Chip and Pin – Excuse me?

If you like in the UK or Northern Ireland, you’re probably finding that, instead of writing your signature, you are being asked to enter your PIN on a little keypad when you use your debit or credit card to make purchases.

Now, please forgive me if I’m way off the mark, but how is this supposed to increase security?  Seems to me that we have simply replaced one flawed system for another.

Flawed?  How so?  Well, in "the old days" scammers used to run your card through a magnetic strip reader and they could create "cloned" copies of your card.  The data would be written onto a fresh, blank card and they could sign the back whatever way they wanted.  The criminal would then go use your card in a store to pay for goods and the signature would be good. And you are out of pocket.

Now, they are asking you to enter your pin.   Excellent – now they also have your PIN number – how they get it via electronic interception between the keypad and the device,  over the wire, or by "shoulder surfing" – doesn’t matter.  Joe Crim now has your pin.  They also have a swipe of your card (all the shops I’ve used my card in so far with "chip & pin" have both swiped it and put it into the pin keypad).   So, not only can they burn the magstripe onto a fresh card and use it, they can pop it into an ATM and withdraw cash directly from the account with my PIN.

Lovely, who comes up with these ideas?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

All content © Paul Gregg, 1994 - 2024
This site http://pgregg.com has been online since 5th October 2000
Previous websites live at various URLs since 1994