An awesome example of how banks and the payment industry try to screw customers.
In the Netherlands, the payment cards handed off by the banks usually have a magnetic strip and a smart card chip. However, stores here gladly accept the magnetic strip and I’ve never been requested to use the chip. I only had to use the chip in Italy, where angry clerks would say “no, turn the card around, can’t you see the chip?”. Apparently, the chip is going big everywhere else in Europe, and banks are marketing the EMV system – the technology behind the payment with the chip – as a safe way to prevent fraud.
They don’t tell you, however, that the EMV system has a serious design flaw which makes the magnetic strip a safer alternative. And they don’t tell you that if you get frauded, you lose the money.
My colleague Radi, in fact, just wrote a post about this paper that shows how a stolen chip card can be used in a successful transaction without knowing the PIN. Thew worst part is that by using this method, the bank thinks that the PIN was used during the transaction, and if the bank thinks you used the PIN, then, legally, you are responsible for the fraud.
The whole issue behind this flaw is that the PIN verification is left to the card, and the bank never sees the PIN. This is different from the magnetic strip method, in which the PIN is sent – encrypted – to the bank for verification.
This is why I just put a piece of plastic tape on my chip. The next time a clerk takes my card and inserts it face down in the chip reader, I will smile and say “No, thanks – the chip is broken”.
0 Responses to “Chip? No, Thanks”