15 December 2017
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

739Posts 2,050,541Views 62Comments

Chip and PIN vs. Chip and Signature Cards

08 December 2014  |  2312 views  |  1

The planet’s most powerful nation is sure backwards when it comes to the payment card industry: Why has America been using 1970s technology as of the posting date of this article? That magnetic strip on credit and debit cards has GOT to go already! And thank goodness, the transition to chip technology is more imminent than ever.

 

For those of you out of the loop, the stripe makes it ridiculously easy for cyber thieves to commit all sorts of crimes. (Remember Target?) The chip in most cases will trip them up on this.

Chip-and-PIN technology is better than chip-and-signature. However, the chip-and-signature is taking a much stronger root in America than the PIN version. The signature version’s most obvious drawback is that it’s useless in all the other nations where PIN technology rules.

Additional Problems with Chip ‘n Signature

  • A signature can be forged.
  • The card can be intercepted prior to transaction completion.
  • Will be very costly to convert the current stripe technology to signature—but the investment will not offset the cost due to the inherent weaknesses in signature-based technology.
  • Consumers, thinking that the “chip” part of the signature version means great security, will be miffed once they realize how vulnerable signature actually is.

Benefits of Chip ‘n PIN

  • The card issuer must assign the personal identification number prior to mailing the card to the user; the user must reset the PIN at a branch. Just like a debit card. Easy.
  • Makes it really difficult for criminals to use a person’s credit or debit card in a fraudulent way. A most obvious example is that if a thief steals or finds a lost credit card…and tries to make a purchase…he’ll come to a dead end when it’s time to enter the PIN.

Drawbacks of Chip ‘n PIN

  • Will cost an arm and a leg to implement on a universal scale, and unfortunately, funds are already being diverted to switch over to the signature technology rather than the chip.

Solutions to the Signature Problem

  • To nab or prevent imposters from making that signature, certain technologies like geo-location can be implemented to determine if the customer is the real owner of the card. There’d be multiple technologies in place for verifying ownership.
  • The transaction can require voice biometrics with a smartphone: The system will approve the purchase only when the card user’s voice is identified as that of the real owner.
  • The second point here would be contingent on authenticating the smartphone.

But all that seems a little complicated an unnecessary. We really should just use the Chip and Signature. Or how about we just use Apple Pay!

 

a member-uploaded image TagsSecurity

Comments: (1)

Iain Montgomery
Iain Montgomery - Market Gravity - New York | 08 December, 2014, 21:42

As a Brit, when I arrived in the US to live here I was still using my British banking cards - was incredible how many retailers would get annoyed that their POS device prompted me to enter a PIN. Swiping a card is just a much simpler customers experience. 

The sooner the US embraces NFC and we can all tap and pay - whether that's Apple Pay, Google Wallet or just a contactless card we'll all be a lot happier (and more secure). 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Robert

What Was Scary About Blackhat 2017?

02 August 2017  |  6228 views  |  0 comments | recomends Recommends 0 TagsSecurity

Black Hat 2017 was an Amazing Event

29 July 2017  |  6805 views  |  0 comments | recomends Recommends 0 TagsSecurity

Blackhat Hackers Love Office Printers

28 July 2017  |  5410 views  |  0 comments | recomends Recommends 0 TagsSecurity

Getting Owned or Pwned SUCKS!

13 June 2017  |  5785 views  |  0 comments | recomends Recommends 0 TagsSecurity

Parents Beware of Finstagram

27 April 2017  |  5248 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
732 posts62 comments

Who's commenting on Robert's posts

Ketharaman Swaminathan