Security for the issuing bank, that is.

Wait, what? Didn’t the bank tell you that the new card would offer you more security? Only if you’re the only one who knows your PIN.

Here’s some background on the issue: Banks and credit card issuers in many cities are introducing “chip and PIN” credit cards. They’re unique in that they have an embedded smartcard as well as the traditional magnetic stripe. When making a purchase with a chip card, the card is inserted into a reader and the customer enters a PIN number to confirm the purchase. The PIN is used in place of a signature.

At the same time, many banks are also taking the opportunity to embed radio-frequency identification tags into cards, allowing contactless transactions. MasterCard’s version of the technology is called PayPass, used at many Tim Hortons outlets. Visa has a similar standard called payWave.

Apart from possible security implications with RFID - which are documented in many places online - the real security for Chip and PIN is in your cardholder agreement. In the event your credit card is stolen, you are required to report the loss or theft to your issuer immediately. If the thief knows or manages to guess your PIN, you’re liable for the purchases made before you report it. In short, if somebody else knows or guesses your PIN, it’s considered that you’ve made the purchase.

Here’s the relevant section from TD Canada Trust’s cardholder agreement:

If you notify us, you will not be liable for any unauthorized use of the Card. However, if the Account is used with a personal identification code such as the Cardholder’s Personal Identification Number (PIN), Connect ID and/or Password, the Primary Cardholder will be liable for the full amount of all unauthorized Transactions which occur before notification.

So while having a Chip and PIN card may prevent unauthorized transactions from being made, make sure that your PIN is secret! It’s also a good idea to change it on a regular basis, and most financial institutions allow you to make this change from their ATMs: simply put the credit card in the machine like you would with a debit card, and select the “Change PIN” option.

- Jake

This post is a repost of the original article over at jakebillo.com. Visitors here may be interested in it as well.

Over at the Consumerist, there’s a recent piece debunking a Boston Globe article on writing “See ID” or some variation of the phrase on the back of credit cards. I admire what popular consumer advocacy site has done for the average person who’s gotten screwed by a large company, but some of their posts definitely suffer from the Gawker formula. In the effort to crank out content persistently every day, editors inject significant personal bias and non-news into the stream of articles.

Unfortunately, the Consumerist takes the anti-fraud prevention stance pretty significantly. Not that I’m advocating fraud: a large number of people write in who have experienced identity theft. As a result, the editors’ viewpoints trend towards “being safe than sorry” all the way up the ladder to blatant fearmongering. The latest contribution towards the fearmongering effort (which also contributes towards the page view effort) is to talk about the advantages of writing “See ID” beside your signature on the back of a credit card.

Read the rest of this entry »