[lug] OT: Credit Cards w/ Chips

Bear Giles bgiles at coyotesong.com
Mon May 18 12:13:55 MDT 2015


What about western Europe though?

Then there's the poor guy in Washington state. He repeatedly asked but
Comcast (?) and the telco if he could get broadband at the location where
he was building a house. He was reportedly told it would not be a problem.

Then he moved in and after months of runarounds both told him that they
would not offer service to him. It wasn't a case where they were willing to
provide service if he absorbed the cost of running a wire to his place.
They flat-out said they would not provide service.

Last I heard he was going to sell the house but who would buy it knowing
that they couldn't get service?

(There's no defense for lying to him but apparently he needed high
bandwidth and low latency, something he can't get with satellites or the
other usual alternatives.)

On Mon, May 18, 2015 at 10:08 AM, Jeffrey S. Haemer <
jeffrey.haemer at gmail.com> wrote:

> Another reason Europe adopted the system it did was a lack of reliable
> land-lines. It was analogous to the situations Bear described.
>
> In almost every country but the US, the phone system was established and
> run by PTTs -- the same government bureau in charge of the post office and
> the telegraph. Phones long sounded little better than tin cans and
> string.Last time I was in Romania, the mean time to install a land-line was
> six months. Sergei Kuznetsov, the head of the Russian Unix Users Group at
> the time, told me that in Russia, it was still a year. Here, it's "Can you
> be at home on Tuesday, between 1 and 5 for our installer?" There, it's "Be
> home for our installer next May." :-)
>
> In such situations, a credit-card system that requires easily available,
> reliable, low-noise, phone lines is a non-starter.
>
> One reason cell adoption was so much faster in Europe than in the US was
> that you could get a phone right away if you could pay for it, and it would
> actually work. Alexandru Rotaru, who ran GURU, the Romanian Unix Users
> Group, always carried two.
>
> I haven't worked there for a decade or so, and things may have improved.
>
> On Mon, May 18, 2015 at 8:52 AM, Bear Giles <bgiles at coyotesong.com> wrote:
>
>> Don't forget the legal aspect. Europe has a secure system since the banks
>> are on the hook. The US has an insecure system since the merchants are on
>> the hook. (iirc)
>>
>> We're finally changing because the laws have changed. Imagine that -
>> change the liability and you see different behavior.
>>
>> But as to the broader question - we tend to think in terms of urban
>> solutions. What do you do about the little store out in the middle of
>> nowhere, the one where they're lucky to have low-quality voice service. The
>> system has to work for them as well. We ran into that at the USDA - we had
>> a web-based solution which was fine for most users but then we had to deal
>> with border agents at the middle of nowhere in deep rural New Mexico and
>> Arizona. They were lucky to have 2400 baud modems in the office, nothing in
>> the field.
>>
>> Even urban areas aren't safe. After Sandy the telco said 'screw it, land
>> lines are expensive to install and maintain' and put in a VOIP system for
>> everyone. Only one problem - the credit card payment systems can't run on
>> VOIP. The merchants couldn't process credit cards. Their solution - which
>> is a huge violation of their contracts - is to write down the credit card
>> information INCLUDING THE SECURITY CODE and processing the info later at a
>> different site. You don't write down the security code. Ever. That's a good
>> way to lose your merchant account. I don't think you can write down the
>> full credit card number either any more - if you store it it has to be
>> encrypted and stored to financial industry standards (read $$$). So they
>> were risking their business, or at least $100k audits and monitoring,
>> because their telco didn't want to replace some copper wires.
>>
>> On Sun, May 17, 2015 at 10:06 PM, Mike Stanczyk <stanczyk at pcisys.net>
>> wrote:
>>
>>>
>>> On Sat, 16 May 2015, William D. Knoche wrote:
>>>
>>>  I don't know if there are any good papers still out there. Google
>>>> search should provide some clues.
>>>>
>>>
>>> Security Engineering V2 by Ross Anderson is available on the web at:
>>> http://www.cl.cam.ac.uk/~rja14/book.html
>>>
>>> It's chock full of stories on things done right and usually wrong.
>>> There some chip-and-pin stuff in there but I don't remember which
>>> chapter.
>>>
>>> Mike
>>>
>>> _______________________________________________
>>> Web Page:  http://lug.boulder.co.us
>>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>>
>>
>>
>> _______________________________________________
>> Web Page:  http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>
>
>
>
> --
> Jeffrey Haemer <jeffrey.haemer at gmail.com>
> 720-837-8908 [cell], http://seejeffrun.blogspot.com [blog],
> http://www.youtube.com/user/goyishekop [vlog]
> *פרייהייט? דאס איז יאַנג דינען וואָרט.*
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20150518/893e6cac/attachment.html>


More information about the LUG mailing list