I kind of hate the new chip reader security feature on credit cards. Chip reader technology in America is a failure, from a user experience design perspective, and performs the worst crime a product can do; it actually increases the problem it is meant to solve.
Chip reading technology is a new development designed to make a credit card harder to copy, and it does. Compared to the relatively simple task of copying the magnetic strip on standard card, chip technology is a huge security improvement. In many countries credit card fraud has dropped after implementation of the technology, and chip cards in America are just as hard to copy. The question to then ask is why has fraud actually risen in America in the last year?
User Experience Design varies between America and other countries. In Canada, for example, the technology used is very similar to that of swiping magnetic strips. You enter your card for a moment, the machine chimes, you pull out card, and then you go about completing the transaction with the keypad. This is because the machine does the slightly more advanced function of verifying the card first and holds that data in short term memory. In America, our systems are more secure by not saving that data.
Or so the designers thought. By failing to consider the user, the developers of the card readers made the one decision that makes chip readers in America one of the less safe for the average user than standard swipe cards; the card must be left in the machine for an extended period during the transaction. While you are using the terminal to select if you want cash back or sign for a purchase, your card is sitting there with the last 10 digits, the expiration date, and most of your name visible.
That might seem bad at first, but maybe not too bad. Remembering 10 numbers on the fly isn’t the easiest thing to do. At least until you remember phones have 12mp cameras, and until now you haven’t given the person behind you browsing Instagram a second thought. Then you remember from your work with Banks and Credit Unions that the first 6 digits of a credit card are actually issuer identification numbers and given the big logo on your card there is likely a relatively small number of potential combinations. Then you remember that the last number is a check used to see if a credit card number is valid and even further simplifies the extrapolation of the remaining numbers.
But that’s fine. No one can copy your card due to the chip. And then you remember online shopping exists, and there has been an increase of 40% in the last year of card-not-present fraud. We can’t know for sure if the theoretical ease of getting information off of the new cards due to a poorly designed user experience is the cause of this rise, however it isn’t a bad idea to keep your thumb over the card number while the machine does its thing.
Developers failed to consider how users would use the terminals, and how malicious users would attempt to take advantage of them. Always consider the user.