[LINK] Chip vs mag stripe [was: Consumer Credit-Card Risks]

Steven Clark steven.clark at internode.on.net
Thu Jan 14 13:18:15 AEDT 2010


On 14/01/2010 9:06 AM, Stephen Wilson wrote:
> A Medicare number presented from a chip by way of a digital signature
> cannot be replayed or made up.  Any software downstream can tell the
> difference between a Medicare number presented cryptographically from
> a chip, and a number that has been manually entered or transcribed.

certainly it makes it a whole new level of difficult to spoof
transactions. but never say never. technology is not infallible (we
design and built it in the real world), and it can be hijacked or subverted.

especially if it is in software form.

> It beggars belief that health IDs rolling out in the next few years
> could follow security practices that were broken years ago.

not belief, sadly. though it does expose a lot about the thinking (or
lack thereof) behind such schemes.

-- 
Steven R Clark, BSc(Hons) LLB/LP(Hons) /Flinders/, MACS, Barrister and
Solicitor
PhD Candidate, School of Commerce, City West Campus, University of South
Australia



More information about the Link mailing list