Human Momentum
I’ve been travelling quite a bit recently for work and have been reminded (again) how ‘human factors’ can defeat any attempt to improve security.
A good example of this is chip and pin/contactless. Chip and Pin is common and popular in Europe and as a result in Europe I never ‘give’ my card to members of staff for them to process it. This reduces the risk of fraud substantially as staff cannot easily clone/copy cards when they’ve never handled them.
However contrasting this with the USA - in the USA even when they have chip and pin machines it still seems common for the shop staff to take the card and ‘swipe’ it first. This seems in 95% of cases to result in you signing for the transaction. If you think why shops are not using the chip and pin slots - I guess it’s human nature. People are used to the old method and there has been no incentive to force change. A good write up of the issues is at http://qz.com/717876/the-chip-card-transition-in-the-us-has-been-a-disaster/
What’s even more worrying is how shops in the USA are handling contactless. Shop staff have taken my card and tapped it on the pad. This is a logical extension of the current behaviour but is rife with fraud possiblities. I have no way to verify the amount and the staff could be wandering off to clone it.
This just shows dealing with the human factors is essential. People will accept less security for convience (until it goes horribly wrong)!