Railway Preservation News :: View topic - The current situation with credit cards

Now in America, chip-and-PIN is actually being implemented as chip-and-signature, because marketers have determined Americans don't want to remember yet another number.

You might still need to take a PIN for foreign customers or for someone using an ATM card in ATM mode. The reader has a keypad, so customers will enter it there where it is secure via P2PE, rather than on your insecure tablet/phone.
The device is wireless via bluetooth,

Won't the wireless transmission of PINs expose them to remote eavesdropping?

robertmacdowell wrote:

Won't the wireless transmission of PINs expose them to remote eavesdropping? Are there any wired solutions, so the thieves will have to physically tap into your line? Of course, then they will just bribe a telephone company employee to do the interception in the Central Office!

Author:	Emmo213 [ Mon Jul 20, 2015 9:47 pm ]
Post subject:	Re: The current situation with credit cards
robertmacdowell wrote: Now in America, chip-and-PIN is actually being implemented as chip-and-signature, because marketers have determined Americans don't want to remember yet another number. Fyi this will vary by issuer, and as time goes on more will move away from chip-and-sig and towards chip-and-pin. Chip-and-sig doesn't provide all the same benefits as chip-and-pin because if somebody has a counterfeit card, or has stolen your card, anybody can sign for a transaction.

Author:	JimBoylan [ Tue Jul 21, 2015 8:53 am ]
Post subject:	Re: The current situation with credit cards
robertmacdowell wrote: You might still need to take a PIN for foreign customers or for someone using an ATM card in ATM mode. The reader has a keypad, so customers will enter it there where it is secure via P2PE, rather than on your insecure tablet/phone. The device is wireless via bluetooth, Won't the wireless transmission of PINs expose them to remote eavesdropping? Are there any wired solutions, so the thieves will have to physically tap into your line? Of course, then they will just bribe a telephone company employee to do the interception in the Central Office!

Author:	Emmo213 [ Tue Jul 21, 2015 9:08 am ]
Post subject:	Re: The current situation with credit cards
JimBoylan wrote: Won't the wireless transmission of PINs expose them to remote eavesdropping? Secured bluetooth is an acceptable form of communication for PCI purposes.

Author:	robertmacdowell [ Tue Jul 21, 2015 6:02 pm ]
Post subject:	Re: The current situation with credit cards
JimBoylan wrote: robertmacdowell wrote: You might still need to take a PIN for foreign customers or for someone using an ATM card in ATM mode. The reader has a keypad, so customers will enter it there where it is secure via P2PE, rather than on your insecure tablet/phone. The device is wireless via bluetooth, Won't the wireless transmission of PINs expose them to remote eavesdropping? Are there any wired solutions, so the thieves will have to physically tap into your line? Of course, then they will just bribe a telephone company employee to do the interception in the Central Office! It's in what you quoted. It's secure via P2PE, which stands for "point to point encryption". One point being the Square or PP servers, the other being the reader device itself, which has enough CPU horsepower on board to do the encryption. Any place in the middle is going to only see crypto gibberish, so is exempt from PCI-DSS.

Railway Preservation News http://www.rypn.org/forums/

The current situation with credit cards http://www.rypn.org/forums/viewtopic.php?f=1&t=38307	Page 2 of 2

Page 2 of 2	All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/