bloomberg on supermicro: sky is falling
brandon at rd.bbc.co.uk
Wed Oct 10 16:37:26 UTC 2018
On Wed Oct 10, 2018 at 09:17:37AM -0700, Brian Kantor wrote:
> I understand that in some countries the common practice is that the
> waiter or clerk brings the card terminal to you or you go to it at the
> cashier's desk, and you insert or swipe it, so the card never leaves
> your hand. And you have to enter the PIN as well. This seems
> notably more secure against point-of-sale compromise.
PIN is more secure but the device is wireless and may have been
compromised. All (that I've seen) POS are now PIN based in UK. Internet
use still asks for CVV sadly though verified by visa is still occasionally
used but is only protecting the places you probably already trust.
There have been cards with a OTP display but they didn't become popular.
I try and use Apple pay where possible. Apple assure us that their
account code and one time security codes prevent the attacker aquiring
the card number/pin/cvv and any captured data can not be used to make
another transaction. Really eveything should do at least this.
More information about the NANOG