Security @ FIT

Security Research Group

Authorizing card payments with PINs or Signatures? (Experimental Study)

Cvrček Daniel, Matyáš Václav, Krhovják Jan, Kumpošt Marek,

Klíčové slova


Chip & PIN is the name of the new technology supposed to considerably decrease fraud related to payment cards. While this is definitely true from the banks' point of view, what is not so clear are implications for customers - the ultimate card users. Introduction of smartcards within the Chip & PIN deployment exercise is quite likely the most extensive deployment of computers in the human history, with security as a ma jor aspect. We first review some of the most critical issues related to the introduction of Chip & PIN card payment authorization, and then discuss our two-phase experiment.1 Our experiment examined, in two phases, whether the introduction of this authorization method is advantageous for an opportunistic thief and whether the customer truly benefits from the Chip & PIN technology with respect to this opportunistic thief. This is, to our best knowledge, the first presentation of non-trivial field experiment results on the ease of PIN in-shop observation to the general public.