Credit Card Security: Say NO to Chip and PIN
Picture this situation: Visa sends you a letter with a new card. It has the "newest technology", a chip that is supposed to be much harder to clone than your old magnetic strip. The card has to be used with a four digit PIN that replaces the need to sign the receipt at the moment of the transaction.
All seems very well, you are impressed with VISA's concern for the security of your transactions and you think to yourself: Wow, Visa takes good care of their costumers. Wrong! The chip set cannot be replicated, but there are other ways in which it makes the costumer vulnerable. Worse ways.
See, if you need to sign the receipt when you buy something with your credit card, there is a way of knowing when it was not you who signed the paper. There are infinite possibilities for ways of signing your name, now, a four digit PIN has only 10 thousand possibilities. That is much less than infinite.
But that's only a detail. The big problem is that the costumer is not only vulnerable to the fraudsters (who, in real life would not guess your PIN, but steal it with "security cameras" or card readers that have been compromised) but also to VISA. Yes, to the very company that is claiming to be protecting you.
With the use of CHIP + PIN, VISA's intention is merely transfer the liability of the fraud to the costumer - you would be responsible for the purchase you didn't make if someone manages to use your PIN. Check this out:
The CHIP isn't worse than the magnetic strip, it is the handwritten signature that should still be required. I have used a CHIP card where the card reader requires a signature and I am fine with that - it's still me who signed. The technology is there, why not use it to actually make the process more secure as opposed to just transferring responsibility?
More on the subject here.
All seems very well, you are impressed with VISA's concern for the security of your transactions and you think to yourself: Wow, Visa takes good care of their costumers. Wrong! The chip set cannot be replicated, but there are other ways in which it makes the costumer vulnerable. Worse ways.
See, if you need to sign the receipt when you buy something with your credit card, there is a way of knowing when it was not you who signed the paper. There are infinite possibilities for ways of signing your name, now, a four digit PIN has only 10 thousand possibilities. That is much less than infinite.
But that's only a detail. The big problem is that the costumer is not only vulnerable to the fraudsters (who, in real life would not guess your PIN, but steal it with "security cameras" or card readers that have been compromised) but also to VISA. Yes, to the very company that is claiming to be protecting you.
With the use of CHIP + PIN, VISA's intention is merely transfer the liability of the fraud to the costumer - you would be responsible for the purchase you didn't make if someone manages to use your PIN. Check this out:
The CHIP isn't worse than the magnetic strip, it is the handwritten signature that should still be required. I have used a CHIP card where the card reader requires a signature and I am fine with that - it's still me who signed. The technology is there, why not use it to actually make the process more secure as opposed to just transferring responsibility?
More on the subject here.
Comentários