[lug] OT: Credit Cards w/ Chips

Jeffrey S. Haemer jeffrey.haemer at gmail.com
Mon May 18 10:08:03 MDT 2015 

Another reason Europe adopted the system it did was a lack of reliable
land-lines. It was analogous to the situations Bear described.

In almost every country but the US, the phone system was established and
run by PTTs -- the same government bureau in charge of the post office and
the telegraph. Phones long sounded little better than tin cans and
string.Last time I was in Romania, the mean time to install a land-line was
six months. Sergei Kuznetsov, the head of the Russian Unix Users Group at
the time, told me that in Russia, it was still a year. Here, it's "Can you
be at home on Tuesday, between 1 and 5 for our installer?" There, it's "Be
home for our installer next May." :-)

In such situations, a credit-card system that requires easily available,
reliable, low-noise, phone lines is a non-starter.

One reason cell adoption was so much faster in Europe than in the US was
that you could get a phone right away if you could pay for it, and it would
actually work. Alexandru Rotaru, who ran GURU, the Romanian Unix Users
Group, always carried two.

I haven't worked there for a decade or so, and things may have improved.

On Mon, May 18, 2015 at 8:52 AM, Bear Giles <bgiles at coyotesong.com> wrote:

> Don't forget the legal aspect. Europe has a secure system since the banks
> are on the hook. The US has an insecure system since the merchants are on
> the hook. (iirc)
>
> We're finally changing because the laws have changed. Imagine that -
> change the liability and you see different behavior.
>
> But as to the broader question - we tend to think in terms of urban
> solutions. What do you do about the little store out in the middle of
> nowhere, the one where they're lucky to have low-quality voice service. The
> system has to work for them as well. We ran into that at the USDA - we had
> a web-based solution which was fine for most users but then we had to deal
> with border agents at the middle of nowhere in deep rural New Mexico and
> Arizona. They were lucky to have 2400 baud modems in the office, nothing in
> the field.
>
> Even urban areas aren't safe. After Sandy the telco said 'screw it, land
> lines are expensive to install and maintain' and put in a VOIP system for
> everyone. Only one problem - the credit card payment systems can't run on
> VOIP. The merchants couldn't process credit cards. Their solution - which
> is a huge violation of their contracts - is to write down the credit card
> information INCLUDING THE SECURITY CODE and processing the info later at a
> different site. You don't write down the security code. Ever. That's a good
> way to lose your merchant account. I don't think you can write down the
> full credit card number either any more - if you store it it has to be
> encrypted and stored to financial industry standards (read $$$). So they
> were risking their business, or at least $100k audits and monitoring,
> because their telco didn't want to replace some copper wires.
>
> On Sun, May 17, 2015 at 10:06 PM, Mike Stanczyk <stanczyk at pcisys.net>
> wrote:
>
>>
>> On Sat, 16 May 2015, William D. Knoche wrote:
>>
>>  I don't know if there are any good papers still out there. Google search
>>> should provide some clues.
>>>
>>
>> Security Engineering V2 by Ross Anderson is available on the web at:
>> http://www.cl.cam.ac.uk/~rja14/book.html
>>
>> It's chock full of stories on things done right and usually wrong.
>> There some chip-and-pin stuff in there but I don't remember which
>> chapter.
>>
>> Mike
>>
>> _______________________________________________
>> Web Page:  http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>



-- 
Jeffrey Haemer <jeffrey.haemer at gmail.com>
720-837-8908 [cell], http://seejeffrun.blogspot.com [blog],
http://www.youtube.com/user/goyishekop [vlog]
*פרייהייט? דאס איז יאַנג דינען וואָרט.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20150518/10e5819c/attachment.html>

More information about the LUG mailing list