Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment better worry about something else (Score 1) 385

I'd be more worry about handing your card to waitress at the restaurant than worrying about your contactless card being read remotely.

obtaining the data contactlessly is not enough to create a duplicate of your credit card(assuming proper card implementation), and certainly not enough to create a "card not present" transaction such as internet, mail, or phone purchase. (only exception is probably using pre-play attack, and this requires some elaborated setup)

A properly implemented contactless card don't even have your name in the contactless interface.

seriously, your credit card company is worrying more on the fraudulant transaction then you, and so there are fairly good measurements deployed to ensure contactless duping can't be done.

Comment Re:What's the big problem? (Score 1) 675

actually, most of the Chip enabled (EMV based) credit cards does have PIN, but they are just not set as preferred CVM (Cardholdver Verification Method). where predominantly it's set to prefer signature over online PIN.

EMV Chip cards offer one of the most important protection over traditional magnetic stripe only cards, which is counterfeit protection. During each EMV transcation the card will generate a unique Application Cryptogram which identify the card, and transcation using a secret key (shared only by card and the issuing bank). meaning EMV cards can not be cloned.


Comment Re:Chip and Pin (Score 2) 193

it's impossible to read the secret keys over any interface of the card. So those cloning devices at most is reading what normally a contactless terminal can read from a card. meaning those cloned cards will fail all the offline and online CAM (card authentication method) since none of the relevant keys (ICC Private Key, nor the Application Cryptogram secret key) can be read.

Unlike traditional magnetic stripe cards, chip cards has robust security build-in, most of the security breach are not from counterfeit cards, (since you can't clone the relavent data from EMV cards)

Comment Re:Got one of those cards (Score 1) 449

the card you just received most likely still supports PIN, just it's not preferred using PIN as the primary method for authorization (i.e. signature preferring). In most of the situation you will not notice any difference (especially in US).

you can still use the magnetic stripe as it's a requirement for credit card, however magnetic stripe is now a *backup* method for using your credit card. Again in US you won't notice any difference as most of the terminals only support magnetic stripe, however overseas in most other countries that already migrated to EMV, during a card transaction if you swipe the magnetic stripe the terminal will prompt operator to use the chip instead. Only when terminal has problem reading the chip then it'll allow physical magnetic stripe transaction for those chip enabled cards.

If it's a chip transaction, it's really close to impossible to clone the card assuming following good implementations, unlike magnetic stripe which can be easily duped

Comment Re:What about flat cards? (Score 1) 142

EMV chip cards does way more then just VERIFY the PIN. It can perform card authentication (card can not be counterfeit/hacked), risk management, and cardholder verification.

If I have to guess, those Chip & Sign cards issed in US are usually signature preferring (at least some PIN methods are still availible on the card, but the setting in the card will always prefer signature unless it's not possible) and not signature only cards.

Comment Re:Great for CC scammers (Score 1) 222

*barely more secure*? EMV cards can't be copied, modified, or counterfeited if the Card Authentication Method (SDA/DDA/CDA) are implemented propertly. The Application Cryptogram generated by the card and host also means the transaction itself is secure (assume proper card and host implmentation).

Magnetic stripes has no protection at all. US is probably the last major country that hasn't go full chip technology.

Comment Re:Chip-and-pin is not secure (Score 1) 236

EMV card is not as simple as that.. you have layers of security, such as Offline Card Authentication (Offline CAM), Cardholder Verification (PIN, Signautere..) and online CAM (where that MAC happens), unless you have means to obtain the private/secret keys required for transaction, it's going to be extremely hard to calculate

Comment no faster clock Opteron 4300 (Score 1) 128

I was hoping AMD could release a faster workstation level Opteron 4300 to match the FX-8350, the top end 4386 is still a 3.1Ghz (turbo to 3.8Ghz) but
the fastest 8 core Opteron 6328 is 3.2Ghz and goes to 3.8Ghz turbo. (but Opteron 4386's TDP is 95w vs Opteron 6328's 115w) while FX-8350 is 4Ghz turbo to 4.2Ghz and consuming 125w

Slashdot Top Deals

Real programmers don't write in BASIC. Actually, no programmers write in BASIC after reaching puberty.