Feeds

Smart credit card scheme kicks off in the UK

Chip and PIN

  • alert
  • submit to reddit

Internet Security Threat Report 2014

UK banks, building societies and retailers began the introduction of a more secure method of authorising credit card payments in Northampton today.

Designed to combat fraud, the Chip and PIN Programme will see the magnetic stripes on credit and debit cards replaced with more secure smart chips. The huge project will see more than 850,000 retailer terminals, 120 million cards and 40,000 cash machines upgraded over the next 18 months.

Consumers will verify their purchases by keying in a four-digit PIN (Personal Identification Number) - rather than signing a receipt.

For consumers, the new system should mean greater protection against fraudsters, as fraud on skimmed or stolen cards (which account for more than 60 per cent of total losses) will be reduced significantly, it is hoped.

Card fraud is one of the fastest growing crimes in the UK. A record £424.6 million of fraud was committed on UK cards in 2002, up from £411.5 million in 2001, according to UK trade association the Association for Payment Clearing Services (APACS).

Counterfeit card fraud is the biggest category, accounting for £148.5 million stolen in 2002, followed by card not present fraud (£110.1 million) and lost and stolen cards at £108.3 million.

Testing Times

Chip and PIN begins its public trial in Northampton today. Over the coming weeks, 150,000 Northampton residents (or half the adult population) will be sent the new-style cards, and banks and retailers throughout the city will be switching on revamped terminals. Large and small shops, petrol stations, pubs, hotels and restaurants will be involved. In total, around 1,000 retailers are expected to participate.

During the trial (which is scheduled to end in July), Northampton consumers will be prompted to use their PIN for one in every two or three transactions, using a range of debit and credit cards. Entering PIN information will replace signatures in authorizing transactions. Chip and PIN cards and retail terminals in Northampton will continue in use beyond the trial period.

A nationwide rollout is scheduled to follow.

American Express, Barclaycard, Barclays Bank, the Co-operative Bank, Egg, Girobank Merchant Services, HSBC, Lloyds TSB, MasterCard, The Royal Bank of Scotland Group, Switch and Visa are all participating in the trial.

The UK is one of the first countries to introduce chips on cards which meet new global specifications known as EMV (Europay/MasterCard and Visa). In time this means cards will be accepted around the world using the same security checks.

A similar domestic PIN-based system in France has seen an 80 per cent reduction in fraud since its introduction ten years ago. Most European countries, including France, are expected to implement the EMV system over the next five years.

The Northampton trial is the start of a full national rollout due to be completed by the start of 2005. Cards will be reissued and retailers will upgrade their terminals throughout the period. Consumers do not need to take any action themselves as their card companies will get in touch when they are ready to issue the new type of card.

Step in the right direction?

When we covered the initial announcement for the scheme back in April we wondered if the scheme would cut fraud.

Reg readers Joel Smith and Peter Fairbrother of the open-source cryptography project m-o-o-t.org both warned of the same potential pitfall of the scheme.

For a long time, Banks have denied that it is possible to make fraudulent transactions using a PIN in an ATM. However, it has now been shown to be possible.

Smith writes: "If a PIN transaction is made on my card after it has been stolen, how do I deny that it was me who made the transaction? Anyone with access to the PIN becomes an authorised user. I don't regard PIN codes as being overly secure, and this might be a step backwards in security."

Fairbrother believes the Chip and PIN scheme has the effect of shifting liability to the consumer.

"As the bank's will say that any 'phantom withdrawals' are down to the customer - because of course Chip and PIN is secure" Fairbrother. "This is becoming a problem in France, and elsewhere in Europe, where people are being deprived of compensation (and sometimes arrested) after complaining about phantom withdrawals / CC charges."

So although depending on a chip - rather than a magnetic stripe - is more secure, if you do become the victim of shoulder surfing the new scheme might mean you're in even more trouble.

Which is not nice. ®

External Links

Chip and PIN Programme - "the biggest consumer project since decimalisation" launches today
"Annual card fraud figures reach record high", APACS report (PDF)

Related Stories

Smart credit on UK cards. Will it cut fraud?
ID theft: a $1bn a year crime
How to get an ATM PIN in 15 guesses
Crackers gain sight of up to 5m credit cards

Remote control for virtualized desktops

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.