With magnetic-stripe cards, the only place for criminals to steal PIN information is from ATM's - because that's the only place a PIN is required. But with chip-and-PIN cards, PIN information can be stolen not only from ATM's, but also from hundreds of thousands of merchant locations. Maybe U.S. banks are smarter than we think.
Posted by
New Paltz, NY
9100 posts
You're on to something Tom. One thing to remember is that Chip & Pin cards also have a magnetic strip on them. So if a criminal installs one of those thingys to an ATM machine it's still possible to to clone a chip & pin card, figure out it's pin, and commit fraud against that card in countries that haven't adopted chip & pin.
A couple of days ago there was an article in the NY Times about the future of US debit/credit cards. There are some radical high-tech changes coming our way; none of it involves Chip & Pin:)
Posted by
Vernon, Canada
32212 posts
Tom,
Your theory is not entirely accurate, as PIN's are NOT just required at ATM's. My card can also be used for POS transactions, which also require a PIN. I use Interac transactions frequently, and virtually ALL merchants have Terminals on their premises.
There was a story on the news last night regarding a theft ring that was "busted" in the Vancouver area. Their "modus operandi" was to switch POS Terminals at night (perhaps using Janitors?), replacing the original terminals with models that were able to capture customer information. This is frequent tactic that seems to occur on a regular basis. With the introduction of "chip & PIN" cards, I'm not sure whether that sort of practice will be possible, as the information on the "chip" is encrypted?
I already have a "chip & PIN" credit card, and just received my "c & P" debit/POS cards in the mail yesterday morning. I'm going to try the card in a few minutes when I pay for breakfast. One nice feature of the "chip & PIN" cards is that the PIN can be changed at any ATM, so that will make it easier to make frequent changes, which may enhance security a bit.
I don't think there's a definitive answer to your question yet. We'll have to wait and see.....
Cheers!
Posted by
OP
Chicago
2876 posts
Not to belabor the issue, but here's my original point, as expressed by a fraud expert:
"In Europe, the points of compromise are everywhere: ATMs, gas pumps, parking, dvd rentals, movie tickets, food kiosks, tolls, buying metro tickets, and the list goes on. Because of chip-and-PIN implementation, the proliferation of stand-alone terminals that accept chip and pin has provided a profitable playground for fraudsters."http://www.bloggernews.net/120391
Each stand-alone terminal, of course, provides a skimming opportunity for crooks.
We Americans should be happy with our good old magnetic-stripe cards.
Posted by
Bromley, Kent,, UK
1829 posts
IME all my chip and pin card transactions in the UK are authorised by the issuer. I have had a transaction refused because of a "security flag" being raised. Also the liability rules for fraudulent use did not change and the card issuer will cover any consequent loss.
"Card not present" transactions are as as vulnerable as they ever were, chip and pin did not change anything there.
I must admit that I am nervous about the "proximity card" system.