The bank fraud blame game

[Eugen Leitl]

On Mon, Jul 02, 2007 at 01:08:12AM +1200, Peter Gutmann wrote:

> Such a device was actually manufactured in Europe in the late 1990s,

Smartcard readers (some of them with display) are semi-widespread
at least in Germany (a dust-covered ReinerSCT (sans display)) with a smartcard
which was once used for financial HBCI transactions sticking out is sitting on 
the tabletop behind the monitor). Next generation
FinTS (HBCI successor) will be based on mandatory smartcard with readers.
I'm not sure they're doing the entire transaction crypto in the smartcard
reader compartment (can't pull up the specs), but it appears likely.

> unfortunately they couldn't find any bank willing to pay the cost, and it was
> discontinued.  Similar devices are still being made for some vertical-market
> applications, but they're sold at astronomical prices.

Simple USB or serial smartcard readers go for 20-30 EUR, and those with a 
display not much more.
 
> Given that all you need for this is a glorified pocket calculator, you could
> (in large enough quantities) probably get it made for < $10, provided you shot
> anyone who tried to introduce product-deployment DoS mechanisms like smart
> cards and EMV into the picture.  Now all we need to do is figure out how to
> get there from here.

The banking and financial industry is one of most insanely conservative
I've ever heard of. It takes massive phishing and keylogging fraud to make
them change their mind over the course of half a decade.

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE