
Optimised to fail: Card readers for online banking - dfox
http://www.lightbluetouchpaper.org/2009/02/26/optimised-to-fail-card-readers-for-online-banking/
======
Hates_
Link to the original paper.

[PDF] <http://www.cl.cam.ac.uk/~sjm217/papers/fc09optimised.pdf>

------
lutorm
That the system is flawed and that they tried to keep it secret doesn't seem
new. What really troubles me is the presumption on the part of the regulators
that the system is safe to the point of just believing the word of the banks
when they say the transaction was properly authorized, thus making the
customer effectively liable for fraud even though the law says otherwise.

------
wcoenen
I think the point raised in the paper about the system being defeated by
torture are a bit over the top. If some ruthless individuals break into my
home with the intention to torture people just to gain a few bucks... then I'm
screwed whether I own a card reader or not.

~~~
jaaron
If the card didn't require a PIN, then they wouldn't need to torture you for
it. They could just steal the card. So the risk to security has been moved to
your physical person, making you less safe.

All biometric security systems have the same issue.

------
pmjordan
I wonder if this applies to the HCBI system popular in Germany as well. Sadly
there seems to be little technical information on it out there.

