Slashdot Mirror

← Back to Stories (view on slashdot.org)

Death Hovers Politely For Americans' Swipe-and-Sign Credit Cards

Posted by timothy on from the upgrade-your-skimmers dept.

schwit1 writes "U.S. banks and merchants are shifting to a more secure way of authorizing credit card transactions in which customers will enter a personal identification number (PIN) at checkout instead of signing a receipt. The US is the last major market in the world using the signature system, which is part of the reason why a disproportionate amount of credit card fraud happens here. The change is especially relevant given the massive fraud perpetrated against customers of Target in the fall. During a Congressional hearing last week, Target CFO John Mulligan said the company is accelerating the $100 million effort to switch to the so-called "chip and pin" system. The change won't happen all at once. Banks must issue cards with microprocessors and merchants need the right equipment to process the chip and PIN transactions, which is likely to happen gradually. But Visa, American Express, and MasterCard have announced that banks and merchants that have not adopted the technology for face-to-face transactions by October 2015 will be liable for fraudulent purchases. That's a strong incentive to get up to date. The new system will also prepare merchants and banks to transition to contactless payments in the near future."

2 of 731 comments (clear)

  1. Re:Umm.. just as Europe moves beyond chip and pin. by Chrisq · · Score: 1, Offtopic

    Europeans are much more shifty people who steal .... It's unfortunate that the upstanding people of America couldn't insulate themselves from this foreign pollution.

    Spoken like a true Native American. Unfortunately you are centuries too late.

  2. Re:It's about time. by Zmobie · · Score: 1, Offtopic

    ... RFID is orders of magnitude less secure than a regular magnetic strip. The card stripe has such a small field that you have to swipe it in order to get the information transmitted, while an RFID chip can be several feet away from the requesting field source and still have a valid request for information. There have been numerous demonstrations that showcase this vulnerability.

    Now if you want to be a bit paranoid you can get RFID shielded wallet (or make one yourself, it just requires some aluminum foil lining the wallet) and pretty much kill this entirely. I'm not saying this method of validation is BAD, but it does have a downside of which most people are not aware.