SOLVED: How Can Tap be Safer Than Using The Chip and PIN on Your Credit/Debit Cards?

Many people think that using a debit / credit card with a chip that requires them to enter a PIN code is safe.  It is not.  There are many ways to hack Chip and PIN cards:

  1. The stores chip and PIN machine can be hacked to send your information to hackers
  2. You card can be plugged into a small machine that then connects to the stores chip and PIN machine, telling it that a PIN is not required
  3. Your card can have a new chip “shimmed” onto it
  4. and my personal favorite, the stores chip and PIN machine can display one figure (like $80) but authorize and withdraw another figure (like $2500).  These are appropriately named “Evil Chip and PIN” machines.

Watch this 5 minute video from the University of Manchester for a simple explanation of these techniques:

Note that we start this video about 3 minutes in because the first techniques explained are no longer very relevant.

Tapping your card is safer than inserting your card and using your chip and PIN because:

  1. Tap has much lower limits than chip and PIN.  You likely have a $500 or $1000 limit on your chip and PIN use, but stores set the Tap limit and it is often as low as $20.   For example, most gas stations are $100, Costco is $200, Tim Horton’s is $20, and Safeway is $100.
  2. If a hacker gets your PIN number they will typically charge $100 before midnight to verify the card is working and then wait until after midnight, when your daily limit gets reset, and try again in $500 increments until it is max’ed out.  If someone tries to Tap your card (or a clone of your card) repeatedly at (say) $100 charges, your bank will likely become suspicious and block the transactions.


Questions or Comments?