Chip and PIN
Chris Lightfoot, as he often does, has some interesting discussion, this time on the subject of card security. This is particularly relevant and interesting to me, still working in retail (more of a hobby these days!) as well as, of course, being a customer.Roy Badami's comment makes the counterargument quite well, summing up one of Chip and PIN's key achievements.In the Telegraph piece he also notes an elegant attack which can be used by criminals to avoid having to use the (difficult-to-copy) smart chips on the cards to steal money from banks:
… He said that smart cards from Britain would end up in America, which does not use them, while stolen American cards without smart chips would appear in Britain, where readers would still be able to process old-fashioned cards.
Something I don't see mentioned much is the role of the retailer in fraud. With a signature card, it is quite straightforward for the retailer, by the simple expedient of looking at the receipt (and possibly also the card, but that's rarely a problem!), to obtain the signature, card number, and other details of the card and owner. Fraud is then quite easy; a “customer not present” transaction can be performed, and the signature can be used elsewhere.
Chip and PIN removes some of this threat — the retailer is (in principle) not supposed to touch the card, reducing our* opportunities to swipe magnetic strips, and we cannot obtain signatures. Aside from the rare case of filming the PIN entry and copying the chip/stealing the card, retailer fraud is avoided — assuming, of course, that the card readers cannot be compromised.
Chip and PIN raises the bar from copying a magstripe and trivially obtaining a signature to theft (or difficult copying) and very time-dependent shoulder surfing (the PIN is encrypted at point-of-entry, unlike a paper signature, and cannot be extracted later).
Cashpoint attacks are not reduced, but in-queue shoulder-surfing is significantly easier (ever tried stealing someone's PIN by watching them sign a slip?).
Conclusion: the banks think that retailers are a bigger fraud theft, as they previously had access to signatures and magnetic stripes. By introducing Chip and PIN, they limit the possibility of fraud by the retailers, while increasing the threat from members of the public. As Roy correctly points out, it's the banks who are at fault: for the customer, it doesn't matter how significant fraud is — it's how we are compensated when it occurs that matters. A supposedly-secure system, such as a PIN, allows the banks to weasel out of compensations by denying the possibility of the system being compromised. That's bad.
In other news, I just watched Battle Royale, the Japanese island-school-fight-to-the-death-Lord-Of-The-Flies film. Marvellous, though quite violent. Check it out.
* I should point out that I use the word “our” to refer to retailers in general; I have never committed credit card fraud, though I have been a victim of attempted credit fraud.
Posted at 2004-12-19 15:50:41 by Richard • Link to Chip and PIN
Comments, trackbacks.
