Chip and PIN, how secure is the transaction?

The PIN terminals are designed to be taken off their stands/desks/whatever and cradled in the hand. So, you can hold it close to your body whilst you type in the PIN. If you don't want to do that, put your other hand over the one typing the PIN.

Usually, there's a "pip" on the 5 key, so that you can find it without looking. This is handy for positioning your hand to type in the PIN blind (i.e. under your other hand, or using your body for cover).

Frankly, I feel that C&P is likely to be the _worst_ thing that's happened to card security for decades. The number of opportunities for PIN thieves to watch the cards' numbers being typed in has multiplied higely -- and let's not forget the possibility of bent security staff, using CCTV to do the same thing, then passing on targeting tips to muggers/pickpockets.

Jon

Without a hint of irony, Jon Green astounded uk.finance on 28 Jan 2005 by announcing:

Not all of them.

Without a hint of irony, "r_mervart" astounded uk.finance on 28 Jan 2005 by announcing:

Refuse to use it. They still have the option of bypassing PIN.

Or pester your bank to give you a chip & signature (aka pin-suppressed) card, and carry on as you're used to doing. The downside is the card won't work in an ATM, which may even be an advantage.

I've been surpised as the ignorance of bank staff about the potential problems with chip&pin.

In message , Jon Green wrote

I used to have a credit card with my photograph on the back and the signature embeded within the plastic. I never understood why the Abbey National considered this was less secure than having a card with no photograph.

Without a hint of irony, Mike Scott astounded uk.finance on 28 Jan 2005 by announcing:

That's rubbish. There's no reason the bank cannot provide you with a card supporting Online PIN and Signature only.

Do you know why they reduced the height of the plastic screens around the keypad ? The C&P promotional material used to show machines with ~5cm screens, the ones I use are all ~1cm, making it easy to see what's typed.

Daytona

It'll be for the same reason just a signature is no good, the staff in shops never pay much attention to them.

In message , Daytona wrote

Probably because the keypads are badly designed without a backlight. There is no contrast between the screen and the text when shops use keypads with high sides!

Unless the checkout is well lit with direct lighting on the keypad it can be difficult to read for some of us :(

I note that some shops want you to place the card in the reader (which can be held in the hand), confirm the spend amount shown on the terminal and then type the PIN. Unfortunately some of the large supermarkets, such a Tesco in Basildon, think it acceptable to position the till readout so that the customer cannot see the total spend and then only ask for the PIN to be entered in the terminal. At least with a till receipt that had to be signed the total was shown above the space for the signature.

What if they refuse? I've asked Cahoot for a chip and signature card when my debit card expires at the end of Feb, and they've said they "can't" (ie won't).

jim

snip

Please get a grip.

The only people Chip & Pin affect are those morons who write their number on the back of the card and leave it lying around for someone else to use.

Tough shit I say.

All this crap about people in the supermarket queue seeing your PIN number is bollox. They still need the card to use it. Muggers waiting outside ? I don't think so.

In message , Theodore wrote

At the time they were such a novelty value that _ALL_ shop staff took notice.

In message , Jon Green writes

The problem will only be if the victim fails to report the theft.

In message , Alan writes

But isnt the amount shown on the PIN terminal as well?

That would be no problem at all. I almost always pay by a credit card for goods but never use it to draw cash from a cash machine. For that I use my debit card which I could leave at home, except when I need cash. I shall enquire about the possibility of having a chip & signature credit card in place of the Chip and PIN one.

Roman

I would imagine that would put them outwith the terms of their merchant agreement. Part of the process of doing a signature transaction is the "Please check the amount and sign on the line" line. If you can't check the amount before PINning for it, that's gotta be wrong.

Might be worth raising with the store manager, or perhaps Head Office.

Jon

Tell you what, express yourself without being offensive and you might just be worth a reply.

Jon

If in the meantime the thief manages to draw some money would you not be asked by the bank to explain how is possible that this PIN which you are supposed to guard as a total secret was known to somebody else?

Roman

I am suprised at that, tesco's Dione Xtreme c&p terminals are meant to display the amount you are authorising on the lcd screen (which is fairly hard to read) and their should be a second display on/attached to the till showing the items as they are scanned/the total etc in addition to the one in front of the cashier. I wrote a letter of complaint to a retailer yesterday objecting to their C&P terminals which fail to tell you how much you were authorising, at least in supermarkets the EPOS systems and card terminals are integrated, this retailer has a system where the till tells the operator the total and they then key it into a seperate card terminal so could concievably miskey it.