Chip and pin is not nirvana

In the UK today it is D-Day for Chip & Pin.

Basically, all UK credit and charge cards should now be fitted with a chip and when you pay for goods with your chip and pin card, you have to enter a pin number, rather than provide a signature.

All of the bugs in the process have yet to be ironed out - many of us, for example, still don't have chip and pin cards, even for our most regularly used cards. We can still sign, but the secondary problem here is that some stores are refusing to accept non chip & pin cards for transactions. There is no reason for this - except badly trained staff and a campaign by APACS that gives the impression that everything is OK.

It is even more confusing for foreign visitors who may have heard of the new chip and pin system and are suddenly worried about the effects and whether they will be able to use their cards. They will, but the campaign, advertising, and store owners would lead you to believe otherwise. I've even seen material in shops, supplied by APACS, that gives the exact impression that anybody without a chip and pin card is essentially a fraudster and should have their card refused as a valid payment option.

Behind all of this though is a separate issue about the relationship between technology and security. The impetus behind chip and pin is to prevent 'skimming', where fraudsters skim your card while it is being swiped for a genuine purchase, often within a restaurant or other location where the card is taken away during the transaction.

That's fine - I understand completely why that is a problem and why chip and pin will solve it. Instead of an easy to read magnetic stripe, the cards now contain a small chip with encrypted data, including your 4-digit pin number. Getting the 4-digit pin out of the card and cloning it is now more difficult. That's the technology angle, and obviously it is going to help.

However, I dont see how, longer term, it will work to combat fraud, and I can even see it making some aspects of the potential for fraud easier, rather than harder.

For example, with the old cards you had to provide a signature and, if you had a good shop assistant, your signature would be checked. Committing signature fraud was difficult, because forging a signature was difficult. I'll admit, however, that in many places signatures weren't checked. In many instances I was given my card back before I even signed. In the US I know, from experience, that the situation is much, much worse with most assistants not even looking at the card at all, let alone thinking about the signature.

Now, however, we've put our faith in the technology of chip and pin. Most assistants concentrate even less on this process and blindly think that the chip and pin means that worrying about the customer, their appearance and what they look like no longer matter. As long as you enter the right pin, the transaction is fine.

But, most of the pin entry points are not exactly hidden, and many are placed up in high prominent places that make it impossible to make the pin number you enter a secret. We are told, however, never to reveal our pin number to anybody, even though typing in your pin number to most of the card systems is impossible without somebody else seeing what you are doing.

If I had my pockets picked, my card stolen and the thief had been following me to determine the number, there is nothing the shop assistant could do to prevent the transaction. Whereas before they might have noticed a shifty attitude, or the bad signature, now as long as the pin is correct, nobody cares. The 'customer' (i.e. my pickpocket) has entered the right number. Case closed. In a number of tests, most shop assistants didn't even check the basic details of the card (for example, I'd look suspicious using a card with 'Mrs' on the front). The machines often don't tell them anything, and in some stores the assistants expect you to insert your own card. Presumably this is to show that no skimming is taking place, even though we are told, through chip and pin, that skimming is impossible anyway (even though, as we'll see in a minute, it is).

So now I carry I bunch of cards that cannot be skimmed (supposedly), which are invariably not checked or verified by the assistants and the shops that I use and which, through 'easy access' mean that once my pin is known I am a bigger target for pick pockets and quite possibly a mugging. And once my card is stole and my pin number known, there is nothing to stop them emptying my account or racking up my credit card bill, because the shops will only care whether they enter the pin correctly.

In short, the banks have complete faith in a technology that, once the pin number is known, makes it significantly easier for thieves and pickpockets to buy goods than the old skim-possible but signature and human verified method that has been in use for decades.

By introducing the chip and pin system we have removed the very element that used to make - before the majority of shop assistants lost interest - 'customer present' fraud so difficult.

As for the rules behind the scenes, as long as the customer uses chip and pin, the effects of the fraud are carried by the bank, not the shop, alleviating the store of any responsibility and making it even more unlikely that they will bother to check any details. Meanwhile, we as card holders are protected as long as we keep our pin numbers secret - an interesting concept given the open plan keypad entry approach offered by the banks own chip and pin equipment.

Now if the shops aren't liable because they use chip and pin, but my chip and pin number is discovered by somebody watching me enter it at the till (because I have no other way of entering my pin), who, exactly, is liable for the fraudulent transactions that occur on the card?

Sadly, chip and pin also does not address one of the fastest growing areas of fraud - online and 'customer not present' (i.e. mail order) fraud where in many cases only the card number and expiry date are required. Ironically, for all the fuss about chip and pin and how wonderful it is, your card number and expiry date are still kept in a magnetic stripe on the back, easily swipable.

The three digit number on the signature strip at the back is supposed to be an additional level of security, but many online retailers don't use it (Amazon, surprisingly, included) and since it's written on the back of the card they swipe, it wouldn't exactly be difficult for the information to be recorded at the same time it was skimmed. Why anybody would think that a security number actually attached to the credit card is secure is beyond me anyway - if you want it to be secure, it should be sent separately and never attached to the card.

Similarly, I no longer see why we need a raised, printed number on the front the card, simple advertising all of the information. It doesn't need to be out there on the plastic we carry around with us; most people probably don't even know their card number or think about it, so why carry around all the information with us wherever we go?

All in all, I see chip and pin as nothing more than another temporary hurdle to the fraudsters who will find other ways of conning us out of money - and muggings may well increase in the process so that pickpockets can get hold of the much easier to use chip and pin card.

The technology isn't at fault here, but it is our blind faith in the technology that causes problems. We need to be looking beyond single devices (the card), single numbers (the pin) and the combination of identity and security information into a single plastic card. We also need to stop seeing technology as the answer and think about using that very human element, intuition, back into the security equation.