London Banter - View Single Post

Epicentre · September 6th 09, 04:23 AM posted to uk.transport.london

wrote in :

On Thu, 3 Sep 2009 11:32:10 +0100
Paul Terry wrote:
No, there is no simple formula involved. The data is strongly
encrypted using three independent keys and the PIN can only be
regenerated by a specialist machine that decrypts both the original
security number and the offset used by the customer. It then outputs
the PIN to a security envelope. The only way for a member of the bank
staff to see the PIN is to open the envelope before it is posted,
which is why customers are always warned to check that the envelope
has not been tampered with before using their PIN.

I'm sure thats what they put in the sales brochure but reality in
these places its usually a little different. When I worked in the
"priviledged" customer dept in a well known bank a few years ago the
supposedly secure customer details were couriered arround the country
on unencrypted floppy disk and tape. Presumably someone thought that
was more secure that transfering over a dedicated T1 line. Or they
were just insane, take your pick.

B2003

Should be as safe as carting a CD of Social Security data around