While Chip and PIN has many advantages, operational issues surrounding the technology making it unlikely to prevail as a worldwide standard for identification authentication, according to Peter Cullen, chief privacy strategist for Microsoft this week.
"Chip and PIN is great, but there are some operational issues with it," said Cullen, in an interview with ZDNet UK. "What happens if I lose it, for example? Does that mean that I am left stranded?"
Cullen believes that issues like this will mean that the future will lie with "multiple different types of solution" offering different methods of identification and verification, rather than with Chip and PIN. Many UK banks use Chip and PIN today to let a customer submit a secret number to authenticate a transaction, rather than their signature.
"In other parts of the world, they are looking a two-factor authentication," said Cullen. "In places like the US and Canada, Internet banking tends to be rolled out without the use of smartcards. They just use password and user ID."
Cullen firmly believes that no single authentication solution will win out and that users, customers and organisations will continue to be faced with multiple solutions, which means both the industry and that the system itself needs to be able to handle multiple technology solutions.
"It has to be very interoperable as opposed to one single solution. We think that is the answer," he said.
Microsoft has helped design a set of principles collaboratively with others in the industry — "Even people from the open source community," Cullen pointed out. "As a result of that, all of our technology solutions will actually meet those standards," he promised.
Meanwhile, Cullen says dealing with phishing is a major priority. "The next version of Internet Explorer will have more advanced ways in which users are warned when something looks like a suspicious site" he says.
But while the software will warn the user, it is Microsoft’s philosophy that the responsibility for dealing with threats lies with the user. "What the download blocker [in XP Service Pack 2] does, is alert the user that there is something that someone is attempting to download, gives them very clear information about who it is that is attempting to do this and allows the user to make the choice. That is the way we will approach phishing as well."
To read the full interview with Cullen, click here.
Talkback
What a bunch of tight arses, theres enough money around to swallow the costs of Biometrics. Here in the UK and EU, even the US citizens Passports are GUARANTEED to have biometrics, and the proposition in the UK to have ID cards extends this to everybody.
So it is just business that is dragging behind, every other incrememntal type of security method like Chip&Pin is just leading up to the innevitable.
Just go for biometrics, build them info mobile phones, ATM's, and cars, make the technology ubiquotous in society and then it'll just work.
Sigh, as usual the real solution to a problem lies not within technical answers alone and involves fighting causes rather then symptoms across all aspects involved aimed at the short and long term. For one, taking responsibility and placing responsibility there where true differences can be made for the common good are usually good indicators.
Biometrics won't solve anything. They just add to the cost. Organised crime has the money to circumvent biometrical systems, so in the end it won't make one bit of difference since the people who are trying to get your personal data will still have the wherewithall and means. It's like using no right click scripts on webpages to protect images from being saved to disk - those who know the technology can easily get round them.