Page 2 of 4

Re: Chip and Pin question

Posted: 12 Oct 2019, 12:54pm
by Mick F
Psamathe wrote:Maybe the 1st time you use the new card it asks the bank for the PIN (or the hashed form of the PIN the card might use). Remember that all these machines that use your card with PIN are connected to your bank.
This sounds correct-ish to me.
The machines aren't always connected to your bank. The case in point of on an aircraft for instance.
I'm being a bit awkward about this I'm sure, as most of the time the system works without a hitch .......... so why worry eh?

I like the idea that the new card has a "hashed form of Pin" and it gets sorted the first time you use it .............. at a connected terminal.

Re: Chip and Pin question

Posted: 12 Oct 2019, 1:04pm
by Psamathe
Mick F wrote:
Psamathe wrote:Maybe the 1st time you use the new card it asks the bank for the PIN (or the hashed form of the PIN the card might use). Remember that all these machines that use your card with PIN are connected to your bank.
This sounds correct-ish to me.
The machines aren't always connected to your bank. The case in point of on an aircraft for instance.......

Why wouldn't a card reader be connected to your bank on an aircraft (when passengers are connected to Social Media, work, etc.). Even the Space Station has internet connectivity.

Ian

Re: Chip and Pin question

Posted: 12 Oct 2019, 1:54pm
by philvantwo
Mick F the drama queen!!
:lol: :lol: :lol:
I know that you have to use chip and pin with a new card before it will work using contactless payment.

Re: Chip and Pin question

Posted: 12 Oct 2019, 2:13pm
by DaveReading
Psamathe wrote:
Mick F wrote:
Psamathe wrote:Maybe the 1st time you use the new card it asks the bank for the PIN (or the hashed form of the PIN the card might use). Remember that all these machines that use your card with PIN are connected to your bank.
This sounds correct-ish to me.
The machines aren't always connected to your bank. The case in point of on an aircraft for instance.......

Why wouldn't a card reader be connected to your bank on an aircraft (when passengers are connected to Social Media, work, etc.). Even the Space Station has internet connectivity.

Contrary to popular belief, many aircraft don't have satcomms/Internet connectivity

Re: Chip and Pin question

Posted: 12 Oct 2019, 2:22pm
by Psamathe
DaveReading wrote:
Psamathe wrote:
Mick F wrote:This sounds correct-ish to me.
The machines aren't always connected to your bank. The case in point of on an aircraft for instance.......

Why wouldn't a card reader be connected to your bank on an aircraft (when passengers are connected to Social Media, work, etc.). Even the Space Station has internet connectivity.

Contrary to popular belief, many aircraft don't have satcomms/Internet connectivity

All the long haul ones I've been on in the last year have (not the short hop <1hr ones - though I actually didn't check so can't absolutely say they didn't).
I've no idea how good those connections were as I could not be bothered to try them - I really didn't need the internet on the flights (and some you had to pay for anyway).

https://www.edreams.com/blog/in-flight-wifi/

Ian

Re: Chip and Pin question

Posted: 12 Oct 2019, 2:50pm
by DaveReading
Psamathe wrote:
DaveReading wrote:
Psamathe wrote:Why wouldn't a card reader be connected to your bank on an aircraft (when passengers are connected to Social Media, work, etc.). Even the Space Station has internet connectivity.

Contrary to popular belief, many aircraft don't have satcomms/Internet connectivity

All the long haul ones I've been on in the last year have (not the short hop <1hr ones - though I actually didn't check so can't absolutely say they didn't).

Yes, but most of the airliners flying are short-haul ones. :)

Re: Chip and Pin question

Posted: 12 Oct 2019, 3:11pm
by Psamathe
DaveReading wrote:
Psamathe wrote:
DaveReading wrote:Contrary to popular belief, many aircraft don't have satcomms/Internet connectivity

All the long haul ones I've been on in the last year have (not the short hop <1hr ones - though I actually didn't check so can't absolutely say they didn't).

Yes, but most of the airliners flying are short-haul ones. :)

My short haul ones were is South America so not representative of what is probably being discussed anyway - but watching out of the window was far more interesting than bothering to see if Wi-Fi available.

But on the validation of credit card transactions on aircraft I suspect they are low risk anyway. I'd think the airlines probably have a high'ish floor limit, generally know where you live and even if you use a stolen card they have such a mark-up on the ludicrously overpriced stuff they can still make fabulous profits after taking a loss or two.

Ian

Re: Chip and Pin question

Posted: 12 Oct 2019, 9:19pm
by NATURAL ANKLING
Hi,
The only one who knows your pin is you.
And the banks computer encrypted.

Your account details are on the card, contactless is limited to £30 This limits fraud.

You have to activate new cards online.
Maybe your bank doesn't have this level of security?

Transactions without pin are limited, so are ones over the phone with security numbers on rear of card.

I don't know specifically but your card gets you to the till and identifies you, but to get your hands on the money you need the personal pin.
would be silly to store your pin on the card.

transactions with card and security numbers on rear of card, need you to phone someone/enter details online, this identifies your location/phone number, Would prove somewhat limited To your smash and grab thief.

Tip always cover the keypad with your hand when in public and in shops et cetera, otherwise someone can stand behind you in the queue see your pin number and follow you out the door and down the street, bang you on the head Then go off with your card.

I once stood behind a guy in the post office he drew out £5000 in cash with his card, after his transaction I suggested to him that he cover the keypad next time he does that.

Re: Chip and Pin question

Posted: 12 Oct 2019, 11:47pm
by Psamathe
NATURAL ANKLING wrote:.....
I don't know specifically but your card gets you to the till and identifies you, but to get your hands on the money you need the personal pin.
would be silly to store your pin on the card.
.....

No way would the PIN be stored on the card but the hash is so the PIN you enter can be validated without contacting the bank at least it can on one of my cards. Couple of years ago I filled up with petrol in Sainsbury who didn't have "Pay At Pump". Went in to pay, entered my PIN which said "PIN OK" and then "Transaction declined". Person on till was confused as card companies have a policy of never declining petrol payments (as they petrol is already in your tank and you can't "leave it at the till". So we tried again and I watched particularly carefully and "PIN OK" then "Transaction declined". I had cash and paid with cash and got home, called the card company to give them a "strong talking to". They checked and they never got any request from the petrol station. They said the only way they could see the transaction failing wa sif communications lines were down as they don't decline petrol payments and my account is fine and would not have been declined anyway.

So PIN validated on card without communicating with bank.

Ian

Re: Chip and Pin question

Posted: 13 Oct 2019, 1:05am
by NATURAL ANKLING
Hi,
Well-
http://sidekick.windforwings.com/2008/0 ... d.html?m=1
One explanation :P

Interesting-
https://en.m.wikipedia.org/wiki/Persona ... ion_number

"Breakable PINs can worsen with length, to wit:

The problem with guessable PINs surprisingly worsens when customers are forced to use additional digits, moving from about a 25% probability with fifteen numbers to more than 30% (not counting 7-digits with all those phone numbers). In fact, about half of all 9-digit PINs can be reduced to two dozen possibilities, largely because more than 35% of all people use the all too tempting 123456789. As for the remaining 64%, there's a good chance they're using their Social Security Number, which makes them vulnerable. (Social Security Numbers contain their own well-known patterns"

Re: Chip and Pin question

Posted: 13 Oct 2019, 9:31am
by Mick F
Very interesting NA.
Thanks.
Makes sense.

Still doesn't explain how all this works without being connected to a bank, or by using one of the little gadgets from Natwest I showed that verifies the Pin or how the bank can send you a new card with the existing Pin.

PS, we don't have to go online and verify our new cards.

Re: Chip and Pin question

Posted: 13 Oct 2019, 9:39am
by kwackers
Mick F wrote:Very interesting NA.
Thanks.
Makes sense.

Still doesn't explain how all this works without being connected to a bank, or by using one of the little gadgets from Natwest I showed that verifies the Pin or how the bank can send you a new card with the existing Pin.

PS, we don't have to go online and verify our new cards.

The card is preset with your pin at the point of creation.
If you change the pin after that then your gadget won't work with the new pin until you insert it in a connected machine at which point it'll update.
(It's even possible whilst the gadget will accept the old pin it won't create a valid code the bank will accept since they could hash the code with the pin.)

When you enter the pin in a connected machine the verification is with the bank not the card, in fact the card will only accept the old pin when it's not connected and as far as I know that means only with your gadget.
So if you use it online, via a terminal or anything similar it doesn't matter what the card thinks the number is the verification is done online with the bank and the card simply updated with the new pin.

Changing the PIN and then trying to use your gadget with the new pin is an edge case that probably very rarely occurs and you'd either cotton on that you need to use the old pin or you'd contact the bank and they'd tell you the same (or suggest you put the card into a bank machine and check your balance or some such).

Re: Chip and Pin question

Posted: 13 Oct 2019, 10:26am
by PDQ Mobile
Mick F wrote:Very interesting NA.
Thanks.
Makes sense.

Still doesn't explain how all this works without being connected to a bank, or by using one of the little gadgets from Natwest I showed that verifies the Pin or how the bank can send you a new card with the existing Pin.

PS, we don't have to go online and verify our new cards.

Well I didn't think it was very interesting.
A couple of irrelevant quotes from unknown websites.
The weakness of existing PINs is not answering your original question at all. And those statistics all rely on very dubious presumtions.

Mind you your PIN is definitely weak if NA stands behind you when you pay!!
Personally I ALWAYS look away when someone is paying, but then I'm straight and honest.

The original question is how does payment succeed if you change your PIN after the new card is posted and then pay at an unconnected terminal. All other configurations have been accounted for.

Actually it's amazing that no one on here knows whether a short haul Easyjet flight has connectivity or not.
My guess upthread is that there is no connectivity on many such aircraft.
And that in the outside chance that you changed your old PIN number just before you flew and then took a brand new card with you that had never bern inserted into a terminal then payment might well be refused.

Test it!?
Though it is your credit card that you need to change the PIN of, you have said. Which may or may not be your normal bank.
I am not so sure about Credit Card PINs. My applications always get refused. :shock:

Re: Chip and Pin question

Posted: 13 Oct 2019, 10:33am
by kwackers
PDQ Mobile wrote:The original question is how does payment succeed if you change your PIN after the new card is posted and then pay at an unconnected terminal. All other configurations have been accounted for.

Actually it's amazing that no one on hear knows whether a short haul Easyjet flight has connectivity or not.

If you try to use the new pin then the transaction will be refused because an unconnected terminal can only go with what it knows and it doesn't know your new pin.
However it should work fine with the old pin - if you remember to think on.

Some aircraft have internet connectivity although I suspect they don't bother for the hand held terminals.

Here's another way to think about it.
Credit card impressions and signatures are still valid. Presenting a card to an unconnected terminal and entering an (old) pin is no worse than that system.
So I suspect as long as you think on and use the old pin it'll all go through swimmingly otherwise you simply get an "incorrect PIN" message from the terminal.

I think there's too much thinking going on in this thread. ;)

Re: Chip and Pin question

Posted: 13 Oct 2019, 10:41am
by PDQ Mobile
Kwackers
Think on...?
Think on what?

I am old I fear.