There is a growing back lash to the introduction of Chip and PIN and point of sale as the schemes try to role it out across Europe.
Many senior bankers are wondering if it is not a strategic mistake to invest in security infrastructure like PIN Entry Devices (PEDs) when there are plenty of alternative solutions for authentication that are cheaper and inherently more secure.
EMV chip cards were introduced on the grounds of the threat from cloned cards, yet the need to use magstripe to access the ATM networks means that dual magstripe and chip cards are still being issued. Cloned cards are just taken abroad and used without chip.
The cost of PIN at point of sale is not a one off cost. The POS infrastructure needs to be updated and managed. A cost that has been severely underestimated, even the terminal manufacturers are complaining about the number of software patches and device certification hoops they have to jump through. It is a moving feast.
The problem is that security never stands still and if your security is dependent on a distributed architecture of secure points you need to keep them all updated.
PED’s have now got a 50 point certification process of their own. And certification means cost.
The strategic issue is that in a world of IP based software as a service where the terminals are becoming dumb and the intelligence is in the network, does it make sense to persue a path towards intelligence in terminals? Not least it means the consumers experience online will always be different from the physical world. That may sound esoteric – but it is about the role of cards in the future of payment.
One solution that takes a sideways look at PIN is PINOptic a company that comes at the card holder authentication problem in a different way. Their one time graphical PIN solution prevents shoulder surfing and works across insecure networks such as cell phone networks. The terminal infrastructure needed is a screen and an insecure keypad or even a cell phone.
I think we will see pressure from non chip and PIN territories to adopt this type of technology in preference to a commitment to a chip and pin future.