What is it?
Chip and PIN cards look the same as standard magnetic-strip cards, but inside the chip and PIN cards have a computer chip. The main difference to you is that instead of signing for each purchase you enter a four-digit number into a keypad at the cash register, much like you do when withdrawing cash at an ATM machine. It’s nothing new – it’s was used in France, Australia and New Zealand for around 10 years before coming to the UK.
I remember in the old days, having to sign my name…
That’s right. In 2006 the UK migrated retail and banking transactions to chip and PIN from the standard magnetic strip technology. Even if the store you want to use it at has not switched to chip and PIN – although most have – you can still use the card, you’ll just have to provide your signature instead of a PIN to verify the transaction. Same goes for using it overseas – you can still use the card, but you may have to sign instead of entering your PIN.
So mind if I ask – why the change?
The official line is that chip and PIN technology would help cut down on fraud, which card companies say costs them about £500m per year. PINs are harder to guess than signatures are to forge and that chip and PIN cards are more difficult to replicate than magnetic strip cards. It should be noted that the switchover cost more than £1bn, according to the card companies, so it does seem they’re expecting to recoup quite a bit of money from reducing fraud.
Why not use biometrics instead?
Funny you should mention that. A number of other technologies were examined to cut down on fraud, including putting photos on cards as well as biometric solutions such as fingerprint and iris scanning and voice recognition. But all of these were deemed too expensive to implement and/or not reliable enough.
Why isn’t it the best approach?
Well, I’m not saying it isn’t. It’s just that there’s been a lot of debate over why chip and PIN was chosen and how well it will work. The first concern for many people is having to remember a PIN for each card they own – and making sure that PIN is relatively hard to guess. This is an especially big concern for the visually impaired or any disabled person that may have trouble entering or remembering a PIN. Anyone who falls into these categories should contact their card company – they may be able to continue to sign for transactions.
Anything else I should know about?
Why, yes. A debate is still raging over whether PINs really are more secure than signatures. Some say PINs are easier to glean than signatures. You could get them by peeking over someone’s shoulder while they enter it in the keypad. Of course, the PIN alone will not do any damage – the person committing fraud will have to get hold of the card too. Others say signatures are the less secure of the two options, especially because many shop keepers don’t actually examine the signature and compare it to the one on the card at the time of purchase.
Do I have to use chip and PIN?
Unless you carry foreign bank or credit cards or some type of other chip card, such as Chip and Signature, you will have to learn those four digits.
So has it stamped out fraud like it was meant to?
Since Chip and PIN was launched Apacs, the UK payment industry body, says it has had a significant impact in reducing fraud. During the first year following Chip and PIN’s introduction, UK card fraud fell by 13 per cent and by another three per cent in the year after.
Counterfeit card fraud was also cut by 24 per cent in 2005 while card fraud at retailers fell by an impressive 47 per cent in 2006, meaning a £146.7m fall in the two years Chip and PIN had been in place. Apacs said that as a result of the switchover, shoppers are safer and that fraudsters have been denied millions of pounds of stolen money.
I sense there’s a ‘but’ coming…
And you’d be right. Despite the overall reduction in card fraud, statistics have shown a marked increase in online, phone and mail order or ‘card not present’ fraud with online banking fraud doubling in 2005.
But card-not-present fraud now makes up nearly 50 per cent of all card fraud losses and online banking losses rose by 44 per cent. Apacs blames this on this kind of fraud being relatively new and it is likely to continue to rise until people become more aware of it.
There was also one notable scam allegedly linked to Chip and PIN shortly after it became compulsory. Shell had to take the precautionary measure of suspending the use of Chip and PIN at its 600 UK filling stations after the theft of more than £1m from customer accounts.
Having said that, Shell and Apacs said the issue was the result of an inside job so this perhaps shouldn’t be taken as a serious indicator of a problem with Chip and PIN.
Apacs also points out that in 2002, it forecast card fraud would hit £800m by 2005 if Chip and PIN was not brought in, so in those terms you could say it has been a success.
So where next for Chip and PIN?
The banking industry is addressing the issue of card-not-present fraud by working on the next generation of fraud prevention technologies – such as handheld chip and PIN device.
The jury’s still out then?
You could say that. But in truth, the evidence points to Chip and PIN being a success in the long term with a few niggles – such as the rise in online fraud – that remain to be resolved.
Subscribe to the Executive Briefing Newsletter
Discover the secrets to IT leadership success with these tips on project management, budgets, and dealing with day-to-day challenges. Delivered Tuesdays and Thursdays