The banks introduced chip-and-PIN for increased secur-ity and to cut down on fraud (PINheads, letters.computing.co.uk). The system was supposed to be “good for consumers”. However, we now seem to be in a position where banks have issued a flawed PIN system and we have no redress if, through no fault of our own, someone gets hold of our PIN number and/or card.

We must enter all four numbers of our PIN and in the correct order. But it would be better if banks asked for say, the third and first number, and then two random numbers. That way, even if we were overlooked and someone stole our card, the thief would not know which were the authentic numbers and which were the random numbers. The card could then be locked after three unsuccessful attempts.

According to some  reports, it is now possible to hack chip-and-PIN devices with a paperclip and a
needle. Cards can also be cloned  and the card owner would never know.

Another security flaw is that, once a PIN number is entered, the Barclays PinSentry device announces that it is correct by confirming it. No signature on paper is required, so card owners cannot even prove that the signature is theirs.

Cheques are being refused by some shops and the trend will grow – this means more use of chip-and-PIN by  people who may not be  so careful about who is watching them.

I welcome the idea of  chip-and-PIN and increased security. But the current system seems to have been dumbed down and as a  consequence security has been compromised.

Steve, submitted on the web