Changing PINs of German bank card

Binarus lists at binarus.de
Sat Jul 15 19:52:53 CEST 2017 

On 15.07.2017 16:40, MFPA wrote:
> 
> 
> On Thursday 13 July 2017 at 7:18:41 AM, in
> <mid:3e405e1d-507d-255a-b5db-8aa700d4324a at binarus.de>, Binarus wrote:-
> 
> 
>> I don't think so. Banking chip cards contain
>> mechanisms for local PIN
>> verification. You can see that an ATM (or the card)
>> immediately decides
>> if the PIN is correct or not even if the ATM's
>> network connection is
>> failing at that moment.
> 
>> Banking chip cards furthermore contain a processor
>> and software for
>> cryptographic operations, so that the endless
>> capabilities of modern
>> cryptography are at hand. Think of asymmetric methods
>> like RSA ...
> 
> All of which is irrelevant for online transactions. On the shopping
> website, the customer keys in the long card number, the PIN, and the
> last three digits from the signature strip. The chip on the card is
> not involved.
> 
> 

If a website would try to query my EC card's PIN, I would go to the police.

Maybe the situation might be different in other countries, but I have never entered any card number into a shopping website with the following exception: If paying via credit card (VISA and the like), the website queries the credit card's number (I think this is what you mean by "long number"), and *may* query additional three digits from a number which is on the back side of the card (near the signature strip, as you described).

Customers here in Germany can activate additional security for VISA cards (I don't know about other ones): If this is enabled, you have to enter an additional TAN (*NOT* PIN) besides the credit card number and the three digits when doing the payment. The TAN will be sent to your mobile phone. Perhaps it's that what you were referring to?

I know that there are combinations of credit and EC cards. In this case, the card *will* have a chip integrated (at least the newer ones). But still then, a shopping website must not ask for the PIN (which is only related to the EC card part). After all, you can't pay anything on a shopping website directly by EC cards (or the EC card part of a combined credit and EC card). At least, I never saw such a thing here in Germany (and I am doing a lot of online shopping).

The reason for the latter is that the PIN should *never* be transferred or be known in clear by any party (besides yourself and perhaps your bank, but see my previous posts for my opinion about that). The only method to pay by EC card would be using a certified card reader (which handles the payment safety independently from your PC). But since no consumer is ready to pay a lot of money for such a card reader, that payment option just does not exist when shopping online (at least, not here).

Regards,

Binarus

More information about the Gnupg-users mailing list