I work in the industry. Chip and pin is not statistically safer (fraud rates in Spain, UK, and US are all the same despite having very different payment landscapes). The fundamental problem is that in traditional chip-and-pin setups you also type the pin into the same machine... so adding a skimmer + video camera OR adding a skimmer that records pin is marginally possible and not that hard.
The real security would come with a second factor that the user controls, either by approving on your phone or by using one-time-numbers for each transaction. The reason why these do not exist yet is because they would impede transaction flow, and the basic math with these companies is if fraud rate > rate loss of transaction volume from security feature then use security feature. Otherwise, don't.
"fraud rates in Spain, UK," for what? Credit cards? Debit? There's always going to be fraud one way or another.
"you also type the pin into the same machine... so adding a skimmer..."
There's no copying of SIM Cards.
Yes, you can still copy the magnetic stripe that's there for backwards compatibility. So, yes, it's not going to be safer while there's support for old technology.
My (European) bank issued me a chip-and-pin card without the mag stripe, good for travels, where I won't risk getting my card skimmed again.
I would be careful with such statement :-) Security usually maters on type of card, but top range is pretty expensive. There are number of ways howto 'debug' chip using power consumption, xrays etc...
It is easy to copy GSM SIM card. Also operators usually give replacement SIM ( if original gets lost) to anyone with photo id. There were number of frauds in Europe.
"There are number of ways howto 'debug' chip using power consumption, xrays etc..."
The circuit on the chip is known, that's not important. The important thing is the information in rom. Difficult, but certainly not readable through x-ray.
"It is easy to copy GSM SIM card. Also operators usually give replacement SIM"
Of course they can give you a replacement SIM, they can reconfigure their systems to point the customer to the new SIM. That's not copying.
>and the basic math with these companies is if fraud rate > rate loss of transaction volume from security feature then use security feature. Otherwise, don't.
I seem to recall reading a while back that the overall credit card fraud rate is at the level of single-digit basis points. Is that really true? (I can't seem to find a good link.)
The real security would come with a second factor that the user controls, either by approving on your phone or by using one-time-numbers for each transaction. The reason why these do not exist yet is because they would impede transaction flow, and the basic math with these companies is if fraud rate > rate loss of transaction volume from security feature then use security feature. Otherwise, don't.