Until the introduction of Chip and PIN, all face-to-face credit or debit card transactions used a magnetic stripe or mechanical imprint to read and record account data, and a signature for verification. Under this system, the customer handed their card to the clerk at the point of sale, who either “swiped” the card through a magnetic reader or made an imprint from the raised text of the card. In the former case, the account details were verified and a slip for the customer to sign was printed. In the case of a mechanical imprint, the transaction details were filled in and the customer signed the imprinted slip. In either case, the clerk verified that the signature matches that on the back of the card to authenticate the transaction.
The magnetic of mechanical imprint systems proved reasonably effective, but had a number of security flaws, including the ability to steal a card in the post, or to learn to forge the signature on the card. More recently, technology has become available on the black market for both reading and writing the magnetic stripes, allowing cards to be easily cloned and used without the owner's knowledge. A further disadvantage of these systems is that they do not allow for Card Present (CP) transactions for on-line or over the telephone purchases, as there is no way in such a remote transaction for the merchant to be able to satisfactorily verify, according to payment card company standards, that the cardholder was actually present at the time of remote order placement. This is a disadvantage for merchants providing remote order placement, as transaction fees for CP transaction are lower than for Card-not-present (CNP) transactions.
Due to the exploding popularity of on-line shopping in recent years, CNP transactions, where neither the card nor its holder are physically present at the point of sale with the merchant (e.g. orders by mail, telephone, fax or the Internet) are becoming more common and increasingly popular with customers. Unfortunately, CNP transactions are also appealing to criminals because you have no opportunity to physically check the card or the identity of the cardholder, there is always some risk. The fact that a transaction is authorised and an authorisation code is issued does not guarantee payment, it simply means that the card has not been reported lost or stolen and that there are sufficient funds in the account at the time of authorisation. It does not guarantee that the address given to the merchant by the cardholder during the remote order placement is correct. If the sale is fraudulent, the full amount may be charged back to the merchant.
Even for face-to-face transactions using chip and PIN enabled cards, where the customer and their card are with them at the point of sale, a further disadvantage with this is that the customer must use the keypad of the merchant terminal to enter in their PIN information. Fraudulent incidences are on the rise where PIN information has been stolen through the use of fraudulent merchant terminals designed for this purpose. Accordingly, cardholders are currently experiencing a decreased sense of payment security, especially in those situations where the merchant is considered by the cardholder as possibly suspect such as in foreign countries or for stores in which the cardholder is unfamiliar.