[OWASP-Ireland] chip & pin

Paul Cunningham paul.cunningham at eurokom.ie
Tue Oct 11 06:44:31 EDT 2005 

Hi,
also you can not dispute the transaction with the card company if the PIN
has been input correctly, when the signature is used, it can subsequently be
checked and if it is not a reasonable match, refuted.   In this case the
merchant has to refund the card company, and they the user....from bitter
experience!  P

  _____  

From: owasp-ireland-admin at lists.sourceforge.net
[mailto:owasp-ireland-admin at lists.sourceforge.net] On Behalf Of Tony Palmer
Sent: 11 October 2005 11:37
To: Eoin.Keary at allianz.ie; OWASP-Ireland at lists.sourceforge.net
Subject: RE: [OWASP-Ireland] chip & pin


Hi,
 One thing that really bugs me about the new chip and pin system is way in
which the pin is entered. Some of the terminals such as those in
supermarkets offer little in the way of privacy when inputting the pin. Up
to now pins have been mostly used at ATM's where your body is a good
physical screen, but now usually the terminal is between you and the
retailer, more often than not in plain view of other cusomers too. 
A step back for pin security???
T

-----Original Message-----
From: owasp-ireland-admin at lists.sourceforge.net
[mailto:owasp-ireland-admin at lists.sourceforge.net] On Behalf Of
Eoin.Keary at allianz.ie
Sent: 11 October 2005 12:28
To: OWASP-Ireland at lists.sourceforge.net
Subject: [OWASP-Ireland] chip & pin



http://news.bbc.co.uk/2/hi/business/4320072.stm         

BBC has an article on Chip and Pin and the affect it has had on card fraud,
as mentioned by Chris at his PCI presentation last meeting. 
- might be "marketing guff"? Chris, any comments? 

Eoin 




BTW, Next OWASP meeting (End of NoV) 


Wishlist for next meeting (end of November) 

1. WebGoat tutorial/walkthrough.
2. WebScarab walkthrough. - DONE
3. Secure Code practices and pitfalls.
4. PCI (Credit card standard) - DONE
5. Integration of security into the SDLC.
6. OWASP Top 10
7. Forensics + best practice for incident response 


Eoin Keary





xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allianz Ireland p.l.c. and Allianz Corporate Ireland p.l.c. are companies of
the Allianz Group, Europe's leading global insurer and provider of financial
services. 
For more information on our products and services log on to www.allianz.ie
or call us on (01)613 3000.

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action or reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you have
received this in error, please contact the sender and delete the material
from your computer.

Allianz Ireland p.l.c. trading as Allianz is regulated by the Irish
Financial Services Regulatory Authority (IFSRA). 
Allianz Corporate Ireland p.l.c. trading as Allianz is regulated by the
Irish Financial Services Regulatory Authority (IFSRA).
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx







This e-mail is business-confidential and may be privileged. If you are not
the intended recipient, please notify us immediately and delete it. If the
email does not relate to Vordel's business then it is neither from nor
authorized by Vordel. Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-ireland/attachments/20051011/3bebd609/attachment.html

More information about the Owasp-ireland mailing list