Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Identity Theft Technology Fails to Protect

Posted by ScuttleMonkey on from the someone-built-a-better-idiot dept.

Nuclear Elephant writes "According to BBC News, identity thieves are quickly adapting to new technologies such as chip-and-pin credit cards using human nature tactics rather than cracking the technology. At least that's what Dr. Emily Finch (UEA), who interviews career criminals about their activities, claims. Finch swapped credit cards with a male coworker and performed a number of transactions without being challenged by cashiers. Finch also believes biometric identity cards will only exacerbate the problem. Regardless of which side of the fence you sit on, could this take us closer to embedded chips under the skin?"

4 of 280 comments (clear)

  1. As the T-shirt says by Emeye · · Score: 5, Insightful

    ...there is no patch for human stupidity.

  2. It was said better... by greginnj · · Score: 5, Insightful


    and earlier, by Schneier:

    "If you think technology will solve your security problems, either you don't understand the technology, or you don't understand the problems."

    --
    Read the best of all of Slash: seenonslash.com
  3. Take my cards, dont' rip my arm away !!! by Anonymous Coward · · Score: 5, Insightful

    Considering the level of violence some criminals (drug addicts etc) are willing to use on their victims, I'd rather keep my money/cards on my wallet and don't want to have any hard-to.remove RFID chips at my arms.

  4. It's all about liability by slim · · Score: 5, Interesting

    When I was over in the States recently, quite a few cashiers would notice my chip'n'pin card, mention that the US would be moving over to them soon, and saying how nice it will be to have that extra security.

    Sometimes I would try and explain the catch.

    Since chip & pin supposedly makes fraud impossible, banks have shifted the liability for chip & pin fraud away from themselves and onto the consumer.

    That is -- is someone clones your card and forges your signature with a traditional credit card, you can call the credit card company, tell them you didn't make that purchase, and (unless they can prove you were lying) they will refund you the money. They might write the money off, or they might pursue the criminals responsible; it's not your worry. Accepting this risk is all part of their business model. That's what banks are all about.

    However, in the UK at least, this changes with chip & pin. If someone shoulder-surfs your PIN, pickpockets your card, and spends money on your card, the bank now says it's YOUR responsibility.

    In one way: fair enough, there are precautions you can take to safeguard your PIN, but on the other hand, isn't taking on that liability one of the things we're (directly or indirectly) paying our card providers for?