Chip and PIN cards may not be the answer. Pago Electrónico :: e-Payment

Chip and PIN cards may not be the answer


Fecha Lunes, agosto 18 @ 17:22:57
Tema Pago Electrónico :: e-Payment

The future of shopping debuted in Nottingham, where a consortium of banks introduced the first of 120 million microchipped credit and debit cards that will transform payments at the checkout counter.

Billed as "the biggest consumer project since decimalisation," the Chip and PIN Project will replace every magnetic-stripe Switch and credit card in Britain by the end of 2004.
However, security experts are warning that the new cards may not cut fraud nearly as much as the issuers hope, and that defrauded consumers may find it much more difficult to get compensation once the new system is introduced.

Replacement cards will come with microchips and personal PIN numbers. When consumers make purchases at tills, they will no longer sign receipts: instead, they will enter their PIN numbers on small keypads - many of which will be made by Fife's Ingenico Fortronic - linked to the tills.

Similar trials are under way in other European countries and the Chip and PIN system is expected to become a European standard by the middle of 2005.

Backers of the project, who include the Royal Bank of Scotland, egg and Visa, say the new system could cut card fraud by as much as 50%.

Similar systems have been in use in France, Canada and South America since the early 1990s and have dramatically cut down on stolen card misuse. The British system's sponsors say that card fraud, now running at more than £400m a year, could rise as high as £800m by 2005 if better card security is not introduced.

However, security experts are not convinced and note that card-issuing banks will stop being responsible for card fraud losses on January 1, 2005 - just after the chip cards are introduced.

After that date, either the merchant who accepted the fraudulent payment or his bank will be responsible for reimbursing the consumer, depending on the nature of the fraud.

According to Iteon, a French card security consultancy, the Chip and PIN system is not as secure as its backers would have you believe. The security system on the chips was designed in 1996 and is widely available on the internet.

The chip cards are easy to copy, according to an Iteon spokesman. "All the necessary information and equipment is available on the internet - you can buy a blank card and a programmer for [[currency]]35. There are a number of online boutiques already selling blank cards."

A Scottish security consultant familiar with the roll-out of such systems suggested that not every consumer will benefit from the Chip and PIN programme's success against fraud. "It's true this system almost always results in a significant reduction in the number of people who find phantom withdrawals or fraudulent purchases on their accounts. But people who have genuinely been defrauded are going to find it more difficult to get redress. Banks will be much less receptive to claims that their new security system has not worked."

Asked about this problem, a spokeswoman for the Association of Payment and Clearing Services, which represents card issuers, said: "It is enshrined in the banking acts that the onus is on the banks to prove that a transaction is fraudulent. It will not be down to the consumer to show that something had gone wrong."

The Chip and PIN programme organisers were unable to provide a security expert to answer questions about the system's vulnerability to copied cards.

Kalysis has brand new technology for securing the Chip & PIN. Press Note Be Free by Kalysis
Este artículo proviene de Kalysis Community
https://kalysis.com/content

El URL de esta nota es:
https://kalysis.com/content/article.php?sid=380

English Translation