Target finally implements chip and PIN card protections Embattled US big-box retailer Target, still struggling to handle one of the largest and most expensive card heists in history, is implementing chip and PIN payment card systems for its stores. The company on Tuesday said that it will be working with MasterCard to move all of its REDcard customer cards over to chip and PIN …
Why would you risk giving away your confidential data to another entity that can get hacked or just abuse this information (they ask for more than just your name and email). Also the "service" is usually short term (are you going to change your name, ssn etc). It's catch 22 and the stupid idea of credit rating forces people that have absolutely no desire (or need) to participate in the scheme that's rigged to benefit banks and lawyers (why it's my business to worry about someone that opens account in my name, shouldn't this be responsibility of the institution that did not validate identity?). The only option is to limit amount of info we "volunteer" and number of third parties we provide it to.
Fraud prevention is the bank's problem, at least with credit cards. That's why I only use credit cards for purchases, and never debit cards. I wouldn't even have a debit card if my stupid bank stopped issuing regular ATM cards about 5-6 years ago and requires my bank card be a debit card. But I never use it as such.
Not to say I don't do what I can to prevent my cards being compromised, but if they do get comprised, other than a small hassle to call them up and tell them which charges I made and have the card deactivated until they can send me a new one, I don't spend any time worrying about whether some place I've made purchases at has been compromised or not.
Visa & MC have a October 2015 deadline to offer one form of the EMV cards anyway, so it isn't like this is a huge initiative from Target, they'd have had to do it anyway.
Although initially the chip & sign form is what is set to happen in the US, but this breech and others have people asking more about chip & pin EMV more often now.
"The point is that the fraud risk is transferred from the merchant, processor and bank, to you."
I would doubt that, at least here in New York. In order to do that the card issuer has to demonstrate that the cardholder has behaved irresponsibly - giving out the pin, lending out the card, losing the card and not reporting it lost in a timely manner etc.
Fraud is never initially the victims fault. Even in America.
Chip and Pin is fine as we here in the UK kmow from using it for years. But it's not really accurate to call it two factor authentication is it?
In most 2FA systems you have a user id and a preset password then a randomly generated code from a separate security device or app, with a chip and pin card the card acts as your user id and the PIN as your password no further knowledge/information/device required.
Where's the second authentication?
With chip & pin the two factor is (1) something you have (the card) and (2) something you know (the PIN).
With online it is something like (1) something you know (password) and (2) something you have (mobile to receive the second code).
Three factor systems add something you are (a biometric).
Not really that's my point, all the card/chip provides is what is effectively the user ID in the form of account details. You authenticate that you are the identified person by providing the password (the PIN).
Not having the card prevents you from even trying to access the related account because you have no information about it. Much as you can't try and log in to an email account without knowing the username/email address.
Providing a user ID/account number whether in the form of a card or simply knowing it, is not a level of authentication. It is akin to gaining access to a secure building by simply telling the guard your name, and them just taking your word for it and not seeing any other proof or validating information.
If you think that username+password= 2 factor authentication then clearly Google and many others who provide 2FA apps are actually doing 3 factor auth.
Because of the other weaknesses in the system, the anti-fraud is more dependent on behavioral checks. One of them is that if you make a small purchase and shortly thereafter make a large purchase, you get flagged for possible fraud.
Discovered this the hard way at a repair shop. I had an old junker I could use while the main car was in the shop. One day I stopped in to check on the repairs. As I was turning in I noticed the gas gauge was low so I stopped to fuel up first and paid by card at the pump, then parked the car. Other car was finished, so I attempted to pay with the same card. BAM! Spent 10 minutes on the phone before they'd clear the card and accept the charge.
I get more than funny looks- I get a complete refusal to accept US credit cards at small pubs, restaurants, and shops in the North. To the point I had to go through many, may hoops to re-open a UK bank account and get a chip and pin debit card to use with it.
And now Natwest have informed me that I can no longer have a debit card with a savings account and will need to open a current account. Fun and games.
As far as I can tell only big multinationals (hotels, car rental) and places in tourist areas ever see US swipe cards any more. The girl at the register at a Tesco had never seen a swipe card before and had no idea what to do with it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
