Saw this article today about how “Chip and Pin” cards are coming to the US:
—
…a new generation of card readers that scan a tiny chip activated by a personal identification number, or PIN.
—
The article talks about how secure these cards are, admitting the imperfection of any system, no matter how great.
One problem: They’re completely insecure. Chip and PIN is Broken.
Sigh.
Thanks for the link. I forwarded it to my wife, in the banking industry.
I’d be interested in her take on it.
So far, she’s just passed it along to the bank’s security folks. I thought she’d be more personally interested (being in banking *and* IT), but apparently not. I’ll let you know if I get any feedback on it through her.
In IT, nothing is really secure. For the most part, that’s a matter of recognition, not special circumstances. That is, IT just makes it easier to see how little security there is. The great majority of security failures in IT start with people doing things they shouldn’t. Social engineering is much easier than the sort of mechanical hacks described in the article.