Sunday, May 14, 2006

Chip and PIN, Another Chapter in the Attack on Debit Cards

The Daily Mail is reporting that Lloyds is admitting that there is a flaw in chip and PIN technology. The flaw is that the cards can still be remotely encoded and used in ATM's that accept older versions of debit cards.

The article states that the reason criminals are using the cards in other countries is because it takes longer for transactions to post and therefore escapes the "fraud detection" systems already in place.

Also contained in the article are a lot of reader comments, which are very enlightening.

The bottom line is that chip and PIN works, but only in machines that are set up to deal with the technology. This means that until we can create a "global" effort to curtail debit card fraud, newer technologies are going to have a limited effect.

Link to the article by the Daily Mail, here.

As a "Yank," I'm impressed with the fact that Lloyds is being up front with the problem. It's also refreshing to see the mainstream media working with the banks to get the word out.

Financial institutions in the United States haven't been as forthcoming with information. Even to this day, they still aren't admitting to the root causes of recent debit card breaches over here.

They might claim "zero liability" and offer free "identity theft monitoring," but they are in the business of making money. The cost of all of this is ultimately passed on to the customer.

Even though, there were many in the press and from blogs like Boing Boing that were getting the word out, the sources seemed to have either been victims, or confidential. I keep hoping to discover that the reason for this was an "investigation" that put a lot of the culprits -- where they belong -- or behind bars.

The bottom line is that the criminals seem to be very aware of the flaws that allow this to happen. Being up front about the flaws they are exploiting only serves to protect the public, who through their awareness, might spot the activity and report it.

Awareness might also help people from becoming victims, which is the best argument out there for laws forcing this activity to be "disclosed" to the public.

No comments: