Q: I read with interest the articles concerning the use of magnetic stripe and Chip and PIN cards in Europe and, as a result, have just obtained a Chip and PIN card. The customer service representative added one caveat: “Bad guys” in Europe have a device that can read the PIN from some distance from the location of the transaction and can then fraudulently use it for their own purposes. She strongly advised the purchase of a protective sleeve that can thwart this illegal use.
—A.P. Taylor, North Tustin, Calif.
A: Every transaction carries some risk, security experts agree, but the agent seems to have conflated a couple of security concerns.
Chipped cards — or “smart cards” — are the standard in much of the world, but not in the United States.
- Mount St. Helens, still steaming, holds the world’s newest glacier
- Whitest big county in the U.S.? It’s us
- Seattle sets heat record for July 4
- For escapee, prison now will mean 23 hours a day in a cell
- Sound Transit planning heats up for light-rail expansion and public vote
Most Read Stories
They’re beginning to creep into use here, especially as consumer demand for them grows. They come in two varieties: Chip and PIN, and Chip and Signature (the latter recently issued by Bank of America to Alaska Airlines VISA cardholders). The PIN is the more secure of the two.
Much has been made of the notion that the unscrupulous can grab its signal and have their way with your card (or your passport, which also contains such a chip). Although anything is possible, this, several experts told me, is improbable.
First, the thief would have to be physically close, said Terry Hartmann, vice president of security solutions for Unisys. How close? Four inches. So unless that thief snuggled up to you, he or she probably couldn’t get into that chip.
Second, even if the chip is breached, the information is heavily encrypted, said Dale Thompson, associate professor of computer science and engineering at the University of Arkansas at Fayetteville. What someone gets is a serial number “that really has nothing to do with your PIN,” Thompson said. “It’s not your credit card number, it’s not your Social Security number, it’s not even your name.”
And third, said Phil Lieberman, chief executive of Lieberman Software in Los Angeles, “The card itself is dynamic. Every time you do a transaction, it changes. Even if you skim it once, you can’t really reproduce that result.”
Although having a Radio Frequency Identification-blocking wallet may help — it adds another layer of security, Hartmann said, and security is all about layers — it’s probably not going to protect your card from the PIN stealer that Taylor’s agent fears. Why? Because to use the card, you must take it out of the wallet. The magic shield is gone.
The bigger concern, Hartmann said, is the magnetic stripe card that predominates in the United States. If the card is lost, anyone can use it fairly easily.
A chipped card that requires only a signature, which is what many banks are issuing, has some of the same issues.
Given that smart cards are still uncommon in the U.S., what should a leisure traveler do?
“Putting pressure on their banks and governments to get smart cards to us as soon as they can,” Hartmann said. They can make “travel a lot easier.”
And who isn’t in favor of that?