Posted by Pete McBreen 17 Jan 2010 at 08:52
In Optimised to fail the authors start with a great quote…
The late Roger Needham once remarked that â€˜optimisation is the process of taking something that works and replacing it with something that almost works, but is cheaper’. [emphasis added]
Although the technical details of the protocol are not public, the authors seem to have managed to replicate what happens, but the key part of their paper are the vulnerabilities that they reveal. These vulnerabilities coupled with the transfer of liability for fraudulent transactions from the banks to the customers means that this protocol and the associated hardware and banking cards should be withdrawn from use.