Is Chip and Pin a secure technology that prevents fraud?

THe whole point of the UK roll out of Chip and Pin technology was the promise that card fraud would be dramatically reduced by chip and pin technology. Although chip and pin was never actually promised to be 100% secure, it wasn't sold to the British public like this - we were all supposed to think it was unbeatable.

The fundamental problem with chip and pin technology is the pin itself. A four digit pin is not particularly secure. It is also easy to read over somebody's shoulder. This is one of the problems chip and pin creates - it is easier for a mugger to watch somebody enter their pin number into a chip and pin terminal and then go outside and mug them and take their chip card.

The pin number is actually stored on the card. It is encrypted on the card. Most encryption systems like this are physically irreversible. You can ask the card "is this your pin number", but you can't mathematically ask it what the pin number actually is.

One common method of circumventing this is to attach a stealth device to a pin reader. Go into a shop and steal the chip and pin machine. Add a device to the chip and pin machine to record card details and pin numbers, and you can then go off and manufacture a new card with that pin. Easy to do. You don't even need to steal the chip and pin machine to do this if you work in the shop...

If you fail to enter the pin 3 times, the card will lock - although it is possible to unlock them at most ATMs. However, this particular bit of technology didn't work very well in the initial roll out - I have heard many stories of people's cards being stolen, especially brand new ones, and cash being withdrawn on the cards from a cash point twenty minutes later. Explain that one!

Another major failing of chip and pin is the "Pin bypass". This allows retailers to complete the transaction in the old fashioned signature method if the customer cannot remember their pin. Although less common now, it is still a source of trouble. What a lot of retailers do not realise is that if they instigate a pin bypass, the liability for the transaction falls on the retailer and not the bank.

So chip and pin isn't perfect. It is better, but it isn't perfect. It is certainly easier to use and a little less Victorian than having to sign for every purchase, however, it has created problems and isn't perfect. The larger problem with chip and pin's imperfections is that no doubt in a few years the banks will make use embrace some new technology that takes even more time and money to implement.

I've never seen the numbers, and I doubt that it is possible to calculate in a fair manner, but I am prepared to bet that the chip and pin roll out cost this country many many times more than is being saved in credit card fraud.