On Mon, Jul 02, 2007 at 01:08:12AM +1200, Peter Gutmann wrote:

Such a device was actually manufactured in Europe in the late 1990s,

Smartcard readers (some of them with display) are semi-widespread at least in Germany (a dust-covered ReinerSCT (sans display)) with a smartcard which was once used for financial HBCI transactions sticking out is sitting on the tabletop behind the monitor). Next generation FinTS (HBCI successor) will be based on mandatory smartcard with readers. I'm not sure they're doing the entire transaction crypto in the smartcard reader compartment (can't pull up the specs), but it appears likely.

unfortunately they couldn't find any bank willing to pay the cost, and it was discontinued. Similar devices are still being made for some vertical-market applications, but they're sold at astronomical prices.

Simple USB or serial smartcard readers go for 20-30 EUR, and those with a display not much more.

Given that all you need for this is a glorified pocket calculator, you could (in large enough quantities) probably get it made for < $10, provided you shot anyone who tried to introduce product-deployment DoS mechanisms like smart cards and EMV into the picture. Now all we need to do is figure out how to get there from here.

The banking and financial industry is one of most insanely conservative I've ever heard of. It takes massive phishing and keylogging fraud to make them change their mind over the course of half a decade. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE