jump to navigation

Thanks Chase for our new Chip cards but what happened to the PIN? July 14, 2015

Posted by wastedspacer in IT Security, Rants, Technologies.
Tags: , , , ,

What is the point of having a Chip card without a PIN?

In my opinion, the US credit card industry is bonkers and just squandered $33 Billion on upgrading everyone’s credit cards by adding a Chip but neglecting to add any kind of personalization step to create a PIN (too difficult they claim)!

A simple implementation and personalization step would have been to require the card’s FIRST USE in a chip reader to create a PIN and also require a positive ID from the merchant/bank and/or face capture at an ATM sent to the owner to confirm/decline within 48 hrs.

Instead the US card holder has a card that will still work for an unauthorized person even if it is lost, “borrowed” or stolen. The only minor improvement is to reduce fraud in the case of card-skimming or number + CSC theft.

What particularly galled me was the US banking industry citing how effective the fraud reduction had been in Europe as a principal driver for this change. But those fraud-reduction statistics are actually based on the use of Chip AND PIN not just a chip alone.

Another irritating claim by Chase is the suggestion that using a CHIP card in Europe “may” require the use of a PIN in which case you are out of luck so carry cash instead! In my experience in the UK, if you have a CHIP you MUST present the PIN so this daft credit card is no longer going to be usable over in the UK. We don’t even have an option to create a PIN if we wanted one, the default settings for these pieces of dumb plastic is OFF 😦

Here’s one of the less-than helpful pieces of documentation from Chase:


Seems I am not alone in the lambasting of this rather dumb and seemingly pointless waste of $33 BILLION!!

Source: Money – You’re about to get a new credit card … and it’s an epic failure

and Wal-Mart’s executive in charge of payments thinks the United States’ switch to chip-based credit cards is going to be a disappointment.

So far our experience with what just arrived in the mailbox is certainly looking that way! We are being given 60 days to comply, they changed the CSC and nudged out the expiration date so we will need to update all our auto-pay settings AGAIN. We only recently received new cards and had just completed that onerous exercise!

Perhaps its time to start a consumer security pressure group to force US Credit Card companies to implement the PIN, or at least provide a way for those of us who WANT a PIN can get one since that is an embedded part of the EMV design.



1. xfire0384 - July 14, 2015

Agreed. It’s screwy. And merchants can’t decide what they want. It is all up to the individual issuers on what to do. Talking with Visa and MC, some may, some may not enforce Chip & PIN. I am hoping to at least have the option to enable it.

And don’t forget that banking websites lack any decent level of security. At least some check to see if it’s a browser you have used before and send you a one time code, but that isn’t as good as actual enforced two-factor.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: