Ross Anderson is warning that chip and pin cards may not be the boon to tackling fraud that the banking industry are selling them as.
Prof Anderson said: "What this does is dump liability on the merchant in some cases and on the customers in others. If you use it in a cash machine, the banks will probably say you were to blame.
The introduction of pins for general retail, the co-existence of magnetic strips and smart chips and the underlying change in liability that means banks no longer have incentives for reducing risk is a recipe for card fraud not going down by anything as much as was predicted. If I take my debit card to the supermarket, I use my signature."
And that is one of the fundamental points about security that rarely gets raised in public discourse on the subject - security depends on agenda. If the system can be arranged so that the agent with the most power, eg banks, do not bear the cost of any security failure (onus on cardholder to prove it was not fraud), then that agent (bank) has no incentive to improve security. Sure thene's fraud, sure it's widespread and sure it's somebody else's problem.
From The Register:
"Dutch anti-piracy organisation BREIN, along with FIOD-ECD (Economic Inspection Service of the Fiscal Intelligence and Investigation Service), has raided two popular sites in the Netherlands that offered links to allegedly copyright-infringing content. FIOD-ECD has arrested eight people and seized eleven servers."
The UK government have laid out the rules for charging to discharge freedom of information requests.
No comments:
Post a Comment