Just swipe your card and enter the pin… what could go wrong?

We do hope this project makes you shiver.

“Financial risks” is an audiovisual installation that reacts when you swipe your credit card and prints an odd looking receipt if you type in your pin-code. Even though the website contains few technical details (read none) about the build, we chose to feature the project as we find his intent interesting:

‘Financial Risks’ installation is a project designed to present an ironical viewpoint on encoded wallets, as a data input interface invites to overcome fear of impossibility to control spread of confidential information for the sake of curiosity of interaction with an object of art.

The piece consists of 6 bank card readers, a hardware system of sound and video synthesis, a keyboard for pin code entering, a 2-channel sound system and a cash register printer configured to print images. Up to 6 cards simultaneously may be used for playing.

We do hope that nothing is stored in the platform’s memory… but is the installation monitored?

48 thoughts on “Just swipe your card and enter the pin… what could go wrong?

  1. one thing most people don’t know is that every CC in the world has the pin stored on it, just encrypted and double encoded. The best carders in the world don’t know what the encryptions are though, or how the stored pin is used on networks. One type of card was cracked in the 90s that used DES on the pin under the encodings.

    The encryption type is dictated by card maker, not one of the 2-4 ATM network providers, is usually on 2nd bank but sometimes 3rd, and it seems the encryption type is different per card maker..

    To people who have never used a CC, with the pin and the card you can withdraw cash at any supported ATM..

    1. “one thing most people don’t know is that every CC in the world has the pin stored on it, just encrypted and double encoded.”

      No. First of all: credit cards don’t use PINs. Secondly: if debit card PINs were stored in the magstrip, you wouldn’t be able to change your PIN without ordering a new card or taking it back to the bank to be rewritten.

      1. You’re kidding right? It’s mentioned in almost every white paper on ISO 7813 there is. It’s usually in the AD field on track 2/ADA-track..

        Go try to correct someone else kiddy..

      2. By the way you do use a PIN/4-digit-number(duh), and the fact that you can change the post-issue PIN is why nobody understands why it’s there, but it’s read by ATMs. None of the 4 ISOs used on bank interchange networks implement it either..

      3. So wikipedia says this:
        ” Chip and PIN cards have not been adopted in the US as of 2012 for a variety of reasons, including lack of PIN management features in ATM machines”

        “As of 2012, chip and signature cards are more common in the US, Australia, New Zealand and some European countries (such as Germany and Austria), whereas chip and PIN cards are more common in other European countries (e.g., the UK, Ireland, France and the Netherlands) as well as in Canada.”

        https://en.wikipedia.org/wiki/EMV#Chip_and_PIN_vs._Chip_and_signature

        1. Problem is this has literally nothing to do with chip and pin. Which I also have vast knowledge of..

          1.comprehension fail
          2.technical knowledge fail
          3.trying to come off as intelligent fail

  2. I wouldn’t suggest using this to anyone… If the system is setup to record the mag strip, and you enter your pin and it records it, say goodbye to your money… I see thousands of dollars worth of debit & credit fraud routinly… It’s relativly easy to fake a card…

    1. Uh….no shit? That’s literally the whole point of the piece–that for a huge number of people curiosity will overcome caution.

      1. I just love how people throw colorful metaphors into a general conversation.. No shit.. Lets dissect this phrase… No meaning negative, none, nothing and shit meaning crap, bowl, excrement…. Hmm…. Of course blue there is no shit, this is an electronics piece…

        1. There exists something called a ‘dictionary’, and those have descriptions of the meaning of words.
          Example:
          shit
          n noun
          1 faeces. – an act of defecating.
          2 a contemptible person.
          3 something worthless; rubbish; nonsense.
          4 an intoxicating drug, especially cannabis.

  3. There has to be a sign somewhere nearby saying “enter a wrong PIN!”. I’m sure this art piece would generate some output whatever is entered, but I’m also sure some people would enter their actual PIN and potentially make the artist responsible for properly storing the data. Definitely not something that they had in mind when building/installing it.

  4. It would be brilliant if the machine would charge 1 cent to the cardholders account with a message to warn them to never do that again. (use the machine)

    The statement is provoking and interesting indeed

  5. Hire a group of actors to queue up and swipe their cards and enter pins to prime the pump, and see if passers-by will follow suit.

  6. ““Financial risks” …reacts when you swipe your credit card and prints an odd looking receipt if you type in your pin-code.”

    If you swipe your card and enter your pin there should only be one thing printed on your receipt, “DUMBASS!”

  7. My sister use to investigate credit card fraud. One of the most interesting card cloning cases she told me about was a “credit card cleaner” someone stuck in a mall with a sign to swipe your credit cards through the reader to clean them. Apparently there was some really large losses in the case proving just how dumb most people are.

  8. Am I an idiot, or does the quoted description of the installation make absolutely no sense? To me it’s gibberish made up of fancy sounding words.

    1. You’re not an internet, but you might be terrible at understanding art. There’s nothing nonsensical about that description.

      It’s ok; making sense of art is a learned skill.

        1. XD .. It’s all good though.
          The internet has trained me
          to artistically interpret that statement.

          Is anyone else thinking that
          this thing could be a handy
          fundraising method for a museum ?

    2. I wish the guy had stuck to making ashtrays. The is heady drivel at its worst. At least Spaghetti-os girl now has some competition.

  9. I don’t understand the part about encoded wallets, but the rest is pretty clear to me. Just read it a second time.
    But I disagree with the creator in that it’s not curiosity that makes people enter their card details in such an installation, but pure stupidity.

  10. The creator likely isn’t storing dumps and pins, but there might be a buffer or RAM cache a skilled thief could scrape for at least the last card data.

    My guess is they use entropy or the mag stripe binary to create pixel patterns..

    1. How about if they or others added a scannerhead and using it to scan the front and back as people swipe, then you know the number and code on the back and you don’t need the card or pin.

    1. That could actually be pretty fun. The card use charges would be a pain, and I imagine the card companies would pitch a bitch since twenty or thirty swipes in a few minutes would be fraud prevention bait.

      1. Not to feed into this idea, but..
        You would avoid that whole “multiple transactions in too short of time” flag by buffering the swipes, tallying the total credit or debt, then processing it after a specified amount of time.. IE One transaction, not 5 (or 10, or 73, lol)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s