Old people were brought onto the internet in the 90s with radio 2. It's 20 years later now - anyone working in the
I wonder if young people are less concerned about bank security because they don't have much in the way of money. That said, just because you don't do online doesn't mean you're safe
http://www.bbc.co.uk/news/uk-england-manchester-38080102
When I make a payment from my bank I need to provide my bank card into a local card reader. I have to have the reader and my card, and know my pin number. With 'old technology' you just need to squiggle something on a dead tree.
I mean, CHIP and PIN (or EVM as its known in technical circles), is not that much more secure. In fact online banking is likely more secure (seems perverse, doesn't it). Basically, Chip and PIN is now ancient (in tech terms, it's from 1997), which means that
a) People have had a long time to break it
b) It works off of old data request protocols, which are laughably simple (the sort that gave us heartbleed, where the first n bytes tell you how many more bytes to request).
In terms of security, your best bet is contactless card payments, because you physically need the card for it to work. Chip and PIN works by the Chip and PIN machine requesting the details from your card, using it to connect to your bank, then asking for authorisation using more details from your card. In fact, there's a setting called "PIN not required", which is basically there for people who are unable to use a PIN pad. The cashier or whoever, has to enter a code into their PIN machine and that allows the transaction to go through without requesting a PIN. All a fraudster needs to do is:
1. Get your bank details (no card needed, just a good old rummage through your bins).
2. Create a simple machine that gives your bank details to a PIN machine, but when presented with a PIN, returns the code for "PIN not required" to the machine when presented with a false PIN.
3. Then, the transaction goes through as a bundle to the bank, who authorises it.
With contactless, the card makes the transaction. The machine is there as a network port functionally. It powers up the card (like an Oyster card) and gives the basic transaction details to the card. The card itself then creates the transaction, which
it sends to the bank.
This is way more secure, because
a) At no point does a foreign machine have your bank details.
b) You physically need the card.
Anyway, diversion over.