[lug] OT: Credit Cards w/ Chips

[Jeffrey S. Haemer]

Yep. Western Europe, too.

Even England, which was the best off, didn't privatize until the mid 80's.
I no longer remember the details, but there were elaborate schemes before
that in which private companies made money by trunking calls from one place
in England to another through New York, because anything routed through the
US was cheaper.

The employees were government employees, too, so Lily Tomlin made fun of Ma
Bell operators but even our regulated monopoly was a delight by comparison
to a government bureaucracy. My mother said that the first time she got
connected to a wrong number in Germany, she called the operator and
explained what had happened. The operator said, "I did *not* give you a
wrong number," yanked our plug, and wouldn't permit us any phone calls for
the rest of the day. :-)

When we were living in Spain, the common phone conversation initiator was a
loud, "Oiga? Oiga? Digame?" ("Hear me? Hear me? Say something?") I'm sure
things have improved all over Europe, but a lot of that is because the
governments don't own the cell providers.

Most folks here have had decent phone service their whole lives and only
know it wasn't always that way intellectually. My grandparents' phone
number was "1." They had the first phone in Haynesville, LA. Here, when I
moved out near Erie, in the mid-70's, we had to use an operator to make
local calls.

On Mon, May 18, 2015 at 12:13 PM, Bear Giles <bgiles at coyotesong.com> wrote:

> What about western Europe though?
>
> Then there's the poor guy in Washington state. He repeatedly asked but
> Comcast (?) and the telco if he could get broadband at the location where
> he was building a house. He was reportedly told it would not be a problem.
>
> Then he moved in and after months of runarounds both told him that they
> would not offer service to him. It wasn't a case where they were willing to
> provide service if he absorbed the cost of running a wire to his place.
> They flat-out said they would not provide service.
>
> Last I heard he was going to sell the house but who would buy it knowing
> that they couldn't get service?
>
> (There's no defense for lying to him but apparently he needed high
> bandwidth and low latency, something he can't get with satellites or the
> other usual alternatives.)
>
> On Mon, May 18, 2015 at 10:08 AM, Jeffrey S. Haemer <
> jeffrey.haemer at gmail.com> wrote:
>
>> Another reason Europe adopted the system it did was a lack of reliable
>> land-lines. It was analogous to the situations Bear described.
>>
>> In almost every country but the US, the phone system was established and
>> run by PTTs -- the same government bureau in charge of the post office and
>> the telegraph. Phones long sounded little better than tin cans and
>> string.Last time I was in Romania, the mean time to install a land-line was
>> six months. Sergei Kuznetsov, the head of the Russian Unix Users Group at
>> the time, told me that in Russia, it was still a year. Here, it's "Can you
>> be at home on Tuesday, between 1 and 5 for our installer?" There, it's "Be
>> home for our installer next May." :-)
>>
>> In such situations, a credit-card system that requires easily available,
>> reliable, low-noise, phone lines is a non-starter.
>>
>> One reason cell adoption was so much faster in Europe than in the US was
>> that you could get a phone right away if you could pay for it, and it would
>> actually work. Alexandru Rotaru, who ran GURU, the Romanian Unix Users
>> Group, always carried two.
>>
>> I haven't worked there for a decade or so, and things may have improved.
>>
>> On Mon, May 18, 2015 at 8:52 AM, Bear Giles <bgiles at coyotesong.com>
>> wrote:
>>
>>> Don't forget the legal aspect. Europe has a secure system since the
>>> banks are on the hook. The US has an insecure system since the merchants
>>> are on the hook. (iirc)
>>>
>>> We're finally changing because the laws have changed. Imagine that -
>>> change the liability and you see different behavior.
>>>
>>> But as to the broader question - we tend to think in terms of urban
>>> solutions. What do you do about the little store out in the middle of
>>> nowhere, the one where they're lucky to have low-quality voice service. The
>>> system has to work for them as well. We ran into that at the USDA - we had
>>> a web-based solution which was fine for most users but then we had to deal
>>> with border agents at the middle of nowhere in deep rural New Mexico and
>>> Arizona. They were lucky to have 2400 baud modems in the office, nothing in
>>> the field.
>>>
>>> Even urban areas aren't safe. After Sandy the telco said 'screw it, land
>>> lines are expensive to install and maintain' and put in a VOIP system for
>>> everyone. Only one problem - the credit card payment systems can't run on
>>> VOIP. The merchants couldn't process credit cards. Their solution - which
>>> is a huge violation of their contracts - is to write down the credit card
>>> information INCLUDING THE SECURITY CODE and processing the info later at a
>>> different site. You don't write down the security code. Ever. That's a good
>>> way to lose your merchant account. I don't think you can write down the
>>> full credit card number either any more - if you store it it has to be
>>> encrypted and stored to financial industry standards (read $$$). So they
>>> were risking their business, or at least $100k audits and monitoring,
>>> because their telco didn't want to replace some copper wires.
>>>
>>> On Sun, May 17, 2015 at 10:06 PM, Mike Stanczyk <stanczyk at pcisys.net>
>>> wrote:
>>>
>>>>
>>>> On Sat, 16 May 2015, William D. Knoche wrote:
>>>>
>>>>  I don't know if there are any good papers still out there. Google
>>>>> search should provide some clues.
>>>>>
>>>>
>>>> Security Engineering V2 by Ross Anderson is available on the web at:
>>>> http://www.cl.cam.ac.uk/~rja14/book.html
>>>>
>>>> It's chock full of stories on things done right and usually wrong.
>>>> There some chip-and-pin stuff in there but I don't remember which
>>>> chapter.
>>>>
>>>> Mike
>>>>
>>>> _______________________________________________
>>>> Web Page:  http://lug.boulder.co.us
>>>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>>> Join us on IRC: irc.hackingsociety.org port=6667
>>>> channel=#hackingsociety
>>>>
>>>
>>>
>>> _______________________________________________
>>> Web Page:  http://lug.boulder.co.us
>>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>>
>>
>>
>>
>> --
>> Jeffrey Haemer <jeffrey.haemer at gmail.com>
>> 720-837-8908 [cell], http://seejeffrun.blogspot.com [blog],
>> http://www.youtube.com/user/goyishekop [vlog]
>> *פרייהייט? דאס איז יאַנג דינען וואָרט.*
>>
>> _______________________________________________
>> Web Page:  http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>



-- 
Jeffrey Haemer <jeffrey.haemer at gmail.com>
720-837-8908 [cell], http://seejeffrun.blogspot.com [blog],
http://www.youtube.com/user/goyishekop [vlog]
*פרייהייט? דאס איז יאַנג דינען וואָרט.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20150518/c20d0c4f/attachment.html>