Should PIN Pads Be Hardened? This Reader Says They Should Be Dumped

Written by Frank Hayes
August 8th, 2012

Is it even worth hardening PIN pads against hacking? After last week’s story on Verifone’s device-breach problems, one StorefrontBacktalk reader commented: “Hardening PIN pads just kicks the can a few feet down the road, the way PCI kicked magstripes down to Chip-and-PIN. But it’s still the same can and the same road, so why do we think the same problems won’t keep chasing us?” His conclusion: Make payment cards much smarter and eliminate the PIN pad entirely.

That’s a great idea for large chains. But smaller merchants will have to buy in, too—and they’re the reason every attempt to improve payment cards so far has failed.

But back to our anonymous-by-request reader (who happens to be a senior IT exec at a major chain, someone whose thoughts we have learned over the years to trust): “The unreasonable but secure answer is to stop doing the same thing. We need to stop trying to keep identities and account numbers secret, and stop asking merchants to carry secrets worthy of bank vault protection. Instead, we need 100 percent on-card security, including the user interface, to protect transaction authorizations. This will remove the merchants from ever handling the customer’s secrets,” he wrote.

“Smart cards are already capable of doing encryption. Add a 10-key pad to each customer’s card, and a small screen to display the amount to authorize, and each customer is now carrying their own full PIN pad for about $5 to $10 per card. This is equipment given them by their bank, which they can trust. It’s not on a network, not upgradable, [is] sealed hardware and cannot be hacked remotely. The banks then have true end-to-end encryption all the way from their own tiny PIN pads to their own mainframes, and not the hop-to-hop-to-hop that exists today (that is mislabeled E2E by every vendor selling the stuff),” he added.

This type of super-smartcard would make PIN pads unnecessary and remove lots of breach opportunities. Merchants would still have to block man-in-the-middle attacks at the POS, but that would be much easier without a standalone device sitting on the counter that’s just begging to be attacked.

“Industry security experts are beginning to agree that zero-trust is the future of security, and that all network endpoints are inherently untrustworthy,” this reader concluded. “Let’s stop pretending that shared PIN pads on a network are a good idea. If we’re going to do something unreasonable, let’s at least do something different.”

Yes, this does sound like a much more secure POS future. It’s a great idea. Better still, the technology is already available. And if it’s a little pricey today, that cost would drop dramatically once the number of cards scaled up.

The problem is getting to that future from where we are now. The most obvious barrier: magstripe.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.