Chip and PIN as a method of payment has been in the UK for a couple of months now, and according to all the major card companies is the most secure system so far.
According to this info on UK government website crimereduction.gov.uk, the initiative is costing £1.1billion. This to combat plastic fraud which in 2002 cost £424.6million in the UK.
Since 1st January stores not using chip and PIN get less protection and insurance against fraud. This was used as the “incentive” to buy in early.
So what’s it like to use?
Not a great user experience for me so far. And canvassing opinion in a quick straw poll friends agree.
It wouldn’t take a lot to improve it. Train staff better. Make it easier for customers to use, no awkward leaning over the sweet rack on the sales counter…
I was just wondering why we don’t seem to have benefitted from what other countries have learnt.
Compared to France, where they’ve used chip and PIN for years, we’ve got a lot of catching up to do. There the “PIN pads” usually have hoods which cover your hand enough so that others can’t see what your PIN is.
Here in the UK all the machines I’ve used so far are more like overweight pocket calculators.
They’re rarely on long enough leads, so you find yourself punching numbers in to the thing while it’s dangling in mid-air or being held by the sales assistant or waiter, many of whom seem bewildered by the new technology themselves.
I make a point of covering my number punching hand with my other hand but for some reason it all feels quite self-conscious, even though that’s what all the advice says.
The problem with it for me, and why it still feels insecure (though less so than the signature validation thing) is that a number string is not really unique to the individual it is attached to. It “feels that way”, as if you own the number, but it does not really uniquely identify you. It only identifies you defensively/negatively and by default in that it relies on the owner NOT to reveal it. So, to my mind, the system is still fundamentally open to abuse…Though, as you say, making the input process less publicly visible would certainly help. To my mind, something like fingerprint, or eyeball detection would be much better, though to be implemented on the mass market would be a major undertaking and probably degenerate in to farce. Also, if you have ever seen Charlie’s Angels the movie (the first, not the sequel), then you will recall it is theoretically possible to steal somebody’s eyeball print! -): But maybe you need to be Cameron Diaz to pull it off.