Google

Home
Most Popular
Petals

|
*
2006/03/11
 14:19:17

The fall of PIN-based transactions?

While Europe has been using chip & pin for a while, debit cards are just recently starting to catch on in the US. Something that's always bugged me about them (and smart cards without keypads), is that you're entering the secret that's supposed to keep your info secure into a system with unknown security. Whether it be an inadvertent keylogger or as in the case of the recent financial stuff the system storing them someplace it shuoldn't, once it's entered you have no control over it other than to trust the remote end. You have to trust the entire chain to keep your data secure. Schneier has some good info on the recent rash of theft from accounts using ATMs. The part that sucks for consumers on this is that debit cards have no federal consumer protections the way credit cards do. This kind of thing is why the future is definitely going to need to be smart card with keypad or something similar. It's also an example of why biometrics are really bad - if compromised this way, the PIN can be changed. You can't change your biometrics. On the semi-positive side, maybe this will get people to realize typing passwords (including PINs) on random computers is a bad idea.

#
By Austin on 2006/03/12 at 12:20:09

Something tells me it's going to take a lot more than this to get people to realize they shouldn't type anything important on random computers.

#
By Jeremy on 2006/03/12 at 23:21:36

Unfortunately you're probably right.