By Will Sturgeon, 29 March 2005 15:50
NEWS silicon.com readers are largely unimpressed with the introduction of chip and PIN, the new-to-the-UK way of paying by credit and debit cards at points of sale.
Although 56.1 per cent or respondents to a recent survey believe the point of sale technology makes their transactions more secure, a third of respondents (32.4 per cent) branded the change a 'waste of time'.
Furthermore 11.5 per cent of respondents believe the technology is actually less secure with fears of 'shoulder surfing' raising concerns about other shoppers targeting individuals who they observed entering their PIN number. The findings suggest the nation is still fairly divided on the issue.
One silicon.com reader wrote in to say: "I am quite a tall person and it is disturbing that well over 50 per cent of the time I can see what the person in front is typing and should I be inclined to misuse that information I could easily do so. Chip and PIN is clearly a poor solution and open to more methods of fraud."
silicon.com reader Mike Hart added: "At an ATM you can be careful not to disclose your PIN but in a busy shop with only those tiny 'shields' on the terminal it is just about impossible."
Other concerns were raised earlier this month about the risk of in-store CCTV cameras monitoring the point of sale and providing an opportunity to record PIN numbers being entered.
Comments
There are 24 comments. Join the discussion
1. anonymous
Chip and PIN was an excuse to get banks to pass fraud liability onto their customers - the high street chains, the small shops.
Fradulent chip and PIN transactions are the responsibility of these shops, they had to accept this or they could not use the new machines.
2. anonymous
The London Programm, ITV (London Region) Tuesday 15 March, 2005.
The Truth Behind Chip & PIN.
The programmes opening statement:
"My view (chip & PIN) is that it is one of the most brazen attempts ever by any countries financial sector to dump liability onto its customers."
(Prof. Ross Anderson, Cambridge Univ.)
The programme also highlighted how a victim of PIN based fraud wasn't believed when she said she never wrote her PIN down or told anyone.
Most worrying of all was how the Chip on a Chip and PIN card was disabled to show that the card was magnetic strip only. The card was then cloned, and the cloned card used with the valid PIN.
It's a pity this programme was only shown in the London Region. IMHO if shown nationally lots of credit cardholders would be bining their PINs.
Chip & PIN - a must have for all well heeled crooks!!!
3. Richard Taylor
Many online banking sites use a system whereby they request two or three characters from a longer PIN or password. The character positions requested change each time. Why does chip & PIN not use a similar system? Any spy would only get a subset of the total PIN or password, and this information would only be of use when the system requested the same characters again.
4. Derek Cullen
I cannot see how Chip and Pin BY ITSELF is more secure. Combine it with a signature and it makes more sense.
Queuing at my local supermrket, I often see people look up their pin
5. anonymous
I now have to (try and) remember 5 pin numbers for my two current accounts and two credit cards, plus a business credit card.
I only used to have to write my name. This certainly isn't about making it easier for the customer.
It's all about banks profits.
6. Michael A
I like chip and pin, it makes transactions easier at the till, and it is better than the old signature based system. I think some of the retailers have still need to pay catch-up. Why do most of them still insist on taking the card from you and swiping it themselves, sometimes in a separate reader - this gives opportunity for the card to be cloned. With chip and pin I had hoped that I would be able to make sure the card never left my sight.
7. Martin S
What a bunch of pathetic whiners. I have problems writing and my signature has NEVER matched the one on the back of my cards. Guess how many times I've been pulled about it or asked for addition ID? Oh look a capitalised NEVER again. I'll stick with chip and pin thanks. Oh and if your so worried about should surfing then cover the bloody key pad with your free hand! You know like you’ve been advised to do at ATM’s since there conception. Bet you have no problems using those?
8. anonymous
When I first heard they were going to introduce chip & pin technology, the first thought that entered my head was the ability to watch someone enter their pin and then follow them and mug them (and I'm not a criminal!).
It amazes and baffles me that banks and the majority of the general public have only just considered this as a possibility! Are people really that naive?!
9. anonymous
It is evident that Chip and PIN is not going to solve the problem. In the absence of a 100% soution to the problem, getting to know that a fredulant transactions has taken place. This is an innovavative solution where an alert is sent to the Mobile Phone, PDA or the Smart Phone of the subscriber, showing the details of the transaction. The users find this a valuable service as they know that no transactions could take place without their knowledge. Even if a freudalant transaction takes place, the user could alert the bank, with the information of the amount and the location of the transaction.
10. Troy Hoskison
Chip and Pin is a lot better. How can a signature be more secure than chip and pin. If I leave my wallet somewhere someone can take my credit card and buy stuff straight away. With Chip and Pin they can't.
Ok so someone can see my pin number, Once they've done that they can pickpocket me to get he card, but without chip and pin all they have to do is pickpocket me.
Chip and pin is a lot faster and easier. Doesn't put the sales person in a uncomfortable situation of not accepting a signature.
Ok so chip and pin is not 100% secure, but it's a much better idea that a signature.
If someone recomended introducing a signature system now everyone would be jumping up and down saying how insucure it is.
11. anonymous
Yes, but it IS quicker.
I use computers all the time so I've virtually forgotten how to write my own name :-)
Better shielding of the keypads is required though.
12. Brian Catt
New Safer Fraud With Chip 'n Pin: The bank's don't say they have created a much cleaner anonymous cash fraud where any half decent shoulder surfing pickpocket can use chip and PIN to get cash as well as buy goods now.
Cash is King.
This is better?
Where's the increased security in extending the possibilities for fraud to anonymous cash withdrawls?
13. Arnold
Its definitly better than a signature thats for sure. The number of times ive bought something and when giving them the signature, they've peeled off the carbon copy and given it back with my card, without even checking they match! With chip and pin, this is avoided.
14. anonymous
So what if you can see over the shoulder of the anonymous customer in front of you. So what if you can read their PIN. You would still have to attack them in order to get the card in order to do anything useful with it. You could have done the same thing with a signature card: mug the customer, steal their card, practice their signature for 5 minutes and go shopping!
What a bunch of moaning dogmatists!
15. anonymous
Quite simply. Make a conscious effort to stop using credit card too often, wherever possible & at the same time reduce the £65,000,000 estimated debt mountain in the UK.
As the Chip & Pin cards come in I personally am using those that have not yet changed over. I too, do not see why a retailer should find it necessary to pass one's card through a second machine. I have seen it happen, to others & thought at the time. 'Very dodgy'.
16. anonymous
Comparing chip and pin against signatures it is a combination of the security and the the way banks and card insurers treat liability.
With signatures if your card was stolen and used and you reported it in time you could limit your liability.
With chip and pin if your card is stolen and used, you stand to be held wholly liable either because you divulged your pin.
I had a big enough problem with a credit card provider where fraudulent transactions were made on a card which I still had in my wallet. Their arguement was that I must have handed the card to someone else. My question was well how the hell to I get it swiped in order to use it, if I can hand it to anybody. I can just imagine what will happen if the same situation occurs with a chip and pin card.
17. anonymous
Chip and pin is more convenient for sure if you can remember your PIN, but the real cost of fraud is now with the individual and not the bank. It is your loss if someone gets your PIN and has a feild day. no more, "well that's not my signature".
18. Deepak Surana
TRUE... The overall banking security in UK is not secure enough.
Why BANKS don't keep photographs of customers to validate when drawing money from counter ?
Why card companies don't add photographs on face of card ?
Why the "challenge phrase"(i.e. security question) is always "Mother's maiden name?". Do they think it is difficult to obtain someone's mother's maiden name ?
Why do they send cheque books via un-signed postage delivery ?
The list is endless....
Sadly, I have to admit that we deserve to be compromised because of grass-root level blunders.
19. anonymous
if it was a genuine attempt to cut fraud it would be chip, pin AND signature. as it stands it is a muggers' charter to shoulder graze pins of the frail and elderly then relieve them of their plastic.
20. anonymous
Robbed At Tesco Checkout.
http://www.thisislondon.co.uk/news/business/articles/timid399762?source=
Chip & PIN is not a waste of time for the Banks if they can shift liability onto the cardholder.
21. Kevin Murphy
The Pin number should have more digits. Perhaps eight or ten. People will just have to spend a bit longer memorizing the number but I'm sure it would significantly reduce the amount of "shoulder surfer" criminals.Its is very easy to remember four digits but with eight or ten the criminal would have to write it down.
22. anonymous
Chip & Pin can be far more secure if people are sensible in the way they enter their pin number.
I work in a UK supermarket, and I am astonished to see the number of people who don't remotely cover their pin up at all.
The best way to enter your pin safely is to remove it from it's stand and type it in, that way you can be sure nobody is watching.
23. Rohit Banseedharr
The comment will reach the bank only after the money has left your account/bank. Obviously this is not what you would like to hear/see.
24. Steven Bero
We are in the process of fighting the bank over £1200 being scammed out of our credit card i.e. at ATM's by a cloned card using chip and pin. The bank is firmly saying we are to blame, not interested in finding the truth, and looking to only blame us and not to look for the real fraudster. The system is a sham, and we have to now fight to clear our name. Not so convenient now is it. Never lost money when signing. I'm looking for alies, who else has been conned by chip and pin?