Is Chip & PIN Safe?

Chip & PIN has been around for a while, but it’s only been in the last couple of years that it has become the standard way for using a debit or credit card in shops or restaurants etc.

When the changeover from using signatures to PIN numbers first came in, I had thought that it would reduce much of the fraud executed with these cards. Afterall, how easy was it to copy a signature that you can see in front of you on a stolen card? And how many times did you write your signature which beared no resemblance to the version on your card, without the sales person blinking an eye, let alne refusing the transaction? Chip and PIN had to be more secure, didn’t it?

Well, it would appear that as one type of fraud gets stopped, new ones are just around the corner to take their place. And if there’s a possiblitythat big money to be made, there will always be clever people trying to exploit the system.

BBC Newsnight ran a report the other night on the security of Chip & PIN, looking at a team of scientists from Cambridge who investigate ways of hacking into the Chip & PIN machines that we see in most retail outlets.

But Steven and Saar (Cambrige scientists) have found a number of ways that the criminally-minded could crack it – and extract your account number and PIN and all the details needed to create a cloned card. Take that card abroad to countries where cash machines read only the magnetic strip on a card, key in the PIN – and criminals can have a field day getting cash out of your account. And that’s a pattern in recent card fraud cases.

One of the points made in the article is that by taking on the Chip & PIN system, the liability of security has shifted from the banks to the consumer; consumers must keep their card and PIN safe, else they’ll be liable for any losses as a result of fraud. By proving that the PIN machines themselves are insecure, some of the liability can be shifted back to the banks.

There’s plenty more about the whole Chip & PIN system at Wikipedia, and in particular there are the criticisms which highlight other areas of insecurity in the system.

Whilst I’m not sure a return to the use of signatures is needed, it would be reassuring to know that everything possible was beng done to make our transactions safe, and that if you do become a victim of fraud, the banks will at least acknowledge that it might not be all your fault.

Photo by Neil T

Leave a Comment

Your email address will not be published. Required fields are marked *