|
Chip and PIN is the name of a government-backed initiative in the United Kingdom to implement the EMV standard for secure payments. There is also a similar initiative in the Republic of Ireland called Chip and PIN Ireland. Chip and PIN Logo This is a copyrighted and/or trademarked logo. ...
It has been suggested that Chip and PIN be merged into this article or section. ...
History Until the introduction of Chip and PIN, all face-to-face credit or debit card transactions used a magnetic stripe or mechanical imprint to read and record account data, and a signature for verification. Under this system, the customer hands their card to the clerk at the point of sale, who either "swipes" the card through a magnetic reader or makes an imprint from the raised text of the card. In the former case, the account details are verified and a slip for the customer to sign is printed. In the case of a mechanical imprint, the transaction details are filled in and the customer signs the imprinted slip. In either case, the clerk verifies that the signature matches that on the back of the card to authenticate the transaction. Credit cards A credit card is a system of payment, named after the small plastic card issued to users of the system. ...
A debit card is a plastic card which provides an alternative payment method to cash when making purchases. ...
Marcus Boltonas (Mark Boltan) Marcus Boltonas Brief history The magnetic stripe which is often reffered to as the Bolton is derived from the Marcus Boltonas from the Jurassic period. ...
POS must not be confused with EFT/POS and POS Terminal used in Electronic payment POS or PoS is an acronym for point-of-sale (or point of purchase). ...
This system has proved reasonably effective, but has a number of security flaws, including the ability to steal a card in the post, or to learn to forge the signature on the card. More recently, technology has become available on the black market for both reading and writing the magnetic stripes, allowing cards to be easily cloned and used without the owner's knowledge. Forgery is the process of making or adapting objects or documents (see false document), with the intention to deceive. ...
This article or section does not cite its references or sources. ...
How it works To solve this, banks and retailers are replacing traditional magnetic stripe equipment with that based around smartcards, which contain an embedded microchip and are authenticated automatically using a PIN. When a customer wishes to pay for goods using this system, the card is placed into a "PIN pad" terminal (often by the customer themselves) which accesses the chip on the card. Once the card has been verified as authentic, the customer enters a 4-digit PIN, which is checked against the value stored on the card; if the two match, the transaction will be automatically completed. A smart card, or integrated circuit(s) card (ICC), is defined as any integrated circuitry embedded into a flat, plastic body. ...
A personal identification number (PIN) is a numeric value (sometimes expressed as text using the standard telephone dial mapping) that is used in certain systems to gain access, and authenticate. ...
France has cut card fraud by more than 80% using a similar, but incompatible system. Chip and PIN is the name given to the initiative in the UK but countries worldwide are launching their own initiatives based on the EMV standard, which is a group effort between Europay, MasterCard and VISA. By the end of 2004, 100 countries will be using compatible systems based on this standard, and France aims to migrate its existing systems to be compatible with the new cards. It has been suggested that Chip and PIN be merged into this article or section. ...
Bold textMedia:Example. ...
To meet Wikipedias quality standards, this article or section may require cleanup. ...
Visa is a brand of credit card and debit card operated by the Visa International Service Association of San Francisco, California, USA, an economic joint venture of 21,000 financial institutions that issue and market Visa products. ...
2004 (MMIV) was a leap year starting on Thursday of the Gregorian calendar. ...
Note that "cardholder not present" transactions such as Internet, telephone or mail order purchases are not affected by the introduction of the Chip and PIN system. Since these are also major areas of fraud, other initiatives such as Verified by Visa and MasterCard SecureCode are being developed to improve security in these situations, such as additional security codes printed on the back of the card and more complex authentication services. The telephone or phone is a telecommunications device which is used to transmit and receive sound (most commonly voice and speech) across distance. ...
Mail order is a term which describes the buying of goods or services by mail delivery. ...
Verified by Visa logo Verified by Visa is a system used by Visa as an added layer of security for online credit card transactions. ...
Conversion Chip and PIN was trialled in Northampton from May 2003, and as a result was rolled out nationwide in 2004 with advertisements in the press and national television touting the Safety in Numbers slogan. During the first stages of deployment, if a fraudulent magnetic swipe card transaction was deemed to have occurred, the retailer was refunded by the issuing bank, as was the case prior to the introduction of Chip and PIN. However, as of January 1, 2005, the liability for such transactions was shifted to the retailer. This acted as an incentive for retailers to upgrade their Point of sale (PoS) systems, and most major high street chains upgraded on time for the EMV deadline. Nonetheless, many smaller businesses are still reluctant to upgrade their equipment, as it may require a completely new PoS system - an investment they may normally make only after several years. Northampton Guildhall, built 1861-4, E.W. Godwin, architect Northampton is a large market town and a local government district in central England on the River Nene, and the county town of Northamptonshire, in the English East Midlands region. ...
2003 : January - February - March - April - May - June - July - August - September - October - November - December - → A timeline of events in the news for May, 2003. ...
January 1 is the first day of the calendar year in both the Julian and Gregorian calendars. ...
2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ...
POS must not be confused with EFT/POS and POS Terminal used in Electronic payment POS or PoS is an acronym for point-of-sale (or point of purchase). ...
New cards featuring both magnetic stripes and chips are being issued in increasing numbers by all major banks. This replacement of actual cards has been a major issue, with some banks simply stating that consumers will receive their new cards "when their old card expires" - despite many people having old cards with expiry dates as late as 2007. The card issuer Switch lost a major contract with HBOS to VISA as they were not ready to issue the new cards as early as the bank wanted to. This change has angered many, as Visa's Electron cards are generally not accepted online, unlike Switch's Solo. – 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the Anno Domini (common) era. ...
Switch is a debit card used in the United Kingdom. ...
Group headquarters on The Mound, Edinburgh HBOS Office at Trinity Road, Halifax HBOS plc (LSE: HBOS) is the holding company of the HBOS Group, formed on the 10 September 2001 by, and named after, the principals involved in the merger of Halifax plc, the former Halifax Building Society, with Bank...
Visa is a brand of credit card and debit card operated by the Visa International Service Association of San Francisco, California, USA, an economic joint venture of 21,000 financial institutions that issue and market Visa products. ...
Visa Electron logo A Visa Electron card issued by the UK Barclays bank. ...
Solo is a debit card produced by Switch Card Services in the UK, specifically for people under 18 or on lower incomes. ...
When a customer does not know their PIN, or the PIN verification fails, the cashier can instigate a PIN Bypass, allowing a signature to complete the transaction. However, this PIN Bypass option was only scheduled to be available during the infancy of Chip and PIN within the UK. From February 14, 2006 the banks have decided to discourage this facility. From this date on, PIN verification should be used for all Chip and PIN enabled cards. Should the customer not know their PIN then the cashier can still instigate a PIN Bypass transaction (with signature), however, the card issuer / bank may choose to decline the transaction. February 14 is the 45th day of the year in the Gregorian calendar. ...
For the Manfred Mann album, see 2006 (album). ...
Cardholders who are incapable of entering a PIN because of a mental or physical disability can contact their bank to be issued with a so-called Chip and Signature card.
In the Republic of Ireland, Chip and PIN will be the only way to pay using a credit or debit card the day after St. Patrick's Day 2007 (18 March 2007). St. ...
March 18 is the 77th day of the year in the Gregorian calendar (78th in leap years). ...
– 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the Anno Domini (common) era. ...
Benefits Under the old system, a customer would have to hand their card to the assistant for each payment. In certain environments such as restaurants, for example, this often meant that the card would be taken away from the customer to the card machine. This is no longer the case with the introduction of Chip and PIN as wireless PIN pads have been introduced that can be brought to the customer's table.
Criticisms
Decreased security for PINs
 A Chip and Pin Machine may be observed by other shoppers, staff, or anyone with access to footage from security cameras (as above). Image File history File links Download high-resolution version (307x609, 19 KB) I, the creator of this work, hereby grant the permission to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1. ...
Image File history File links Download high-resolution version (307x609, 19 KB) I, the creator of this work, hereby grant the permission to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1. ...
Direct observation Before Chip and PIN, a person's PIN would only be entered at an ATM in a bank or other secure area. However, the use of PINs in supermarkets, bars, and shops forces the customer to type their PIN in plain view of all other customers waiting behind them in the queue. Because of the difficulty of shielding a PIN (supermarkets often elevate the keypad, which is visible from all directions), it is relatively easy to gain another person's PIN by watching them buy groceries. Outdoor ATMs may be free-standing, like this kiosk, or built into the side of banks or other buildings An automatic teller machine, automated teller machine (ATM) or cash machine is an electronic device that allows a banks customers to make cash withdrawals and check their account balances without...
Indirect observation Security cameras that are installed to deter shoplifters and opportunist thieves may also compromise the security of Chip and PIN, because stores often focus a camera on the cash register and the customer; consequently a recording of the customer entering their PIN can be replayed and analysed at leisure. PIN Security may therefore depend on how the store protects the transmission and storage of such recordings. [1]
More opportunities to clone cards The ubiquity of Chip and PIN reader systems now presents a wider attack surface above and beyond ATMs. This provides many more opportunities to subvert the hardware. While such a hardware attack does not gain access to the Chip, it does provide access to the PIN, and usually the magnetic stripe. As the same PIN works for the magnetic stripe as well as the chip-based authentication, the stripe and PIN data can be used to create a cloned magnetic stripe card. This card can not be used in Chip and PIN readers, but it can be used in other countries, and in ATMs. This is the form of attack that is reported to have taken place against Shell, in May 2006, when they were forced to disable all Chip and PIN authentication in their petrol stations. [2]
Decreased liability for banks A common criticism of the Chip and PIN implementation is that it was done to reduce the liability of banks in cases of credit card fraud, by putting the burden of proof on the customer to prove that their PIN was compromised, rather than on the bank having to prove that the signature did not match. Rather than being a mere cynical opinion, this is actually supported by the almost-universal usage of the term "Liability Shift deadline" to refer to the 1 January 2005 within the UK payment card industry. However, the financial institutions are still bound by The Banking Code, which states that the burden of proof is on the bank to prove their claims of negligance as opposed to the consumer having to prove his or her innocence. [3] In the common law, burden of proof is the obligation to prove allegations which are presented in a legal action. ...
Before chip and pin, if your signature was forged by someone else, by law the banks were liable and had to reimburse you. Currently there is no such law protecting consumers from fraudulent use of their chip and pin transactions, only a voluntary banking code. Cambridge University showed BBC Watchdog investigators just how easy it is to use someone else's chip and pin without their knowledge [4]. Watchdog is a BBC television series that investigates viewers reports of problematic experiences with traders, retailers, and other companies around the UK. It has had great success in changing the awareness consumers have of their purchasing rights and in changing policies of companies, closing businesses down and pushing for law...
See also - Two-factor authentication, an article on the security principles behind Chip and PIN.
Two-factor authentication (T-FA) is any authentication protocol that requires two independent ways to establish identity and privileges. ...
External links BBC News Online logo The BBC News Website in February 2006. ...
Problems |
Feeds |
Contact