Reply to: Credit Card Fraud

I would advocate (no pun intended) that the same effect could be achieved with 3 large pieces of cardboard around the terminal fixed in place with some sticky tape...without the need to instigate a behavioural change in the general population.

The issue really is that people are looking for technical and 'snazzy' solutions to solve security problems (i.e. the ING Direct entry) and are more focussed on the 'snazzy' than the useability or increased security. Which is not to say that 'percieved security' is unmarketable; banks do this all the time (customers with that warm fuzzy feeling are valuable), but it doesn't effectively mitigate the risk.

I'm not saying that a dynamic keypad doesn't have it's place (where the risk appetite is high) but I am saying it's not appropriate for my weekly shopping in Sainsburys.

Worked on chip & pin in late eighties, card companies turned it down as too expensive to implement. We had working signature verification then too, being biometric its pretty safe from fraud.

Chip & pin was working on the continent 20 years ago, saving lots of money, but then the technology wasn't as cheap.


I have seen signature pads in use all over the world, except of course the UK.

Suggest they implement signature verification for any purchases over £50 and stop fraud in its tracks.

The point with this system is that it is easier to make a screen that you can only see when you are directly in front of it so the criminal looking over your shoulder would only see a blank screen. Most criminals will be watching the keypad and looking at the pattern you are typing out, not the physical numbers, this system would make thier life a whole lot harder.

I think that anybody who can currently use a chip and pin terminal or a cash machine should be fine. The people that currently can't use them are lost causes anyway.

http://www.gridsure.com/

My "confidence in my fellow man" is based purely on validated research and observation. Many of them have reached the limit of their technical ability once they've mastered the use of toilet paper.

I have observed properly-constructed user testing sessions - the real thing, with ordinary people on the other side of the one-way mirror. Many of them have trouble grasping the most basic aspects of technology - start shifting stuff around at random and they're not going to get it.

Come to that, there's been quite a few times when I've seen somebody get utterly confused by a normal cash machine, without the added complication of moving the buttons around.

And you know those queues that form for the ticket office in the Tube station, even though all the self-service machines are available and working? That's people who get confused by all the buttons and touch-screens - they'd rather wait five minutes and have another person do the thinking for them.

I'm not saying this makes them bad people, they're just not technically minded, and there's no reason why they should have to change just because some security consultant has a wizard idea but has no understanding at all of human factors.

Yes it could, but it's one more piece of expensive equipment to fail for small shop-owners. And as has been said elsewhere, it's a cost to the banking industry which it gets no return for.

It'll work but with a higher failure rate and no increase in security from the current system.




On an entirely unrelated note, I've got a couple of jars of snake oil going cheap if anyone's interested....

So a random grid could work then?

No I can remember it when required, but my fingers are used to the 'phone pad' pattern of the keys so do it for me.

He can, but his fingers 'remember' it more quickly...

I am staggered that you are intimating you couldn't remember a 4 digit number

it would too easy for the police to workout that they need to ring Odeon, find out which cinema then watch and see.

i'm tempted. i'd happily drive to that cinema and watch. Odeon would even be able to tell which film and showing time.

presbyopia. Short-sightedness actually helps you see up-close

Ah the famed "Granny test" and pretty much my point on the useability side of things.

The security point of view is how ridiculous it is to suggest that criminals are incapable of looking at the screen and keypad at the same time. The 'data' that needs to be stolen is the actual numbers, not the physical key positions.

I think scientists will be offended being included in the same intelligence level group as IT contractors.