| Should I destroy the RFID and just use the
| magnetic swipe?
|

I would and do. With my last card I asked for
non-RFID and they refused to issue it, so I
found the chip and drilled it out with a very
small bit.

Some chips can be found because there's a
small bump. Some can be seen through light
cards. If you can't find it you may need to
order an extra card so you'll have one to shave
away looking for the chip, thus telling you
where to drill.

Another convenient thing is software to check
the chip, to make sure you killed it. I looked
around and found that no one sells readers,
but then I discovered there's a free Android
app that can do it. A friend has an Android
phone. I downloaded the free app and held
the card under the phone to show the chip
ID number. I then drilled out the card and
checked again to make sure it was "dead".

On Thu, 9 Apr 2015 19:22:17 -0400, "Mayayana"
wrote:

| Should I destroy the RFID and just use the
| magnetic swipe?
|

I would and do. With my last card I asked for
non-RFID and they refused to issue it, so I
found the chip and drilled it out with a very
small bit.

Some chips can be found because there's a
small bump. Some can be seen through light
cards. If you can't find it you may need to
order an extra card so you'll have one to shave
away looking for the chip, thus telling you
where to drill.

Another convenient thing is software to check
the chip, to make sure you killed it. I looked
around and found that no one sells readers,
but then I discovered there's a free Android
app that can do it. A friend has an Android
phone. I downloaded the free app and held
the card under the phone to show the chip
ID number. I then drilled out the card and
checked again to make sure it was "dead".

Kinda stupid thing to do - but then again---------

"Mayayana" wrote:

I would and do. With my last card I asked for
non-RFID and they refused to issue it, so I
found the chip and drilled it out with a very
small bit.

I wouldn't. Come this October, retailers will be responsible for any fradulent
transactions caused by use of the mag stripe on an EMV ("chip") card. Because
the retailers will not take on that risk, they will honer the flag encoded on
the mag stripe that indicates the card is an EMV card, which means you won't be
able to use it.

| I wouldn't. Come this October, retailers will be responsible for any
fradulent
| transactions caused by use of the mag stripe on an EMV ("chip") card.
Because
| the retailers will not take on that risk, they will honer the flag encoded
on
| the mag stripe that indicates the card is an EMV card, which means you
won't be
| able to use it.

That's possible. They are trying to switch over.
If it happens I'll worry about it then. In the
meantime, I have 4 cards and only one is (was)
chipped. And not all of them are due to expire
before October.

It's also not clear to me exactly how that works.
The October rule may make a merchant responsible
if they don't have a chip reader. That's not the
same thing as having a chip reader but the card
having a dead chip.

The chip cards in Europe are at least backed up
by also requiring a PIN number. That's apparently
not going to happen in the US. If I eventually have
to accept the chip I'll keep the cards in a fold
of aluminum flashing, which I already have in
my wallet. I'm trying to phase out use of credit
cards, anyway. But I'm also concerned not only
with potential security problems but with the
increasing use of tracking. Over time, chip cards
could end up being used like cookies online, cellphones,
or EasyPass on highways -- as a way to track people.

On Thursday, April 9, 2015 at 9:44:07 PM UTC-4, Mayayana wrote:
| I wouldn't. Come this October, retailers will be responsible for any
fradulent
| transactions caused by use of the mag stripe on an EMV ("chip") card.
Because
| the retailers will not take on that risk, they will honer the flag encoded
on
| the mag stripe that indicates the card is an EMV card, which means you
won't be
| able to use it.

That's possible. They are trying to switch over.
If it happens I'll worry about it then. In the
meantime, I have 4 cards and only one is (was)
chipped. And not all of them are due to expire
before October.

It's also not clear to me exactly how that works.
The October rule may make a merchant responsible
if they don't have a chip reader. That's not the
same thing as having a chip reader but the card
having a dead chip.

The chip cards in Europe are at least backed up
by also requiring a PIN number. That's apparently
not going to happen in the US. If I eventually have
to accept the chip I'll keep the cards in a fold
of aluminum flashing, which I already have in
my wallet. I'm trying to phase out use of credit
cards, anyway. But I'm also concerned not only
with potential security problems but with the
increasing use of tracking. Over time, chip cards
could end up being used like cookies online, cellphones,
or EasyPass on highways -- as a way to track people.

L?0.ultimately the card issuers are on the hook for fradulent charges, so accept whatever they provide and smile its their problem

On Thu, 9 Apr 2015 21:47:12 -0400, "Mayayana"
wrote:


| I wouldn't. Come this October, retailers will be responsible for any
fradulent
| transactions caused by use of the mag stripe on an EMV ("chip") card.
Because
| the retailers will not take on that risk, they will honer the flag encoded
on
| the mag stripe that indicates the card is an EMV card, which means you
won't be
| able to use it.

That's possible. They are trying to switch over.
If it happens I'll worry about it then. In the
meantime, I have 4 cards and only one is (was)
chipped. And not all of them are due to expire
before October.

It's also not clear to me exactly how that works.
The October rule may make a merchant responsible
if they don't have a chip reader. That's not the
same thing as having a chip reader but the card
having a dead chip.

The chip cards in Europe are at least backed up
by also requiring a PIN number. That's apparently
not going to happen in the US. If I eventually have
to accept the chip I'll keep the cards in a fold
of aluminum flashing, which I already have in
my wallet. I'm trying to phase out use of credit
cards, anyway. But I'm also concerned not only
with potential security problems but with the
increasing use of tracking. Over time, chip cards
could end up being used like cookies online, cellphones,
or EasyPass on highways -- as a way to track people.

The chip cards in Canada are all chip-pin.
If the US banks do any different they are more foolish than I even
thought. They HAVE to be chip and pin to work with the Interac banking
system. (world wide interbank system)

On Thu, 9 Apr 2015 21:47:12 -0400, "Mayayana"
wrote:


| I wouldn't. Come this October, retailers will be responsible for any
fradulent
| transactions caused by use of the mag stripe on an EMV ("chip") card.
Because
| the retailers will not take on that risk, they will honer the flag encoded
on
| the mag stripe that indicates the card is an EMV card, which means you
won't be
| able to use it.

That's possible. They are trying to switch over.
If it happens I'll worry about it then. In the
meantime, I have 4 cards and only one is (was)
chipped. And not all of them are due to expire
before October.

It's also not clear to me exactly how that works.
The October rule may make a merchant responsible
if they don't have a chip reader. That's not the
same thing as having a chip reader but the card
having a dead chip.

The chip cards in Europe are at least backed up
by also requiring a PIN number. That's apparently
not going to happen in the US. If I eventually have
to accept the chip I'll keep the cards in a fold
of aluminum flashing, which I already have in
my wallet. I'm trying to phase out use of credit
cards, anyway. But I'm also concerned not only
with potential security problems but with the
increasing use of tracking. Over time, chip cards
could end up being used like cookies online, cellphones,
or EasyPass on highways -- as a way to track people.

ALL chip cards have a PIN number - but foolishly some US banks (US
Bank being one) are not implementing the PIN security on their cards
and banking system.
If you ask your bank to have the PIN enabled, your american bank cards
will work world-wide in chip and pin terminals, and will still work,
without the PIN, in USA

"Mayayana" wrote:

That's possible. They are trying to switch over.
If it happens I'll worry about it then. In the
meantime, I have 4 cards and only one is (was)
chipped. And not all of them are due to expire
before October.

Most banks will be issuing new EMV cards between now and October regardless of
the current non-EMV card expiration date.

It's also not clear to me exactly how that works.
The October rule may make a merchant responsible
if they don't have a chip reader. That's not the
same thing as having a chip reader but the card
having a dead chip.

Yes, it is. When Walmart turned on their EMV card readers last year, they
started by honoring the mag stripe flag for those cards that were EMV and
rejected use of the EMV card mag stripe. Because people were not familiar with
how an EMV card worked, they temporarily changed their terminals to allow either
mag strip or EMV. Come October, that dual use will no longer be permitted by
Walmart or any other retailer. If anyone could bypass the EMV protection by
damaging the chip in an attempt to force use of the mag stripe, what would the
point be of switching to EMV?

The chip cards in Europe are at least backed up
by also requiring a PIN number. That's apparently
not going to happen in the US.

EMV cards can be programmed for multiple verification types (Online PIN, Offline
PIN, Signature or None - None being used for low value transactions like a fast
food restuarant.) Some card issuers will not issue a PIN right away, but the
card can be reprogrammed remotely at a later date. Other issuers will issue a
PIN, but still leave the card programmed to prefer signature.

Because US card users are so used to thinking PIN = Debit, Signature = Credit,
most US card issuers have decided to initially program EMV cards as Signature.
The only change to the user experience is that the card gets placed in a slot
instead of swiped.

Once people in the US are familiar with how PIN based verification for credit
cards work, the cards will be reprogrammed to prefer PIN.

If I eventually have
to accept the chip I'll keep the cards in a fold
of aluminum flashing, which I already have in
my wallet.

You are confusing EMV ("Chip") cards with RFID ("Radio") cards. They are not the
same thing. Most RFID cards are also chip cards, but very few chip cards are
RFID.

But I'm also concerned not only
with potential security problems but with the
increasing use of tracking. Over time, chip cards
could end up being used like cookies online, cellphones,
or EasyPass on highways -- as a way to track people.

The RFID chip in RFID cards can only be ready from a few inches away. It's the
same chip and technology found in millions of employee badges around the world.
If there was a problem with remote survelliance of RFID card holders, you would
have heard about it already.

But as I said - very few EMV cards have the RFID feature.

wrote:

The chip cards in Canada are all chip-pin.
If the US banks do any different they are more foolish than I even
thought. They HAVE to be chip and pin to work with the Interac banking
system. (world wide interbank system)

Having had a great deal of experience using chip cards around the world, I can
tell you EMV cards do not have to be PIN enabled to be used globally. The card
tells the credit terminal what type of verification method to use. If the
terminal is capable of supporting that type of verification, the transaction is
processed.

In the case of a US card that is programmed to prefer signature verification,
the card terminal checks to see if it can either print a paper signature slip or
capture the signature electronically. If either of those happen, the transaction
is processed.

If the card is programmed as signature preferred, but has Online PIN as a
secondary verification method and the terminal has a PIN pad (think gas pump or
train ticket kiosk), a PIN is requested and the transaction is processed.

If the card doesn't have a PIN (ie Signature only), or the card is programmed to
check the PIN validity with the issuer (ie online PIN only) and the terminal is
an offline device (ie some gas pumps or kiosks), the transaction is declined.

On 2015-04-10, Arthur Conan Doyle wrote:
I wouldn't. Come this October, retailers will be responsible for any fradulent
transactions caused by use of the mag stripe on an EMV ("chip") card.

I make all local purchases in cash and use a credit card only for
online purchases which are not very frequent. Probably the next card
they send me will have a chip and I'll definitely be looking to
disable it.

--
-----------------------------------------------------------------------------
Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.)

NSA sedition and treason -- http://www.DeathToNSAthugs.com
-----------------------------------------------------------------------------

On 4/9/2015 11:14 PM, Roger Blake wrote:

I make all local purchases in cash and use a credit card only for
online purchases which are not very frequent. Probably the next card
they send me will have a chip and I'll definitely be looking to
disable it.


And you render it useless if you ever do need it in a store. Dumb idea.

| The chip cards in Canada are all chip-pin.
| If the US banks do any different they are more foolish than I even
| thought. They HAVE to be chip and pin to work with the Interac banking
| system. (world wide interbank system)

From what I've read, US cards will be chip
and signature or chip and no signature for small
purchases. (We're Americans. We shouldn't have
to remember numbers or interrupt our phone
conversation to type on a dirty keypad.

Signature is useless for security. My own
signature written with a plastic pen on a touch-
sensitive pad looks like a 2-year-old's drawing.
I can't believe there's any check on that. It's
probably only used so that I can't easily say I
never made the purchase.

Chip and PIN sounds like it might OK. On the
other hand, why not stripe and PIN, to avoid
contactless reading? It seems to me that the
rush to achieve some fantasy of "space age"
convenience and techno-pizzazz is resulting in
a lot of dubious designs and decisions. Chips
naturally bring in all the issues of non-secure
communication, as is true of wi-fi computing:
It's convenient, it's not generally *too* risky,
but it simply can't be made as secure as direct
wired computing.

| The RFID chip in RFID cards can only be ready from a few inches away. It's
the
| same chip and technology found in millions of employee badges around the
world.
| If there was a problem with remote survelliance of RFID card holders, you
would
| have heard about it already.
|

I'm incredulous that you could think that. First, you're
contradicting your own point. Isn't the purpose of
employee ID badges to track movements of employees
and perhaps act as a security device? Having a chip read
in proximity to a reader is exactly what we don't want.

Did you ever see the map of the journalist who discovered
his iPhone was keeping a record of all of his movements?
Did you hear the one about the man who only discovered
his teenage daughter was pregnant because Target
started mailing coupons for baby gear? (Target had
guessed she was pregnant based on her purchases.)
How about the issue of cellphones being used to track
people in malls? Why not EMV chips and RFID chips?

I'm very concerned about privacy issues, yet even for
me it's difficult to imagine what problems there could be.
Increasingly, vast data is being combined with vast
analytical capability. It's not farfetched that you might
one day drive past a CVS and see an ad on your
dashboard for a prescription drug sale, on all the drugs you
and your family take, because CVS has a new, improved
RFID chip reader and they picked up 3 RFID tags in your
car, two of which are from Walgreen's (packaging from
the shaver and clock you bought awhile back), and all of
which identify you via your shopping history.

If you shop at CVS you're already being sold out:

http://www.theatlanticwire.com/techn...now-too/57183/

http://www.bloomberg.com/news/articl...drug-companies

In this theoretical scenario the additional RFID reading
of debris in your car allows all of the dots to be connected,
and your daughter now starts seeing CVS ads for her
birth control pills on her Facebook page. This is not at
all farfetched. (See the links above.) But it is very
difficult to grasp the extensiveness of the growing data
linkage.

I'm often surprised by the news that comes out. It's
so Orwellian that we just don't expect it. And in general
we *don't* hear about them. That's been a big complaint
with intrusions into commercial databases. The companies
don't want to go public because everyone wants to
pretend that credit cards are secure.

I think it's safe to say that if there are problems then the
odds are I *will not* hear about it.

| But as I said - very few EMV cards have the RFID feature.

But both can be read without direct contact, right? So
what does it matter in prctice?

On 2015-04-10, Ed Pawlowski wrote:
And you render it useless if you ever do need it in a store. Dumb idea.

I have not used a credit card in a store in over 30 years and don't
plan to start any time soon.

--
-----------------------------------------------------------------------------
Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.)

NSA sedition and treason -- http://www.DeathToNSAthugs.com
-----------------------------------------------------------------------------

On 4/9/2015 10:18 PM, wrote:
On Thu, 9 Apr 2015 21:47:12 -0400, "Mayayana"
wrote:




ALL chip cards have a PIN number - but foolishly some US banks (US
Bank being one) are not implementing the PIN security on their cards
and banking system. If you ask your bank to have the PIN enabled,
your american bank cards will work world-wide in chip and pin
terminals, and will still work, without the PIN, in USA


I've used my U.S. bank issued EMV (so called "pin and chip") credit
cards throughout Europe for more than 2 years. A PIN number was issued
automatically with the cards (to make them compatible with use in ATM
machines) but I've never been asked for my PIN by a restaurant or shop
keeper. I've always been asked for my signature. For smaller
transactions, such as purchasing fares in the London underground, or the
Paris metro, the card was accepted by the vending machine without either
a PIN request or a signature request. In fact, I purchased train
tickets costing more than 100 pounds sterling from vending machines in
the U.K. without needing pin or signature.

The only time I was every asked for my PIN at a restaurant was prior to
having a chip enabled credit card, when after swiping the card, the
waiter wanted me to enter the PIN. I declined because my bank told me
that if I used my PIN with a point of sale transaction, it would be
treated as a loan (as if it were an ATM transaction) and subject to
daily interest charges until the balance was paid.

On Fri, 10 Apr 2015 13:41:47 +0000 (UTC), Roger Blake
wrote:

On 2015-04-10, Ed Pawlowski wrote:
And you render it useless if you ever do need it in a store. Dumb idea.

I have not used a credit card in a store in over 30 years and don't
plan to start any time soon.

Fine if you never stay at a hotel or rent a car. No reason to disable
it anyway.

On 4/10/2015 9:01 AM, Mayayana wrote:

In this theoretical scenario the additional RFID reading
of debris in your car allows all of the dots to be connected,
and your daughter now starts seeing CVS ads for her
birth control pills on her Facebook page. This is not at
all farfetched. (See the links above.) But it is very
difficult to grasp the extensiveness of the growing data
linkage.


Actually, my face book page has been showing
me ads for business cards printed online and
shipped. Since I looked online a couple days
ago. Not sure how FB found out.

-
..
Christopher A. Young
learn more about Jesus
.. www.lds.org
..
..

Mayayana wrote:

Another convenient thing is software to check
the chip, to make sure you killed it. I looked
around and found that no one sells readers,
but then I discovered there's a free Android
app that can do it. A friend has an Android
phone. I downloaded the free app and held
the card under the phone to show the chip
ID number. I then drilled out the card and
checked again to make sure it was "dead".

So now the merchant knows you have a tampered with card. Good luck
buying high-ticket items with it.

wrote:

The chip cards in Canada are all chip-pin.
If the US banks do any different they are more foolish than I even
thought. They HAVE to be chip and pin to work with the Interac banking
system. (world wide interbank system)

Visa cards issued in the US that are mag-stripe only work outside of US.

Arthur Conan Doyle wrote:

If the card doesn't have a PIN (ie Signature only), or the card is programmed to
check the PIN validity with the issuer (ie online PIN only) and the terminal is
an offline device (ie some gas pumps or kiosks), the transaction is declined.

I destroy the pins they send, they are only good for cash advances
(now).

Mayayana wrote:

Signature is useless for security. My own
signature written with a plastic pen on a touch-
sensitive pad looks like a 2-year-old's drawing.
I can't believe there's any check on that. It's
probably only used so that I can't easily say I
never made the purchase.

I have a couple I never even signed. I've never been questioned about
it!

"G. Morgan"
wrote in message
Arthur Conan Doyle wrote:

If the card doesn't have a PIN (ie Signature
only), or the card is programmed to
check the PIN validity with the issuer (ie
online PIN only) and the terminal is
an offline device (ie some gas pumps or kiosks),
the transaction is declined.

I destroy the pins they send, they are only good
for cash advances
(now).



Here's one way they can get the pin:

http://www.dump.com/preventtheft/

G. Morgan wrote:
Arthur Conan Doyle wrote:

If the card doesn't have a PIN (ie Signature only), or the card is programmed to
check the PIN validity with the issuer (ie online PIN only) and the terminal is
an offline device (ie some gas pumps or kiosks), the transaction is declined.

I destroy the pins they send, they are only good for cash advances
(now).


PIN goes with chip. rarely chip is damaged and unable to read, then
POS handheld unit requests to swipe the card, print out hard copy for
signature and receipt for card holder. I never saw a card without chip
has PIN. What is such a big deal? Canada as well as whole world has been
using chip and PIN for many years already. Maybe because smart
card(chip) is an European invention. In some things, U.S. is far
behind...???

On Sat, 11 Apr 2015 20:25:36 -0600, Tony Hwang
wrote:

G. Morgan wrote:
Arthur Conan Doyle wrote:

If the card doesn't have a PIN (ie Signature only), or the card is programmed to
check the PIN validity with the issuer (ie online PIN only) and the terminal is
an offline device (ie some gas pumps or kiosks), the transaction is declined.

I destroy the pins they send, they are only good for cash advances
(now).


PIN goes with chip. rarely chip is damaged and unable to read, then
POS handheld unit requests to swipe the card, print out hard copy for
signature and receipt for card holder. I never saw a card without chip
has PIN. What is such a big deal? Canada as well as whole world has been
using chip and PIN for many years already. Maybe because smart
card(chip) is an European invention. In some things, U.S. is far
behind...???
Not so much that it is european - it's just "not made here" If a Yank
didn't invent it, they don't want it.
Add to that, anything "mandated" or that could possibly collect any
data on the user is immediately suspect.

| So now the merchant knows you have a tampered with card. Good luck
| buying high-ticket items with it.
|

High ticket items? Do you buy cars with credit
cards? I don't. The card has a tiny hole.
Most of the time the clerks don't even look at
the card. If they do they're unlikely to see the
hole. If they see it and ask I'll tell them. There's
no reason for them to care, as long as the card
swipes OK. In my last one I removed the chip.
That was several years ago. I've yet to have
any problems.

I would bet that if you try to tell 10 clerks that
you've removed an RFID chip from your credit
card, 9 will say, "Have a good day, sir." If it's
not required to do their job they won't care.
Curiosity is not a common thing.

On 4/11/2015 10:51 PM, Mayayana wrote:

The card has a tiny hole.
Most of the time the clerks don't even look at
the card. If they do they're unlikely to see the
hole. If they see it and ask I'll tell them. There's
no reason for them to care, as long as the card
swipes OK. In my last one I removed the chip.
That was several years ago. I've yet to have
any problems.

What is your plan for the future? At some point merchants may not have
equipment to swipe?

Tony Hwang wrote:

PIN goes with chip. rarely chip is damaged and unable to read, then
POS handheld unit requests to swipe the card, print out hard copy for
signature and receipt for card holder. I never saw a card without chip
has PIN. What is such a big deal? Canada as well as whole world has been
using chip and PIN for many years already. Maybe because smart
card(chip) is an European invention. In some things, U.S. is far
behind...???

There are only two other countries besides the US that don't use the
metric system. We are also behind in high-speed broadband. In S. Korea
500Mib/s is common. I pay $56 (with tax included) for 75Mib/s (and I
have yet to see it, speed tests usually come in about 50Mib/s). I don't
see credit card chip & pin as being "behind" though. I've never had a
problem disputing a charge. I don't want to remember a bunch of PINs. I
have enough to remember! Besides, sometimes I lend my bank card to
someone - I tell them to choose 'credit' rather than 'debit' so I don't
have to give away the PIN.

wrote:

Not so much that it is european - it's just "not made here" If a Yank
didn't invent it, they don't want it.

That's kinda true. I don't want a microprocessor or anything security
related coming from China or Russia, for instance. Sure, they
manufacture most of the laptops - but they don't make the chips like
CPU's or TPM's. The manufacturing process is also watched closely by
American companies that brand them.

Oops.. I do run Kaspersky AV though!

Mayayana wrote:

High ticket items? Do you buy cars with credit
cards? I don't.

I was thinking about a $1500 TV, not so much a car!

wrote:
On Sat, 11 Apr 2015 20:25:36 -0600, Tony Hwang
wrote:

G. Morgan wrote:
Arthur Conan Doyle wrote:

If the card doesn't have a PIN (ie Signature only), or the card is programmed to
check the PIN validity with the issuer (ie online PIN only) and the terminal is
an offline device (ie some gas pumps or kiosks), the transaction is declined.

I destroy the pins they send, they are only good for cash advances
(now).


PIN goes with chip. rarely chip is damaged and unable to read, then
POS handheld unit requests to swipe the card, print out hard copy for
signature and receipt for card holder. I never saw a card without chip
has PIN. What is such a big deal? Canada as well as whole world has been
using chip and PIN for many years already. Maybe because smart
card(chip) is an European invention. In some things, U.S. is far
behind...???
Not so much that it is european - it's just "not made here" If a Yank
didn't invent it, they don't want it.
Add to that, anything "mandated" or that could possibly collect any
data on the user is immediately suspect.

Really it was French invention, by Bull. No matter what we do, crooks
are always one step ahead, LOL!

G. Morgan wrote:
wrote:

Not so much that it is european - it's just "not made here" If a Yank
didn't invent it, they don't want it.

That's kinda true. I don't want a microprocessor or anything security
related coming from China or Russia, for instance. Sure, they
manufacture most of the laptops - but they don't make the chips like
CPU's or TPM's. The manufacturing process is also watched closely by
American companies that brand them.

Oops.. I do run Kaspersky AV though!



Your K. AV may have an embedded data collecting virus like what they did
on hard drives....You know who is they...

Mayayana wrote:
| The chip cards in Canada are all chip-pin.
| If the US banks do any different they are more foolish than I even
| thought. They HAVE to be chip and pin to work with the Interac banking
| system. (world wide interbank system)

From what I've read, US cards will be chip
and signature or chip and no signature for small
purchases. (We're Americans. We shouldn't have
to remember numbers or interrupt our phone
conversation to type on a dirty keypad.

Signature is useless for security. My own
signature written with a plastic pen on a touch-
sensitive pad looks like a 2-year-old's drawing.
I can't believe there's any check on that. It's
probably only used so that I can't easily say I
never made the purchase.

Chip and PIN sounds like it might OK. On the
other hand, why not stripe and PIN, to avoid
contactless reading? It seems to me that the
rush to achieve some fantasy of "space age"
convenience and techno-pizzazz is resulting in
a lot of dubious designs and decisions. Chips
naturally bring in all the issues of non-secure
communication, as is true of wi-fi computing:
It's convenient, it's not generally *too* risky,
but it simply can't be made as secure as direct
wired computing.


What's the worry, pretty soon as soon as baby is born
s/he will have a smart chip implanted in his/her forehead maybe.
Needs nothing to carry as an id. or banking or grocery shopping, lol!

G. Morgan wrote:
Mayayana wrote:

Signature is useless for security. My own
signature written with a plastic pen on a touch-
sensitive pad looks like a 2-year-old's drawing.
I can't believe there's any check on that. It's
probably only used so that I can't easily say I
never made the purchase.

I have a couple I never even signed. I've never been questioned about
it!

At our store we do some mail order processing. Then we print out
hard copies entering CC no. but instead of sign. we mark it mail order
and customer's phone no.

Tony Hwang wrote:

G. Morgan wrote:
wrote:

Not so much that it is european - it's just "not made here" If a Yank
didn't invent it, they don't want it.

That's kinda true. I don't want a microprocessor or anything security
related coming from China or Russia, for instance. Sure, they
manufacture most of the laptops - but they don't make the chips like
CPU's or TPM's. The manufacturing process is also watched closely by
American companies that brand them.

Oops.. I do run Kaspersky AV though!



Your K. AV may have an embedded data collecting virus like what they did
on hard drives....You know who is they...

I know, but trust has to be placed somewhere - even if its not complete
trust. Kaspersky has caught nasties before they could do any damage
since I tend to click on some sites for research purposes that by their
very nature have malware (not pr0n BTW).

I'm usually careful enough to use a VM, but sometimes I forget or don't
realize the potential for harm on a site before I visit or download
something.

If the En-essay wants something off my computer, they will get it. If
not by technical means, then by intimidation by men in suits with a
warrant.

BTW... the 2nd phase technical audit for Truecrypt came out last week.
Its safe cryptologically.

G. Morgan wrote:
Tony Hwang wrote:

G. Morgan wrote:
wrote:

Not so much that it is european - it's just "not made here" If a Yank
didn't invent it, they don't want it.

That's kinda true. I don't want a microprocessor or anything security
related coming from China or Russia, for instance. Sure, they
manufacture most of the laptops - but they don't make the chips like
CPU's or TPM's. The manufacturing process is also watched closely by
American companies that brand them.

Oops.. I do run Kaspersky AV though!



Your K. AV may have an embedded data collecting virus like what they did
on hard drives....You know who is they...

I know, but trust has to be placed somewhere - even if its not complete
trust. Kaspersky has caught nasties before they could do any damage
since I tend to click on some sites for research purposes that by their
very nature have malware (not pr0n BTW).

I'm usually careful enough to use a VM, but sometimes I forget or don't
realize the potential for harm on a site before I visit or download
something.

If the En-essay wants something off my computer, they will get it. If
not by technical means, then by intimidation by men in suits with a
warrant.

BTW... the 2nd phase technical audit for Truecrypt came out last week.
Its safe cryptologically.



My mere defense is UTM in front of my home network. First thing every
morning I do is checking any sign of funnies or suspicion over night.
From my working day experience, anything everything can be broken if
enough time is taken.

G. Morgan wrote:

I don't want a microprocessor or anything security
related coming from China or Russia, for instance. Sure, they
manufacture most of the laptops - but they don't make the chips like
CPU's or TPM's. The manufacturing process is also watched closely by
American companies that brand them.

http://money.cnn.com/2015/02/19/tech...ovo-superfish/

| What is your plan for the future? At some point
| merchants may not have
| equipment to swipe?

Maybe not. My current plan is for now.

I don't see why you feel so strongly in your
defense of the changes. You've posted a flurry
of adamant posts saying that people should
accept the changes and not worry. I'm just
saying that I'm dubious, I want to be careful,
and I want to understand exactly what I'm
dealing with. And based on what I know now
I'm trying to protect my privacy/security. Doesn't
that make sense?

I find your approach is usually a symptom of
ostrich thinking: People who don't want to deal
with things get annoyed by people who do. Mention
computer security/privacy and the ostriches immediately
start making tinfoil hat jokes, because they don't
want to be reminded of what they're trying hard
to ignore. I've never subscribed to that strategy.
If you put your head in the sand you're likely to
get burned in the ass, or worse.
Willful ignorance seems like the relaxing option, but
in the end it's actually far more demanding and tiring
work than simply relating to things in the first place.

It's the pebble-in-the-shoe syndrome. We avoid a pebble
in our shoe because it seems like a hassle to stop and
take it out. Eventually we've got a sore foot and a pain
in our hip joint. Finally we tear off our shoe, furiously
mad at that pebble -- "I politely ignored you. How dare
you keep pestering me?!"

| High ticket items? Do you buy cars with credit
| cards? I don't.
|
| I was thinking about a $1500 TV, not so much a car!
|

You have rich tastes. If I had to pay $1,500 for
a TV I'd settle for reading.

If it weren't for Netflix I'm not sure I'd even bother.
PBS has gradually degenerated into the British Soap
Opera Channel. (With occasional breaks for Neil deGrasse
Tyson to pass off carnival barking and special effects
as science.) The networks seem to all be playing either
a slick version of Community Auditions or one of the
numerous sicko police shows like "Let's Hunt a Psycho
Murderer" or "Let's Figure Out Exactly How The Psycho
Murderer Tortured His Victims" or "Catching a Psycho
Murderer by Studying Worms in Corpses". (What is
it with this perverse, gruesome obsession?)
When I'm so tired that I'll watch almost anything, I
find myself switching back and forth between old
Cary Grant or John Wayne movies and ads for
transvaginal mesh lawsuits. .... I seem to remember
there used to actually be thoughtful shows on TV, but
I can't seem to find them anymore.

But all that aside, I sometimes do spend upward of
$1,000 at HD or lumber yards. I regularly spend several
hundred dollars at a time. I can't remember the last time
that I even had to show my card. I just swipe, scribble
gibberish on the plastic screen, and I'm on my way.

My impression is that both the merchants and the credit
card companies are generally happy with the status quo.
The credit card companies are making a bundle through
2% cuts and loansharking scams. They're apparently also
losing a lot through theft, but I'm guessing that's pocket
change for them. If it weren't they would have done
something about it.

On 4/12/2015 8:54 AM, Mayayana wrote:


I don't see why you feel so strongly in your
defense of the changes. You've posted a flurry
of adamant posts saying that people should
accept the changes and not worry. I'm just
saying that I'm dubious, I want to be careful,
and I want to understand exactly what I'm
dealing with. And based on what I know now
I'm trying to protect my privacy/security. Doesn't
that make sense?

Knowing what you are dealing with makes perfect sense. That is why I
think it is silly to destroy a security measure that will do you no
harm. Like you, I did a little research and I now know the difference
between an RFID and EMV chip.I also know I have no liability so I'm not
worried.

I find your approach is usually a symptom of
ostrich thinking: People who don't want to deal
with things get annoyed by people who do.

That is where you are wrong here. Your premise may have value, but I
did bother and educated myself and I'm confident it is better than the
old swipe card.




Willful ignorance seems like the relaxing option, but
in the end it's actually far more demanding and tiring
work than simply relating to things in the first place.

Yes, that is why I did some research. Eliminates the ignorance.

It's the pebble-in-the-shoe syndrome. We avoid a pebble
in our shoe because it seems like a hassle to stop and
take it out. Eventually we've got a sore foot and a pain
in our hip joint. Finally we tear off our shoe, furiously
mad at that pebble -- "I politely ignored you. How dare
you keep pestering me?!"

So we should adjust our tinfoil hats and move along.

On 4/12/2015 9:25 AM, Ed Pawlowski wrote:
On 4/12/2015 8:54 AM, Mayayana wrote:


I don't see why you feel so strongly in your
defense of the changes. You've posted a flurry
of adamant posts saying that people should
accept the changes and not worry. I'm just
saying that I'm dubious, I want to be careful,
and I want to understand exactly what I'm
dealing with. And based on what I know now
I'm trying to protect my privacy/security. Doesn't
that make sense?

Knowing what you are dealing with makes perfect sense. That is why I
think it is silly to destroy a security measure that will do you no
harm. Like you, I did a little research and I now know the difference
between an RFID and EMV chip.I also know I have no liability so I'm not
worried.

I find your approach is usually a symptom of
ostrich thinking: People who don't want to deal
with things get annoyed by people who do.

That is where you are wrong here. Your premise may have value, but I
did bother and educated myself and I'm confident it is better than the
old swipe card.




Willful ignorance seems like the relaxing option, but
in the end it's actually far more demanding and tiring
work than simply relating to things in the first place.

Yes, that is why I did some research. Eliminates the ignorance.

It's the pebble-in-the-shoe syndrome. We avoid a pebble
in our shoe because it seems like a hassle to stop and
take it out. Eventually we've got a sore foot and a pain
in our hip joint. Finally we tear off our shoe, furiously
mad at that pebble -- "I politely ignored you. How dare
you keep pestering me?!"

So we should adjust our tinfoil hats and move along.

In Canada we have had the chips for several years, now almost all the
POS machines will prompt you to insert the chip even if you try to swipe
it. Destroying the chip will effectively render the card useless.