Chip & Pin credit card security

Correct me if I am wrong but this is how I understand it:

The terminal take the carddata (from the chip) and the pin (entered), encrypts the whole data and sends it to the bank network were it is processed.

Processed means that the card is validated, than the PIN is confirmed (complicated process involing more than one server) and than the €/$,£ is authorized or not.

Following that logic, the PIN is in possession of the bank because how can they otherwise determine if my PIN is correct or not.

The PIN might not be accessable to the customer support staff but it is definetly stored at Pin Servers because both Tesco and Permanenttsb gave me the same PIN when they send me the chip card.

If you do a search in google for ATM PIN Security you find some very nice documents about how the whole process works (including des keys, pin splits, security considerations).
 
C&P

There has often been programmes on the box where presenters or actors went in with dodgy cards and signed micky mouse etc. and had payments processed. C&P may not be perfect but it seems an improvement on this level of "security"
 
Back
Top