Chip and Pin question

Use this board for general non-cycling-related chat, or to introduce yourself to the forum.
User avatar
NATURAL ANKLING
Posts: 13780
Joined: 24 Oct 2012, 10:43pm
Location: English Riviera

Re: Chip and Pin question

Post by NATURAL ANKLING »

Hi,
First point, I never look or focus on peoples pins, like suggested I tend to look the other way, I have no want or need to look.

I would suggest that the pin You type Is never stored on the card, i.e. a code might be stored but not the actual pin, if anything is stored at all it would be useless in the next transaction?

I always cover the keypad where ever I am it just makes common sense.

The links I posted were just random, sounded very plausible to me, though I did not scrutinising 100%.

I think one thing we can say is true is that, when you get a new card and use it the old one is useless?

Edited – HSBC require cards to be activated online before use.
NA Thinks Just End 2 End Return + Bivvy - Some day Soon I hope
You'll Still Find Me At The Top Of A Hill
Please forgive the poor Grammar I blame it on my mobile and phat thinkers.
kwackers
Posts: 15643
Joined: 4 Jun 2008, 9:29pm
Location: Warrington

Re: Chip and Pin question

Post by kwackers »

PDQ Mobile wrote:Kwackers
Think on...?
Think on what?

I am old I fear.

Perhaps it's a colloquialism.

Try to use your card but the pin isn't accepted, switch on the grey matter and realise you changed the pin (think on) so you enter the old pin and viola!
PDQ Mobile
Posts: 4659
Joined: 2 Aug 2015, 4:40pm

Re: Chip and Pin question

Post by PDQ Mobile »

kwackers wrote:
PDQ Mobile wrote:Kwackers
Think on...?
Think on what?

I am old I fear.

Perhaps it's a colloquialism.

Try to use your card but the pin isn't accepted, switch on the grey matter and realise you changed the pin (think on) so you enter the old pin and viola!

As in a string orchestra starts to play!
Voila! Just like that. :wink:

I kinda figured it was modern usage.
And sometimes I do feel old.

I think you are right (and Psamanthe too) about the card question.
Something is written to the card but in encrypted form.
( i am so old I don't understand what "hash" really means.
User avatar
NATURAL ANKLING
Posts: 13780
Joined: 24 Oct 2012, 10:43pm
Location: English Riviera

Re: Chip and Pin question

Post by NATURAL ANKLING »

Hi,
Maybe this document will do, not read it yet, I think this explains levels of security depending on where and how it is authorised
https://usa.visa.com/dam/VCOM/download/ ... deline.pdf


https://www.asecurelife.com/how-does-th ... formation/
One time unique transaction code?
All the information that sounds very plausible, like you imagine it would be Even if this is an old document.

"however, creates a unique, one-time transaction code every time it is used, like a one-time password that can’t be used again"

I believe that the pin is never stored or sent, I think that has been suggested in previous posts.
Would be silly to store the pin Or send it simply coded, the combination of your card information and the pin Is converted into a code and then sent to your bank Authorisation of release of monies.

A new card with your old pin Still identifies you as the user, banks computer recognises your new card and your old pin.
I doubt very much you can change your pin Without communication with your banks computer, that would be a bit silly.
NA Thinks Just End 2 End Return + Bivvy - Some day Soon I hope
You'll Still Find Me At The Top Of A Hill
Please forgive the poor Grammar I blame it on my mobile and phat thinkers.
kwackers
Posts: 15643
Joined: 4 Jun 2008, 9:29pm
Location: Warrington

Re: Chip and Pin question

Post by kwackers »

PDQ Mobile wrote:( i am so old I don't understand what "hash" really means.

A hash is just a number or string of characters that's calculated using some maths.

For example if your pin is 1234 and you multiply it by 11 divide it by 7 and add the original number you'd get 3173.
That 3173 is the hash. Its just something that's related to the original number but isn't it.

So when you enter your pin the hash is calculated and compared to the number stored which is the 3173, unless it's 1234 then the answer won't be 3173.

Now obviously you're going to say that but if I know the hash is 3173 then I could just work backwards and work out what the pin is?
And you'd be right except that in the real world the maths is fiendishly complicated and so it's simply not possible to work out the pin from the hash.

Here for example is the pin 1234 hashed using SHA-256
03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4

If you can figure out how to get 1234 back from that, PM me quick and we can both be incredibly wealthy. ;)
(I should add that the hash isn't just the PIN otherwise there'd only be 10,000 hashes. It's almost certainly a combination of the card number and the pin.)
PDQ Mobile
Posts: 4659
Joined: 2 Aug 2015, 4:40pm

Re: Chip and Pin question

Post by PDQ Mobile »

Is that different from encrypted?
Psamathe
Posts: 17648
Joined: 10 Jan 2014, 8:56pm

Re: Chip and Pin question

Post by Psamathe »

PDQ Mobile wrote:Is that different from encrypted?

Encrypted can be decrypted (or is designed to be decrypted). Hashed is not designed to be un-hashed.

Ian
skicat
Posts: 517
Joined: 21 Jun 2011, 1:09pm
Location: NCN52 / SL8

Re: Chip and Pin question

Post by skicat »

Ok, here's a follow on question for you all. Given all the "actors" in play during a chip & pin card transaction, which of the following has the FINAL say, all things considered, as to whether your transaction will be accepted or declined. And I do mean the final say - who decides last....?

Your card
The chip and pin card reader
The person at the till
The computer in the back office of the supermarket (or wherever)
A computer at the supermarket's data centre
The card processor gateway (e.g. Worldpay)
Your bank

(I do know the answer to this one, and I suspect a few contributors to this thread do too).
The hurrier I go, the behinder I get
User avatar
Mick F
Spambuster
Posts: 56359
Joined: 7 Jan 2007, 11:24am
Location: Tamar Valley, Cornwall

Re: Chip and Pin question

Post by Mick F »

Your bank.
It could all go through swimmingly for a purchase - even online - but if you bank decides you are person non grata, they could refuse to pay the shop's account. The shop is the last person in the line as the bill is settled ....... but it may not be.

ATM is a different thing though. That must be almost instantaneous and approved.
Mick F. Cornwall
rjb
Posts: 7200
Joined: 11 Jan 2007, 10:25am
Location: Somerset (originally 60/70's Plymouth)

Re: Chip and Pin question

Post by rjb »

Some of those calculator look alike card readers can see the pin from other card providers. My Barclays one can check the pin is correct for other banks.
Do muggers carry one around to demand your pin when robbing you. :shock:
At the last count:- Peugeot 531 pro, Dawes Discovery Tandem, Dawes Kingpin X3, Raleigh 20 stowaway, 1965 Moulton deluxe, Falcon K2 MTB dropped bar tourer, Rudge Bi frame folder, Longstaff trike conversion on a Giant XTC 840 :D
User avatar
NATURAL ANKLING
Posts: 13780
Joined: 24 Oct 2012, 10:43pm
Location: English Riviera

Re: Chip and Pin question

Post by NATURAL ANKLING »

Hi,
That's why I like Pay Pal.
NA Thinks Just End 2 End Return + Bivvy - Some day Soon I hope
You'll Still Find Me At The Top Of A Hill
Please forgive the poor Grammar I blame it on my mobile and phat thinkers.
skicat
Posts: 517
Joined: 21 Jun 2011, 1:09pm
Location: NCN52 / SL8

Re: Chip and Pin question

Post by skicat »

Mick F wrote:Your bank.

Nope. It isn't your bank.
The hurrier I go, the behinder I get
kwackers
Posts: 15643
Joined: 4 Jun 2008, 9:29pm
Location: Warrington

Re: Chip and Pin question

Post by kwackers »

rjb wrote:Some of those calculator look alike card readers can see the pin from other card providers. My Barclays one can check the pin is correct for other banks.
Do muggers carry one around to demand your pin when robbing you. :shock:

They can verify the pin but IME the code they return doesn't work (not that a mugger is bothered by that).
merseymouth
Posts: 2519
Joined: 23 Jan 2011, 11:16am

Re: Chip and Pin question

Post by merseymouth »

Hi all, Why use Chip & PIN, one can still get & use Chip & Signature! Works for me. MM
User avatar
NATURAL ANKLING
Posts: 13780
Joined: 24 Oct 2012, 10:43pm
Location: English Riviera

Re: Chip and Pin question

Post by NATURAL ANKLING »

Hi,
merseymouth wrote:Hi all, Why use Chip & PIN, one can still get & use Chip & Signature! Works for me. MM

I have no problem with chip and pin.....................apart from the fact that my index finger is too weak to operate the buttons :(
Doesn't help with chip and sig as my writing is also affected :P

What did we do before cards..
NA Thinks Just End 2 End Return + Bivvy - Some day Soon I hope
You'll Still Find Me At The Top Of A Hill
Please forgive the poor Grammar I blame it on my mobile and phat thinkers.
Post Reply