On 6 Dec, 05:36, T > wrote:
> In article >, sf says...
>
> > On Wed, 5 Dec 2007 22:23:50 -0600, "jmcquown" >
> > wrote:
>
> > >Normally there's a long wait unless you get there very early. It's a shame
> > >the owner is reporting business has dropped off because of this scheme. It
> > >was certainly not her fault.
>
> > It's time more restaurants adopted the European style portable card
> > readers. Your credit card never leaves your sight, so there is less
> > room for fraud.
>
> There's always room for fraud. Those mobile terminals are wireless
> terminals. As it currently stands, a suitably equipped PC can crack WEP
> passwords fairly easily. I wouldn't imagine WPA is far behind.
>
> And knowing device manufacturers like I know device manufacturers, they
> took the cheap way out as far as encrypting the wireless connection.

There's a lot more to it than WEP or WPA. some of them use cellular
technology and the authorisation piece is done under a separately
encrypted conversation between the card, reader and the authorisation
switch. The PIN pads are encrypted so that no data is transmitted in
the clear and only a valid response from the auth host is acceptable
or the transaction is rejected. If the card is cloned (and here in the
UK we only accept CHIP based transaction, magstrip is old hat) the
Bank will know and the card can be retained

Doc