On 7 Dec, 04:49, T > wrote:
> In article <94e8268a-85ff-4994-bbd0-fdab721cb9c2
> @e67g2000hsc.googlegroups.com>, says...
>
>
>
>
>
> > On 6 Dec, 05:36, T > wrote:
> > > In article >, sf says...
>
> > > > On Wed, 5 Dec 2007 22:23:50 -0600, "jmcquown" >
> > > > wrote:
>
> > > > >Normally there's a long wait unless you get there very early. It's a shame
> > > > >the owner is reporting business has dropped off because of this scheme. It
> > > > >was certainly not her fault.
>
> > > > It's time more restaurants adopted the European style portable card
> > > > readers. Your credit card never leaves your sight, so there is less
> > > > room for fraud.
>
> > > There's always room for fraud. Those mobile terminals are wireless
> > > terminals. As it currently stands, a suitably equipped PC can crack WEP
> > > passwords fairly easily. I wouldn't imagine WPA is far behind.
>
> > > And knowing device manufacturers like I know device manufacturers, they
> > > took the cheap way out as far as encrypting the wireless connection.
>
> > There's a lot more to it than WEP or WPA. some of them use cellular
> > technology and the authorisation piece is done under a separately
> > encrypted conversation between the card, reader and the authorisation
> > switch. The PIN pads are encrypted so that no data is transmitted in
> > the clear and only a valid response from the auth host is acceptable
> > or the transaction is rejected. If the card is cloned (and here in the
> > UK we only accept CHIP based transaction, magstrip is old hat) the
> > Bank will know and the card can be retained
>
> > Doc
>
> All well and good. They probably use a keying algorithm. All you need to
> do is get one of the machines and you can figure out all the encryption

Nope. There is encryption per machine (they 'should' all be different)
and per card and the responses to the card have to be valid in terms
of Issuer 'fingerprints' .

Doc