> Dave VanHorn wrote:
>
> >> Well, the quality of his web pages, and the short leap from
> >> task description to possible application as a credit card skimmer
> >> didn't make me feel good either.
> >
> > You know of course, that your pin does not live on any of the three
> > tracks, right?
>
> Of course.
> But micro cameras have made it pretty easy to get a PIN
> from careless users. When was the last time you checked
> your ATM machine valence for unusual or non-standard
> coverings? Our national newsmagazine just ran a 1 hours show
> dedicated entirely to the tricks of the trade, to teach
> consumers what to be aware of. They showed how a group
> of well organized crooks outfitted an ATM in a busy
> Calgary location with a camera and faceplate card
> skimmer, in LESS THAN 30 seconds.
>
> www.ctv.ca/servlet/ArticleNews/story/CTVNews/1105142446966_16/?hub=WFive
>
> "In just two hours time, the gang got away with 35
> customers' card information. In just a few days they
> had collected enough information to steal nearly $650,000."
>
> What really peeves me is that much more secure systems
> than mag stripe technology exists (e.g. smartcards),
> but the banking industry isn't YET loosing enough money
> to justify the upgrade. Maybe we need to refuse to use their
> systems until they upgrade them. And TELL THEM THIS!
>
> "
> Banking experts estimate it would cost the banking system in
> Canada approximately $500-million to produce the chip
> technology (smart cards) for the debit card system while
> debit card fraud costs a mere $44-million in 2003 in comparison.
> One might think the banks have concluded it's cheaper to pay
> off the bad guys than it is to help the good guys."
>
> It's only a matter of time before your area sees the same
> criminal activity, so please be aware of anything 'unusual'
> about your ATM.
>
> Robert
>

>-----Original Message-----
>From: .....piclist-bouncesKILLspam@spam@mit.edu [piclist-bouncesKILLspammit.edu]
>Sent: 22 February 2005 14:12
>To: Microcontroller discussion list - Public.
>Subject: Re: [AD]: Project offer any one interested? ATM scams
>
>
>Robert,
>
>On Sun, 20 Feb 2005 21:50:54 -0700, Robert Rolf wrote:
>
>>...<
>> What really peeves me is that much more secure systems
>> than mag stripe technology exists (e.g. smartcards),
>> but the banking industry isn't YET loosing enough money
>> to justify the upgrade.
>
>UK banks obviously think it's worth it - credit/debit cards
>have had chips in them (as well as the magstripe)
>for a number of years.  Both systems are running in parallel
>at the moment, wit a lot of retailers still only
>having a swipe-reader, but dual-format readers will refuse to
>accept the swipe for a card that has a chip, and
>the card has to be plugged in to read the chip.  Until
>recently this was still confirmed with a signature ,
>and they almost always do check it (it still amazes me that US
>shops hand the card back before you sign the
>slip, so checking the signature is obviously not common!).  UK
>banks are now introducing "Chip & PIN" whereby
>at retail tills you plug your card into the reader and enter a
>PIN - I believe they didn't think it was safe
>to use a PIN on the swipe of the magstripe, for the reasons
>being discussed.  Interestingly the PIN used by
>"Chip & PIN" isn't the same as the one used in ATMs (my
>current debit card has a chip, and I use it with a PIN
>in ATMs, including abroad, but it doesn't work as Chip & PIN
>in retailers - the next replacement will,
>though).

> On Tue, 2005-02-22 at 14:18 +0000, Michael Rigby-Jones wrote:
>
>>Personaly I feel the PIN is less secure than a signature in many ways.
>>Once someone has seen you type it in (and let's face it, it's not
>>difficult), they then just have to relive you of the card via
>>pickpocketing or mugging and they have no problems at all using it. No
>>tricky signature to come under the scrutinty of a shop assistant and as
>>a big bonus they can get cash directly from an ATM machine.
>
>
> Actually, for anybody who has practised, forging a signature is
> extremely easy. Especially considering most shop keepers don't check it
> (in North America). OTOH smart cards are no secure solution either IMHO.
> Sure, at the moment they are pretty secure, but ask the satellite
> industry how great smart cards are, it's only a matter of time...
>
> -----------------------------
> Herbert's PIC Stuff:
> http://repatch.dyndns.org:8383/pic_stuff/
>

>An interesting side story about this theft of cards...
>
>A few weeks ago, my mother-in-law was on line at the
>supermarket, and after paying she scooped up her
>receipt and debit card, dumped them in her purse and
>left.  Later that day, she bought gas (pay at the pump).
>After filling and paying, she went to return her debit card
>to her wallet and realized that it wasn't her debit card.
>
>She returned the card to the bank (the cardholder's
>account was with her bank) and asked that it be returned,
>and that her account have the price of the gas she
>bought transferred to the other account with her apologies.
>
>The bank thanked her and deducted the money.
>
>The next day, the police interrogated her for two hours
>before finally charging her with identity theft.  Her court
>date is next week.  Attorney costs are now at $1500.
>
>Over $27 worth of gas, which they only know she spent
>because she returned the card and requested her account
>be debited.
>
>Mike H.
>  
>

> -----Original Message-----
> From: piclist-bouncesEraseME.....mit.edu [EraseMEpiclist-bouncesmit.edu]On Behalf
> Of Hulatt, Jon
> Sent: Wednesday, 23 February 2005 8:53 PM
> To: Microcontroller discussion list - Public.
> Subject: RE: [AD]: Project offer any one interested? ATM scams
>
> ...
>
> Yes, the chip & pin system is flawed- if someone sees you enter your pin
> in the POS terminal, then they can mug you for your card outside the
> store, and use it. But I don't care. If someone wants my card; they can
> have it- i'm not getting beaten up for a piece of plastic. UK law does
> not regard handing over your card (and even your PIN!) under a threat of
> violence as negligent- therefore my losses are the bank's problem.
>
> IMO the best security would be biometrics- and forget crazy stuff like
> fingerprint recognition and retina scanning. Why not just print a photo
> on the card? The human brain is *very* good at facial recognition, and
> this single measure would probably do more to protect against POS fraud
> then anything else (assuming the shopkeeper is not part of the scam
> too). A bank in the UK did this a few years ago, but it didn't catch on.
>

>>> > So far only wallets and codes were stolen. Now it's time
>>> > for eyes and  fingers.
>>    
>>
>>
>> People have done it with relative's thumbs to collect
>> pensions after the legitimate owner of the thumb
>> has gone to a better place
>  
>

> Eddie,
>
> On Tue, 22 Feb 2005 12:32:13 EST, EraseMESavanaPicsspamspamBeGoneaol.com wrote:
>
>> ...<
>> About the only really sure way I can think of is either by fingerprint
>> recognition (which you would never be able to keep clean) and retina  recognition.
>> ( I have no knowledge of this one)
>
> Actually Iris recognition is a lot easier to do then retina, and is
> reckoned to be very secure.