In article <94e8268a-85ff-4994-bbd0-fdab721cb9c2
@e67g2000hsc.googlegroups.com>, says...
> On 6 Dec, 05:36, T > wrote:
> > In article >, sf says...
> >
> > > On Wed, 5 Dec 2007 22:23:50 -0600, "jmcquown" >
> > > wrote:
> >
> > > >Normally there's a long wait unless you get there very early. It's a shame
> > > >the owner is reporting business has dropped off because of this scheme. It
> > > >was certainly not her fault.
> >
> > > It's time more restaurants adopted the European style portable card
> > > readers. Your credit card never leaves your sight, so there is less
> > > room for fraud.
> >
> > There's always room for fraud. Those mobile terminals are wireless
> > terminals. As it currently stands, a suitably equipped PC can crack WEP
> > passwords fairly easily. I wouldn't imagine WPA is far behind.
> >
> > And knowing device manufacturers like I know device manufacturers, they
> > took the cheap way out as far as encrypting the wireless connection.
>
> There's a lot more to it than WEP or WPA. some of them use cellular
> technology and the authorisation piece is done under a separately
> encrypted conversation between the card, reader and the authorisation
> switch. The PIN pads are encrypted so that no data is transmitted in
> the clear and only a valid response from the auth host is acceptable
> or the transaction is rejected. If the card is cloned (and here in the
> UK we only accept CHIP based transaction, magstrip is old hat) the
> Bank will know and the card can be retained
>
> Doc
>

All well and good. They probably use a keying algorithm. All you need to
do is get one of the machines and you can figure out all the encryption.