 |
The UK government has been rolling out the Chip and Pin system over the past few years, after it seems much of the rest of Europe has been using it for decades. There is a lot riding on the new Chip and Pin system, and within the first few months of the introduction of the machines, fraud on UK High Streets has said to have fallen by around 25%. This is a good thing of course.
The Chip and PIN is an alternative to using your signature when purchasing something within any real world store. Simply put your card into the machine and enter a four digit code when prompted. The machine then tells you when to remove the card and place it back in your wallet. It even prints up how much will be charged to your card, just in case of any confusion.
According to the Chip and PIN valentines reminder, a lot of people are pretty happy with the new service:
• 83 per cent of all disabled chip and PIN cardholders questioned found chip and PIN as easy or easier than signing
• Similar levels with visually impaired respondents (74 per cent) and mobility impaired (80 per cent) found chip and PIN as easy or easier than signing
• 79 per cent older cardholders (65+) found chip and PIN as easy or easier
• 70 per cent of all chip and PIN cardholders prefer chip and PIN to signing
• The survey found that 79 per cent of respondents with a chip and PIN card found remembering a PIN easy
But, i’m not too sure that i feel comfortable using a chip and pin keypad. For me a signature seems a much more personal way to purchase a product. I think that my signature can not be replicated perfectly, but after several attempts it’s probably likely that someone can get the accuracy needed to pull off a little fraudulant activity. I also know that a pin number combined with a chipped card is probably pretty secure, when used correctly. As Bruce Schneier points out, it is a little amusing that banks are persuading us to use Easy-to-remember PIN’s, where users could use a memorable anniversary or number as a PIN number. Surely this goes against the whole idea!?
One of the flaw’s i see with this system is with the the keypads themselves. Many of the products are quite open and only provide small protection from prying eyes viewing from the side. This still leaves the top open to intrusion from someone viewing the pin number. I’d like to think that somewhere out there is a new form of PIN data entry which enables accurate entry of a PIN whilst concealing the PIN from anyone who might see. I can only imagine a form of data entry which is simple and accurate but does not require any vision to be able to use the system, i.e. the entry pad or method can be hidden from view completely. It could be a little like when you know where all of the keys are on the keyboard you don’t have to look at it, or when you know which buttons on your mobile relate to which numbers or letters when typing a text massage. It sort of becomes automatic, subconciously deciding what you want to do.
After having a read through some information on the security of the ATM keypad I can only presume that there are similarities between that and the security of the PIN readers are the same. So the design for such a unit would require that it has to be visible and not prone to any malicious software or hardware additions to the unit. This could possibly rule out the option of having a hidden entry system due to being prone from attack from outside sources.
The future of PIN entry will no doubt change. In some ways a PIN entry system can allow friendly fraud or immitation abuse quite easily. It’s simple to tell someone your PIN and lend them your card, whereas letting someone borrow your signature is a much harder process!!! Of course the widely known individual identification processes of confirming who you are include that of your palm print, finger print or iris scan but how long will it be before biometrics can be used in the mass market and at a reasonable cost? This, of course, would be much harder to let someone borrow or steal without lending someone an arm. (Maybe the expression “that costs an arm and a leg” may have to be shortened to “that costs a finger or thumb” in the future!)
So, i’ll be waiting for an update to the current Chip and PIN system before it’s widely made compulsary. I’m not really sure i love Chip and PIN, but i guess it’s a good compromise for now.
