Please sign in to post.

Is chip-and-pin really more secure?

With magnetic-stripe cards, the only place for criminals to steal PIN information is from ATM's - because that's the only place a PIN is required. But with chip-and-PIN cards, PIN information can be stolen not only from ATM's, but also from hundreds of thousands of merchant locations. Maybe U.S. banks are smarter than we think.

Posted by
9110 posts

You're on to something Tom. One thing to remember is that Chip & Pin cards also have a magnetic strip on them. So if a criminal installs one of those thingys to an ATM machine it's still possible to to clone a chip & pin card, figure out it's pin, and commit fraud against that card in countries that haven't adopted chip & pin.

A couple of days ago there was an article in the NY Times about the future of US debit/credit cards. There are some radical high-tech changes coming our way; none of it involves Chip & Pin:)

http://tinyurl.com/28dvt24

http://tinyurl.com/2aerfrq

Posted by
32349 posts

Tom,

Your theory is not entirely accurate, as PIN's are NOT just required at ATM's. My card can also be used for POS transactions, which also require a PIN. I use Interac transactions frequently, and virtually ALL merchants have Terminals on their premises.

There was a story on the news last night regarding a theft ring that was "busted" in the Vancouver area. Their "modus operandi" was to switch POS Terminals at night (perhaps using Janitors?), replacing the original terminals with models that were able to capture customer information. This is frequent tactic that seems to occur on a regular basis. With the introduction of "chip & PIN" cards, I'm not sure whether that sort of practice will be possible, as the information on the "chip" is encrypted?

I already have a "chip & PIN" credit card, and just received my "c & P" debit/POS cards in the mail yesterday morning. I'm going to try the card in a few minutes when I pay for breakfast. One nice feature of the "chip & PIN" cards is that the PIN can be changed at any ATM, so that will make it easier to make frequent changes, which may enhance security a bit.

I don't think there's a definitive answer to your question yet. We'll have to wait and see.....

Cheers!

Posted by
2876 posts

Not to belabor the issue, but here's my original point, as expressed by a fraud expert:

"In Europe, the points of compromise are everywhere: ATMs, gas pumps, parking, dvd rentals, movie tickets, food kiosks, tolls, buying metro tickets, and the list goes on. Because of chip-and-PIN implementation, the proliferation of stand-alone terminals that accept chip and pin has provided a profitable playground for fraudsters."http://www.bloggernews.net/120391

Each stand-alone terminal, of course, provides a skimming opportunity for crooks.

We Americans should be happy with our good old magnetic-stripe cards.

Posted by
1829 posts

IME all my chip and pin card transactions in the UK are authorised by the issuer. I have had a transaction refused because of a "security flag" being raised. Also the liability rules for fraudulent use did not change and the card issuer will cover any consequent loss.

"Card not present" transactions are as as vulnerable as they ever were, chip and pin did not change anything there.

I must admit that I am nervous about the "proximity card" system.