[Tibbes]

A very similar system is already in use in the UK and other parts of Europe. It's called "chip & pin". You plug your card in to a card reader and check the LCD display and type in your PIN to authorise a transaction.

In a shop, the card reader is owned by the shop and is similar to point-of-sale card readers used in the USA. However, most banks now provide customers with a small reader (that looks like a calculator) for logging on to online banking, or authorising payments made via internet banking.

For example, to authorise a payment you: put your card into the reader, type in the account number you want to pay, type in the amount, and type in your pin. You then get an cryptographic authorisation code to type into online banking.

Crucially, the scheme works using cryptography, and the cryptography is performed within the chip on the bank card - it is not possible to read the PIN off the card.

(edit: and, in contrast to the scheme described in the parent post, stealing a card doesn't help much if you don't know the PIN, and the card will disable itself if the wrong PIN is used too many times)

[jessriedel]

I see three problems.

> most banks now provide customers with a small reader (that looks like a calculator) for logging on to online banking, or authorising payments made via internet banking.

This means you can only make online purchases easily and securely at home. If I want to be able to make purchases at someone else's computer, an insecure back door must necessarily be left open even when you're not away.

> To authorise a payment you: put your card into the reader, type in the account number you want to pay, type in the amount, and type in your pin.

This doesn't solve the problem (which people may not care about) that the merchant could now have your pin.

>You then get an cryptographic authorization code to type into online banking.

This seems like a huge burden. Physically typing in long cryptographic codes? Do people actually subject themselves to this?

Thanks very much for the perspective.

EDIT: I retract the second criticism for reasons explained below.

[Tibbes]

> This means you can only make online purchases easily and securely at home.

Fair point - I had this problem when wanting to use Internet banking at work, but these pin readers are compact (smaller than an iPhone, marginally thicker) so I just keep mine in my bag now.

> This doesn't solve the problem (which people may not care about) that the merchant could now have your pin.

Only if the reader itself is compromised (very unlikely with the small ones provided by banks for online banking, and pretty unlikely in a shop too). However, note that the PIN is useless without the card, because the crypto chip is on the card, and it can't be cloned by a reader.

> This seems like a huge burden. Physically typing in long cryptographic codes?

They are only 8 digits long. And yes, I don't want fraudulent use of my account so I don't mind.

[jessriedel]

> However, note that the PIN is useless without the card, because the crypto chip is on the card, and it can't be cloned by a reader.

Ahh. So then the merchant could only really make use of a pin (which it would have to do by compromising the pin reader--a tall order for small time crooks) if he also stole your physical credit card. I agree that this isn't much of a risk, and retract that criticism.

[lutorm]

Someone wrote a criticism of the chip&pin system a while ago. I don't remember the link, but they were arguing that this system also had serious security flaws. The most memorable one was that while before people who held you up for your ATM card and PIN had to physically go to an actual ATM to see if the PIN you gave them worked, now they can get to work on you with a pair of pliers and a blowtorch until the card reader says "Pin OK" without risk of revealing themselves to an ATM camera. They claimed that this has already happened.

[DougBTX]

The fix for that, if we're remembering the same article, was simply to have the card reader display junk output instead of "bad pin". The bad output could then be entered into the bank website three times, and then block the account from there too.

[lutorm]

Yes that would be possible. Only my card reader still says "pin ok".