#31
Quote:
Chip & PIN is significantly more secure than the mag stripe system. Not sure why you'd argue otherwise.
It's extremely easy to clone a mag strip card; exceedingly difficult (not going to say impossible, but it has yet to be done) to clone/skim a chip card. Add to that that mag stripe cards give over unencrypted data allowing man-in-the-middle attacks whereas data breaches with EMV cards are pointless as they'll only capture a one-time token.
As for asking for ID, that goes against Visa/MC policies, not to mention that if the card is cloned as opposed to stolen (which most fraud is), they'll print a card with a name to match the ID...
How is my post not quite accurate?Originally Posted by joshwex90
While these clearly belong in the credit card forums, this isn't quite accurate.Chip & PIN is significantly more secure than the mag stripe system. Not sure why you'd argue otherwise.
It's extremely easy to clone a mag strip card; exceedingly difficult (not going to say impossible, but it has yet to be done) to clone/skim a chip card. Add to that that mag stripe cards give over unencrypted data allowing man-in-the-middle attacks whereas data breaches with EMV cards are pointless as they'll only capture a one-time token.
As for asking for ID, that goes against Visa/MC policies, not to mention that if the card is cloned as opposed to stolen (which most fraud is), they'll print a card with a name to match the ID...
Visa/MC merchant policies in the US are not all the same as those outside the US.
I'm not arguing that Chip+PIN may be relatively less secure than non-chip+PIN cards, but I'm stating that they are not as secure as some may believe them to be and that they create some additional risk for some innocent people.
And biometric passports also create some additional risk for some innocent persons.
Swiped PINs can be a problem. And swiped biometrics can be a problem. In both cases, they have already led to some problems.
Data breaches with EMV cards are not pointless. The swiped card number + swiped PIN can be used to drain some accounts since not all uses of the cards involve reliance upon the chip.
#33
Quote:
Additional security measures can create new vulnerabilities and/or heighten existing vulnerabilities. It has nothing to do with tinfoil hat territory except in the heads of those unwilling or unable to consider the applicable facts on how some measures may create or make worse other problems.Originally Posted by surreycrv
So an additional security measure is is now being argued as possible unsafe... As I posted, tinfoil hat territory had been reached. Have your passports ready for inspection.
#34
A future generation of USG-wanted, ICAO-compliant biometric passports are to have RFIDs that are more than just read-only. The push is to require future passports to have electronic read-write storage capacity.
https://www.icao.int/Meetings/mrtd-s...7_Kefauver.pdf
https://www.icao.int/Meetings/mrtd-s...7_Kefauver.pdf
#35
This document appears to contradict itself. Page 4 boasts of "static" data being secure but the LDS2 proposal promises "update" of photo as well as intrusion of travel patterns and other data that presumably would be used to restrict/override a passenger's use of a visa.
Also, notice how page 6 says "Less reliance on physical document inspection procedures" as if a machine isn't physical. What they mean is less reliance on HUMAN inspectors.
Also, notice how page 6 says "Less reliance on physical document inspection procedures" as if a machine isn't physical. What they mean is less reliance on HUMAN inspectors.
#36
cafeconleche , Sep 14, 2017 2:06 am
I don't remember giving fingerprints for my US passport.
But, CIS have my fingerprints from when I wasn't a citizen. I wonder if those are destroyed... they ought to be.
I also think DMVs take thumbprints... I don't like those either.
But, CIS have my fingerprints from when I wasn't a citizen. I wonder if those are destroyed... they ought to be.
I also think DMVs take thumbprints... I don't like those either.
#37
Quote:
Also, notice how page 6 says "Less reliance on physical document inspection procedures" as if a machine isn't physical. What they mean is less reliance on HUMAN inspectors.
The intent is to have both a static (read-only) element and a dynamic (read-write) element for governmental use purposes.Originally Posted by martindo
This document appears to contradict itself. Page 4 boasts of "static" data being secure but the LDS2 proposal promises "update" of photo as well as intrusion of travel patterns and other data that presumably would be used to restrict/override a passenger's use of a visa.Also, notice how page 6 says "Less reliance on physical document inspection procedures" as if a machine isn't physical. What they mean is less reliance on HUMAN inspectors.
Governments want more automated inspection using biometrics because the CBP-type personnel may be no better at manually matching (or rejecting matches of) people's faces against passport photos than a toddler.
When manual inspection fails, it's not as systematically and time-intensively disruptive as when massive automation, applicable to huge numbers of people, massively fails.
#38
Quote:
I guess it depends on the state? NJ doesn't, and 99.99% sure that neither does NY or FloridaOriginally Posted by cafeconleche
I also think DMVs take thumbprints... I don't like those either.
#39
Quote:
Most regular license drivers in the US aren't required to submit fingerprints to get an ordinary state-issued driving license.Originally Posted by joshwex90
I guess it depends on the state? NJ doesn't, and 99.99% sure that neither does NY or Florida
#40
phltraveler , Sep 14, 2017 6:16 am
Quote:
New York doesn't for a standard or enhanced driver's license, and Pennsylvania definitely doesn't either.Originally Posted by joshwex90
I guess it depends on the state? NJ doesn't, and 99.99% sure that neither does NY or Florida
#41
cafeconleche , Sep 14, 2017 9:54 am
Hmm seems only four states - CA, CO, GA and TX - require fingerprints! I did it in CA. But, it's an old website.
https://www.cga.ct.gov/2001/rpt/2001-R-0858.htm
https://www.cga.ct.gov/2001/rpt/2001-R-0858.htm
#42
Quote:
Didn't think PA either but forgot to add them to my "list."Originally Posted by phltraveler
New York doesn't for a standard or enhanced driver's license, and Pennsylvania definitely doesn't either.
#43
Quote:
https://www.cga.ct.gov/2001/rpt/2001-R-0858.htm
Sounds like that covers a minority of the driving US population.Originally Posted by cafeconleche
Hmm seems only four states - CA, CO, GA and TX - require fingerprints! I did it in CA. But, it's an old website.https://www.cga.ct.gov/2001/rpt/2001-R-0858.htm
#45
Quote:
20 to 25% is indeed a substantial minority.Originally Posted by iamflyer
A minority for sure but in 2014 those states made up about 24% of licensed drivers so not an insignificant portion either.