Slashdot Mirror
Death Hovers Politely For Americans' Swipe-and-Sign Credit Cards
schwit1 writes "U.S. banks and merchants are shifting to a more secure way of authorizing credit card transactions in which customers will enter a personal identification number (PIN) at checkout instead of signing a receipt. The US is the last major market in the world using the signature system, which is part of the reason why a disproportionate amount of credit card fraud happens here. The change is especially relevant given the massive fraud perpetrated against customers of Target in the fall. During a Congressional hearing last week, Target CFO John Mulligan said the company is accelerating the $100 million effort to switch to the so-called "chip and pin" system.
The change won't happen all at once. Banks must issue cards with microprocessors and merchants need the right equipment to process the chip and PIN transactions, which is likely to happen gradually. But Visa, American Express, and MasterCard have announced that banks and merchants that have not adopted the technology for face-to-face transactions by October 2015 will be liable for fraudulent purchases. That's a strong incentive to get up to date. The new system will also prepare merchants and banks to transition to contactless payments in the near future."
Finally the US banking system is catching up to the rest of the world.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
Why the hell has it taken y'all so long?
[FUCK BETA]
Increased expenditures for new card readers and technology has been rebuffed universally because the retailers aren't typically the ones out of the cash when a fraudulent credit card is used.
The Target breach was a large enough embarrassment to light the fuel under the motivational bonfire.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Pretty sure you have no idea what chip and PIN is. It only works with direct electrical contact. You are probably confusing it with RFID which we already have and nobody really uses.
Why the hell would they switch to a pin system, rather than adding it as a second factor? The signature is useful for forensic analysis of the fraud after the fact. It is hard to beleive this is about security, and easy to believe it is about them saving money by not having to deal with signatures and the overhead, etc.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Your credit cards don't even have the microprocessors yet? So you can not use them at cash machines in large parts of the world anymore?
In all the time I've spent in America I don't believe I've ever seen anyone really check the signature against the card.. always amazed me how lax and open to fraud that system was. In the UK we switched to chip and pin about 10 years ago.. and we were generally lagging the rest of the EU on that matter.
But why would the US move to chip and pin when it could leapfrog ahead to biometrics.. you're already seeing fingerprint scanners and suchlike appear in mainland Europe (http://www.bbc.co.uk/news/technology-21085738) and surely enough of the initial results are in to guide the decision making there.
Chip and PIN cards use a challenge-response protocol so even if you skim all the information you can only make one charge before it becomes invalid. There is actually a microprocessor on the card that does crypto so the credentials transferred only allow a single authorized transaction. So if the charge goes through for the thing you were supposed to be buying, then you know you aren't getting scammed. Technically they could block the charge and do another one that gives the money to them, but that is a lot harder and more likely to be noticed.
yeah you try getting people to both sign and enter a pin and wait in line as others do so.
the signing is a FUCKING JOKE. one of the funniest things in USA was self service checkout with a credit card paying option where the "signature" was scribbled on a touchscreen(and captured at maybe 300px80px resolution). perfectly usable for buying stuff with any card you found on the street - on a mighty expensive card processing device.
chip/pin is just how the rest of the world does it. you can pay to pizza guys with it(chip/pin debit cards, cash balance verified on the fly) in finland, they carry portable terminals that cost pretty much nothing(sagem seems to be the biggest manufacturer).
world was created 5 seconds before this post as it is.
Good god, it's been so long since I signed for a credit card transaction I can barely even remember it. Next you'll be telling me that the USA prefers to write on bits of paper to send money, taking ages for it to finally be transacted. I wonder. Are there people who are responsible for driving around a nuclear-powered, one-ton robotic laboratory on another planet, who swing by the supermarket before going home and pay for their goods after signing a little bit of paper?
Mind you, chip-and-PIN is hardly secure. The attitudes and policies of merchants is incredible, if you ever have an insider's view.
Why the hell would they switch to a pin system, rather than adding it as a second factor? The signature is useful for forensic analysis of the fraud after the fact.
Is it? Really?
Claus
I find it interesting that the summary above pushes to point out that merchants will be liable for fraud. As it stands currently, merchants are already liable for fraud. A claim results in the merchant losing the money of the transaction. The bank and user recover the money.
Reading the first linked article indicates that the "weakest link" becomes liable. If the merchant has C&P and the bank has not issued a C&P card, the BANK will be liable for the fraudulent transaction. This is a major difference from the current situation, where the bank would simply extract the money from the merchant and the merchant would take a loss.
@Whee
With the machine that is given out by the credit card companies you need to pretty much touch it, but security researchers have shown that you can use higher powered equipment to read it from up to 15-20 feet away.
Chip and pin is not proximity based. You put your card in a handset and enter your pin to authorise the transaction like at a cashpoint. The handset never gets access to the PIN in the card, only the one you enter on the pad. It's genuinely surprising that there is still somewhere where this is not the standard. I can't remember the last time I had to sign for a card transaction.
Fingerprint is a terrible security mechanism. Not only does it give someone a reason to steal you *finger*, you also leave your fingerprint on everything you touch. Credentials shouldn't be revealed unless you are actually in the process of using them.
Chip & pin has never been about security. It's about the ability for CC issuers to eliminate the repudiation of fraudulent transactions by claiming that their authorization system is fraud proof and therefore every transaction is a priori an authorized transaction: http://www.thisismoney.co.uk/m...
Well the target problem happened because someone managed to install skimming software on all of the computers. If the security of your checkout system is compromised then can't you just skim the pin number instead of trying to forge the signature?
The card terminal (with card reader and PIN entry) is usually a separate unit that is audited against security requirements of the financial institutions. While that does not mean it can't be hacked at all, it makes hacking much harder.
Claus
Most times I don't even sign my cards. Yes, I know I'm supposed to, but I've gone for years without signing it. It always seemed odd to me to give a potential credit card thief a copy of my signature along with my card. Maybe once did someone even look for the signature and even then it was more of a "Oh, you didn't sign it" than a "We can't accept that card unsigned."
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Ross is a security researcher at University of Cambridge.
In practice, it is far more secure to use a written signature than a 4-digit password that is exposed to eavesdroppers, video cameras, interception devices and a plethora of other attacks. That's secure for the person, you understand: it prevents the bank from saying "you must have lost your pin".
davecb@spamcop.net
Actually, modern cards not only have the contact chip but also a "Contactless" mode that can be used for small payments.
So you can pay for your Starbucks or bus fare instantly just by tapping your Visa card, no need to swipe or insert the card and enter a PIN number. This is all still more secure than Swipe & Sign, because the cards can't be easily cloned and theres a relatively low transaction limit.
Yes, I said we already have RFID (you call it contactless) even without chip and PIN so it is completely unrelated.
The signature is useful for forensic analysis of the fraud after the fact.
Can you cite a single case of anyone ever being convicted of fraud because of "forensic analysis" of their signature on a credit card receipt? You watch way too much CSI.
Europeans are much more shifty people who steal. This is why you are disarmed, have to register your address with the police, carry an internal passport, go through extensive background checks to be allowed to open bank accounts, register your TV sets, submit to home searches by tax collectors, etc. etc. The data breech motivating this change in the USA was perpetrated by a European lowlife. It's unfortunate that the upstanding people of America couldn't insulate themselves from this foreign pollution.
It allows the Bank to make a good argument for not paying you back, as you must have lost your pin. Previously they had to collect from the merchants, who are much bigger customers of the Bank, and so are listened to more than individuals. This was a problem for years in the UK, until the courts wised up.
davecb@spamcop.net
Pretty sure you have no idea what chip and PIN is. It only works with direct electrical contact. You are probably confusing it with RFID which we already have and nobody really uses.
It's only SUPPOSED to work with direct electrical contact. I'm wearing a badge this minute in a (mostly) optically transparent sleeve. It has a 12-point chip (there's also a magnetic stripe on the back, but the sleeves are only required for the "new" ones - We go to a lot of areas run by other entities that still require a swipe/handprint to get through the door.) We have readers attached to every computer that make electrical contact with this chip and allow us to enter our password to log in. But, even WE have equipment that can read them from 1-2" away outside the sleeve - That's not because there's embedded RFID somewhere in the plastic laminate; it's because, at least with the system we use, you can sufficiently excite them without direct contact. I assure you that the system is not second rate (at least the "powers that be" don't think so) - Our overlords are just as motivated as the big banks to keep things locked down.
I realize that you can claim that if they can be excited remotely that it implies RFID, but at least in this case it's a side effect rather than a design feature.
He's getting rather old, but he's a good mouse.
lolwut? What does this have to do with chip and PIN? You can definitely do that now with magnetic stripe, because all the info is available and unencrypted (there is actually a product that will do it on purpose so you don't have to carry around as many cards), but it actually isn't possible with chip and PIN because it is a challenge response system. There are still some flaws with it, but it is better than the magnetic stripe cards by a long shot. Take your weird fear mongering somewhere else please.
Do the math it IS two factor authentication.
1) something physical you have (card with chip)
2) something you know (PIN)
So, you might think, "aha, it will be THREE factors, woohoo!". However, chip, PIN, and signature, can't really be considered three factor authentication, unless the signature is checked in real (or near real) time.
- speaking only for myself, as always
I usually just write "Please check ID" in the signature box on my cards, for the same reason you say is odd. Why give a thief your signature to practice and get "close enough", when I have a signature next to a picture of me on my driver's license?
Not that it really matters these days, since every store has a terminal for you to swipe your own card. I've been drawing smiley faces for the past few years when those ask me to sign, and so far, nobody has said anything - not the bank, not the stores, nobody.
It always seemed odd to me to give a potential credit card thief a copy of my signature along with my card.
Yea, it's much better to leave the card blank so the their can sign it themselves so the sig will match.
I browse on +1 so AC's need not respond, I won't see it.
their --> theif
I browse on +1 so AC's need not respond, I won't see it.
Europeans are much more shifty people who steal .... It's unfortunate that the upstanding people of America couldn't insulate themselves from this foreign pollution.
Spoken like a true Native American. Unfortunately you are centuries too late.
As my cousin found out one night in Calgary, AB. When a couple of women got him drunk, took him outside where their boyfriends beat him down and forced his PIN number out of him... The bank used the fact that he gave them his pin as enough reason not to reimburse the losses.
Personally I think thats why they are doing it, likewise if a keylogger gets your PW/PIN and get into your banking you might be left footing the bill.
Most all resellers have a markup of ~3% just to accommodate credit card company fees. Those who pay with cash, are essentially ripped off. Those who use credit cards at least supposedly get the security/extra warranty/insurance/other services they provide.
One must keep a good eye on everything the financial institutions are doing,as every change is in their self-interest.
And if someone hacks your card, they blame you (because you must have given away your PIN) and you have no way to prove it.
Gamingmuseum.com: Give your 3D accelerator a rest.
Chip and pin would be much safer if you entered the pin into the card, instead of into the merchant's equipment.
You just proved why the world doesn't get America. You are what you make of yourself, not what's in your DNA.
Gamingmuseum.com: Give your 3D accelerator a rest.
Except it just doesn't happen, because the chip and pin system has not been broken yet (not in a meaningful, practical, usable way anyway). And if the card gets hacked from a database leak of some company that had your number stored, it's not chip and pin so you are fully covered. I really have trouble understanding all this opposition to chip and pin from Americans (not that I care a lot).
I live in South Africa - over here the transition credit cards being having EMV chips took place during 1999-2007. I haven't seen a non-chipped card issued since then, and most of the card readers I see in shops these days don't even have the ability to read magnetic strips anymore. Since 2006 liability for unauthorised (card present) transactions was shifted to merchant who accept card payments without relying on the chip and PIN, instead of to the card-owner or bank. Basically a credit card without a chip, if you can even find one, is almost useless in South Africa.
The term "Chip and PIN" isn't used in South Africa because that's actually a UK brand name, not the term for the technology itself, but the fact is that it isn't just starting to roll out - it finished rolling out many years ago.
I don't know too much about India, but a quick look through Wikipedia indicates that their liability shift occurred in 2010 so it seems safe to assume that the transition is quite far-along there too.
Not quite. You enter the PIN on the small card reader device issued by the bank, it is never given to the POS.
So what happens at a restaurant. The waiter gets the check. You go with him to whether the credit card machine is set up to punch your PIN?
No ... no, it doesn't. It could well be that there isn't a disproportionate amount of fraud here, when you use the appropriate metric. It could well be that there is. But there is zero logical connection between those two statements.
The annoying thing is that Target installed new chip and pin readers before the breach occurred, but the port is sealed and there is no way to use them (and the card companies are not helping, etc., etc.)
Are you? A troll?
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
And if someone hacks your card, they blame you (because you must have given away your PIN) and you have no way to prove it.
Incorrect. There are a variety of ways that your PIN can be compromised, and banks are well aware of that. Anything from shoulder surfing to keystroke logging will work.
My credit card (with chip and PIN) was skimmed last year (based on the timing I believe from a restaurant in Winnipeg) and my bank removed all of the charges with minimal intervention on my part.
the NSA has a name for this Tempest
TEMPEST is a National Security Agency codename referring to spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations.
You seem to watch too much CSI. The term forensic analysis in no way implies that David Caruso will arrive on the scene. The signature can be as useful in a forensic sense as this: "Cop brings in check clearly signed by the perpetrator and says: Look kid! We've got you dead to rights! ... (kid who was thinking of trying to weasel out confesses)" Note that in this case, no actual forensic analysis is needed. The perception that it has occurred is enough.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
...don't give two shits about us or the company they work for for credit card security.
Signature vs PIN: The thing you know.
Try signing with a line or an X sometime. Try writing expletives into the signature pad. Try writing "SEE ID" in the signature area of your card with a sharpie. The cashier that will notice and/or comment on this is far or few in between. What difference does it make to them if you're committing fraud? None. They still get paid. They (probably) won't be fired. The pin is marginally more secure, if only because it has a computer actually enforcing it, rather than a minimum wage cashier who can't be bothered to check.
MagStripe vs Chip: The thing you have.
The important part of the "Chip and Pin" system is more the "Chip" part than the "Pin" part. It's meant to make the cards far more difficult to duplicate. Right now, it's trivial to duplicate a magstripe. A few hundred bucks worth of equipment and a strategically placed skimmer and you can have your own private criminal enterprise. As I understand the weakness that's been described, it's a replay attack that only works once. (This may be incorrect. It's just what I remember.) That's a damn sight better than the the mag stripe.
Is this some excuse for the banks to push more responsibility onto their consumers for their own data security? Yeah, it is. But I'll take the higher security.
I admit that I only read the summary, which said switching to pins not switching to pins and a physical token. All that changes in this case is that you still want the signature, but for the reason stated earlier: "It is useful for prosecution purposes".
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Thief, you mean?
"I do not agree with what you say, but I will defend to the death your right to say it"
I live in a decently sized city and I still have to fight with the taxi drivers to get them to accept my credit card. Even though they have swipers and signs that say they accept cards they pretend the machine is broken, make up some minimum charge, or just flat out refuse to accept your credit card. Now we're going to tell them they have to upgrade the machines they resisted getting in the first place?
Of course almost no merchant follows this part of their agreement.
-- Slashdot, making the Left look conservative since 1997.
My (Canadian debit) card has been scanned twice, and both times the bank called me up, notified me of the fraudulent charges on my account, and the money was back in my account in under two weeks.
"Old man yells at systemd"
Now with any luck, you can switch to the SI system of measurement and join the 18th century as well!
I think you just tried to write a scene for an episode of CSI.
"Old man yells at systemd"
PINs have nothing to with microprocessor enabled credit cards. Debit cards in the US have had them for years. What the microprocessor enabled card does is make it more difficult for thieves to steal the card by having a bogus card reader that records the swipe.
If the network hardware was compromised, what would've stopped the hackers from collecting the PINs as well?
With this increase in security encourage hackers to go after debit cards more - which would be worse for consumers (fewer fraud protections there)?
Will there even really be a difference between credit and debit cards anymore?
How will this affect online transactions (especially for web developers)?
This sounds like a bigger change than some people realize.
"Visa, American Express, and MasterCard have announced that banks and merchants that have not adopted the technology for face-to-face transactions by October 2015 will be liable for fraudulent purchases" They are already liable. It is called a charge-back. Customers complains that the charge was fraudulent and the credit card company suspends payment to the processor until the merchant can prove that the transaction was not fraudulent. He gets 5-6 of these charge back requests a week, mostly from people who got tipsy and spent far more than they wanted. The processor will find against the merchant if the signature differs even by a little from the one on file. Sometimes the bartenders have to ask a customer to resign 2-3 times before they get one that exactly matches the signature on the card.
That's because the outdated infrastructure had been economically viable to use, so there had been no reason to update it, until now, that is.
Many ways of the US rely on an honor system. There used to be unattended shops where you take the goods and put money in a box. The box didn't use to require a lock. This might be possible in a small town where everyone trusted each other, but in a city where crime is rampant, this business model is simply not economically viable. Public transportation used to allow monthly or weekly pass holders to board from the rear doors without verifying their passes, but they don't allow that anymore because nowadays enough non-paying passengers take advantage of that such that the honor system is no longer economically viable.
The honor system is always able to absorb a small percentage of fraud cases and remain economically viable. It's only when the fraud rate rises past a certain threshold when the system breaks down.
When a merchant displays a credit card logo, you trust the merchant. When the merchant hands you a receipt and you sign it, the merchant trusts you to pay. Again, this is an honor system. The rest of the world also started off with a complete "out of date" manual-imprint or swipe-card honor system. They were forced to upgrade the infrastructure because they suffered enough fraud such that the old system was no longer economically viable. The new smart card system is designed to enforce contractual agreement so that you don't need to rely on the honor system anymore, making credit payments economically viable again.
The US simply held off this long because the honor system had worked until now. Economic viability is the reason. The bad news is that the US has morally declined to the level of the rest of the world. The good news is that the US upheld its morals longer, being the last to abandon the honor system.
I once had a signature.
God dammit I'm going back to bed now.
I browse on +1 so AC's need not respond, I won't see it.
I have to admit, this sort of ignorant racist/nationalist bullshit is usually posted AC, but you put your name on it. Kudos.
US has traditionally had a much lower fraud rate than the UK so there was no motivation.
The UK fraud rate was much higher but chip and pin has helped bring it down to match US levels (in 2010 US cc fraud rate=.085, UK=.070, first time UK was lower)
You never order online or over the phone?
Chip and PIN sounds a lot like security theater, given how easy it is to circumvent.
#DeleteChrome
Another commentator said the US is going to chip-and-signature cards, skipping pins entirely.
davecb@spamcop.net
Biometrics don't deal well with disabled / atypical people. How are you going to validate a wheelchair bound person who can't reach the POS terminal or the veteran who had his hands blown off by an IED or the burn victim with no fingerprints?.
I am becoming gerund, destroyer of verbs.
IF you could clearly sign all of those touch-screen signature pads, AND some system actually compared what was input to your signature on file, then maybe.
The signature has little to do with security and are ridiculously easy to forge. The signature is your acceptance of the cardholder agreement and your agreement to pay. While the clerk can compare signatures, they're hardly a forensic expert.
Frankly how inconsistently I sign my signature (not intentionally), I'm pretty sure no handwriting recognition program could have any confidence it was me.
First, chip & pin is how Europe does not, not the "rest of the world". In my travel around Asia I haven't seen chip & pin cards or machines anywhere (anecdotal evidence it may be, but it definitely isn't universal). I got a (rare) US chip & pin card just in case for my travels a few years ago, and so far had not a single chance to use it - not even on a recent trip to Germany. In places that could "go either way" that card still fell back to signature mode (though, perhaps, that's more of an issue of how VISA presents it).
Secondly, chip & pin has one interesting issue in US market - tipping at restaurants and such places. The (imho vile) practice of inflating one's bill by 20-25% post-consumption is not particularly common in the chip & pin world. Since chip & pin transaction has to be fully concluded at pin entrance, we would have to tip at restaurants through hand-held machines brought to our table, while waiter is standing there looking on anxiously. I am guessing tip rates can then go to 50%?
Don't confuse debit cards (that do have a PIN in US, as anywhere) and credit. The difference is crucial and in principle. With direct debit cards account holder is liable for any losses due to fraud (though banks claim they will help, by law it's the responsibility of account holder). With credit cards card issuer is liable by law for any fraudulent charges. I'll take the second option, thank you.
Why the hell has it taken y'all so long?
You're asking that question to the only large country that has yet to adopt the metric system? We prefer to do things the old fashioned way and then pretend it is better that way.
Chip and pin is not proximity based.
One implementation is not. That doesn't mean that a given new system wouldn't be. However, direct electrical contact is certainly more secure.
Why the hell would they switch to a pin system, rather than adding it as a second factor?
Because that is a pain in the ass. Entering a pin and giving a signature adds a lot of annoyance without improving security much. The cost outweighs the benefits. If the clerk is concerned they can always ask for a picture ID.
The signature is useful for forensic analysis of the fraud after the fact.
No it really is not. I have yet to sign on a digital pad that results in a signature that even vaguely resembles my actual signature. Furthermore the signature is mostly about you agreeing to the cardholder agreement. It's value for security is frankly minimal. Much less useful than asking for picture ID.
In all the time I've spent in America I don't believe I've ever seen anyone really check the signature against the card.. always amazed me how lax and open to fraud that system was. In the UK we switched to chip and pin about 10 years ago.. and we were generally lagging the rest of the EU on that matter.
But why would the US move to chip and pin when it could leapfrog ahead to biometrics.. you're already seeing fingerprint scanners and suchlike appear in mainland Europe (http://www.bbc.co.uk/news/technology-21085738) and surely enough of the initial results are in to guide the decision making there.
That is because it is cheaper to insure against fraud than prevent it. Same thing at the banks. They only verify signatures above a certain threshold on checks (usually either $5,000 or $10,000 depending on the bank). With credit cards, if a fraudulent charge is made the credit card company isn't out the money, the retailer is. Since the chances of the fraudulent card happening at their local establishment is rare, security is lax.
The signature is useful for forensic analysis of the fraud after the fact.
Is it really? Most of the card issuers want you to demonstrate your signature right on the back of the card. And then pair that with a low resolution signature pad, and there's really no benefit at all.
In all the time I've spent in America I don't believe I've ever seen anyone really check the signature against the card.. always amazed me how lax and open to fraud that system was.
That's because the signature isn't about security. It is about agreeing to the cardholder agreement. It is a legal acknowledgement of a contract. It's more or less useless as a security measure.
Yes. Only reason it hasn't been deployed is because of the sunk costs and people's resistance to change. I don't think pin & chip will make it here. The former two are too heavy to move. Unless you get someone like Walmart to do it (and they won't, fraud is too small of a write off) it won't fly. Honestly, I don't understand how Target has the capital to make this investment. It would cost them far less to put in the preventative & detective controls in their current systems. Not to mention their shopping base will drop.
Also, this is relevant:
https://web.archive.org/web/20...
It's a shame that the original web site for this is gone.
For this to be a new system you need to travel back to 1992 when France adopted it.
Anyway, it can't ever be purely proximity based (like the contactless payments systems that you are presumably worried about) because it requires your PIN to authorise the transaction. Since its challenge/response there is presumably little benefit to eavesdropping on one transaction - you're not going to capture anything that will allow you to perform additional transactions in future.
Disclaimer: I once made and attempted to (failed at) sell(ing) security technology to the banking industry.
The incentives are truly twisted. If a merchant accepts a fraudulent card, the bank will not pay anything . They told the merchant that card number was good, but never signed off on that transaction. So, they get their money back from the merchant. Then, they charge the merchant a fee for wasting their time.
Long story short, banks love chargebacks.
That's why online payment processors (Paypal, Amazon Payments) can justify taking a bigger chunk of the credit card processing fees. They assume that risk (as long as you live up to certain rules), and they charge you for it.
Your ad here. Ask me how!
Given how few merchants have even looked at the signature area of my card, the thief signing the card wouldn't impact whether or not the merchant accepted the thieve's signature as being valid.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
The approximate way that chip and pin works in cards is that unique transaction information is sent to the chip. The chip then signs the response with the entered pin and that's sent for authorization. Even if a particular transaction is sent to the chip from 20 feet away, and the PIN is also sent, the most you'll be able to do is to fraudulently authorize a single transaction. IIRC (may be remembering an obsolete spec, its been a few years) part of the auth is even time-based, so even that's not much use for thieves.
Bottom line though, this isn't new technology. Its used everywhere else on the planet. American's looking at it as if someone's moved our cheese and saying, "This'll never work," just end up looking like Flatlanders in a 3D world - because it totally does work, and has elsewhere for decades. For real.
You're special forces then? That's great! I just love your olympics!
Are you talking about this?
https://onlycoin.com/
Fingerprint readers also look for a pulse. Chopping off a finger won't work.
I want a list of atrocities done in your name - Recoil
Its simple enough through most networks to get back a useless-for-charging but unique hash of the card number as part of the transaction, even if you don't make one yourself. That's what you store and use internally, since it no longer counts as "cardholder data" for PCI purposes and you can slop it around safely.
You're special forces then? That's great! I just love your olympics!
It's a new system for the US. It can be implemented however the major issuers decide to - whether they already have a presence in other countries or not.
It could certainly be proximity + PIN. Challenge/response does not require anything that NFC chips can't do. You're right that eavesdropping doesn't get you anything special, but it's still somewhat less secure to have the transaction sniffed.
Visiting the US from Canada is like travelling back in time. Debit cards? What are those? I was stunned that I had to pay for gas at the pump with a credit card - there is NO widespread use of debit cards.
Evidently you did actually travel back in time. The only place in the US devoid of widespread debit card use is the north slope of Alaska.
Credit card carbon paper and swipers? What year is this?
We blow the dust off the imprint machines whenever a gullible Canuck walks in.
Pay phones that only take one kind of card payment, and no others, because of exclusivity deals between the phone company and a card company.
Now I know you're making shit up because we don't have pay phones outside of airports.
I can change my credit card number with a few phone calls, I can change my PIN after a few clicks at my bank's website, I can change my signature any time I please, but I can't change my fingerprint. It's trivial to spoof fingerprints for most fingerprint scanners once the print itself is captured, and once it's out there, it's out there. Good luck dealing with it after that point.
Ideally, we'd have something that can be altered by the customer, readily recognized by a computer, and dependent only on the customer being able to reproduce it. PIN and signature both accomplish that to varying degrees (signature recognition is essentially non-existent on POS systems), but perhaps something gestural could work. Many Android users already rely on gesture-based locks for their phones, and I could see something similar working in the future, since it'd be a lot harder to transfer electronically than a four-digit PIN, a lot easier to replace than a fingerprint or retinal pattern, and a lot simpler to recognize for a computer than a signature.
> This is why you are disarmed,
Nope.. talk to the Swiss.
> have to register your address with the police
Nope.. unless you're a sex offender maybe.
> carry an internal passport
Nope.. especially not in the UK.
> go through extensive background checks to be allowed to open bank accounts
Not particularly.
> register your TV sets,
Nope... although you require a TV licence in the UK. From which we fund the BBC. You're welcome..
> submit to home searches by tax collectors, etc. etc.
Nope. Search warrants and the usual process of law excepted.
Sigh,
The point is that yes you can get the pin. But without the physical card it is useless because you need both to complete a transaction.
If your card was skimmed the more likely explanation was that the magnetic strip was skimmed and then used at a place that did not use chip and pin verification. Until we can remove the mag strip this will happen.
Places like the States resisting going to chip+pin means that the rest of use are paying
Choose your allies carefully, it is highly unlikely you will be held accountable for the actions of your enemies
Yeah.. the debit card thing I find totally bizarre and can't understand for the life of me. Debit cards seem to be the ideal expression of card payments.. direct from your bank account. You either have the funds or you don't.. no middle man creaming interest from you consumer and charging the retailer a processing fee. And yet they're alien in the US.
If someone could explain why debit cards aren't usual in the US I'd appreciate it. Having said that.. my EU debit card seems to work just fine all over the US.
If a criminal gets hold of the physical card and PIN there is no limit what he can do. Small camera's mounted by the ATM and brutal home robberies are occurring more and more.
[citation needed]
You don't enter a pin using tap to pay here in Canada, since it slows down the process and the point of tapping is to speed up the payment process. Your card usually has a very small tap transaction limit. My credit card has a $50 max charge per tap transaction, thought I would like to get it bumped up to $100 or maybe even $200. I think the banks here are starting with low limits to to see how things work out since its still a fairly new technology.
The thing is the signature on the back of the card isn't for verification by a merchant. The stated purpose of the signature block is that you agree to the terms that come with the credit card. By the rules of Visa and MasterCard a merchant should not accept a card that is blank or has something like see ID.
Of course almost no merchant follows this part of their agreement.
It's amazing to me how many people don't realize this, and think it is somehow safer to leave the card unsigned.
Back when I worked as a cashier (at Target, of all places), I actually had people get offended when I would ask to see their ID because their credit card was unsigned. But I know many/most of my co-workers didn't check...
Also in the category of things the store should check but rarely does -- The merchant is supposed to call the credit card's issuing bank before letting someone else use the card -- this also angered people when I would tell them I had to call the bank to let them use their spouse's card.
Yes you can, but you still need the actual chip in the machine for it to work. What they do is get the card details and the pin, then create a mag strip card with those details and use it in an American ATM to draw cash.
Anyone else a little concerned that two companies can snap their fingers and compel the entire country (every bank, every business and everyone with a credit card) to radically overhaul their entire financial infrastructure?
That's two companies with a '2' and nothing after it.
This sudden shift in technology is going to hit merchants hard. Not the large retailers that are having the massive data breaches, but the mom and pop store down the street. Why? Ever seen what card processing companies charge for machines? it's outrageous. Many of these merchants are still using machines from around the turn of the century, or older, because new ones cost far more than they can afford to spend on a device that really has no ROI. Chip and pin wasn't even being seriously discussed in the US until recently, but suddenly everybody is going to have to come up to this new standard by next year? Who's going to pay for this? Are the little guys going to receive subsidies? I do agree we're far behind the rest of the world regarding our processing methods, but the changes being discussed seem a little too sudden as to not be a huge burden on the people who can't afford another hit in this economy.
I sign my card (as required by the card issuer) then print "Ask for Photo ID". When the vendor looks at the back they always ask for photo ID. Do they always look at the back/signature area? Not always.
The most sophisticated fingerprint scanners can be defeated with gummy candy. Mythbusters got past one - a brand new design, which included checks for pulse, etc., with a Xerox of the correct fingerprint. The "is it a live finger" feature they defeated by licking the Xerox.
And if you steal someone's card, the odds are, their fingerprints are all over it. The average person can build a fingerprint kit for about $10, if they have access to Google.
I usually just write "Please check ID" in the signature box on my cards,
I've always found that an amusing form of stupidity. Your contract with the card issuer requires you sign it. Period. Any cashier who is aware enough of the rules to know to check the signature will likely know it has to be signed. I've seen credit cards refused because someone wrote "check ID" on the back instead of signing it - and rightly so, as they are required to do so.
The signature (on the card, and on the transaction, both) has nothing to do with security. It is a signature on a legally binding contract.
Here in Singapore my friend's back sends a SMS/text/msg to her phone/tablet anytime she makes a purchase online. She has to type that number into the web page form (or whatever) for the transaction to be approved. I think I wish I had this option. Though as I'm traveling right now I can imagine a few times when I might need the number and not have a signal.
Similarly, why not switch to an (optional?) system like for non-online purchases. Msg me the number. That way there's no PIN for anyone to steal. That number is only good for that transaction.
Ah yes, "Verified by Visa", because 2-factor authentication is mathematically identical to 1*2-factor authentication
It actually is when every factor is folded down into a simple form submission.
It's all "something you know" when you submit a form with an account number, a pin/security code/password, and the output of one of those RSA hash clocks / a hash of a finger print / a mass spectrograph of your farts.
I used to think the same thing in Canada, but at the same time most merchants were pushed to use chip-and-pin, those awful fricking "paypass" cards (RFID, just pass over the reader with no PIN) came out. A lady at my financial institution was recently mentioning how they just got them in Debit card form rather than just the usual Mastercard... so now a thief can handily steal/fake your RFID and foist money straight out of your bank account. How convenient!
One step forward, two steps back.
My bank has been issuing chip credit cards, but they are NOT full "chip and PIN", but instead "chip and signature". Payment processors have not implemented the full standard here in the US. I don't see how reading the chip is any more secure than the mag stripe without the PIN verification, besides making it harder to clone credit cards.
On the back of all my cards, in the "signature" line I always write, "Please check ID".
I always thank the 1 in 100 clerks that actually ask for my ID, though half of those seem to do it as company policy, not because I had it on my card.
"Unheard of means only it's undreamed of yet,
Impossible means not yet done." ~~ Julia Ecklar
So when a virus is loaded up on the client devices that are scanning the cards, this improves things how?
This may be stupid and naive on my part but...
With a signature style, while anyone can try to sign for it, at least if you contest a fraudulent purchase, you can compare the signature on the stores receipt to your own and say, "that wasn't me that signed it", and then the bank is on the hook rather than the card holder.
With a PIN style system, how the heck is the card holder supposed to prove (to themselves or the bank) that they weren't the one who entered in the PIN number? Thus, the burden of proof of fraud will be harder for the card holder won't it? I can see trying to convince the bank that you didn't enter that PIN number, and the bank telling you that it matches your PIN so it MUST have been you, get lost, your on the hook for it.
The chip and pin system is called EMV, for Europay, MasterCard and Visa. The heart of EMV is chip cards, which allow for the card reading pad to encrypt the transaction before it leaves the pad, using keys from both the card (the chip part) and the merchant service. The cards have to be set up by the merchant service with their key; the merchant at no point has access to that key.
The EMV standard also includes NFC - Near Field Communications. It is similar to RFID, but not the same thing. The main difference is that RFID has a range of a meter or two, while NFC has a range of a centimeter or two.
The are separate standards. One is part of the other. I don't think there is a requirement that merchants deal with NFC, but I haven't see any EMV equipment that doesn't include it.
Debit cards are common in the USA. the difference is that they can be processed as either a straight debit card (PIN required, no merchant fees for the retailer) or as a credit card (no PIN required, payment is processed by MC, Visa, etc. with retailer paying merchant fee). Many banks encourage debit card holders to process purchases (less securely) as "credit" by offering things like reward points to the cardholder so they can get those merchant fees.
I always write See ID on my card in place of a signature. Sometimes they even look at it and ask for my ID! When they do I always make sure to thank them for asking. I realize this doesn't help if my credit card number is stolen, but at least it might help somewhat if someone were to steal my wallet. The signature system is a joke.
its not RFID its NFC, RFID is NFCs dumb cousin and has no business being anywhere near a financial transaction.
So in the near-future, you won't be pickpocketed in the big city, but held at gunpoint until you give over your card and your PIN.
When I read about millions of credit card numbers getting stolen, are they somehow being used in face to face transactions? I don't think so. And PIN numbers are already used in debit card transactions. And what good is a chip in an online transaction?
The way I see it, people are going to have to give up some measure of privacy to obtain better security. That isn't something I embrace.
But why would the US move to chip and pin when it could leapfrog ahead to biometrics.
Because biometrics actually kind of suck. All of the ways of identifying via biometrics change over time: voice, retina, fingerprint, etc. Plus, there's no guarantee of uniqueness. In addition, every finger print reader I've had to deal with usually takes 2-3 attempts before it accepts me. Something that I would not stand for at a checkout.
some places have the card reader/POS integrated for the sake of branding, like self serve kiosks at target and the like, but its all verified by the bank/processor behind the casing.
What does a chargeback have to do with mass credit card fraud? Chip/PIN would actually prevent this sort of behavior...chargebacks have almost nothing to do with liability, just some people are assholes and will try and get away with anything they can. If you are sober enough to enter a 4-6 digit code, end of story.
How do you order cash over the phone? I know you can transfer cash like transactions, but someone has to physically show up at the other end...there's paypal et. al but they would have complete control until it leaves their system and they require a few layers of verification before it gets any where near cash.
But you could skim a bunch of mag stripes or trash a database of card info and clone a bunch of burner cards then mob a city of ATMs with Chip/Pin this is not feasible...
So how is it being circumvented?
Next time there's a Slashdot story where the consensus among the wise, assembled community (who always have mysterious insight above and beyond the people behind the technology in question) is It'll-Never-Work, just remember this article.
We're talking about a technology that is 20 years old, deployed globally and (based on the complete absence of negative comments from current users) a universally accepted improvement upon the system it replaced.
And the running theme from the (let's face it : primarily American) contingent in the comments is It-Can-Never-Work, It's-Hopelessly-Flawed and What-Idiot-Invented-This.
Slashdot is a special place.
Sorry, I should have been clearer. I was referring to the last sentence in the summary about the "transition to contactless payments".
Coder's Stone: The programming language quick ref for iPad
This puts the risk entirely on the consumer side.
Whether that is true or not depends entirely on the laws of the particular country and the cardholder agreement.
Your debit card is somehow compromised, someone makes a purchase with it that takes your account to well below the balance you expect to be there, your rent is due and has been set to be paid and the balance in your account is hundreds less than you expect it to be.
Easy solution. Don't use a debit card. Debit cards are a Bad Idea and are completely unnecessary. Use a credit card or use cash. Plenty of banks will give you an ATM card with no debit card features if you ask.
Carry cash and a gun! Cash to pay for your purchases and a gun to protect you from robbers. I don't pay interest rates on CASH!
The Truth is a Virus!!!
the USA had credit cards first any time you are first you build up a system and its hard to change.
Bogus argument. There has been plenty of time to transition to more secure infrastructure. It's not like the US had some massive lead on the rest of the world in credit card infrastructure. This could have easily been done years ago and the longer we wait the more expensive the change will become.
While I'll accept your counter, it should also be noted that most EU countries are much smaller than the US, which does make it a bit easier to change that infrastructure.
The size of the EU is about the same as the size of the US overall. If anything it is more complicated to change things in the EU because of the national boundaries and the need for cross border cooperation. Hell, the EU managed to get all these countries to change currency which is a MUCH tougher thing to do.
You need to read this You are not covered and they don't need your PIN. Possibly from a DB hack you may be safe. All I have to say it's not as secure as you make it sound.
DRM? No thanks, I'll just get it somewhere else...
My (Canadian debit) card has been scanned twice, and both times the bank called me up, notified me of the fraudulent charges on my account, and the money was back in my account in under two weeks.
With a credit card the money wouldn't have left your account at all. What you have described is exactly why debit cards are a bad idea. Even if things work out well, like the did for you, you still are out the money for some period of time.
Credit cards are almost always better for a U.S. cardholder than debit cards for the following reasons:
-Credit cards often have a reward for use when debit cards do not. My credit card gives me a 1 dollar credit on my Amazon account for every 100$, plus bonus credit in some cases.
-Credit cards grant the option, but not the obligation, of deferring payment, when debit cards don't. I've never paid a cent in credit card interest since I turned 18, so obviously this option isn't worth much to me, but it is there in the incredibly unlikely event that I need it.
-If you try to spend funds you don't have with a debit card, the bank may overdraft your account and charge you a penalty, instead of denying the transaction. This penalty is usually higher than the equivalent interest rate on a credit card. As of 2010, this is not really an issue anymore, because the customer now has to be dumb enough to voluntarily agree to this arrangement.
-Other than the above, there's no functional difference (to the cardholder) between the two types . Fraud protection is the same, payment processing is the same, etc. This includes prices - very, very few merchants charge credit card users extra, although they are allowed to now.
Given that, the only reasons to avoid credit cards in the U.S. are moral objections or lack of self control to handle them responsibly. Rational consumers will use a credit card every time. Of course, this says nothing about what's best for merchants or banks, but that wasn't your question.
Has anyone in the US used the NFC features of a new Android phone with Google Wallet? Looking at the setup it looks like it works like these cards, except you have to punch the password into the phone itself, so there is no way for the merchant to know what it is. This seems like it would be more secure. However I did notice the app would let you remember the password, which pretty much wipes out any possibility of security.
There are no merchants near me that support this, or perhaps it hasn't rolled out yet.
I did buy a handful of stand-alone NFC badges to test the phone itself out with. On the Nexus 5 you need to have a 1cm spot on the phone in direct contact with the badge for a few seconds in order for it to read. Way shorter range than RFID badges, which kind of limits the badge's usefulness, but there is no possibility of doing a "pocket read". More like "Right On Top of Field Communication" instead of "Near Field..." And even then, I would need to punch my password in on the app for payment to happen.
Perhaps the range thing is because I am using passive badges, and the active one at a retailer would work from a few inches away. I stuck a badge on my car's docking cradle, and it doesn't read because the badge is touching the edge of the phone instead of that 1cm spot on the back.
I'm a good cook. I'm a fantastic eater. - Steven Brust
OnlyCoin - was a weird idea anyway, throw away batteries piss me off!
Also, Canada has been using chips for a few years, with both debit and credit being seperate (to answer some comments about the "rest of the world").
The signature is not an authentication mechanism and it is irrational to expect it to be one. Do you really expect a minimum wage store clerk to be a handwriting analysis expert?
I'm not sure you are understanding this at all. Presenting a pre-signed card proves the cardholder once signed the card. Signing at purchase time allows them to compare that signature to the one on the card. Your argument is for, rather than against, the usefulness of signatures. It is true that a cashier can't stop all forgeries, but they can sure in the hell stop the obvious ones.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
So don't pair it with a low res signature card.
You're the one that signatures as we have them now were useful. I had to assume you were referring to current practices.
It is true that a cashier can't stop all forgeries, but they can sure in the hell stop the obvious ones.
It stops the obvious ones, but enables all the rest. I do not sign my cards. They ask to see my ID, then look up at my face to see if it's a match to the photo. That signature could be used anywhere if my wallet were ever stolen. Not just for credit card purchasers.
Online transactions don't use the pin; you indicate you have the physical card by keying in a three-digit number printed on the back of the card; but you also have to give the billing address for the card, which if you've just picked it up in the street you're not going to have. And if you have got it, it doesn't help since anything you buy will be shipped to the cardholder instead of you.
Online transactions for virtual goods are verified by transitioning to a bank https page which asks for selected characters from a password; it then sends a go or no-go status to the merchant. To prevent spoofing, the bank's page might also include an indentification phrase - 'the cuckoos are loud tonight' or whatever - which you created when you first registered with the bank.
And to log into your bank account, you can use a small handheld identification thingy which takes your pin number and uses it to create a one-time pad passphrase.
In the Nehterlands, in the early 2000s, they had an online commerce system that works as follows:
You have a credit card. It has a number.
You want to buy something online. Your vendor, after your cart is totalled, gives you an amount and a vendor code.
You go to your bank's website in your browser. You access your credit card account. You create a payment by entering the vendor code and total. A one-time code is generated that you copy and paste into the vendor's payment form.
This means:
a) The vendor NEVER has your CC number (so can't lose it)
b) The vendor can only charge ONCE against that number
c) The vendor gets paid, your data stays secure
WHERE IS THIS SYSTEM IN NORTH AMERICA?
WHY DO WE KEEP HAVING TO GIVE CC NUMBERS TO VENDORS?
Our banks aren't catching up because they couldn't catch a clue to save their lives.
I once had a friend have fraudulent charges on his CC. He went through the process do get them acknowledged with his CC company and written off. He asked when he'd get a new card with a new CC number. They weren't planning on sending him one. Yes, you heard me....
He asked them to kindly assign him a new number and send him another. They countered with the fact that he could just sign off any other bogus charges and they'd make them go away.
And you wonder where 18% interest rates come from?
Our banks are absolutely hopeless when it comes to innovating or even catching up with what the rest of hte world has been doing forever.
The chip and pin is slightly better (in prevention, but not in dealing with a breach) than the signature. Harder to argue later with your CC company thought because you can't argue 'well, that is clearly NOT my signature you have on file!'.... they'll just say 'they had your pin and chip, so too bad, so sad, you are liable....'.
One time numbers are the way to go for online transactions. I'm not sure what cure there is for CC used at brick and mortar outlets other than DON"T DO IT.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
At The Moment my credit card doesn't have a PIN
I was in the same situation up here in Canada when we switched over 6+ years ago. All the bank did was tell me that the new credit card with the chip used the same pin as my existing ATM card. It might be an issue if your credit card is from a different bank than the one with your account but if not it was a pretty painless process.
The bit I don't like is the new "contactless" payment system. I want any payment system to require purposeful contact on my part and not just require that my card was somewhere nearby since standing in a checkout queue I may well be near someone else making a payment. This has apparently already happened already in the UK where the system has be rolled out for longer. It may be a rare occurence but the amount of time spent getting one incorrect charge fixed will outweigh the time saved per transaction by many orders of magnitude.
Because biometrics is a terrible idea.
How do you change your password? You can't. That's why.
Ultimately you have to have something that is only in the brain of the user.
expandfairuse.org
Actually, modern cards not only have the contact chip but also a "Contactless" mode that can be used for small payments.
So you can pay for your Starbucks or bus fare instantly just by tapping your Visa card, no need to swipe or insert the card and enter a PIN number. This is all still more secure than Swipe & Sign, because the cards can't be easily cloned and theres a relatively low transaction limit.
Wrong.
Contactless is far less secure than magstripe.
"Contactless" is far less secure because it will wirelessly give out all the information on the front of the card (CC number, name, expiry date) to any system that asks for it. I have an application for it on my Galaxy Nexus (and the source code that doesn't censor the CC number is available on GitHub). Now you have the number, exp date and name on the card you can make online transactions with it and the best way to avoid detection by the bank is to make small transactions because they are less likely to be flagged or noticed by the user and the bank will write it off rather than doing any kind of indepth investigation (so as long as it's not directed to a real address, you're safe).
So you don't need to replicate the card to use it for fraudulent purposes. But if you would like to, just follow the specifications that are publicly available from Visa's website (same for MasterCard, haven't checked Amex/Discover, but no-one uses those cards outside the US).
Fortunately chip and pin technology is not dependent on contactless technology (actually it's the other way around).
Calling someone a "hater" only means you can not rationally rebut their argument.
What this paper says is only valid if "chip and signature" is an accepted method of payment, which is completely stupid and only caused by the widespread opposition in America to chip and pin. It's really like the story of the snake biting itself.
"The U.S. currently accounts for 47% of global credit and debit card fraud even though it generates only 27% of the total volume of purchases and cash". You really should not insist that the method used in much of the rest of the world, where fraud is 50% lower, is less secure. Because it really isn't.
Though I'm sure if you ever manage to switch, you will make sure to render your implementation completely flawed and useless, starting with idiotic "chip and signature" payments.
I'd rather not screw over local businesses with credit card fees - and some give discounts because Interac charges them less than a cent per transaction - and I don't want to deal with a pocketful of change.
I admire your altruism but I think it will not be reciprocated very often. All you are accomplishing is to subsidize others who aren't so generous by taking risk on yourself by using a debit card. The price of those interchange fees (2-4%) is built in to the price. So you are giving a 1-2% tip to a business that already is charging you what (probably) is a profitable amount while taking on significant risk in the process. I like doing business with local merchants too but I'm not about to risk someone emptying my bank account (even briefly) to support them.
Oh, and the price of processing a debit card is not "less than a cent per transaction". It is considerably higher than that. The cap is presently set at $0.21 per swipe plus 0.05% of the value of the transaction.
Modern computers don't have a floppy drive.
Just use the DVD reader.
If you have a portable without a DVD reader you can usualy just cut the chip from the card with a pair of scisors and stick it into your SD reader.
Watch this Heartland Institute video
Have been common here in Europe for ... what ? The last 30 years ?
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
I have never signed the back of any of my cards. I really don't understand why I should.
Let's say someone manages to get a hold of one of my cards. Do I really want them to have a template to forge my signature from? Wouldn't it be considerably easier for me to dispute charges if signatures that look nothing like my own are found on receipts?
Chuuch. Preach. Tabernacle.
What's next? The metric system??
That's not the point. The point is everyone uses the same 4-digit pin for the bank card, CC, or practically anything else that requires a 4-digit number. Passwords are much the same way.
you jest... but, currently, that's the way people act when their favorite political candidate fails to win the primary in the US. "That candidate doesn't agree with me 100%!!! I'm going to let the other guy who I disagree with completely win!"
That's why I have three "hot" bank accounts.
One for ATM transactions/meatspace debit card purchases, one for bill payment, and one for cyberspace debit card purchases.
If your bank doesn't make this easy to manage, switch banks.
Your plan is flawed. Sure, you have three accounts but your comment "If your bank doesn't make this easy to manage, switch banks" implies they are all at the same bank. Which subjects you to many other risks you're likely ignoring:
1. Person with stolen card may be able to social-engineer access to other accounts or online credentials and thus access the other accounts.
2. Your bank may choose to do a "courtesy overdraft transfer" from you other account, to cover thief's new laptop and vacation.
3. An "unusual transaction" on the one account, if unusual enough, may trigger the bank's fraud-bots to put a freeze on all your accounts, at least temporarily. Some stupid institutions do "freeze everything, no messages" as an attention-getting attempt at reaching you, and no, they don't disclose up front that they do that, so you can't "switch banks" based on looking out for that stupidity.
4. Some dispute with a big-enough jerk person, company, or organization may lead to a lawsuit or garnishment against you, and nowadays many banks have an immediate "fire the customer" response to that action. Again, not something they disclose up front. Condo Board (HOA) from Hell got me fired as a customer from a "good local bank". Luckily it wasn't my only bank/bank-alternative.
A much better idea, if you want segregation of accounts between physical world use, online use, and billpay use, is to use three different institutions entirely, picking carefully both for minimal Banksterism and for free external transfer services.
For example, I have (US-centric because that's the topic):
1. A Credit Union membership, in an institution that pays 4% interest (yes, four percent I didn't drop zeros or decimals) on the first $500 in checking and separately on the first $500 in savings. Has totally free 2-3 day ACH "push" to transfer money to any other bank or bank-like-thing (such as a prepaid debit card with a "bank account number" and "routing number" or to "pull" from any other bank-like account. Only if I initiate it. Overnight for a $2 fee. Both checking and savings there to maximize interest, have their Debit MasterCard, have their Bill-Pay but have no current payees set up, deliberately do not have any actual paper checks and never have on this account.
2. A "checking alternative" account with no minimum deposit, no minimum balance requirement, from an online discount brokerage firm (I don't have an investment account with them, just this cash management account.) Has a Visa debit card no added fees for foreign transactions over the Visa conversion fee, full rebate of any ATM-owner surcharge anywhere in the world, deposited back next banking day, no ATM-use fees of their own. Has free printed checks and free check refills. Has free BillPay, free external transfers by ACH. Pushes to my other bank-like institutions typically arrive next banking day despite their saying it is 2 days. Pulls from other accounts usually 2 days.
3. A high-interest (as US interests rates go) online-only savings account with no checking, no bill-pay, no nothing but can be the ACH target for direct deposit from Elance, PayPal, etc. for freelance work, is a transfer source and target for accounts 1) and 2) at those other institutions, has its own ACH external transfer capabilities (typically 2-3 days on pushes, out, a couple more days for funds availability on pulls into it - so I usually push from the other accounts which makes it instantly available when it gets there). Also tied to an online purchases rebates cashback program (Upromise.com - oriented towards savings for students but anybody can use it and get the cashback rebates, no matter what form of payment used, into their Upromise account and then transferred into this bank account.)