Changing PINs of German bank card

[Binarus]

On 11.07.2017 14:38, Jerry wrote:
> On Tue, 11 Jul 2017 12:32:56 +0200, Binarus stated:
> 
> [...]
>> I am not completely sure if I got you right. Wouldn't that mean that I
>> have to lose my card, the bad person then makes two guesses, then I get
>> back my card and enter my correct pin, then I lose my card again, and
>> the same bad person finds it again and makes another two guesses, then
>> I get my card back again and so on?
>
> If you continually lose your card that often, you have more problems
> than just a lost/stolen card to deal with. I sincerely hope you are
> never trusted with confidential information.
>

Not sure if you eventually have misunderstood me. I was just trying to
understand the previous speaker by asking him what exactly he was
meaning ...

>> The only way to abuse the fail counter reset feature would be to steal
>> the card, to copy it and to return it to its owner, and to do this in a
>> way that the owner would not notice it. But again, the adversary would
>> then still have to observe the card owner to see when the counter is
>> reset and to start his next tries.
> 
> I was told, although not confirmed, that cards with embedded chips
> cannot be copied and still be usable. If anyone would like to comment
> on that, it would be welcomed.

No idea about the U.S., but talking about Germany: The main problem with
ATMs here is skimming (I am not sure if this wording is correct in the
U.S., so let me shortly explain: Skimming means that some adversary
manipulates an ATM in that he mounts an own user interface onto it,
perfectly imitating the original interface (mechanically - own
electronics, own keyboard), intercepting the data stream and the
keystrokes (pin), or mounts a pinhole camera to record people entering
their pins)).

AFAIK, at least until one or two years ago, the skimmers used to copy
the cards, but recently banks upgraded their ATMs and their customers'
cards so that they can't be copied any more. But for compatibility, the
ATMs still won't refuse old cards which can be copied.

But please don't take this as bare truth; I am really not sure.

>>> The probability to guess the correct code during the 5-years life of
>>> the card is definitely non-negligible.>  
>>>> And there is one more very important thing most people don't think
>>>> of: What happens if you have an accident or if you die? Your heirs
>>>> will have all sorts of troubles if something happens to you and
>>>> they can't access your electronic accounts because they don't have
>>>> the passwords.  
>>
>>> Usually there are other, non-technical ways. For example they just
>>> go to the bank with a death certificate.  
> 
> I have actually seen that happen. The estate lawyer had to fill out
> some paper work, but it was really no big deal. Basically, it is the
> same procedure used to get access to a deceased safe deposit box.

No chance to have it that ease here in Germany ... at least with certain
banks.

>> I already have seen cases where it was not that easy in Germany.
>> Usually, presenting a death certificate to the bank is not enough. I
>> have seen that the bank had to make sure that the people presenting the
>> death certificate actually were the legal heirs. That meant that those
>> people had to acquire all sorts of documents from all sorts of
>> authorities which has been very expensive (several hundreds of EUR),
>> but more important, was very unpleasant and time consuming, especially
>> in the situation they were.
> 
> Good for them. They should make absolutely sure before releasing the
> funds.

I agree.

>> AFAIK, there is only one thing you could do to avoid that hassle: The
>> testator and the heirs should make a contract of inheritance. Such a
>> contract must be made by a notary, so this will also have its cost, but
>> when you present such a contract to the bank (in addition to the death
>> certificate), you will have no problems.
> 
> The cost of a notary is a few dollars; therefore, negligible. Honestly,
> I would hope that it would NOT be that easy.

Here in Germany, a notary even won't take his pencil without earning a
significant amount of money. As far as I can remember, the inheritance
contract did cost about 500 EUR (about US $560) many years ago, but that
was still a small amount of money compared to the hassle the heirs would
have had if they did not have that contract.

By the way, there is no competition in this field because the money a
notary charges for an action is defined by law. There is a detailed
catalogue which lists every action a notary could (may) do, even the
most exotic ones, and how much money he will get for that. Any notary is
prohibited by law from charging less; he will lose his approbation and
get into serious trouble if he does.

Is the situation in the U.S. similar?

> I have all of my important papers, including passwords to accounts that
> have to be kept secure, in a bank safe deposit box. If I were to die,
> it wouldn't matter who had the key if they were on the allowed users
> list. My heirs would have to get a court order to have the box opened.
> Not really a big deal. Usually things like this are written into the
> will and happen all the time.
> 
> BTW, it isn't all the difficult to open a regular lock box. I have
> drilled out a few in my time after losing the key. Having it a bank is
> far more secure.

Yes, that's the reason why I have proposed that in my previous post ...

Regards,

Binarus