Pretty close, yes. Or at least certain distinctive features anyway.
The lack of motivation on the part of cashiers to check is certainly the weakest spot. Similarly, I gather the the rewards for catching stolen cards have fallen dramatically in real terms to the point where it's probably not worth the bother anymore, and particularly if the cashier suspects the user might be carrying a weapon.
Well, bearing in mind most current card fraud is due to cloned cards, and if we can agree that C&P will substantially reduce cloning, then the only time the situation you describe is likely to arise is when your card is stolen without you realising that is has been nicked AND the pin has been seen by the thief.
I'll bet your fingerprint doesn't look the same each time either. Yet it, and your signature too, could be recognised by a suitably clever machine.
I've never been asked to sign again. But I have often been asked for "something else with your signature on it". This is because the one card I use for almost all my shopping tends to let my signature fade away. I've already touched it up twice.
Indeed. But this cloning prevention is brought about by the chip, not by the PIN. So why are the banks trying to force two changes upon us, when only one of them substantially reduces fraud, while the other merely removes the surest way of proving whether a transaction was indeed authorised by the card holder?
The worst of all possible scenarios is of course when the thief "un-steals" (i.e. returns) the card after having made a wrongful purchase or cash machine withdrawal. The cardholder has probably never noticed the card was missing, and then carries on using it as normal. This fact would then be picked up on by the bank in an attempt to "prove" that the phantom transaction "must have" been carried out by the holder. Of course no-one would ever suspect that the card holder's teenage son might have "borrowed" the card...
In 19** this very scenario happened to me. A bank customer kept going overdrawn each month and eventually the customer *claimed* that the withdrawals were caused by *phantom* withdrawals at the ATM that he didnt know about. He was asked 'have you ever disclosed ur Pin to anybody ?". The reply was "how dare you accuse my son of making these withdrawals" !!
Without a hint of irony, "Tim" astounded uk.finance on 10 Sep
2004 by announcing:
Tap the connections and you have your PIN, in clear. You still need the original card, however, and PED certification involves making this practice difficult which is why the UK banks don't see it as *that* much of an issue.
And how does the criminal do that? Without access to the machine??
If they *do* have access to the machine, then there are untold other methods of acquiring the PIN which they could use -- **even if** the PIN was encrypted before being sent to the card!!
Indeed not. Not yet. So let them get on with developing one.
I would dispute that. Given enough practice, they can probably make a passable attempt if they do it very carefully and slowly, but they also have to do it quickly in view of the cashier while looking natural. To do that would take a *lot* of practice.
Without a hint of irony, "Tim" astounded uk.finance on 10 Sep
2004 by announcing:
Who is the criminal?
That depends on your answer to the above.
Do tell. I can think of 3 offhand, 2 of which are negated by PED certification and the other which involves just watching the cardholder entering the PIN.
I think it's safe to assume that chip and pin has been developed with the assumption that criminals have easy access to chip and pin enabled machines with which to practice their evil deeds.
The pin will be encrypted before being sent anywhere. The chip and pin card will allow 3 wrong numbers before locking itself. Unlocking the card requires that it be taken to the bank who issued it who will unlock it. This will be easier to do in future when you'll probably be able to unlock it at any cashpoint machine.
There's a whole bunch of info about chip and pin on the net that deal with some of these sorts of questions. Here are some links for starters:
Less easily, and less perfectly than a shoulder-surfed 4 digit PIN, certainly.
And besides, my primary concern about C&P is not whether someone uses my card fraudulently (that's my bank's concern, and only indirectly my own
- through marginally higher prices), my concern is whether I'll be more likely to be mugged (with all /that/ entails) for my card because criminals work out that using a C&P card fraudulently requires less expertise than someone who can passably forge my signature.
Don't make the mistake of conflating your bank's security concerns with your own.
But it *does* require knowledge of the PIN. The previous system *didn't* require prior knowledge of the victim's signature - it is there on the back of the card for all to see!!
For that reason, it would have been easy for a mugger to use your card after just mugging you; now (s)he'll need to see your PIN beforehand **as well**. You *do* shield the PIN-pad when you enter your PIN in public, don't you?
But I'd say that it's *less* likely for a C&P fraudster to be
*detected* (and therefore, apprehended) if they use a shoulder-surfered PIN and stolen card. I fear that this may encourage fraudsters to 'give it a try' even if they wouldn't have tried C&S fraud for the reasons Ronald gave is his reply to do (i.e. attempting to forge a signature passably-well in front of a cashier, whilst looking completely natural).
Of course. I even check cashpoints for 'added extras' these days. ;-)
But that won't stop a C&P fraudster from mugging me if they /think/ they got my PIN (regardless of whether actually got it accurately or not).
We'll agree to differ, but for as long as I can, I'll be sticking to C&S as it's safer for _me_ (as opposed to my bank, who I don't give a damn about). It'll be interesting to compare statistics in 6-12 months time or so.
BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.