RBC Royal Bank here in Canada is making lots of noises about “chip and PIN” banking/debit cards and credit cards.
These have a chip in them–it’s embossed onto the front of the card–and you enter a PIN into the terminal when you use it instead of swiping. You will no longer need to sign the credit-card slip because the PIN will provide the authorization. We’ve used debit cards with PINs for years here, but they don’t have chips; you swipe them through a reader.
Apparently this is the up-and-coming thing for payment cards. Anyone else using chip and PIN?
I’d imagine that nearly everyone here in the UK uses chip and pin. I do have a US debit card, and some places won’t accept it because it’s the old style swipe card.
I get my CIBC “chip and pin” card in February 2010…at the rate things are going, I’ll be only person left in the country with an old-fashioned card by then.
BMO just sent me mine a couple of weeks ago. I’m not so sure about the extra level of security it ostensibly provides, but meh, whatever. I didn’t have to do anything to get it.
So far, no place that I’ve used it do anything with the chip part. It’s all been swipe as usual.
There were links off the RBC website… here’s the Interac [debit-card] Association on chip-based debit cards. Here are Visa Canada on on chip-based Visa cards and MasterCard Canada on chip-based MasterCards. According to the Interac site, Canada’s supposed to be switched over completely by 2015.
I started to wonder how durable the chip was, and whether it would short out or something if I dropped the card in the lake… I’ve emailed RBC.
Okay, that’s scary. Credit-card + gambling… oh, you mean for hotel, etc. I heard horror stories about people putting their credit cards on autofire at the slot machines…
Not only are they the norm in Britain, but the impenetrable security they supposedly offered appears to have been breached, with cloned card ‘factories’ having been raided and so on. Of course, now there’s no paper trail of signatures, the onus could theoretically be placed on the customer to prove that payments weren’t made by them.
in holland we also have both the swipe system and the chip system, but it works very differently. It is really swipe+pin and pin+chip. The traditional way (which we have had for as long as I can remember) is you go to a shop, select a product, swipe your card and give your pin number. in addition to that you can also go to a special chip charger (found next to atm’s) where you give your pin and charge your chip (so the money is transfered from your account to the chip on the card) which you can then use to pay with. The idea it that chip is for smaller transactions, since many stores charge a fee when using swipe+pin for transactions under 10 euros.
That’s why Chip+PIN was introduced… it shifts the liability away from the bank and onto the vendor/customer.
If someone forges your signature, the bank should catch it as they should compare every transaction to the signature they hold on file. Clearly never going to happen.
With Chip+PIN there’s no issue… “you must have given someone your PIN, otherwise how could they use your card”.
It’s got to the point now where many shops won’t ever touch the plastic card… you shove it in the machine, tap in the PIN, and off you go.
Many supermarkets even let you scan, pack and pay for your own items, with no checkout staff involvement whatsoever.
There was never any true security in the chips at all. Everything you hear about these chips and security comes from marketing, not the tech side.
Consumer Reports blasted these recently. (June 06) Wikipedia lists just a few of the issues. (Then there was that recent debacle where Discovery Channel squashed a Mythbusters attempt to look into them.)
Even “high security” ones like in passports with biometric data have been cloned.
A while back a credit card company “upgraded” our cards to ones with chips. Called them, argued and finally got regular cards. (It is suprisingly hard to convince a minimum wage phone jockey that someone with a PhD in Computer Science who personally knows some of the most famous crypto people actually knows more about this.)
The “minimum wage phone jockey” might have been confused if you were telling them how awful Chip n Pin was based on the Wiki article. That’s all about RFID which entirely different from the chips in credit and debit cards.
Heh… you might not want to share this story with “some of the most famous crypto people”, 'cos they might think you’re a bit of a plank.
As MarcusF points out “chip+PIN” in the context of this thread is nothing to do with RFID.
I believe there are some RFID credit cards one the market - VISA’s payWave technology is essentially RFID - but most chip+PIN involves tapping the PIN manually into a card-reader.
Every so often the banks amend the terms of use the vendors have to agree to and they now seem to be responsible for very little if any transactions are dodgy.
Several years ago the monthly fee they charge for the use of a swipe machine was increased by, iirc, £5.00 pcm to pay, they said, for r&d of chip & pin technology. This is now firmly in place nationwide (I’m in the UK) and, of course, there’s no sign of them putting their rental charge down again! (This is a fee separate from the percentage/flat fee (depending on the card) that they also take on every transaction.
So this was considered a big enough problem that replacing the entire worldwide card and reader infrastructure* was a cost-viable solution? I thought that, if a signature was not checked with the card during the purchase, and the customer later disputed the charge, it was the receiving merchant who was on the hook.
[sub]*In Canada, basically every ATM and point-of-sale terminal has being replaced. I get the impression that Canadian customers will not be allowed to use swipe cards after 2015. Not sure about visitors.[/sub]
I found this interesting article about the spread of chip-and-PIN cards last night: U.S. credit cards becoming… less usable abroad. I don’t remember having that kind of problem with my swipe card when I was in Europe in 2000, but maybe they hadn’t started rolling it out then. Also, I mostly used cash…
