Your secret PIN may not be so secret

CNET ^ | March 16, 2006 | Greg Sandoval

[Bigg Red]

mark

[Publius6961]

The compromise of so many PINs suggests that a national retailer stockpiled customer information even though such a practice is against rules set down by the major credit card companies.

Would not cutting off such retailer from use of the cards send a powerful message to not break the rules?

Make the retailer responsible to make the losses good!

[TXBSAFH]

That or they were in the offshore data center.

[stuartcr]

I still use checks.

[GarySpFc]

Ping

[YouPosting2Me]

2548

Did I guess correct?

[freedomlover]

An IT guy at my company says that two of the most common passwords are "open" and "openup". He says that many nitwits at our company try to use "password" or some truncated version but the software won't allow it.

DUH

[freedomlover]

As I noted on another thread I understand that many know-it-all techies use the requisite digits for Pi as their passwords.

[tx_eggman]

That or they were in the offshore data center.

Ding, ding, ding ... we have a winner

[pollyannaish]

You know, I tried to write one of those out the other day and got a hand cramp and couldn't finish.

I think I'm forgetting how to write by hand. It's actually kind of scary.

[BlueMondaySkipper]

2548

Did I guess correct?

Nope... Bosco

[pollyannaish]

Now that I think about it, if I keep hanging out on FreeRepublic I'm going to not know how to carry on a conversation because I have forgotten how to talk...and keep looking for the Post button.


(Although it wouldn't kill me to have a Preview button in real life...)

[stuartcr]

I don't use my computer to bank or pay bills, either.

[evets]

Kreskin knows my pin.

[pollyannaish]

Amazing.

There is very little I do traditionally anymore. Life is kind of on automatic. I just check in regularly to make sure it is all being taken care of properly.

[driftdiver]

Retailers have the ability to store your pin, buying habits, and electronic signature. You know those little pads that you sign the receipt and it goes into the computer? It probably wasnt a single retailer but rather one of the upstream companies.

[-YYZ-]

I don't know about the US, but in Canada all credit/debit terminals, in particular the PIN pad, are supplied by the banks and then integrated with the POS systems. I worked in the POS industry until 2000 and I was told that the whole authentication process went on inside the bank's equipment - PINs in the clear never pass through the retailer's equipment. Depending on the design of the system, though, encrypted PINs might pass through the retailer's system, and I suspect that the encryption used might not be unbreakable.

[B4Ranch]

I know Kreskin.

[TheForceOfOne]

bttt