Chip and PIN
|
Chip and PIN is the name of a government-backed initiative in the United Kingdom to implement the EMV standard for secure payments. There is also a similar initiative in the Republic of Ireland called Chip and PIN Ireland.
Contents |
History
Until the introduction of Chip and PIN, all face-to-face credit or debit card transactions used a magnetic stripe and signature for verification. Under this system, the customer hands their card to the assistant at the point of sale, who "swipes" the card through a magnetic reader; the cash register then verifies the card details and prints a slip for the customer to sign. The assistant then verifies that the signature matches that on the back of the card, and authenticates the transaction.
This system has proved reasonably effective, but has a number of security flaws, including the ability to steal a card in the post, or to learn to forge the signature on the card. More recently, technology has become available on the black market for both reading and writing the magnetic stripes, allowing cards to be easily cloned and used without the owner's knowledge.
How it works
To solve this, banks and retailers are replacing traditional magnetic stripe equipment with that based around smartcards, which contain an embedded microchip and are authenticated automatically using a PIN. When a customer wishes to pay for goods using this system, the card is placed into a "PIN pad" (often by the customer themselves) which accesses the chip on the card. Once the card has been verified as authentic, the customer enters a 4-digit PIN, which is checked against the value stored on the card; if the two match, the transaction will be automatically completed.
France has cut card fraud by more than 80% using a similar, but incompatible system. Chip and PIN is the name given to the initiative in the UK but countries worldwide are launching their own initiatives based on the EMV standard, which is a group effort between Europay, MasterCard and VISA. By the end of 2004, 100 countries will be using compatible systems based on this standard, and France aims to migrate its existing systems to be compatible with the new cards.
Note that "card not present" transactions such as Internet, telephone or mail order purchases are not affected by the introduction of the Chip and PIN system. Since these are also major areas of fraud, other initiatives are being developed to improve security in these situations, such as additional security codes printed on the back of the card and more complex authentication services.
Conversion
Chip and PIN was trialled in Northampton from May 2003, and as a result was rolled out nationwide in 2004 with advertisements in the press and national television touting the Safety in Numbers slogan. During the first stages of deployment, if a fradulent magnetic swipe card transaction was deemed to have occurred, the retailer was refunded by the issuing bank. However, as of January 1 2005, the liability for such transactions is shifted to the retailer. This acted as an incentive for retailers to upgrade their Point of sale (PoS) systems, and most major high street chains upgraded on time for the EMV deadline. Nonetheless, many smaller businesses are still reluctant to upgrade their equipment, as it may require a completely new PoS system - an investment they may normally make only after several years.
New cards featuring both magnetic stripes and chips are being issued in increasing numbers by all major banks. This replacement of actual cards has been a major issue, with some banks simply stating that consumers will receive their new cards "when their old card expires" - despite many people having old cards with expiry dates as late as 2007. The card issuer Switch lost a major contract with HBOS to VISA as they were not ready to issue the new cards as early as the bank wanted to. This change has angered many, as Visa's Electron cards are generally not accepted online, unlike Switch's Solo.
External links
- Chip and PIN Official homepage (http://www.chipandpin.co.uk)
- Chip and PIN Ireland homepage (http://www.chipandpin.ie/)
- Lloyds TSB: Chip and PIN Guide (http://www.chipandpin.lloydstsb.com)
- Mastercard Europe (http://www.mastercardeurope.com/)
- Visa EU (http://www.visaeu.com/iusevisa/chipcards.html)
- BBC News Online
- Now the Pin is mightier than the pen (http://news.bbc.co.uk/1/hi/technology/3039619.stm)
- Halifax's decision to change to Visa (http://news.bbc.co.uk/1/hi/programmes/moneybox/3717331.stm)
- Guardian Unlimited article skeptical of the security benefits of Chip and PIN (http://money.guardian.co.uk/creditanddebt/creditcards/story/0,1456,1336619,00.html)