Comments on: The wall starts to crack http://emergentchaos.com/archives/2006/03/the-wall-starts-to-crack.html The Emergent Chaos Jazz Combo Wed, 01 Feb 2012 19:20:40 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Chris Walsh http://emergentchaos.com/archives/2006/03/the-wall-starts-to-crack.html/comment-page-1#comment-1974 Chris Walsh Sat, 11 Mar 2006 11:18:05 +0000 http://emergentchaos.com/?p=1556#comment-1974 Good question. The answer depends on unknown details. If this fraud eruption was due to stored PINs being revealed, and if the revelation was a one-time thing (rather than continuous access), then the question becomes "How long did the bad guys have the PINs before they used them?". Even if we knew these things, whether they generalize to other breaches we don't know about (because they were smaller, or because they have yet to occur) is unknown. I know nothing about how time-consuming it would be to create fake cards, and I suspect that the criminal element is smart enough to sit on stolen info a while. So, if you change your PIN frequently enough, by the time the crooks are done waiting/cloning, you will have moved from the PIN you had. Good question.
The answer depends on unknown details.
If this fraud eruption was due to stored PINs being revealed, and if the revelation was a one-time thing (rather than continuous access), then the question becomes “How long did the bad guys have the PINs before they used them?”. Even if we knew these things, whether they generalize to other breaches we don’t know about (because they were smaller, or because they have yet to occur) is unknown.
I know nothing about how time-consuming it would be to create fake cards, and I suspect that the criminal element is smart enough to sit on stolen info a while. So, if you change your PIN frequently enough, by the time the crooks are done waiting/cloning, you will have moved from the PIN you had.

]]> By: sama http://emergentchaos.com/archives/2006/03/the-wall-starts-to-crack.html/comment-page-1#comment-1973 sama Sat, 11 Mar 2006 07:55:53 +0000 http://emergentchaos.com/?p=1556#comment-1973 So Chris,how often do you recommend one change his pin number, in loght of all of this? Or will that help protect you at all? So Chris,how often do you recommend one change his pin number, in loght of all of this? Or will that help protect you at all?

]]>