Monday, May 15, 2006
Are pin pads secure ?
I went to a hardware store yesterday evening with my Brother in law and purchased some stuffz. Since we just had very items to payfor, we opted for the self check-out counter . We had to scan our items, place them in the bag and pay through the swipe machine in the counter. After my BIL swiped his card, he had to affix his signature on the electronic panel in the pin pad . Getting curious on the strength of the signature validation done by the system, I forged my own version of my BIL's signature on the panel and to my surprise the transaction went through successfully. I really dont know the pattern matching algorithm used by such pin pads but I bet it is pretty poor.
Subscribe to:
Post Comments (Atom)
4 comments:
Hei Joe,
The link to "CHIP & PIN" is incorrect. C&P asks the customer to enter a 4 digit PIN and not signature.
I also wonder if these self checkout machines do *really* verify the signature!
Search for "Checkout" in this link:
www.cs.clemson.edu/~120admin/Testout/Ch05.pdf
Hi Kanth,
Thanks for that info. I referred the link you had specified.
Once after you affix your signature, I got a message displayed as "Signature Accepted". Hence I thought that they were actually trying to validate my signature against the original. If the purpose of the panel and the stylus is not for verifying signature, I wonder why they invest money on that ?
Mr Joe really surprised that you do not know this thing even after working for the Blue Box.. Hmm.. The signature is not for the verification. It will be used in case of presenments only in case of disputes. The verification would already have been done using the PIN or CID information.
Hi Robin,
Nice to meet you in my blog. I have seen this signature pads in Walmart PHX and I assumed (ignorant me ..)that it would verify my signature as they capture digital data through the signature pads.. Dont you think it would be a good idea to propose this project to "BlueBox" ??
cheers
Joe
Post a Comment