
@Anonymous Coward
Ah, you work for a bank. That explains a lot.
Of course banks have an absolutely outstanding record on security, don't they?
I actually get eMails from my bank (genuine ones) asking me to log on to my account and providing a useful link to do so. Basically they look like phishing emails. In the light of the phishing problem banks *should* cease all email to their customers and broadcast that they will never email you as widely as possible so that their customers will know that *any* email purporting to come from their bank is a scam.
Do they do that? Not a chance!
So chip and pin is secure, is it? Try doing a quick Google for "chip and pin security"
A lot of stuff there, isn't there? And a lot of it by people who appear to know their stuff, too.
And you don't have to change the pin on a genuine card. Creating a forged card that will validate against *any* pin would suffice.
This makes interesting reading:
http://www.bbc.co.uk/consumer/tv_and_radio/watchdog/reports/insurance_and_finance/insurance_20070206.shtml
Then you have to take into account the difference in scale. A compromised bank cards allows the crook access to a single account. A compromised ID cards will allow wholescale identity theft. The 'thief' will be able to do anything that requires the use of an ID card in the victim's name. That includes crime and activities associated with terrorism.
This makes the forging / cracking of ID cards several orders of magnitude *more* valuable to criminals and terrorists than cracking a mere chip-and-pin debit card. That means they will put several magnitudes more *effort* into circumventing them. Can you *imagine* the black market value of forged UK ID cards?
And the other issue with ID cards has a direct relationship with chip-and-pin cards. If a chip and pin card is compromised then the burden of proof is now placed on the customer to prove it. This is almost impossible to do as, as you believe, chip and pin is 'infallible' (even though it has been demonstrated that they are not). OK, so you get ripped of as in the Watchdog article and your bank account gets cleaned out. Nasty, but not the end of the world.
Now assume a similar thing happens to your ID card. The 'authorities' have a similar delusion about the security of these cards to banks have about chip-and-pin. This is nicely demonstrated by the rhetoric of various Gov't ministers. So someone produces a fake ID in your name and uses it in the course of a crime or act of terrorism. There you are, up before a judge and jury all of whom believe in the infallibility of the ID card system. What do you think your chances are of walking free?
And stop using the 'boffin' icon for 'Janet and John' postings, it's very misleading.
And you can't take anyone who posts as an AC seriously, anyway.