Secure?
Posted: Mon 30 January, 2006 Filed under: Cynicism, Thoughts, Weirdness 2 Comments »As most people in the UK know, credit and debit cards have been switching over to the “Chip and PIN” system, which is supposedly more secure against credit-card fraud and the like.
On February 14, anyone with a “chip and PIN” card will no longer be able to sign a credit-card slip for their purchases, and must know their PIN number instead.
Anyway, that’s a minor digression. The main thrust is that supposedly “Chip and PIN” is more secure. It’s supposed to stop credit card fraud, and all this bollocks. We’ll ignore the fact that anyone can “shoulder-surf” and get the PIN number. And the fact that the PIN number is the same whether you’re using a cash machine or doing a transaction – which means that if someone gets your PIN number and card (you know, by shoulder-surfing the number in a shop, then grabbing the bag on the way out – that’s just one example, of course) then they can get the maximum cash transaction out like *that* (clicks fingers), which of course renders the card owner liable, as they’re not likely to have called the card company in that couple of minutes and registered the card as stolen. And, of course, the bank will say “Well, you let someone see your PIN number. Therefore you’re in breach of your agreement with us, and thus liable for all losses on that account/card”.
Again, a minor digression there.
My point is this : If “Chip and PIN” is so secure, how come I’ve just seen the following transaction…
“Did you know your PIN number’s locked on this card?” (ie you can’t use the PIN, because you’ve had three goes and failed to get it right)
“Yes, I was trying to use it in the supermarket, and got all flustered with everyone behind me, so I forgot the number, and now it’s locked”
“OK, just sign on the slip here”
“Thanks”
“And there’s your card back”
WHAT? So you can have a locked PIN, which signifies three failed attempts at the number, and instead of cancelling the card, or keeping it, it’s been given back once, then used just on the signature again, and then given back yet again? How the blue blazing fiddly fuck is that a secure transaction?
Worse than that, how come I got a ticket from the machine at Paddington when I didn’t get enough time to properly type in my PIN and actually typed it wrong cos the instructions didn’t come up at all.
Secure my arse.
That will change come 14th February, it is what is called ‘fall back’, and that is what is going. If it’s locked (or you’ve forgotten it) then you can’t use it. Unless it is in a shop which doesn’t have a ‘chip enabled’ credit card machine.
It *is* more secure than the old type – simply because it is less easy to clone than the mag-stripe, when the fraudster could sign it themselves, and then even if the signature was checked it would match.