Comment by quesera
3 months ago
Entering your PIN and using a debit card is the least secure/safe version of electronic payment.
Tapping (NFC) or dipping (EMV) are safer and faster for everyone.
3 months ago
Entering your PIN and using a debit card is the least secure/safe version of electronic payment.
Tapping (NFC) or dipping (EMV) are safer and faster for everyone.
How do you figure?
My threat model includes people stealing the card. I can have tap disabled on the card, and then thieves don't know my PIN. Yes, yes, that's like 13 bits of entropy. But it's not like they can use a computer to brute-force it.
I think your threat model is incomplete. You’re far more likely to have your card cloned and pin stolen through a fake terminal. I’ve actually had that happen to me vs 0 times have I had fraudulent transactions due to a stolen card.
Tap/dip payment is non cloneable even by a fake terminal. Outside the US tap+pin/dip+pin is even common but banks for some reason really are averse to requiring Americans to add a pin to credit cards.
> fake terminal
... at the self-checkout of a major grocery store?
> Outside the US tap+pin/dip+pin is even common
As far as I can tell "dip + pin" is exactly what I do with a debit card. This is literally the first time I've ever heard the term "EMV", so I looked it up:
> EMV cards are smart cards, also called chip cards, integrated circuit cards (ICC), or IC cards, which store their data on integrated circuit chips, in addition to magnetic stripes for backward compatibility. These include cards that must be physically inserted or "dipped" into a reader
As far as I can tell, that exactly describes my debit card.
> but banks for some reason really are averse to requiring Americans to add a pin to credit cards.
Well, yes, the entire selling point of tapping the card is that you don't spend those precious seconds on entering a pin. And my point here is to reject that culture of hurrying up (at the potential expense of carelessness).
4 replies →