle to do each one manually, so there's usually a limit that the shop sets, above which you need to phone up for a code - say £20 or something.

    Some shops don't authorise online for certain cards (e.g. WHSmith with American Express). If you spend a low amount, the till just accepts it - if it's more than a certain amount then the person behind the counter gets pissed off because they have to phone up for authorisation :lol:
    Do you really think a direct link to a bank's back office server would be a PUBLIC network? :eek: Have you ever heard of encryption?
    Offline

    10
    ReputationRep:
    Yeah thats a good point. If it's "safe" to use your credit/debit card on the internet, I don't see why it wouldn't be for shops to communicate with banks.


    When it was just a magnetic strip, they could easily "break" - ie the strip wouldn't work in the swipe machines, so the shop keep had to enter the numbers manually. Can this happen with the chip component on new cards?
    Offline

    1
    ReputationRep:
    I did stuff about this for one of my AVCE pre release. Chip vs magnetic strip. I have to say the chip cards were soo much better, they were tamper proof. They also have a longer shelf life, if any kind of dirt or damage got deep into the layers of the magnetic strip they were useless, the string of numbers and letters would no longer be of any use. The chip is protected by the gold square and it is impossible ashort of cutting the chip in half for any damage to be done.
    Offline

    10
    ReputationRep:
    Interesting.

    I definitely remember countless occasions of my magnetic strip not working and an annoyed checkout person having to manually key in the number. For some reason when the stripdidn't work in JJB sports, they used the old style manual credit card machine as well as typing in the number. Hmmm.
    Offline

    10
    ReputationRep:
    (Original post by frost105)
    Trains use blure tooth to do card transactions if i remmeber rightly.
    I don't think all trains use blue tooth. You've been able to use a credit card on (the) trains (I get) for years and years, definitely before bluetooth was invented. Also they can use the machines ANYWHERE (Eg on the station platform, in car parks) - not just near a possible blue tooth receiver.

    I'm quite interested about it now, will definitely ask a guard next time I'm on the train.
    Offline

    16
    ReputationRep:
    A woman came into my shop once and gave me her card. It was a signy card BUT it had a black and white photo of her on the back! It wasn't very good but it was clearly her and I was like 'Wow, why don't all cards have this?'. She said, 'Yes, it's very good isn't it?'. I think it was a HSBC card but wasn't very new so maybe it was something they piloted and gave up.

    If we had Chip and PIN combined with photos on cards, surely that would be hyper-secure?
    • PS Reviewer
    Offline

    20
    ReputationRep:
    PS Reviewer
    (Original post by smeets)
    I don't think all trains use blue tooth. You've been able to use a credit card on (the) trains (I get) for years and years, definitely before bluetooth was invented. Also they can use the machines ANYWHERE (Eg on the station platform, in car parks) - not just near a possible blue tooth receiver.

    I'm quite interested about it now, will definitely ask a guard next time I'm on the train.
    I'd say they probably do just store them up for later. Banks will authorise transactions over your overdraft limit and just charge you loads for the privilege (unless you're under 18, or miles over the limit). They probably find for the amount of unauthorised transactions that they get it's OK.
    Offline

    10
    ReputationRep:
    (Original post by Kavanne)
    A woman came into my shop once and gave me her card. It was a signy card BUT it had a black and white photo of her on the back! It wasn't very good but it was clearly her and I was like 'Wow, why don't all cards have this?'. She said, 'Yes, it's very good isn't it?'. I think it was a HSBC card but wasn't very new so maybe it was something they piloted and gave up.

    If we had Chip and PIN combined with photos on cards, surely that would be hyper-secure?
    I always liked the idea of photocards, especially before chip & pin, as if you mucked up your signature they could check. I don't think the banks really had much time for them though. I heard in a radio-debate-type-thing that they were substatially more expensive, and pretty ineffective as lots of people change their appearance etc. Yet they still work on passports, driving licenses etc
    Offline

    1
    ReputationRep:
    (Original post by smeets)
    I always liked the idea of photocards, especially before chip & pin, as if you mucked up your signature they could check. I don't think the banks really had much time for them though. I heard in a radio-debate-type-thing that they were substatially more expensive, and pretty ineffective as lots of people change their appearance etc. Yet they still work on passports, driving licenses etc

    yeh my nus card photo is out of date, and i have no way of changing it. Last year i had brown hair, and as the year has gone on it has ended up blonder and blonder. So much so i had a very nice looking male from the apple shop commenting how my hair was different. He took about 5 mins looking at me and the card, i dont think he was sure it was my card, unless he was checking me out
    Offline

    1
    ReputationRep:
    (Original post by Kavanne)
    A woman came into my shop once and gave me her card. It was a signy card BUT it had a black and white photo of her on the back! It wasn't very good but it was clearly her and I was like 'Wow, why don't all cards have this?'. She said, 'Yes, it's very good isn't it?'. I think it was a HSBC card but wasn't very new so maybe it was something they piloted and gave up.
    RBS used to do the cards with the photo on the back.
    Offline

    1
    ReputationRep:
    (Original post by Mad Vlad)
    Do you really think a direct link to a bank's back office server would be a PUBLIC network? :eek: Have you ever heard of encryption?
    That's not the point - the chip and pin concept was designed so that the PIN would only ever be communicated between the PIN entry keypad and the card chip.

    It's not necessarily in the remote data transmission that interception could take place - but prior to encryption on the till unit or something like that - a 'pinlogger' type program could be used to capture PIN numbers entered prior to transmission.
 
 
 
Poll
Brexit: Given the chance now, would you vote leave or remain?
Useful resources

The Student Room, Get Revising and Marked by Teachers are trading names of The Student Room Group Ltd.

Register Number: 04666380 (England and Wales), VAT No. 806 8067 22 Registered Office: International House, Queens Road, Brighton, BN1 3XE

Write a reply...
Reply
Hide
Reputation gems: You get these gems as you gain rep from other members for making good contributions and giving helpful advice.