Slashdot Mirror

← Back to Stories (view on slashdot.org)

Will 'Chip and Pin' Credit Card Technology Really Increase Security? (Video)

Posted by Roblimo on from the we-love-security-theater dept.

The answer seems to be: sort of, a little, but not a whole lot, according to Jerry Irvine, who is a member of the U.S. Chamber of Commerce Cybersecurity Leadership Council and CIO of Chicago-based Prescient Solutions. More security theater? It sounds that way when Jerry starts reeling off the kinds of attacks the new cards will do nothing to prevent. Even so, October 1 is the date after which merchants are supposed to be liable for fraudulent purchases made with old-style cards, and are supposed to have point of sale terminals that accept "chip and PIN" cards.

2 of 317 comments (clear)

  1. Re:None of my cards have a chip! by circletimessquare · · Score: 3, Interesting

    his bank has already sent him a new card with a chip in july, august, or september

    if he didn't activate the new card, some time in october he'll go to lowe's, try to use his old card, and his transaction will be declined

    he'll call the bank and raise hell and they'll say "sir, we sent you a new card and you did not activate it"

    he won't be able to use magstripe-only for very long because all major banks have replaced them or are replacing them

    he may have a card with some oddball institution that continues with magstripe only. that institution will be pressured by continuing changes in technology and standards, or they will raise their eyebrows at the fraud they have to cover, then they will go to chips too

    and this is all a good thing, increased security

    is there some valid reason why top comment doesn't want the chip?

    or is it "receiving the mark of the beast" level low intelligence paranoid mental vomit?

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  2. Re:Online retailers by F.Ultra · · Score: 3, Interesting

    While the PIN is stored on the card it cannot be read externally since you cannot read that part of memory using the pins on the card. AFAIK when you enter the pin on the terminal it sends it to the card together with the amount and then the card creates a one time key for that amount signed with the cards internal secret key if the pin matches what it has stored inside and this one time key is what it sends to the terminal and which it in turn sends to VISA/Mastercard/... so yes the chip+pin is way more secure than the old magstripe and the chip+signature.