Many people think that using a debit / credit card with a chip that requires them to enter a PIN code is safe. It is not. There are many ways to hack Chip and PIN cards:
- The stores chip and PIN machine can be hacked to send your information to hackers
- You card can be plugged into a small machine that then connects to the stores chip and PIN machine, telling it that a PIN is not required
- Your card can have a new chip “shimmed” onto it
- and my personal favorite, the stores chip and PIN machine can display one figure (like $80) but authorize and withdraw another figure (like $2500). These are appropriately named “Evil Chip and PIN” machines.
Watch this 5 minute video from the University of Manchester for a simple explanation of these techniques:
Note that we start this video about 3 minutes in because the first techniques explained are no longer very relevant.
Tapping your card is safer than inserting your card and using your chip and PIN because:
- Tap has much lower limits than chip and PIN. You likely have a $500 or $1000 limit on your chip and PIN use, but stores set the Tap limit and it is often as low as $20. For example, most gas stations are $100, Costco is $200, Tim Horton’s is $20, and Safeway is $100.
- If a hacker gets your PIN number they will typically charge $100 before midnight to verify the card is working and then wait until after midnight, when your daily limit gets reset, and try again in $500 increments until it is max’ed out. If someone tries to Tap your card (or a clone of your card) repeatedly at (say) $100 charges, your bank will likely become suspicious and block the transactions.