SECURITY THREAT - PIN Grabbers Nab Holy Grail of Bank Card Security
 

This is crazy - The hackers are getting sophisticated. I always say never use your debit card with the PIN anywhere but at the bank.

Hackers have crossed into new frontiers by devising sophisticated ways to steal large amounts of personal identification numbers, or PINs, protecting credit and debit cards, says an investigator. The attacks involve both unencrypted PINs and encrypted PINs that attackers have found a way to crack, according to the investigator behind a new report looking at the data breaches.....


read the whole article here ... http://blog.wired.com/27bstroke6/2009/04/pins.html

OH NOES!!! Run for da hills!

did you read the article? they are able to hack the encrypted files. This has never been seen before.

:helpme:2 cents:

hmmm... ok, reading.

card numbers are no big deal. The consumer is not liable for charges on their card. When the hacker gets your PIN and is able to take cash out of you bank account and there is no way to prove you did not remove the money yourself, there is a problem.

I know you think this is groundshaking news... but really, anything that someone tries to "secure" can be unsecured. Yes, even when they come up with a plan to implant chips in your hand to make payments, someone somewhere will come up with a scanner that will strip all your info from a simple handshake and then everyone will freak out about how easy it is to crack it.

Check your bank balances every day and report anything suspicious to your bank immediately and your covered. That is it.

I don't think it is ground shaking by any means :) i work in the payment space and have seen it all. I do however think it is pretty sophisticated and it will require a complete rewrite of the way the banks work with PIN's :thumbsup

You are not covered if someone nabs your PIN and makes a purchase with a card and withdraws your cash directly from your bank account. It will take months before the banks will sort out the missing money if they ever do :2 cents:

So even if you check your account everyday you may see money missing but it will be a battle to try and recover that money

Sure it has not :)

Anything that's encrypted, can be decrypted. Either by a true decyprtion, or just by bruteforce.

you quoted a piece of what I said. My statement was not a "general" statement about hacking encrypted files, it was about hacking encrypted files that decipher PIN's.



.............Some of the attacks involve grabbing unencrypted PINs, while they sit in memory on bank systems during the authorization process. But the most sophisticated attacks involve encrypted PINs.

The latter attacks involve a device called a hardware security module (HSM), a security appliance that sits on bank networks and on switches through which PIN numbers pass on their way from an ATM or retail cash register to the card issuer. The module is a tamper-resistant device that provides a secure environment for certain functions, such as encryption and decryption, to occur.
:thumbsup

good bye to your moneys

Hey KRosh, that was your 4444th post:thumbsup

All my cards are chipped thank goodness, even the debit cards now.

If the money was removed at the ATM yes there is a way to prove it. The security tapes which the banks will now be forced to keep for a longer period of time.

Next time you call the bank for anything see if you can set up a security password. That way no one can call in and ask for a wire, or even walk in and get a wire done without it.

There was a big article in Wired about a year or so ago where they built a chip reader with about 20 bucks worth of parts from RadioShack.

.

Damn. I am pretty careful with my debit card but I cannot get by without using ATMs. Obviously any security measure has a theoretical countermeasure but it seems they may want to try and do something about this soon.

solution = safe

Debit cards are terrible I refuse to use them. If you want it to take forever to get your money back and/or have a good chance of not getting all of it back when it is stolen use a debit card.

ca$h baby!

Wow not good.:(

Mr. Romance

He must have hacked my pin number.