Obviously on an IT site ...
Obviously on an IT site, most of the issues raised have been about the various IT (in)security issues. But the WHY behind it has not had too much of an airing. Given the similarity with Chip & Pin, it is quite clear that the banks are, yet again, absolving themselves of any liability. When signatures were used for verification, then the person who accepted the fraudulent signature was liable for the loss, as set out by law (in the UK anyway). Now that PIN is the verification, that law no longer applies, and the cardholder is completely at the mercy of the issuing bank. How on earth can you PROVE that you have not inadvertently let slip your PIN? To the kangaroo court that is the bank's security department. Bank fraud is not a police issue any more.
This trick is so similar to Chip & Spin that it is unbelievable! How can those who were automatically signed up by the Co-op/smile prove that they did not tell anyone else their mother's maiden name? It just takes a couple of enquiries to Somerset House to find that out! As Ross Anderson's crew at Cambridge keep pointing out:- Until the banks are financially responsible for the consequences of their poor security, there will continue to be poor bank security. Just for background reading try:
http://www.chipandspin.co.uk/
http://www.lightbluetouchpaper.org/2008/08/05/card-wars-the-phantom-menace/
http://www.phantomwithdrawals.com/
Of course the banks are doing their best to eliminate cheques. For the person who enquired above about arrangements before plastic, we used cheques and cash. So cash will have a resurgence for a while. How long before it is forbidden and then TIA/Matrix will have all the transaction information in the Government's hands?