You're using IE. Scroll down.

Chip and PIN and the USA

Will chip&pin credit card technology really increase security ?

The usual scenario in USA is getting your credit card swiped through some PC keyboard or Square reader attached to an iPad. Is that keyboard attached to a malware infected PC ? Is that iPad running a fraudster app ? Are those things card skimmers that will instantly transmit all your card information to cloners ? Every time a payer lets the card get swiped it’s a russian roulette. In fact, those transactions are nearly indistinct from fraudulent transactions except for the reputation of the merchant as they use exactly the same information a fraudster can steal at the point of sale.

EMV chip and pin uses dedicated tamper proof payment terminals which are independent from the store computers. That alone provides much better security for the card holder as a fraudster needs to physically access and modify the payment terminal to steal card data. While it’s totally possible to produce a fake payment terminal that looks legitimate it’s hard to install them at scale, as opposed to infecting windows point of sale networks with card stealing malware. One thing a tampered EMV payment terminal can do is capture your PIN which is bad if the fraudster also steals the card. Modern EMV cards and terminals prevent chip cloning and security conscious banks issue cards which chip data can only be used for EMV transactions so cloning shouldn’t be much of a concern. I’ve been very abrasive about the earlier EMV protocols but the truth is even those fundamentally flawed protocols provided much better security than band swipe.

For the merchants chip and pin releases them from the considerable burden and liability of processing credit card numbers. It also allows them to tap into the world market of EMV payment terminals and there’s the fact merchants will be liable for all fraud on non EMV transactions.
So why all the fud and resistance to the switch ? One reason is an unsecure swipe gadget is under 5 USD while a secure EMV terminal costs from 50 USD to to 500 USD depending on the features and complexity. Another could be that EMV chip payments, like Apple Pay, don’t give the store’s system any information about the payer as opposed to swipe which gives the store the payers name and credit card number.

So yeah, chip&pin definitely increases security.

/tech | edited on 2015/10/10 -- permalink, click to comment

SanFran ? SanAnthony!

Lately San Francisco has been in the news a lot for mostly the wrong reasons. Aparently tech companies continue to flock to sanfran despite being well past the cost breaking point. Out of control homeless population and absurd house prices go hand, in hand with people living month to month on six figure salaries and finding themselves on the streets immediately after the slightest hardship.

I live in Lisbon, a fairly cheap city in Europe, and all this sounds pretty crazy. As Make’s Sabrina Merlo noted on her visit to our Maker Faire Lisbon and San Francisco look like long lost twin cities, with the same by the sea feel, the same bridge and the same street cars. It’s October, sunny outside and I’m in a short sleeve polo shirt. Just had a good meal for 8 euros but sometimes go crazy and splurge 20 euros for tasty sushi. Housing is affordable and while we keep complaining about our public transport it covers all the wider metro area and it’s stellar by USA standards. A large part of the population has at least rudimentary English communication skills, certainly due to the fact tv is subtitled not dubbed, and we invented the multicultural metropolis.

While Lisbon remains mostly untapped Portuguese talent is well known as quite a few of the skilled engineers our technical universities graduate every year end up in London, Dublin or Berlin. Some smaller and more agile tech companies are already taking advantage of the Portuguese amenities but the practice hasn’t caught on yet. Maybe with the move of Web Summit to Lisbon that will change and more tech companies will open offices in Lisbon.

/tech | edited on 2015/10/04 -- permalink, click to comment
blog comments powered by Disqus