[6260] in cryptography@c2.net mail archive
Re: Debit card fraud in Canada
daemon@ATHENA.MIT.EDU (Ben Laurie)
Mon Dec 13 17:39:50 1999
Message-ID: <3855736E.465A9B02@algroup.co.uk>
Date: Mon, 13 Dec 1999 22:30:06 +0000
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: David Honig <honig@sprynet.com>
Cc: "Steven M. Bellovin" <smb@research.att.com>,
Steve Reid <sreid@sea-to-sky.net>, cryptography@c2.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
David Honig wrote:
>
> At 10:49 AM 12/13/99 -0500, Steven M. Bellovin wrote:
> >true for credit cards? If so, a simple visual recorder -- already used by
> >other thieves -- might suffice, and all the tamper-resistance in the world
> >won't help. Crypto, in other words, doesn't protect you if the attack is on
> >the crypto endpoint or on the cleartext.
>
> Wouldn't a thumbprint reader on the card (to authenticate the meat to the
> smartcard) be a tougher thing to shoulder surf?
> Does raise the cost over a PIN.
Sure. But wouldn't you like to keep your thumbs?
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
