As Bruce Schneier is always talking about, sometimes real world security protocols are far more flawed and hackable than computer ones. Sometimes they are plain badly designed. And sometimes they are well designed, but reveal more about a companies priorities than they intend to.
Before I went on holiday, I went to get some Swiss Francs from Travelex. When the lady behind the counter asked me how I'd like to pay, I said through debit card. She then told me I would need photographic id, which was a pain, because I didn't have any on me. She then told me that if I wanted to pay in cash, then she wouldn't need ID.
So I didn't use my debit card in Travelex, and type in my PIN there (the UK now uses Chip and PIN rather than signatures to authenticate purchases). Instead, I walked 400m to an ATM, used the same Debit card and same PIN to take out £100, walked back to Travelex with the £100, and then used the cash to get some £100 worth of Swiss francs.
So the puzzle is this - given that I would have used the same card and same PIN in both situations, what possible reason was there for Travelex to be happy with doing this second method without ID, but not the first? Read on for my suspected answer, or think about it yourself for a minute...
I think there was no added security, just an exchange of risk. Consider if it had been a stolen card and PIN. If I had just used the card at Travelex they would have taken some liability. By forcing me to walk to the ATM, if the card had been stolen, the ATM would have taken some liability. In order to take this risk of liability, they require photographic ID to reduce their risk. So instead, they gave me the risk of walking through the streets of London with a lot of cash. As a result, the transaction was far more anonymous, and so more vulnerable to money laundering, and I was at more risk of being mugged, but neither of those hurts Travelex.
Of course, this is very sensible of them. The best solution is for me to carry photo ID.