Guest Posted March 7, 2014 Share Posted March 7, 2014 U.S. retailers are digging in their heels over their need for PIN authentication for Europay MasterCard Visa (EMV) smartcard use here. View the full article Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted March 9, 2014 Share Posted March 9, 2014 Chip without PIN doesn't offer full protection for consumers, they say; Visa, Mastercard argue that PIN isn't needed Of course a PIN should be required. They always try to dumb everything down. And make things insecure in the process. Quote Link to comment Share on other sites More sharing options...
crp Posted March 10, 2014 Share Posted March 10, 2014 (edited) Of course a PIN should be required. They always try to dumb everything down. And make things insecure in the process. I don't think you are addressing the concerns of the creditcard companies. To them, the amount of fraud that occurs to people faking signatures is but a pittance to the problem of creditcards that are not real. That is where the chip comes in. Much harder to fake those than the magnetic stripe, and much harder to manipulate the chip.Now, imagine the frustrations of having a customer at the check out line and having everything in order and then forgetting the PIN. I would think the creditcard companies would much prefer having signature provisions then dealing with customers calling in all day and night to get their PIN changes. And imagine the trouble with making sure the phone calls aren't social engineering tricks. Edited March 10, 2014 by crp Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted March 10, 2014 Share Posted March 10, 2014 I think I am answering it pretty well. It's worked well enough with requiring pin and/or zipcode with the old magnetic strips at gas pumps for years. Maybe require a PIN and signature for anything over $50 would make them happy? Don't forget that many convenience stores run the card and hand you a receipt with no authentication of any kind up to about $10 or $15 already with the magnetic strips ones. Quote Link to comment Share on other sites More sharing options...
ross549 Posted March 10, 2014 Share Posted March 10, 2014 I've seen "no signature required for purchases up to 35.00. I don't think requiring a PIN on the card is going to be that big of a deal. It is good security. We do this every day in the US Military with our Common Access Cards. Most cards have PINs already for ATM access. Adam Quote Link to comment Share on other sites More sharing options...
crp Posted March 10, 2014 Share Posted March 10, 2014 On automated machines the signature can not be checked. The gas stations I use do not ask for zip code when using creditcard at the counter, they check the signature. Odd, gasoline they check any amount but in the store section less than $35 they don't check. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted March 10, 2014 Share Posted March 10, 2014 When I pay at the pump, which is generally what I do, the pump software sometimes ask for PIN and/or zipcode before authorizing. Quote Link to comment Share on other sites More sharing options...
crp Posted March 10, 2014 Share Posted March 10, 2014 When I pay at the pump, which is generally what I do, the pump software sometimes ask for PIN and/or zipcode before authorizing. were I live, debit card - PIN, creditcard - zipcode . Quote Link to comment Share on other sites More sharing options...
ebrke Posted March 10, 2014 Share Posted March 10, 2014 (edited) When I pay at the pump, which is generally what I do, the pump software sometimes ask for PIN and/or zipcode before authorizing. were I live, debit card - PIN, creditcard - zipcode . I really find this interesting. I've never to my recollection been asked for any information aside from my signature, and frequently not even that (haven't signed for gas purchase in years), anywhere I used my credit card(s) in my home state. Only one retailer used to ask for a zip on credit card purchases, and I always thought that was a marketing thing--maybe I was wrong--and even that retailer stopped asking several years ago. Debit card used as debit card would require pin, but if used as a credit card, same as above, nada. Edited March 11, 2014 by ebrke Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted March 11, 2014 Share Posted March 11, 2014 Asking for PINs and/or Zipcode is generally at the pump only. And I am sure Adam is right about the $35 before being asked for a signature ... at least at many places. Some always ask for a signature. But never at the gas pump. Quote Link to comment Share on other sites More sharing options...
abarbarian Posted March 11, 2014 Share Posted March 11, 2014 here in the UK we have had mandatory pin numbers for all cards for some years with no difficulty. mind you we have an excellent education system and brits are quite bright so remembering a four digit number is not a challenge for us. 1 Quote Link to comment Share on other sites More sharing options...
ebrke Posted March 13, 2014 Share Posted March 13, 2014 here in the UK we have had mandatory pin numbers for all cards for some years with no difficulty. mind you we have an excellent education system and brits are quite bright so remembering a four digit number is not a challenge for us. You made me think of what happened today while I was getting my hair cut. An elderly woman was trying to pay using her debit card, and didn't get her pin right. The owner then put the card through as a credit card (no PIN), and it was accepted. All I could think was if anything should look like fraud to a card issuer, that transaction should have. 2 Quote Link to comment Share on other sites More sharing options...
abarbarian Posted March 13, 2014 Share Posted March 13, 2014 You made me think of what happened today while I was getting my hair cut. An elderly woman was trying to pay using her debit card, and didn't get her pin right. The owner then put the card through as a credit card (no PIN), and it was accepted. All I could think was if anything should look like fraud to a card issuer, that transaction should have. Here in the UK we have separate cards for debit and credit. Debit cards are the best as if you have no loot in the bank your card will not let you overspend. Credit cards are best used as a very last resort in emergancies or for on-line purchases as they offer more buyer protection and you are not giving your bank details to everyone so it is a slight security buffer. Old folk pose a problem to security due to forgetfulness and this can leave them open to abuse. they have the same or similar problem if they use cash though. A difficult problem to solve. If I was world ruler I would take out anyone ripping of old folk and stand them up against a wall and shoot them.Quick clean and effective and a very cheap solution. Quote Link to comment Share on other sites More sharing options...
crp Posted March 13, 2014 Share Posted March 13, 2014 You made me think of what happened today while I was getting my hair cut. An elderly woman was trying to pay using her debit card, and didn't get her pin right. The owner then put the card through as a credit card (no PIN), and it was accepted. All I could think was if anything should look like fraud to a card issuer, that transaction should have. Transaction fraud is much less of a problem than physical card fraud to the card issuers. The assumption is made in such situations that ID and signature were inspected before card went through as a credit charge. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted March 13, 2014 Share Posted March 13, 2014 Assumptions will get them in trouble. Quote Link to comment Share on other sites More sharing options...
ross549 Posted March 13, 2014 Share Posted March 13, 2014 Yes, they will be made, and folks could get into trouble. But this is a case of risk mitigation. By switching to chip and PIN, the industry is mitigating a significant number of problems with mag stripe transactions. It will be much more difficult (I am not suggesting in any way it will be impossible) to duplicate the chip on the card than a simple mag stripe. There is no way to completely secure all transactions without completely overhauling the payment systems in use by all vendors. It would be impossible to do so without a significant disruption to the world's combined economies. This is a step in the right direction, but just that. A step. Adam Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted March 14, 2014 Share Posted March 14, 2014 I am all for chip and PIN if we have to use these cards. I keep mine in a case where they can't leak either way, but requiring a pin isn't going to hurt anyone. Quote Link to comment Share on other sites More sharing options...
ebrke Posted March 14, 2014 Share Posted March 14, 2014 By switching to chip and PIN, the industry is mitigating a significant number of problems with mag stripe transactions. What about the situation of pirate hardware attached to a POS device that fraudulently captures the PIN from each swiped card? Would having the chip mitigate this? Quote Link to comment Share on other sites More sharing options...
ross549 Posted March 14, 2014 Share Posted March 14, 2014 There is no panacea when it comes down to transaction security. As I said earlier..... There is no way to completely secure all transactions without completely overhauling the payment systems in use by all vendors. It would be impossible to do so without a significant disruption to the world's combined economies. This is a step in the right direction, but just that. A step. Sure, a chip skimmer would possibly have security complications, but I do know having a PIN makes it much harder to be able to execute a transaction without the PIN. It does nothing, however, for transactions online- only POS terminals. Adam Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted March 14, 2014 Share Posted March 14, 2014 Aluminum cases prevent skimming! Quote Link to comment Share on other sites More sharing options...
ross549 Posted March 14, 2014 Share Posted March 14, 2014 From RFID skimmers, perhaps, but that's another whole ballgame. These are simple smart chips on the cards. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted March 15, 2014 Share Posted March 15, 2014 The Chip in Chip and PIN is RFID is it not? Although not ALL RFID blocking cases/cages are created equally and some don't block entirely, there is apparently a way to block it entirely (noted in BOLD below): Shields or wallets marketed as RFID-blocking devices can make it more difficult for someone with an electronic reader to read your cards, but they don’t entirely block transmission of card data. When Recursion’s security experts tested 10 types of shields and wallets currently being sold to protect contactless cards, they found that none blocked the signal completely, and there was dramatic variability even among samples of the same brand. Using a different approach, Recursion’s experts created a credit-card-sized jamming device for the wallet that prevents cards from responding to any reader. Our reporter offered her own homemade shield constructed of duct tape and lined with aluminium foil. It provided better protection than eight of the 10 commercial products, including a stainless-steel “RFID blocking” wallet selling online for about $60. But when I looked it up, Recursion RFID credit card jammer is missing in action?! Apparently each one has their own frequency too which makes it hard for the jammers... But there is also this: Make a Faraday Cage Wallet - WikiHow Sans Recursion's jamming device, it looks like the reporter's homemade duct tape and aluminum foil seemed to do better than $60 RFID blocking wallets sold online... Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted March 15, 2014 Share Posted March 15, 2014 Best RFID Blocking Wallets for Protecting Your Contactless Cards If these things won't take care of Chip and PIN protection, then what will Adam? Quote Link to comment Share on other sites More sharing options...
ross549 Posted March 15, 2014 Share Posted March 15, 2014 Chip and PIN is simply a storage chip on the card. You have to physically insert the card into a smart card reader to get any data off. RFID is that goofy low power chip +antenna. The chip is simply another way (probably poorly encrypted) to store the number on the card. I'd bet the PIN unlocks the credit card number from the [probably poorly] encrypted blob on the chip. Adam Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted March 15, 2014 Share Posted March 15, 2014 (edited) Chip and PIN to replace magnetic strips here. Chip and PIN is the brand name adopted by the banking industries in the United Kingdom and Ireland for the rollout of the EMV smart card payment system for credit, debit and ATM cards. The word "chip" refers to a computer chip embedded in the smartcard; the word PIN refers to a personal identification number that must be supplied by the customer. "Chip and PIN" is also used in a generic sense to mean any EMV smart card technology which relies on an embedded chip and a PIN. OK, sorry. I was thinking CHIP and PIN were being used in tandem with RFID. The basics of chip-and-PIN credit cards - WashingtonPost How are chip-and-PIN cards different from RFID credit cards? RFID, or radio-frequency identification, cards are contactless. They have a chip and radio antenna that transmit account information, raising concerns (which people are still arguing about years after the cards were introduced) that criminals may use readers to skim consumer details. Chip-and-PIN cards work only when inserted into a merchant’s reader. They work like the old credit cards before smartcards with RFID, except they have a chip instead of magnetic strip, and require a PIN to be used. Gotcha! Edited March 15, 2014 by LilBambi Quote Link to comment Share on other sites More sharing options...
zlim Posted March 16, 2014 Share Posted March 16, 2014 The problem I foresee with PINs is that we have 3 different credit cards and two ATMs (same bank but we both use different PINs). Now I'll have to some how remember what PIN goes with what card. Just me getting older and my memory not as good as it used to be. (My husband will expect me to know the PIN on every card. <sigh>) We have 3 cards because I carry one, my husband carries another and the third is only used on the internet. We do this especially when traveling in case one of us gets a purse or wallet stolen, we do not have to cancel every credit card. Just like passwords, I will not use the same PIN on any of the cards. Quote Link to comment Share on other sites More sharing options...
abarbarian Posted March 16, 2014 Share Posted March 16, 2014 The problem I foresee with PINs is that we have 3 different credit cards and two ATMs (same bank but we both use different PINs). Now I'll have to some how remember what PIN goes with what card. Just me getting older and my memory not as good as it used to be. (My husband will expect me to know the PIN on every card. <sigh>) We have 3 cards because I carry one, my husband carries another and the third is only used on the internet. We do this especially when traveling in case one of us gets a purse or wallet stolen, we do not have to cancel every credit card. Just like passwords, I will not use the same PIN on any of the cards. You could do , 1234 1235 1236 or 5091 5092 5093 or some such system to make life easier. Quote Link to comment Share on other sites More sharing options...
abarbarian Posted March 17, 2014 Share Posted March 17, 2014 write the pin on the card with a black uni (brand) paint stick. You might as well just give criminals your money as do that. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.