SoylentNews is people
SoylentNews
It's been about a month since American Express and Mastercard decided to stop requiring signatures for EMV chip credit cards. Now Visa is joining their ranks, making signatures optional for chipped transactions in North America.
"Visa is committed to delivering secure, fast and convenient payments at the point of sale," said VIsa's Dan Sanford in a statement. "Our focus is on continually evolving the market towards dynamic authentication methods such as EMV chip, as well as investing in emerging capabilities that leverage advanced analytics and biometrics. We believe making the signature requirement optional for EMV chip-enabled merchants is the responsible next step to enhance security and convenience at the point of sale."
Source: https://www.engadget.com/2018/01/12/visa-signatures-optional-credit-cards-emv/
(Score: 4, Informative) by TheRaven on Monday January 15 2018, @11:24AM
Here, the problem is that adding the inconvenience doesn't actually increase security. This was the same problem as CACert: they attempted to create a web of trust by requiring everyone to validate that they'd seen two pieces of government-issued ID from other people, until enough people had seen yours that you looked trustworthy. Only, here's the problem: none of the people inspecting the many different forms of ID from any different governments had been trained in recognising forged ones. Signatures are an incredibly bad way of performing authentication because non-forged ones vary considerably and even a trained professional can find it difficult to distinguish this variation from a poor forgery (and a good forgery will usually look more like the reference than the real thing would).
Requiring a PIN is more secure, because it can be checked by computer. You're still vulnerable to weaknesses in the EMV protocol and trojaned keypads, but it's a lot better than nothing.
sudo mod me up