(File pix) PIN-enabled cards are an additional security measure for users. Pix by Nik Hariff Hassan

ALL credit and debit cards are personal identification number (PIN)-enabled, effective from January, as an additional security measure against fraud.

The upgrading of debit and credit cards, and merchant payment terminals has been a massive and costly exercise, in addition to the inconvenience caused to users, who had to replace their signature-based cards.

However, most merchant payment terminals have exposed keypads. A person with an observant eye would be able to make out the six-digit PIN keyed in by the user. The credit or debit card user is at risk of being mugged. The perpetrator can use the card for fraudulent purposes, while the victim thinks that his PIN-enabled card is useless to others. Who bears the charges for the fraudulent transactions?

This keypad security “breach” is evident in public places like supermarkets, shopping complexes and restaurants, where anyone standing near the credit or debit card user can spy on the PIN as it is being keyed in.

Someone who is more careful, like myself, would use one hand to partially cover the keypad, but then mistakes are likely to occur. Sometimes, I enter the wrong PIN, as visibility and lighting are limited when I cover the keypad.

After several attempts of entering the PIN, the card is disabled. To avoid this, most users do not cover the keypad.

As such, the unlighted keypads at merchant payment terminals should be phased out and replaced with ones that are covered and lighted that only the users can see. After all, ATM machines are located in bright areas and have plastic casings covering the numbered keys.

In the meantime, the operators of merchant payment terminals with exposed keypads can be instructed by the processing banks and Bank Negara to make it mandatory to provide private spacing with limited visibility, where only the credit or debit card user has a direct view of the numbers on the keypad.

While PIN-enabled cards are a good security measure, the privacy of the PIN must be taken into account. There is no point in having a six-digit security number when it can be easily exposed.


NG SHU TSUNG

Kuala Lumpur

292 reads