Comment Re:Why? Nobody uses NFC payments (Score 1) 187
The card itself is indeed capable of verifying the PIN, which is used for online banking and payments (at least it is in the Netherlands). Online banking uses one-time passwords (OTP), generated by a small dongle into which the bank card is inserted. The card's PIN has to be entered on the dongle every time in order to generate an OTP, and the card will lock out after 3 incorrect PINs have been entered. It's not bad, but a pretty good system since the PIN never has to be entered on a computer, only the OTP is entered and that cannot be used by key loggers for replay attacks. The system is still vulnerable to man-in-the-middle attacks but in principle you can more or less safely do your online banking from, say, a web cafe in Bangkok, if you are careful (only do one transaction per session, end the session and contact your bank if you receive an "incorrect OTP" error).