Chip and Pin, or how not to introduce a new security measure

So what is so wrong with chip & pin?

Quite a lot really, as it is part of a system of Proof of Identity being implimented by an industry which should know about security, but obviously doesn't.

The most blatant problem is that it moves the liability for fraud away from the bank and on to the retailer and the card user. They keep very quiet about this, and no matter how good chip and pin is at stopping fraud, the banks save a fortune, at everyone elses expense.

This interacts with their guilty until proven innocent policy for any card fraud which doesn't have bank liability to make it so that you can lose hundreds of pounds and they won't cover you for it.

Then there is the problems with the pin numbers, of which there is many.

A problem with the numbers is that researchers at the university of cambridge have found that the printing process used to produce the pin number which they send you can be read without even opening the envelope if they don't get it exactly right.

Also, chip and pin was only ever trialed in France prior to a worldwide roll out. Nothing wrong with the French, but they traditionally only have the one card, which is different from almost everywhere else, so the test misses all sorts of problems to do with having multiple cards.

Because in most other places people have more than one card, you have the a number of consequences, especially as people can't remember multiple numbers.

So people either write them all down on a crib card or set all of their cards to use the same pin. In either case, it is a massive security problem.

Then there is the problem with 'Shoulder Surfing'. What happens here is that the farsical equipment in supermarkets make it trivial to see what the numbers of people 2 or 3 places ahead of you in the queue.

They can also see if you are using a crib sheet as well.

This interacts with a number of other problems with the technology. For example, if you throw away the receipt, this includes the full card number, making it easy to do vender not present fraud like paying over the phone or the internet.

Another interaction is with the atm (hole in the wall) machines. You take a fairly secure system like the atm system, force the use of the same pin number in supermarkets with an atm in the wall, and you are asking for trouble.

Another university has found evidence that a number of gangs have been using shouder surfers as spotters, and then the person with multiple cards is mugged or their bag is snatched to get their cards, and the cards with the detected numbers are used to get the daily maximum out of the atm for all of the cards.

This could be stopped immediately if it was possible to have the number for the atm being different from the one you use at the till.

Having tried to get any positive response from anyone on this, the attitude of the bank is that the card makers don't let them by default, and the card makers say they won't unless the banks specifically insist on it. A classic example of buck passing.

As if this was not bad enough, supermarkets and other retailers are training their staff to not look at you typing in the pin, as a security measure. However at the same time the staff are stopping checking that the card details make any sense for this customer.

Researchers at the University of East Anglia have found it to be so bad that they can have male and female researchers swap cards, and despite the fact that they are now using a card stating on it that it is for a member of the opposite sex, no questions were asked.

Yet another problem is that there are all sorts of people who have problems with pin number systems. This is best demonstrated with the elderly, but applies to a number of other categories of people with medical problems. This could result in discrimination claims.

A number of the elderly and the disabled physically cannot use the keypads due to the small key size on the keypads. Those with poor eyesite can have problems reading the pads and spotting if anyone is shoulder surfing. Those with poor memories cannot reliably remember their pin number.

This could be solved by getting a chip and signature card, and there are 3 million who are likely to need them, but only 100,000 have been sent out 1 week before the compulsory changeover, which could be a problem.

Even this late, only 1 in five branches have accurate information about chip and signature cards, which is totally daft.

As if that isn't bad enough, 1 in 7 credit cards have not been replaced, and 3% of debit card have not been replaced. 30% have not yet had their pin numbers arrive.

Due to the small size of the keypads, it is much easier to miss key your pin than at an atm, but you still get locked out after 3 faulty pins.

Some large companies like BHS and B&Q have not installed the equipment in time, and neither have many smaller shops. Once you go abroad on holiday, the figures are much worse for availability of card readers, so the signature will still be with us for a long time, even though shop staff still won't bother to check it.

After February 14th 2006, you will also find that a lot of people will be turned away at the tills if they forget their pin, and some stores are actually training their staff to not accept any card without a pin, even chip and signature cards which don't have them.

All of this will result in lost sales if they reject the card, and increased liability for fraudulent sales if they allow the sale without a pin.

To top it all off, the security information on the stripe can be used to compromise the security of the chip.

A final irony, on the day before it became compulsory, the card issuers were advising people to carry cash as well as the card because of all the expected problems.

On the whole, I cannot think of a single aspect of this introduction which has been handled in a competant manner.

