Screenshots

So smartcard offer more security? ROFL. BTW, there is rent seeking(again) control over smartcard chip reader.

I bet with you there will be covered up(AKA damage control) from the media, as it will
1. Reveal that Mykad susceptible to cloning. It offer no better security then conventional identity card after spending hundreds of milliions.

2. Give "bad" impression to tourism industry.

Credit Card fraud will go nowhere.
One best way I could think off to curb this fraud activities is to inform the user on their usage.

Example:
If I swipe today at a shop valued at RM 888.00, a SMS text should be send to my mobile phone immediately to ask me if the purchase a valid one or not.
I shall reply with a YES or NO. Simple.
Since most who uses Credit Card are also Mobile users.

It is kind of a hassle but it tracks easier, and can stop further transaction once the CC company gets a NO.
Alot of trust must be involved between two parties tho..

Just like Maxis informing me of my deposit of RM300 amount on their deposit machine minutes after.

who is creating all these high tech stuff?! still human!!! so other human can copy/clone it... because it still based on the current technology... if they cant do it now... they can in near future when those technology has gone common or the price has gone down... either way...

Mykad? i can read all the info with my pc card reader... so... is it secure? if u can read it... definately u can copy it and write it in other card... viola... a clone card is done...

so... what is secure?!

merchants in malaysia will only accept malaysian chip based credit cards but for international travellers who are without these chip based cards, the magnetic strip can still be used.

bear in mind that your magnetic strip is still functioning hence can still be cloned. but since Malaysian merchants only accept chip based cards, hence your cloned magnetic strip can only be used for international transactions by the syndicates.

The facility mentioned by Ultimat3 is being made available via Mobile Money. And no, I'm in no way associated with this offering. I believe a number of banks are getting onto this bandwagon.

Apparently, with this facility, Malaysian banks do not incur the royalty fees (or service fees) compared to using a Visa/Mastercard in paying for your purchases.

So, no outflow of funds for in-country purchases. The govt loves this.

The question is, "Will you also?".

Buaya69
"merchants in malaysia will only accept malaysian chip based credit cards but for international travellers who are without these chip based cards, the magnetic strip can still be used."

Actually that is only if you are holding a Malaysian credit Card, if you have a credit card from a non-Malaysian bank, then merchants will accept them. They are required to by both Visa and MAstercard. There are still very many banks in the world that do not have the chip in the cards. I have 4 cards from the US and everytime I present them at any merchant they are used. in fact one merchant said he would only accept credit cards from local banks, after arguing a bit, I ended up making a complaint to Visa about this, I suppose they said something or sent something to him because when I went back a week later he took my card no questions ask.

shame on us, shame on us...

what an irony,

I just got a call from HSBC asking for confirmation if my card was swiped in Taiwan, while i'm more then 13 hours away from taiwan!

And i didnt stay in the above hotel either. Anyway, i agree with Jeff, malaysian credit cards have one of the lowest ratings in the world. It took pay pal sometime to re-instate malaysian cards.

Is it us or foreigners taking advantage of us? I think it's us malaysian, the few who have too much greed, end up doing such crimes.

Sometimes i yearn for hukum hudud, you can leave your wallet in the toliet in qatar, go take a dump and come out and it'll still be there! try doing that in malaysia!

Cheers,
I need some sleep now after a tiring flight!

kanazai2001,

Please enlighten us on how a PC Card reader can read MyKad? Our MyKad is not a PCMCIA card. Neither is it a SD or Compactflash card. So how do you actually read it in your pc card reader? As far as I know, our MyKad is a ISO7816-compliant smartcard.

Details, please.

Does this have anything to do with the current Citibank troubles (as pointed out by Boing Boing)?

v2k20,

Perhaps he meant to say PC/SC smartcard reader. Then again, my laptop (Dell Inspiron 600m, and most Dell Latitude's) comes with a PC/SC card reader slot just below the PCMCIA slot. It can read any PC/SC-compatible smartcards.

kanazai2001, if you know the detailed specification of the MyKad smartcard implementation, do share with me. I'm interested to know what they stored in there that can be viewed publicly without any decryption key. E-mail me at auyongtc@theuseless.com - thanks :)

As one told me that Malaysia has been tagged as "Highly Alerted" by Australian banks. They will immediately issue their customers new cards once they have swiped their cards in Malaysia before.
Polis Malaysia Boleh,Semua Boleh.

im using dell lat laptop... came with SC reader... for the software... pls dig out from internet... ive forgotten where i found out cause i got this piece of software from some crack site of russia sometime back... i changed my laptop on last dec only... but everytime i use it, my antivirus and firewall pop up... guess it contents some trojan or backoffice or spyware inside triggle the pop up...

additional...
if u r good in s/w and h/w... u can get the decoding code from the key-chain MYKAD decoder...

hmmm... since when this blog became hacker blog?!

kanazai2001,

So it was a smartcard reader that you used to read the MyKad as suspected by me and auyongtc, and not some USB multicard reader. Didn't know that Dell notebooks come with it.

I believe the MyKad is as secure just like most smartcards, and the data that you can see is for public access. The private data portion of MyKad should, in theory, be very difficult to retrieve or even non-retrievable.

v2k20 says, "I believe the MyKad is as secure just like most smartcards, and the data that you can see is for public access."

Perhaps the Mykad missing facts give you false sense of security. At the moment, ANY commercial made card in the world can be cloned.

Once the data is duplicated to identifcal card, there is no such thing as "be very difficult to retrieve or even non-retrievable."

Any ICC chip is useless in security sense if there is no apporpriate reader to counter check the owner identity, e.g. thumb print reader.

Found out from a friend from India that their Credit Cards will be cancelled and reissued with new ones whenever they used their credit cards in Malaysia.

Will 'Chip-and-PIN' be secure? Swipe chip-based card, enter 4-digit PIN, as is required here in the UK. Anyway, when I used my card in KL last year, there was a 'slight' problem: there was a delay before the transaction got through, and a few minutes later I got a call from my bank to confirm I've just used it in MALAYSIA.....

hmmm... if MYKAD info cannt be read... how the "polis itu raja" identify our identity??? so... why we need a MYKAD for?!

same goes to credit card... if credit card info cannt be read... then there will not be any transection... no transection... no biz... then why ppl still carry the credit cards?!

end topic... no clone card... my MAYBAN credit card has been cloned for 5 times yet i havent used it for once... MY boleh... u boleh... i boleh... everyone also boleh... bolehland boleh!!!

I believe anyone can use a normal smartcard reader and read most of the info such as your picture, name, address etc including your thumb print, none of the info is supposed to be confidential anyway

however some part of mykad can only be read by using spechul mykad reader with a spechul security chip which decrypt the info and those mykad reader you have to get probably from IRIS, can anyone get it? dunno but in Bolehland - got money apa pun boleh :)

got a friend who use his credit card only in singapore (LV shop, Gucci shop etc) and then come back to Malaysia few days later got a call from Bank telling him that he spent USD 12,000 in a shopping center in Los Angeles. Had to make police report bringing his passport showing he is nowhere in Los Angeles

Its not just a Malaysian thingy, its a world thingy. Why do you think your bank charge you yearly fee for credit card? It is to compensate the 1 billion lost from fraud yearly

Just to clarify some more on how smart cards work, these cards normally use a private/public key pair system for authentication and possibly encryption for data storage (I.C. particulars). Just because some of the information is displayed doesn't mean everything else is there to be copied easily. Remember, it becomes a mini-computer that runs when it is inserted (that's why it's Smart). While it's inserted, all communications with the chip follow a certain protocol. You can ask it for some information but whether it gives it to you (or what it gives to you) is another matter.

For example (and not necessarily the most accurate and complete description), if you are using a credit card with a smartchip at the store, the card reading machine acts as a link between the card (client) and the Credit card company (server). During this process, the server will likely send some information to the card, usually it is random data. The card with its chip in operation will transform that random information using its private key and send it back to the server. The server will then verify the validity before approving the transaction. While all this is happening, the private key is never exposed. In you want to understand how priv/pub keys and smartcards work, I suggest some further reading on Google. Basically, only a valid private key can correctly transform the data into something that the server will accept (signature). This transformation is performed on the smartcard chip and not the reader and therefore you normally have no way of knowing what it is doing.

Therefore, the techniques used to hack/clone the cards are limited. You can use an electron microscope (very expensive equipment) to try to view the inner contents of the chip, usually destructively. Another way is to talk to the chip in such as way to cause it to crash to reveal its inner secrets (this would be considered a flaw in the chip which is also unlikely).