On Wed Oct 10, 2018 at 09:17:37AM -0700, Brian Kantor wrote:
I understand that in some countries the common practice is that the waiter or clerk brings the card terminal to you or you go to it at the cashier's desk, and you insert or swipe it, so the card never leaves your hand. And you have to enter the PIN as well. This seems notably more secure against point-of-sale compromise.
PIN is more secure but the device is wireless and may have been compromised. All (that I've seen) POS are now PIN based in UK. Internet use still asks for CVV sadly though verified by visa is still occasionally used but is only protecting the places you probably already trust. There have been cards with a OTP display but they didn't become popular. I try and use Apple pay where possible. Apple assure us that their account code and one time security codes prevent the attacker aquiring the card number/pin/cvv and any captured data can not be used to make another transaction. Really eveything should do at least this. brandon