wrote in message ...
On Wed, 2 Sep 2009 05:43:24 -0700 (PDT)
Andy wrote:
Apart from whoever runs the back end system.


They won't see your PIN either, although they will get enough
information for on-line use.
I don't think they would have security code on the card, which would stop a
lot of potential abuses.

If you say so , though how you think the pin gets transmitted to the
server without the server seeing it would be an interesting discussion.
The PIN is verified by the front end against the card. If the PIN isn't
matched the front end rejects the card and the back end doesn't see the
transaction at all. The back end never sees the PIN.

Knowing how badly most web backends are written
We're talking about manual card transactions at a ticket machine. If you're
enough of a sucker to give out a credit/debit card PIN over the internet
then you're really f**ked.

DAS