Devil's Advocate: The problem with chip-and-PIN

New chip-and-PIN cards require you to punch in numeric codes rather than sign your name. The problem with this emerging technology, according to Martin Brampton? Keeping track of all those PINs.

The banks have started to send me chip-and-PIN cards along with colour brochures explaining how wonderful this new technology will be, and how it will not cause me any difficulties at all. Am I alone in worrying that the reality may not be so rosy?

Like everybody else, I have a bank card that is used to get cash from a hole in the wall. To do that, I have long had to remember a PIN and to try to keep the card safe. But I also have a number of credit cards. Usually, I have taken the PIN notifications for credit cards and thrown them away unopened.

Now I know that psychologists assure us there is no practical limit on how much we can remember, so it is not that putting another number in my memory will simply force another one out. But I do know from experience that when I don't use a password or PIN for a while, I simply forget it. Or, just as bad, I fail to remember which of several it might be. And most PIN-based systems allow a limited number of tries before preventing you from logging in.

In fact, I can remember the PIN for a credit card that I no longer have. What use is that, you may ask? Well, it stuck in my mind because I thought it was the year in which Columbus discovered America. That is the kind of thing you are supposed to use to help remember numbers. It can easily backfire, though. I am not confident that I really know when Columbus discovered America, so if I forgot the number and attempted to look in a history book, the answer might not be my PIN.

One thing the banks offer to make life easier is the ability to change PINs. Well, they make it a bit easier. It may involve a certain amount of travelling around, as some banks stipulate that you can only change a PIN at a branch of the bank, not through just any old cash machine.

Being a modern man, I naturally rely on internet banking. It works so well that I have never visited a branch of my current bank and have only telephoned a couple of times in five years. Everything else has been done through the internet.

Since my excellent internet bank has only a few branches, it will be something of an expedition to find one. And I will have to better organised than usual, if I am to arrive at the machine armed with all the relevant cards and their various PINs.

Still, if I persevere, in time I can have every card set with the same PIN. Of course, there are still the PINs for my mobile phone and some of the online services I use. Well, maybe I could get them all into line eventually.

A new worry occurs to me, then. If I have everything secured by a single PIN, how will I fare if a malicious person finds out that number? The banks assure me that the keypads I will have to use for chip-and-PIN cards are designed so that nobody else can see what I am keying. Published pictures look rather less reassuring and I remember stories about thieves who have installed miniature video cameras on cash machines.

I suppose if there is a danger that somebody knows my PIN, then all the cards could be cancelled. Will I be able to remember all the things the PIN applies to, though? If things go wrong, one the first things the banks ask is whether anyone knows my PIN. What will I say if I am not sure?

Maybe I am poorly organised and everybody else will manage these PINs without difficulty. One thing that makes me doubt that is the way people use the ever-popular PDA. The single most common PDA application is one that stores a selection of PINs, usually in plain text with no password protection - hardly the perfect solution to the problem.