[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, 27 Jun 2013, Philip Hudson wrote:
On 27 Jun, 2013, at 10:02 am, Philip Hudson wrote:- Your PINHere's an interesting sub-topic: does GCHQ know your PIN?
The PIN is stored on the chip on the card. There is no transaction to the bank to validate the PIN - it merely tells the equipment reading the card that the card owner is present.
e.g. my NatWest card readers can authenticate my PIN without a connection to any network at all, and I can also use them to change the PIN on any card I own.
So in-theory, other than the initial PIN they set on your card when they sent it to you, the banks don't know your PIN.
The authorities don't need to know the PIN - they just go direct to the bank and say: Give me all of Mr. Hendersons bank statements.
And yes, I know what you're thiking. It's been done: http://www.lightbluetouchpaper.org/2012/09/10/chip-and-skim-cloning-emv-cards-with-the-pre-play-attack/ or http://url.drogon.net/1j Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq