[lug] OT: Credit Cards w/ Chips

Fri May 15 13:52:12 MDT 2015

The readers will appear soon. The regs change in October(?) putting the
burden on the merchant, not the bank, for fraudulent transactions unless a
C&P card is used. Everyone is just waiting until the last second. As usual.

On Fri, May 15, 2015 at 1:37 PM, David L. Willson <DLWillson at thegeek.nu>
wrote:

> +1 to the rant. Go bitcoin method.
>
> --
> David L. Willson
> Teacher, Engineer, Evangelist
> RHCE+Satellite CCAH Network+ A+ Linux+ LPIC-1 UbuntuCP NovellCLA
> Mobile 720-333-LANS(5267)
> http://sofree.us
>
> This is a good time for a r3VOLution.
>
> ------------------------------
>
> I used to have an account with an Italian bank. Some time ago they stopped
> issuing swipable cards, they went chip-only (they were issuing cards with
> both chips and magnetic stripes for years, at that time). About a year ago,
> my card-with-both-chip-and-magnetic-stripe expired and the replacement was
> chip-only. I've never been able to use it in the USA, IIRC not even online.
> Long story short, I had to close that account, since I could not find any
> way to pull money out of it. That's all I know about your question.
>
> <rant>
> The whole credit card approach to payment is totally flawed. Regardless of
> chips, it's like going to a store and instead of handing the cash at
> checkout, you hand the other party (or a man-in-the-middle) the whole
> wallet and trust them to only pick the amount they claim they'll pick. In
> the USA, people tend to me more honest than somewhere else in the world,
> so, it's seldom a problem (and when is a problem, credit card companies
> cover that -- which is not always the case for cards issued in Italy).
> However I still don't think is the right model. One should be able to make
> business with people they don't trust, with little fear of
> man-in-the-middle.
>
> The right model would be something more similar to the "wiring funds" (or
> bitcoins, if you will): the store tells the customers "where" and they put
> the money there for the store to grab, like what I do in stores when I pay
> cash. Man-in-the-middle can still steal money, but only what is on the
> desk, the bad guy cannot take a whole account because the customer spent $3
> at target on the wrong day.
> </rant>
>
> On Fri, May 15, 2015 at 12:36 PM, Maxwell Spangler <
> maxlists at maxwellspangler.com> wrote:
>
>>  I received an Amazon/Chase VISA card recently with a chip on it.
>>
>> While I know this is not guarantee of my credit card's security, it's a
>> step in the right direction.
>>
>> However, I have yet to find an place where I can use it.
>>
>> Terminals with chip reader hardware exist at Target, King Soopers and
>> many other places where I shop, but when I stick my card in, I get no
>> response and have to swipe.
>>
>> Does anyone know anything about this?
>>
>> Posting here because this list has security aware people who may be able
>> to share some backstory about the enabling of chip cards in 2015.
>>
>> Thanks,
>>
>>
>>    --
>> Maxwell Spangler
>> ========================================================================
>> Boulder, Colorado, USA
>> http://www.maxwellspangler.com/ <http://www.maxwellspangler.com/pen>
>>
>> _______________________________________________
>> Web Page:  http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20150515/f2c19c34/attachment.html>