I am planning a trip to Canada soon. It’s a trip for work so there are multiple things to do. (I’ll be teaching Learning Tree Course 468, System and Network Security Introduction.) As part of the preparation for the trip, I notified the companies whose credit cards I’d be using so they’d know it was really me using them. I’ve found that to be a good thing to do. It lets the companies know the use isn’t fraud, but they also look at use after your trip to be sure nobody is using stolen card info.
When I asked my VISA card issuer about whether I needed “chip and PIN” cards for Canada, they were a bit confused. Chip and PIN cards are common in Europe. These cards contain a chip and require a pin for use. This makes them much harder to compromise and thus safer to use.
The issuer said that 1) chipped card readers were not common in Canada, 2) it would be a long time before they were introduced in the US, and 3) VISA didn’t issue chipped cards. All three comments turned out to be incorrect.
Chipped card readers are common in Canada. A friend who lives there tells me that about 90% of the readers will read chipped cards. Another colleague visiting Canada as I write this tells me the same.
Merchants in the US will have chip readers by late next year. According to the Wall Street Journal we’ll be using those readers by October 2015. The readers in the US will be a little different than those in Europe, though. The ones in the US will likely be “Chip and Sign” instead of “Chip and Pin” meaning we’ll still have to sign receipts rather than enter PINs, at least for now. Either way requiring the chip should be a big help in deterring card fraud. Of course, the readers and cards will still have magnet strips for a while. I suspect the cards will lose them before the readers do (so we can support other countries’ cards for those few countries without chips).
Finally, Visa does issue chipped cards and will do so even more as we approach October of next year. I hope the card vendor will train its folks more as that deadline approaches.
I look forward to seeing you in one of my Learning Tree security introduction courses. If I don’t see you in Canada, perhaps it will be in a US course. Authentication is a big part of the course and this is only one aspect. Until then,