You're using IE. Scroll down.
home :: tech :: pinchipinusa

Chip and PIN and the USA

Will chip&pin credit card technology really increase security ?

The usual scenario in USA is getting your credit card swiped through some PC keyboard or Square reader attached to an iPad. Is that keyboard attached to a malware infected PC ? Is that iPad running a fraudster app ? Are those things card skimmers that will instantly transmit all your card information to cloners ? Every time a payer lets the card get swiped it’s a russian roulette. In fact, those transactions are nearly indistinct from fraudulent transactions except for the reputation of the merchant as they use exactly the same information a fraudster can steal at the point of sale.

EMV chip and pin uses dedicated tamper proof payment terminals which are independent from the store computers. That alone provides much better security for the card holder as a fraudster needs to physically access and modify the payment terminal to steal card data. While it’s totally possible to produce a fake payment terminal that looks legitimate it’s hard to install them at scale, as opposed to infecting windows point of sale networks with card stealing malware. One thing a tampered EMV payment terminal can do is capture your PIN which is bad if the fraudster also steals the card. Modern EMV cards and terminals prevent chip cloning and security conscious banks issue cards which chip data can only be used for EMV transactions so cloning shouldn’t be much of a concern. I’ve been very abrasive about the earlier EMV protocols but the truth is even those fundamentally flawed protocols provided much better security than band swipe.

For the merchants chip and pin releases them from the considerable burden and liability of processing credit card numbers. It also allows them to tap into the world market of EMV payment terminals and there’s the fact merchants will be liable for all fraud on non EMV transactions.
So why all the fud and resistance to the switch ? One reason is an unsecure swipe gadget is under 5 USD while a secure EMV terminal costs from 50 USD to to 500 USD depending on the features and complexity. Another could be that EMV chip payments, like Apple Pay, don’t give the store’s system any information about the payer as opposed to swipe which gives the store the payers name and credit card number.

So yeah, chip&pin definitely increases security.

/tech | edited on 2015/10/10 -- permalink, click to comment
blog comments powered by Disqus