Easy-to-Remember PINs
The UK is switching to a “chip and pin” system for credit card transactions. It’s been happening slowly, but by January (I’m not sure if it is the beginning of January or the end), every UK credit card will be a smart card.
This kind of system already exists in France and elsewhere. The cards have embedded chips. When you want to make a purchase, you stick your card in a slot and type your four-digit PIN on a keypad. (Presumably they will never turn off the magnetic stripe and signature system required for U.S. cards.)
One consumer fear over this process is about what happens if you forget your PIN. To allay fears, credit card companies have been placing newspaper advertisements suggesting that people change their PINs to an easy-to-remember number:
Keep forgetting your PIN?
It’s easy to change with chip and PIN.
To something more memorable like a birthday or your lucky numbers.
Don’t the credit card companies have anyone working on security?
The ad also goes on to say that you can change your PIN by phone, which has its own set of problems.
(I know that the cite I give doesn’t quote a primary source, but I also received the information from at least two readers, and one of them said that the advertisement was printed in the London Times.)
rjw • January 3, 2005 11:50 AM
I think the worse problem is the ultra trojanability of these machines. Every little corner shop has an opportunity to intercept your pin and your credit card number. I presume they can’t easily duplicate the entire chip. ( But I wouldn’t be surprised.)
I really have no clue why this is even meant to be better than a signature. It just removes any possibility of audit in the future, it seems.
Are there any redeeming features of chip and pin?