[LINK] City launches fingerprint payment program
Daniel Rose
drose at nla.gov.au
Tue Oct 16 09:41:23 AEST 2007
Kim Holburn wrote:
>
> On 2007/Oct/15, at 11:10 PM, Craig Sanders wrote:
>
>> On Mon, Oct 15, 2007 at 09:33:53PM +1000, Rick Welykochy wrote:
>>> The new credit card provides two modes of authentication:
>>>
>>> 1. my PIN is encoded on the magnetic strip, as always
>>
>> huh?
>>
>> the PIN isn't on the card. the account number (and a very small amount
>> of related info) is on the card, the PIN is in the owner's memory.
>> they key it into the EFTPOS or ATM keypad, where it is encrypted and
>> transmitted (along with the account number and the amount of the
>> purchase/withdrawal as well as identifying information about the shop,
>> the EFTPOS machine or ATM, and so on) to remote servers which perform
>> the authentication check and send back an OK or DECLINED message.
>
> Huh? I'm pretty sure that if you get the PIN wrong, the "wrong PIN
> message" comes back straight away, the connection to withdraw money
> takes some time. It's more obvious with EFTPOS machines which often use
> phone lines and are quite slow.
The PIN is not on the card. I've looked!
This doesn't say it's not, but it doesn't say it is either.
http://en.wikipedia.org/wiki/Magnetic_stripe_card
Perhaps you're seeing confirmation bias, or perhaps the initial "correct pin" system is simpler and faster than the backend "Do I have enough money" system, as I imagine might be the case.
The wire encryption is done (or used to be - DES and 3DES) in hardware at both ends, so if it still is then this would also contribute to what you see.
I can't compare my experiences, because I don't use ATMs.
More information about the Link
mailing list