Thread: Oyster Renewal
View Single Post
  #6   Report Post  
Old September 3rd 09, 10:32 AM posted to uk.transport.london
Paul Terry Paul Terry is offline
external usenet poster
  
First recorded activity at LondonBanter: Jan 2005
Posts: 106
Default Oyster Renewal
In message , writes

If the PIN can easily be recreated just using a formula then its just as
vulnerable as if they stored it directly.

No, there is no simple formula involved. The data is strongly encrypted
using three independent keys and the PIN can only be regenerated by a
specialist machine that decrypts both the original security number and
the offset used by the customer. It then outputs the PIN to a security
envelope. The only way for a member of the bank staff to see the PIN is
to open the envelope before it is posted, which is why customers are
always warned to check that the envelope has not been tampered with
before using their PIN.

--
Paul Terry
Reply With QuoteReply With Quote