Re: But retail banks are clueless about security
And they put your card's offline PIN on the chip (this is invariably the same as the online PIN)
Yes really. I acquired a smartcard reader recently and found it whilst looking at what was on various cards in my wallet using cardpeek. (http://www.amazon.co.uk/Konig-USB-Smart-Card-Reader/dp/B003KZXP0E + https://code.google.com/p/cardpeek/)
From the look of it the public key crypto on the cards is pretty weak too.
Much of this has been known about for ages: http://en.wikipedia.org/wiki/EMV
Biting the hand that feeds IT
