It is currently Sat Nov 18, 2017 12:47 am

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 19 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: The current situation with credit cards
PostPosted: Mon Jul 20, 2015 9:47 pm 

Joined: Fri Jan 08, 2010 10:08 pm
Posts: 252
Location: Amherst, Oh
robertmacdowell wrote:
Now in America, chip-and-PIN is actually being implemented as chip-and-signature, because marketers have determined Americans don't want to remember yet another number.


Fyi this will vary by issuer, and as time goes on more will move away from chip-and-sig and towards chip-and-pin. Chip-and-sig doesn't provide all the same benefits as chip-and-pin because if somebody has a counterfeit card, or has stolen your card, anybody can sign for a transaction.


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Tue Jul 21, 2015 8:53 am 

Joined: Mon Aug 23, 2004 3:01 pm
Posts: 1436
Location: SouthEast Pennsylvania
robertmacdowell wrote:
You might still need to take a PIN for foreign customers or for someone using an ATM card in ATM mode. The reader has a keypad, so customers will enter it there where it is secure via P2PE, rather than on your insecure tablet/phone.
The device is wireless via bluetooth,
Won't the wireless transmission of PINs expose them to remote eavesdropping? Are there any wired solutions, so the thieves will have to physically tap into your line? Of course, then they will just bribe a telephone company employee to do the interception in the Central Office!


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Tue Jul 21, 2015 9:08 am 

Joined: Fri Jan 08, 2010 10:08 pm
Posts: 252
Location: Amherst, Oh
JimBoylan wrote:
Won't the wireless transmission of PINs expose them to remote eavesdropping?


Secured bluetooth is an acceptable form of communication for PCI purposes.


Offline
 Profile  
 
 Post subject: Re: The current situation with credit cards
PostPosted: Tue Jul 21, 2015 6:02 pm 

Joined: Thu Nov 22, 2007 5:46 am
Posts: 2447
Location: S.F. Bay Area
JimBoylan wrote:
robertmacdowell wrote:
You might still need to take a PIN for foreign customers or for someone using an ATM card in ATM mode. The reader has a keypad, so customers will enter it there where it is secure via P2PE, rather than on your insecure tablet/phone.
The device is wireless via bluetooth,
Won't the wireless transmission of PINs expose them to remote eavesdropping? Are there any wired solutions, so the thieves will have to physically tap into your line? Of course, then they will just bribe a telephone company employee to do the interception in the Central Office!

It's in what you quoted. It's secure via P2PE, which stands for "point to point encryption". One point being the Square or PP servers, the other being the reader device itself, which has enough CPU horsepower on board to do the encryption. Any place in the middle is going to only see crypto gibberish, so is exempt from PCI-DSS.


Offline
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 19 posts ]  Go to page Previous  1, 2

All times are UTC - 5 hours [ DST ]


 Who is online

Users browsing this forum: Bing [Bot], Ddatrainman, Google [Bot], pwkrueger, Rick Rowlands, Yahoo [Bot], Zak Lybrand and 43 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: