Just swipe your card and enter the pin… what could go wrong?

We do hope this project makes you shiver.

“Financial risks” is an audiovisual installation that reacts when you swipe your credit card and prints an odd looking receipt if you type in your pin-code. Even though the website contains few technical details (read none) about the build, we chose to feature the project as we find his intent interesting:

‘Financial Risks’ installation is a project designed to present an ironical viewpoint on encoded wallets, as a data input interface invites to overcome fear of impossibility to control spread of confidential information for the sake of curiosity of interaction with an object of art.

The piece consists of 6 bank card readers, a hardware system of sound and video synthesis, a keyboard for pin code entering, a 2-channel sound system and a cash register printer configured to print images. Up to 6 cards simultaneously may be used for playing.

We do hope that nothing is stored in the platform’s memory… but is the installation monitored?

Comments

  1. Nnnnnnnnnnnnnnnnnope.

  2. Kelvin Mead says:

    nice looking, great sounding…

    who swipes cards anymore?

  3. lloyd says:

    I have absolutely no idea what this is even meant to do from reading the description.

  4. xorpunk says:

    one thing most people don’t know is that every CC in the world has the pin stored on it, just encrypted and double encoded. The best carders in the world don’t know what the encryptions are though, or how the stored pin is used on networks. One type of card was cracked in the 90s that used DES on the pin under the encodings.

    The encryption type is dictated by card maker, not one of the 2-4 ATM network providers, is usually on 2nd bank but sometimes 3rd, and it seems the encryption type is different per card maker..

    To people who have never used a CC, with the pin and the card you can withdraw cash at any supported ATM..

    • 0c says:

      “one thing most people don’t know is that every CC in the world has the pin stored on it, just encrypted and double encoded.”

      No. First of all: credit cards don’t use PINs. Secondly: if debit card PINs were stored in the magstrip, you wouldn’t be able to change your PIN without ordering a new card or taking it back to the bank to be rewritten.

  5. Augur says:

    I wouldn’t suggest using this to anyone… If the system is setup to record the mag strip, and you enter your pin and it records it, say goodbye to your money… I see thousands of dollars worth of debit & credit fraud routinly… It’s relativly easy to fake a card…

    • Blue Footed Booby says:

      Uh….no shit? That’s literally the whole point of the piece–that for a huge number of people curiosity will overcome caution.

      • Augur says:

        I just love how people throw colorful metaphors into a general conversation.. No shit.. Lets dissect this phrase… No meaning negative, none, nothing and shit meaning crap, bowl, excrement…. Hmm…. Of course blue there is no shit, this is an electronics piece…

        • Whatnot says:

          There exists something called a ‘dictionary’, and those have descriptions of the meaning of words.
          Example:
          shit
          n noun
          1 faeces. – an act of defecating.
          2 a contemptible person.
          3 something worthless; rubbish; nonsense.
          4 an intoxicating drug, especially cannabis.

  6. polytechnick says:

    There has to be a sign somewhere nearby saying “enter a wrong PIN!”. I’m sure this art piece would generate some output whatever is entered, but I’m also sure some people would enter their actual PIN and potentially make the artist responsible for properly storing the data. Definitely not something that they had in mind when building/installing it.

  7. Midnight says:

    It would be brilliant if the machine would charge 1 cent to the cardholders account with a message to warn them to never do that again. (use the machine)

    The statement is provoking and interesting indeed

  8. TacticalNinja says:

    So, is this a form of “Social Engineering”?

  9. Jonathan says:

    I’d totally use this…

    …with one of the player’s cards from a casino I rarely visit.

  10. crashsuit says:

    I like it because you don’t hear the word “ironical” used often enough.

  11. kludgecraft says:

    Hire a group of actors to queue up and swipe their cards and enter pins to prime the pump, and see if passers-by will follow suit.

  12. Hirudinea says:

    ““Financial risks” …reacts when you swipe your credit card and prints an odd looking receipt if you type in your pin-code.”

    If you swipe your card and enter your pin there should only be one thing printed on your receipt, “DUMBASS!”

  13. otkaz says:

    My sister use to investigate credit card fraud. One of the most interesting card cloning cases she told me about was a “credit card cleaner” someone stuck in a mall with a sign to swipe your credit cards through the reader to clean them. Apparently there was some really large losses in the case proving just how dumb most people are.

  14. Z00111111 says:

    Am I an idiot, or does the quoted description of the installation make absolutely no sense? To me it’s gibberish made up of fancy sounding words.

  15. freelancer says:

    I don’t understand the part about encoded wallets, but the rest is pretty clear to me. Just read it a second time.
    But I disagree with the creator in that it’s not curiosity that makes people enter their card details in such an installation, but pure stupidity.

  16. xorpunk says:

    The creator likely isn’t storing dumps and pins, but there might be a buffer or RAM cache a skilled thief could scrape for at least the last card data.

    My guess is they use entropy or the mag stripe binary to create pixel patterns..

    • Whatnot says:

      How about if they or others added a scannerhead and using it to scan the front and back as people swipe, then you know the number and code on the back and you don’t need the card or pin.

  17. Andrew Baker says:

    This can be a new gambling device. Each time the unit is activated one reader will randomly credit you $20. The others will Debit you $2-$5 depending on the reader.

    • Ryan W. says:

      That could actually be pretty fun. The card use charges would be a pain, and I imagine the card companies would pitch a bitch since twenty or thirty swipes in a few minutes would be fraud prevention bait.

      • Exit151 says:

        Not to feed into this idea, but..
        You would avoid that whole “multiple transactions in too short of time” flag by buffering the swipes, tallying the total credit or debt, then processing it after a specified amount of time.. IE One transaction, not 5 (or 10, or 73, lol)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s