Business: Credit Card: Security
this card is stolen   (+1)  [vote for, against]
Correcting a problem with chip'n'PIN card security

Yesterday my switch (debit) card stopped working when I went to use it in the cash point (ATM). It turns out that the bank had blocked it in order for me to swap to the shiny new chip and PIN card that had arrived on my doorstep a few weeks ago. Pah! I thought at the time of it's arrival - why would I want to switch to a system where my once fairly private PIN is now used in every public transaction?

Of course, a PIN is theoretically more secure than a signature. Which is fine, except that the new cards still have a signature on the back of them, and anyone stealing them need only go to a shop with no chipped card reader to use the signature, or even to one with a card reader and choose to sign rather than PIN. In fact, in the accompanying literature, it specifically says that you're free to use a signature rather than a PIN whenever you (or a thief) wants to. If I'm going to have to use a PIN system, at least make it worth it.

So the solution - simply write 'this card is stolen' where the signature would normally be on the back of the card. Now anyone using the card is forced to use the (hopefully unknown to thiefs) PIN.
-- iivix, May 27 2004

you could write - PLEASE AUTHENTICATE USING PIN ONLY across the signature strip. If I worked in a shop and someone had a 'this card is stolen' I'd have to cut it up in front of the card holder, that's standard practice.

Anyway.. this is consumer advice and not an idea.

p.s. // PIN is theoretically more secure than a signature// which 'theory' are you basing this on ?
-- neilp, May 27 2004


//PIN is theoretically more secure than a signature// was sarcasm.

//If I worked in a shop and someone had a 'this card is stolen' I'd have to cut it up in front of the card holder, that's standard practice//

Well, the thing is, under ordinary circumstances (i.e. using a card reader) the cashier would never handle the card and see the message.

PLEASE AUTHENTICATE USING PIN ONLY

makes more sense though.

OK, if you insist on calling it consumer advice, here's it in idea form:

Make chip'n'PIN cards with no signature space on the back.
-- iivix, May 27 2004


not good for people who can't remember numbers, or dyscalculics.

I've just moved to a country where they use PINs and not signatures and after a bit of scepticism I'm convinced the PIN approach is much more secure.
-- neilp, May 27 2004


The Chip and PIN system is flawed in its implementation in the UK as the system hasn't been made accessible for people with visual impairments and some readers are placed in such a position as to be inaccessible to wheelchair users.
-- oneoffdave, May 27 2004


[oneoff] you could widen that point to say that the UK is flawed for the same reason. Surely someone will contest it under the DDA?
-- neilp, May 27 2004



random, halfbakery