I have a few issues with CHIP and PIN or No PIN.
1. It is a security failure of the system which renders the PIN unusable, and turns it into a weakness rather than a strength.
2. The system now relies on the NFC CHIP, which communicates by radio frequency and can be cloned, not necessarily as a card, but as a radio frequency signal transmitter/receiver. It would be possible to clone a customer's card and merely wave a facsimile
of the card near the reader whilst providing the right radio communications responses, meaning that there is no need to clone the chip as such. They're doing it already with CHIP passports and I don't think we'll have to wait long to see it happening to CHIP
cards in the wild.
3. With no PIN required on purchases under £50 , the incentive is certainly there to do so. How many £45 bottles of wine could you buy before the actual real card was canceled? Does this mean that cloning your card is now an almost guaranteed free £400
or so? What about cash out? Surely the intention isn't to have CHIP and NO PIN ruled safe for a £45 purchase and unsafe for a £45 cash withdrawal? Won't that confuse customers and undermine credibility?
Happy days for fraudsters?
I'm not sure I could hold my breath until we find out CHIP card cloning is happening in the stores, but I'll bet it is happening already somewhere in a hackers lab and I am sure we'll all see it soon.
Customers are already confused with the CHIP, no CHIP, PIN/no PIN, signature or not no chip, and generally perceived card transactions as unsafe, but are only willing to use them if the bank or card issuer covers the fraud. With customers suing retailers
because they get different levels of service and terms and conditions and procedures from different retailers, the card is doomed. That is a court case that the card industry loses, even if the customer does not win.
Ultimately the message that the PIN isn't safe will just be another issue contributing to further loss of trust, a fragile thing at the best of times but currently in very short supply with both customers and shareholders in the financial sector.
Governments owning banks or propping them up with public funds may not be as willing to put up with fraud and neither might their now more discerning shareholders.
Customers are becoming very sensitive to trust issues and I see a great opportunity for mobile transactions to sweep the field against this sort of fiasco. The current strap-on NFC CHIP approach to mobile transactions suffers the same woes and potential
disasters as the card based CHIP transaction.
Card based transactions certainly appear to have a growing number of serious hurdles to overcome if they are to remain trusted and relevant in a mobile world. Given the inadvisability of gambling with shareholders funds in the current climate the future
of a global NFC roll-out is in serious jeopardy.
Mobile transaction systems should make it easier for customers and merchants and end the happy days for fraudsters, wthout the expensive roll-out and endless consumer education necessary to cater to the flaws of NFC.