On Sat, 22 Dec 2007 12:48:20 +0000, d4g4h4@yahoo.co.uk (David Horne, _the_
chancellor (*)) wrote:
>Martin wrote:
>
>> On Sat, 22 Dec 2007 12:48:56 +0100, Alfred Molon
>> wrote:
>>
>> >In article , Martin says...
>> >> On Fri, 21 Dec 2007 21:05:31 +0100, Alfred Molon
>> >> wrote:
>> >>
>> >> >In article , Martin says...
>> >> >
>> >> >> I wondered for a long time how they could set up a skimmer camera so
>> >> >> that it could read what the user inputs. In addition it seems to be
>> >> >> possible for them to do Internet banking with the info they obtain
>> >> >> by skimming.
>> >> >
>> >> >Here in Germany to do Internet banking you need a different code to
>> >> >access the web site and socalled 'TAN' (transaction numbers) to do a
>> >> >wire transfer. Both sets of numbers are not used when withdrawing
>> >> >money from an ATM. The TANs are definitely not stored on the card and
>> >> >the code to access the website is most certainly not stored on the
>> >> >card as well.
>> >>
>> >> The PIN is stored in the card. The other number is written on the card
>> >> and is the number of cards of that type that you have been issued.
>> >> starting from 001.
>> >
>> >Possibly, but here in Germany with only the card and the PIN you can't
>> >do online banking.
>>
>> I reckon I could find my PIN code by trial and error in less than an hour
>> using the gadget provided for Internet banking. It has the a similar
>> weakness to Enigma in that you know what to expect when you have cracked
>> it. I guess anybody skilled in electronics could build something around
>> the gadget that would crack the PIN code in a fraction of a second.
>[....]
>> The German system seems much more secure.
>
>I don't see the problem with the RBoS one either.
>
>You need your date of birth (easy to get I agree) but is followed by a
>unique 4 digit numeric code you have to remember.
The weakness in that is that it can be intercepted by a keyboard logger.
My HSBC IB account
An IB number
DOB
A random four digits out of a six digit number I have to learn.
and nothing else
>
>a separate 4 digit PIN (which is unrelated to your card PIN, although
>you can select the same one, I suppose)
>
>an alphanumeric 8 character password
>
>That info allows you into your account details. You need to use the
>encrypter only when making a payment to an account you haven't used
>before.
>
>The only code you enter in its entireity is the first one.
--
Martin
|