Comments on: Keep your keypads close http://www.lightbluetouchpaper.org/2007/09/15/keep-your-keypads-close/ Security Research, Computer Laboratory, University of Cambridge Sun, 06 Jul 2008 12:19:35 +0000 http://wordpress.org/?v=2.5.1 By: Pete Austin http://www.lightbluetouchpaper.org/2007/09/15/keep-your-keypads-close/#comment-24433 Pete Austin Wed, 10 Oct 2007 17:55:48 +0000 http://www.lightbluetouchpaper.org/2007/09/15/keep-your-keypads-close/#comment-24433 "Many victims have been loyal customers of their bank for decades and have never made a claim for fraud in the past, such as Iain Richardson, 44, an Oxford-based business manager for golf courses ... At NatWest, £250 was withdrawn from a cash machine and a further £1,800 in an over-the-counter transaction using chip and Pin – but the bank refuses to refund the cash. This is despite the fact that it has forwarded CCTV footage of the criminals on to police ... <b>Iain is furious at being labelled incompetent</b>: 'They said I was irresponsible with my Pin number, but I said there is no way that could have happened. I have had the same Pin for six years and haven't written it down anywhere. <b>I recited the 12-digit number on the card then and there, as well as the Pins to all of my debit and credit cards</b>. I don't forget things easily." http://www.thisismoney.co.uk/saving-and-banking/article.html?in_article_id=425103&in_page_id=7&ito=1723 “Many victims have been loyal customers of their bank for decades and have never made a claim for fraud in the past, such as Iain Richardson, 44, an Oxford-based business manager for golf courses … At NatWest, £250 was withdrawn from a cash machine and a further £1,800 in an over-the-counter transaction using chip and Pin – but the bank refuses to refund the cash. This is despite the fact that it has forwarded CCTV footage of the criminals on to police … Iain is furious at being labelled incompetent: ‘They said I was irresponsible with my Pin number, but I said there is no way that could have happened. I have had the same Pin for six years and haven’t written it down anywhere. I recited the 12-digit number on the card then and there, as well as the Pins to all of my debit and credit cards. I don’t forget things easily.”

http://www.thisismoney.co.uk/saving-and-banking/article.html?in_article_id=425103&in_page_id=7&ito=1723

]]> By: Rob http://www.lightbluetouchpaper.org/2007/09/15/keep-your-keypads-close/#comment-24163 Rob Sun, 23 Sep 2007 16:19:38 +0000 http://www.lightbluetouchpaper.org/2007/09/15/keep-your-keypads-close/#comment-24163 With apologies for following up my own posting, I used a kiosk at an Argos a couple of days after writing the above and was able to leave with the goods without ever showing my card to a human. Thereby demonstrating the risks involved in basing an argument solely on anecdotal evidence. With apologies for following up my own posting, I used a kiosk at an Argos a couple of days after writing the above and was able to leave with the goods without ever showing my card to a human.

Thereby demonstrating the risks involved in basing an argument solely on anecdotal evidence.

]]> By: Rob http://www.lightbluetouchpaper.org/2007/09/15/keep-your-keypads-close/#comment-24074 Rob Mon, 17 Sep 2007 06:49:19 +0000 http://www.lightbluetouchpaper.org/2007/09/15/keep-your-keypads-close/#comment-24074 Gavin: This is just anecdotal, but whenever I've used the self service kiosks at Argos, staff have always asked to see (and handle) my card before handing over the goods. Gavin: This is just anecdotal, but whenever I’ve used the self service kiosks at Argos, staff have always asked to see (and handle) my card before handing over the goods.

]]> By: Gavin Jamie http://www.lightbluetouchpaper.org/2007/09/15/keep-your-keypads-close/#comment-24067 Gavin Jamie Sun, 16 Sep 2007 19:54:27 +0000 http://www.lightbluetouchpaper.org/2007/09/15/keep-your-keypads-close/#comment-24067 Argos self service kiosks use terminals with no human supervision whatsoever so presumably attacks are easier there. Also possible to use these to get quite high value and resalable goods (plasma TVs etc) Argos self service kiosks use terminals with no human supervision whatsoever so presumably attacks are easier there.
Also possible to use these to get quite high value and resalable goods (plasma TVs etc)

]]> By: Steve Parker http://www.lightbluetouchpaper.org/2007/09/15/keep-your-keypads-close/#comment-24056 Steve Parker Sat, 15 Sep 2007 23:00:54 +0000 http://www.lightbluetouchpaper.org/2007/09/15/keep-your-keypads-close/#comment-24056 That ViewSafe terminal looks as if it's quite easy to see that the user is pressing the "8" key. It's not what they're looking at that matters, it's what their fingers are doing. That ViewSafe terminal looks as if it’s quite easy to see that the user is pressing the “8″ key. It’s not what they’re looking at that matters, it’s what their fingers are doing.

]]> By: David Walters http://www.lightbluetouchpaper.org/2007/09/15/keep-your-keypads-close/#comment-24053 David Walters Sat, 15 Sep 2007 19:33:56 +0000 http://www.lightbluetouchpaper.org/2007/09/15/keep-your-keypads-close/#comment-24053 Keypads need to be removable to allow disabled people, for example in a wbeelchair, to use them. A small amount of fraud seems resonable to make the system open to all. Keypads need to be removable to allow disabled people, for example in a wbeelchair, to use them.

A small amount of fraud seems resonable to make the system open to all.

]]>