Chip and Pin question

Use this board for general non-cycling-related chat, or to introduce yourself to the forum.
User avatar
NATURAL ANKLING
Posts: 10695
Joined: 24 Oct 2012, 10:43pm
Location: English Riviera

Re: Chip and Pin question

Postby NATURAL ANKLING » 13 Oct 2019, 11:28am

Hi,
First point, I never look or focus on peoples pins, like suggested I tend to look the other way, I have no want or need to look.

I would suggest that the pin You type Is never stored on the card, i.e. a code might be stored but not the actual pin, if anything is stored at all it would be useless in the next transaction?

I always cover the keypad where ever I am it just makes common sense.

The links I posted were just random, sounded very plausible to me, though I did not scrutinising 100%.

I think one thing we can say is true is that, when you get a new card and use it the old one is useless?

Edited – HSBC require cards to be activated online before use.
If You Don't Try You Don't Do.....Don't Do You Don't Get...I'm Still Trying....Well Very..
You'll Find Me At The Top Of A Hill...............Somewhere...After Dark..

kwackers
Posts: 13765
Joined: 4 Jun 2008, 9:29pm
Location: Warrington

Re: Chip and Pin question

Postby kwackers » 13 Oct 2019, 11:49am

PDQ Mobile wrote:Kwackers
Think on...?
Think on what?

I am old I fear.

Perhaps it's a colloquialism.

Try to use your card but the pin isn't accepted, switch on the grey matter and realise you changed the pin (think on) so you enter the old pin and viola!

PDQ Mobile
Posts: 3024
Joined: 2 Aug 2015, 4:40pm

Re: Chip and Pin question

Postby PDQ Mobile » 13 Oct 2019, 12:08pm

kwackers wrote:
PDQ Mobile wrote:Kwackers
Think on...?
Think on what?

I am old I fear.

Perhaps it's a colloquialism.

Try to use your card but the pin isn't accepted, switch on the grey matter and realise you changed the pin (think on) so you enter the old pin and viola!

As in a string orchestra starts to play!
Voila! Just like that. :wink:

I kinda figured it was modern usage.
And sometimes I do feel old.

I think you are right (and Psamanthe too) about the card question.
Something is written to the card but in encrypted form.
( i am so old I don't understand what "hash" really means.

User avatar
NATURAL ANKLING
Posts: 10695
Joined: 24 Oct 2012, 10:43pm
Location: English Riviera

Re: Chip and Pin question

Postby NATURAL ANKLING » 13 Oct 2019, 12:18pm

Hi,
Maybe this document will do, not read it yet, I think this explains levels of security depending on where and how it is authorised
https://usa.visa.com/dam/VCOM/download/ ... deline.pdf


https://www.asecurelife.com/how-does-th ... formation/
One time unique transaction code?
All the information that sounds very plausible, like you imagine it would be Even if this is an old document.

"however, creates a unique, one-time transaction code every time it is used, like a one-time password that can’t be used again"

I believe that the pin is never stored or sent, I think that has been suggested in previous posts.
Would be silly to store the pin Or send it simply coded, the combination of your card information and the pin Is converted into a code and then sent to your bank Authorisation of release of monies.

A new card with your old pin Still identifies you as the user, banks computer recognises your new card and your old pin.
I doubt very much you can change your pin Without communication with your banks computer, that would be a bit silly.
If You Don't Try You Don't Do.....Don't Do You Don't Get...I'm Still Trying....Well Very..
You'll Find Me At The Top Of A Hill...............Somewhere...After Dark..

kwackers
Posts: 13765
Joined: 4 Jun 2008, 9:29pm
Location: Warrington

Re: Chip and Pin question

Postby kwackers » 13 Oct 2019, 12:44pm

PDQ Mobile wrote:( i am so old I don't understand what "hash" really means.

A hash is just a number or string of characters that's calculated using some maths.

For example if your pin is 1234 and you multiply it by 11 divide it by 7 and add the original number you'd get 3173.
That 3173 is the hash. Its just something that's related to the original number but isn't it.

So when you enter your pin the hash is calculated and compared to the number stored which is the 3173, unless it's 1234 then the answer won't be 3173.

Now obviously you're going to say that but if I know the hash is 3173 then I could just work backwards and work out what the pin is?
And you'd be right except that in the real world the maths is fiendishly complicated and so it's simply not possible to work out the pin from the hash.

Here for example is the pin 1234 hashed using SHA-256
03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4

If you can figure out how to get 1234 back from that, PM me quick and we can both be incredibly wealthy. ;)
(I should add that the hash isn't just the PIN otherwise there'd only be 10,000 hashes. It's almost certainly a combination of the card number and the pin.)

PDQ Mobile
Posts: 3024
Joined: 2 Aug 2015, 4:40pm

Re: Chip and Pin question

Postby PDQ Mobile » 13 Oct 2019, 1:25pm

Is that different from encrypted?

Psamathe
Posts: 10603
Joined: 10 Jan 2014, 8:56pm

Re: Chip and Pin question

Postby Psamathe » 13 Oct 2019, 1:47pm

PDQ Mobile wrote:Is that different from encrypted?

Encrypted can be decrypted (or is designed to be decrypted). Hashed is not designed to be un-hashed.

Ian

skicat
Posts: 516
Joined: 21 Jun 2011, 1:09pm
Location: NCN52 / SL8

Re: Chip and Pin question

Postby skicat » 14 Oct 2019, 1:34pm

Ok, here's a follow on question for you all. Given all the "actors" in play during a chip & pin card transaction, which of the following has the FINAL say, all things considered, as to whether your transaction will be accepted or declined. And I do mean the final say - who decides last....?

Your card
The chip and pin card reader
The person at the till
The computer in the back office of the supermarket (or wherever)
A computer at the supermarket's data centre
The card processor gateway (e.g. Worldpay)
Your bank

(I do know the answer to this one, and I suspect a few contributors to this thread do too).
The hurrier I go, the behinder I get

User avatar
Mick F
Spambuster
Posts: 46836
Joined: 7 Jan 2007, 11:24am
Location: Tamar Valley, Cornwall

Re: Chip and Pin question

Postby Mick F » 14 Oct 2019, 2:20pm

Your bank.
It could all go through swimmingly for a purchase - even online - but if you bank decides you are person non grata, they could refuse to pay the shop's account. The shop is the last person in the line as the bill is settled ....... but it may not be.

ATM is a different thing though. That must be almost instantaneous and approved.
Mick F. Cornwall

rjb
Posts: 3469
Joined: 11 Jan 2007, 10:25am
Location: Somerset (originally 60/70's Plymouth)

Re: Chip and Pin question

Postby rjb » 14 Oct 2019, 2:27pm

Some of those calculator look alike card readers can see the pin from other card providers. My Barclays one can check the pin is correct for other banks.
Do muggers carry one around to demand your pin when robbing you. :shock:
At the last count:- Focus Variado, Peugeot 531 pro, Dawes Discovery Tandem, Dawes Kingpin, Raleigh 20, Falcon K2 MTB dropped bar tourer, Longstaff trike conversion on a Falcon corsa. :D

User avatar
NATURAL ANKLING
Posts: 10695
Joined: 24 Oct 2012, 10:43pm
Location: English Riviera

Re: Chip and Pin question

Postby NATURAL ANKLING » 14 Oct 2019, 2:48pm

Hi,
That's why I like Pay Pal.
If You Don't Try You Don't Do.....Don't Do You Don't Get...I'm Still Trying....Well Very..
You'll Find Me At The Top Of A Hill...............Somewhere...After Dark..

skicat
Posts: 516
Joined: 21 Jun 2011, 1:09pm
Location: NCN52 / SL8

Re: Chip and Pin question

Postby skicat » 15 Oct 2019, 12:28pm

Mick F wrote:Your bank.

Nope. It isn't your bank.
The hurrier I go, the behinder I get

kwackers
Posts: 13765
Joined: 4 Jun 2008, 9:29pm
Location: Warrington

Re: Chip and Pin question

Postby kwackers » 15 Oct 2019, 12:46pm

rjb wrote:Some of those calculator look alike card readers can see the pin from other card providers. My Barclays one can check the pin is correct for other banks.
Do muggers carry one around to demand your pin when robbing you. :shock:

They can verify the pin but IME the code they return doesn't work (not that a mugger is bothered by that).

merseymouth
Posts: 1116
Joined: 23 Jan 2011, 11:16am

Re: Chip and Pin question

Postby merseymouth » 15 Oct 2019, 4:39pm

Hi all, Why use Chip & PIN, one can still get & use Chip & Signature! Works for me. MM

User avatar
NATURAL ANKLING
Posts: 10695
Joined: 24 Oct 2012, 10:43pm
Location: English Riviera

Re: Chip and Pin question

Postby NATURAL ANKLING » 15 Oct 2019, 8:36pm

Hi,
merseymouth wrote:Hi all, Why use Chip & PIN, one can still get & use Chip & Signature! Works for me. MM

I have no problem with chip and pin.....................apart from the fact that my index finger is too weak to operate the buttons :(
Doesn't help with chip and sig as my writing is also affected :P

What did we do before cards..
If You Don't Try You Don't Do.....Don't Do You Don't Get...I'm Still Trying....Well Very..
You'll Find Me At The Top Of A Hill...............Somewhere...After Dark..