|
Last edit: 15th Dec 2009 at 6:41pm |
|
Viewed 17060 times since 19th Aug 2005, | ||||||||||
Originally written by Paul Vigay, 1st Jan 2005
Latest News
|
According to a leaflet from Abbey
"Chip and PIN is a new, more secure card payment method that's gradually being introduced by banks and shops across the UK. When you use your card to buy something in a shop you key in your Personal Identification Number (PIN) instead of signing a receipt. This is the same PIN you use at a cash machine to take out cash.
Shops in your area may be using it already and it will be common at all major retailers by 2005."
It goes on to say,
"Chip and PIN is designed to reduce card fraud and the hassle it causes. Built-in microchip technology protects the data on your card from being copied or altered."
For a start, there are infinite subtle variations of personal signature, which are all unique. There are only 10,000 (10x10x10x10) combinations of PIN code due to using a four-digit number. From a technical point of view, this is roughly 13bit encryption (2^13 different permutations), whereas current eBanking and shopping on the internet uses 128bit encryption (2^128 different permutations and because security is exponential to the number of bits, this is many billions times more secure) so it seems that highstreet shopping has suddenly become billions of times LESS secure than online shopping.
Far be it from me to say I told you so, but here are just a few recent (ie.since I wrote this article) reports of chip and pin card's insecurity
Because all cards are moving to Chip and PIN, and many people have several cards, it's highly likely that most people will use the same PIN number for all their cards - how many different PIN numbers can YOU remember? This means that if someone loses their wallet containing more than one card, they can all be compromised.
Another worrying scenario I've been alerted to, is that many old people simply can't remember, or don't know how to use their PIN. One recent example involved an elderly women paying for goods in a local post office. When the cashier asked her to place her card in the card reader and enter her PIN, she became flustered when it didn't appear to work. She tried to enter the PIN a couple of times, to no avail. The cashier asked her if she'd entered the code correctly, to which she replied, "I have. It's 8288 and I've entered it a couple of times". The cashier immediately told her not to tell anyone the PIN - but it was too late - any muggers or potential card thieves already knew her number in case they wanted to grab her handbag outside.
Another scenario which was recently pointed out to me is that a lot of large supermarkets now have CCTVs pointing at the tills - for their own security. These can often record people entering their PIN numbers so is another area of insecurity.
Other people who either can't remember their numbers or don't know the implications of sloppy security have been known to write the number down on a piece of paper, even storing it in their wallet or purse! Of course, banks have been warning of the dangers of this for years, but until now people have been free to not worry about remembering PINs because they can simply sign for goods. I predict a return to cheque books for many people, which will inevitably lead to longer queues and delays in shops.
See an article on 'easy to remember' PIN codes on Bruce Schneier's website.
As mentioned above, because of the insecurity of the PIN code, they will be an easy target for pick-pockets or muggers. Some more muggers may also threaten people with violence until they reveal their PIN code - before carrying out fraudulent transactions - perfectly legitimate from the banks verification view. Previously, you'd still have to fake someone's signature if you wanted to fraudulently use their card. Plus, because the PIN reader machine is often on the customer side of the counter in shops, the card doesn't even have to be passed to the shop assistant for verification, so you could steal and use a card from a member of the opposite sex - a simple security check which is now removed, by having people enter their own PIN into the machine.
And don't forget that it's relatively easy for someone to look over your shoulder and see what digits you enter into the terminal. This will become worse as people become more accustomed, and thus blasé to checking who's behind them.
As always, because the public erroneously perceive the cards to be more secure when in reality, they're less secure, this will lead to more crime because the rewards will be higher for card thieves and fakers.
A topical article has just appeared on Silicon.com talking of precisely the dangers I predicted.
Because the PIN code is deemed to be secure, and because it's digital, you have no evidence to prove your innocence in the case of fraudulent or incorrect charges being made to your card. This is one of the main reasons for the banks implementing Chip and PIN cards - because it removes the cost of fraud (already many millions of pounds a year) and shifts it to the consumer or small business/shop.
In the event of disputed transactions previously, you could point out that you didn't sign for anything, or your signature is a fake (signatures being much more secure, each one being unique).
Once a valid PIN number has been entered for the transaction, you have virtually no way to prove the transaction wasn't valid. The onus has shifted your responsibility to guilt unless you can prove your innocence. Because the system is entirely digital, with no input from the customer, how do you prove to the bank that it wasn't you that entered a valid PIN code? You'll be treated the same as a criminal who has to prove an alibi or provide evidence they were geographically somewhere else when the transaction took place. Previously you only had to prove the signature wasn't yours - and signatures are much more secure, each one being unique instead of one in 9999.
Again, the general public are being baffled by science or technology. Because the average consumer doesn't understand digital encryption or electronic security methods, they tend to rely more on what the bank and media feed them via leaflets or technospeak.
Even now, I get people thinking that I'm scare mongering by writing this article, but that's generally caused by their own ignorance of how the system works or how you've been convinced into the false security by the banks propaganda.
If you're unsure, I urge you to do your own research. Try some of the following websites for more information:-
As experienced by the elderly lady in the post office, mentioned above, you're now being forced to remember your PIN code, even if you never previously used it for obtaining cash from a cash machine. If you have a new Chip and PIN card you now have to use it, so if you can't remember your PIN or you don't understand how the technology operates, an extra feeling of embarrassment when faced with paying for things will lead to people feeling flustered or confused, especially if your transaction is declined through simple operator error or even machine malfunction.
Again, if you feel intimidated or embarrassed at making a mistake, I'd advise you to go back to using cheques or cash to pay for goods and services.
Because Chip and PIN cards are destined to fail to provide the level of security or remove bank card fraud, I foresee a situation where the government steps in and suggests that an ideal solution would be to combine Chip and PIN cards with National ID cards, and thus they are merely a stepping stone to more draconian and Orwellian schemes to come. You've possibly heard of implantable micro-chips - currently being developed and tested. However, the public is not ready for this, so the government can't take huge jumps, purely because the public would see through their motives and agenda. Thus, they have to make little steps at a time. That way people won't perceive so much change occurring - until they stop to examine how far things have progressed in a relatively short period of time.
Of course, once Chip and PIN or ID cards have been seen to fail, the government can start imposing 'more secure' or 'better' schemes for security. They'll admit defeat and once security loopholes and breaches have been publicised, the government will be able to offer an alternative 'solution'; How about implantable chips with your details stored on them - no card to lose or get stolen and you can just swipe your finger on a sensor to pay for goods! Always with you - and we can even put your medical records on it, just in case you're involved in an accident and doctors need your information urgently! Just look for the excuses in order to manipulate the next stepping stone of global control and your eroded freedom and privacy.
As already mentioned above, and confirmed by BBC News resellers who aren't already (as of 1st Jan 2005) equipped to accept Chip and PIN cards by installing up-to-date card readers, are now liable for losses incurred through fraudulent transactions.
Again, as predicted, resellers and consumers are bearing the cost of fraud, rather than the banks.
For all the reasons stated above, the introduction of Chip and PIN cards will lead to more confusion, less security, more fraud and crime and less peace of mind for end consumers.
I would urge you to boycott them and use alternative methods of payment, such as cash and/or cheques.
(see also reasons to refuse National ID Cards)
|
Last edit: 15th Dec 2009 at 6:41pm |
|
Viewed 17060 times since 19th Aug 2005, | ||||||||||
| ||||||||||||||||||||||||
  |   |
|||||||||||||||||||||||
Email this page to a friend
Delicious
Digg
reddit
Facebook
StumbleUpon
The majority of credit and debit cards in the UK are chip and PIN enabled. These contain a small computer chip that can securely store data to identify both the card and the cardholder.A transaction using a chip card with a PIN is very simple.
Until the introduction of Chip and PIN, all face-to-face credit or debit card transactions used a magnetic stripe or mechanical imprint to read and record account data cheap vps, and a signature for verification. Under this system, the customer hands their card to the clerk at the point of sale, who either "swipes" the card through a magnetic reader or makes an imprint from the raised text of the card. In the former case, the account details are verified and a slip for the customer to sign is printed. In the case of a mechanical imprint shared web hosting, the transaction details are filled in and the customer signs the imprinted slip. In either case, the clerk verifies that the signature matches that on the back of the card to authenticate the transaction.
This system has proved reasonably effective web hosting reviews, but has a number of security flaws, including the ability to steal a card in the post, or to learn to forge the signature on the card. More recently, technology has become available on the black market for both reading and writing the magnetic stripes, allowing cards to be easily cloned and used without the owner's email web hosting knowledge.
This is a wonderful opinion. The things mentioned are great and
needs to be appreciated by everyone.smart card
I think using credit card more secure, but nice idea
Who are creating chip & pin? seems an interesting idea in the beginning, but many irregularities after further study. I think credit cards more secure
Good point!! It is true that using credit cards is less secure now than before, so it is time for the banks to work out a method to protect our users' rights....
he American Express card used to be very handy for traveling in Europe. Among other things, it would let you cash personal checks drawn on your U.S. bank at any of their many offices. Nowadays, however, with your Visa or MasterCard, you can get cash advances at local banks at a better exchange rate.
The organization solicits all its members to get cards, with the idea of keeping their name in front of the card user and, hopefully, keeping the card user loyal to them for future purchases.
The British are known for their Fish & Chips, but Chip & Pin has the major anti-fraud development involving credit and debit cards there in the last 5 years. "Chip and Pin" refers to the introduction of a microchip which is included on the credit card in one of the corners.
add a comment to this article, please use the form below. Please note that by submitting comments using this form you are allowing all of the information submitted to be visible on this website. Your comment will
The need for all of the double-checking is caused by check fraud and identity theft. But some banks are starting to offer frequent flier miles, rebates and cash rewards to regular debit card users. The lines are blurring for some consumers.
Wish I have the luxury of time to consider using the benefits these site can offer.....
badge holders
You are so right about all of this. They are not secure at all. We need to get them more secure before they use them.
boca raton general dentist
Ed Hardy
Ed Hardy
Juicy Couture
I would like to do some shopping, like
China wedding dress
DC GEAR MOTOR
wholesale wedding dresses
and so on!You can go with me!
I would like to do some shopping, like
tiffany
tiffany rings
Pandora beads
Cartier Jewelry
The official line is that chip and PIN technology would help cut down on fraud, which card companies say costs them about £500m per year. PINs are harder to guess than signatures are to forge and that chip and PIN cards are more difficult to replicate than magnetic strip cards. It should be noted that the switchover cost more than £1bn, according to the card companies, so it does seem they're expecting to recoup quite a bit of money from reducing fraud.
Juicy Couture womens fashions at Juicy Couture. Shop popular stores to find Juicy Couture womens fashions on sale - all in one place.
Juicy Couture
Cheap Juicy Couture
extensive collection of Juicy Couture,including Juicy Couture Jewelry,hoodies,Clothes and shoes. Be inspired with fashion Juicy Couture.
Discount Juicy Couture
True Religion Men Jeans
True Religion Women Jeans
True religion Women Shorts
Ok, so this information isnt to valuable for an online fortune teller like me, but I agree it is useful for some
flower girl dresses
prom dresses
quinceanera dresses
Thank you for taking the time to write this blog post. Much appreciated, very valuable information.
It is not the Cheap San Francisco 49ers Jerseys critic who counts,not the man who points out how the strong man stumbles,the doer of deeds could have sexy bikinis sale done them better.
wesome coverage! Thanks!
nice post
I second albertacowpoke's question...abercrombie london
It is hard to say such a thing is clear.
Significant change, it is.
I'm sorry that's j o c not LOC.Abercrombie and fitch london
Thank you for the information
The article is very professionally written. I enjoy reading every day
good url!
abercrombie fitch londoni like this url
thanks
We'r ed hardy outlet one of the most profession
of the coolest and latest ed hardy apparel, such as
ed hardy tee ,ed hardy bags,
ed hardy bathing suits, ed hardy Polos,
ed hardy board shorts , ed hardy men T-shirt,
ed hardy swimwearand more,
ed hardy clothing. We offers a wide selection of fashion
cheap ed hardyproducts. Welcome to our shop or just enjoy browsing through our stunning collection available wholesale ed hardy in our shop.
our goal is to delight you with our distinctive collection of mindful ed hardy products while providing value and excellent service. Our goal is 100% customer satisfaction and we offer only 100% satisfacted service and ed hardy products. Please feel free to contact us at any time; we are committed to your 100% customer satisfaction. If you're looking for the best service and best selection, stay right where you are and continue shopping at here is your best online choice for the reasonable prices. So why not buy your ed hardy now, I am sure they we won’t let you down.
Diablo 2 cd key,
Warcraft 3 cd key,
Starcraft cd key.
Diablo 2 cd key,
Warcraft 3 cd key
you really have avery nice blog,it's the first time to be here but it won't be the last untill then keep blogging.goodluck!
juicy couture|mbt shoes|coach handbag|coach purses
Not very surprising...Did you really think that any bank would invest lots of money in testing its systems adequately to find the flaw? Banks should definitely involve more themselves in security as a general governance model because this is the heart thesis of their business model.