The BBC news site has a story about ATM fraud being 85% up, largely due to the ATMs being tampered with in order to 'skim' the card and eyeball the PIN entry.
Matti
photo / video ?
the assumption seems to be that the chip cards are more expensive / more difficult to replicate.
Phil
No. There was a thread a while ago around this: "Chip and Pin - More secure for who?" (and perhaps my note on this group "chip & pin, fraud and citibank/dci case" is relevant; there were no followups though :-().
What happens is that if a fraudster uses a signature, it's deniable, the bank has to admit there's been fraud, and gets to pay: unhappy bank. If he uses a PIN it's not easily deniable, the bank claims its systems are secure, the customer gets to pay, and if unlucky also gets prosecuted for attempted fraud: happy bank.
Can *you* prove your PIN entry isn't being monitored?
You might like to look at
If C&P cards can't be cloned economically then APACS is correct, I assume. But is that the case?
Matti
Matti Lamprhey wrote: ...
I think most of the comments apply in any situation that needs a PIN, be it ATM or retailer. There are two dangers: PIN "read" somehow, and criminal steals card (already happens at ATMs. C&P no cure at all for this) or PIN and card details read and card cloned. I agree this will be harder with a chipped card, but there are some bright criminals out there who'll be happy to invest in some sort of Far Eastern chip cloner I'm sure.
I've wheedled a Chip & Signature card from the bank. Cure for all ills: doesn't work in an ATM (which suits me) and needs a signature at a retailer.
A major problem in my mind is the banks' attitude, that their systems are totally "secure", and AIUI apparently the courts are happy to accept this (in spite of happenings such as that from Cahoot (?) this week :-)). I read somewhere that in the States they've actually got something right, in that the bank has to prove a customer divulged a PIN improperly if there's suspected fraud. It is of course totally impossible for the customer to prove he didn't. So the comment "if you are a victim of card fraud you will not suffer any financial losses as long as you haven't acted negligently" isn't worth the breath to say it, when mere use of the PIN by another is itself taken as proof of negligence.
"Mike Scott" wrote
No need - "Innocent until proven guilty" !!
Now, can *you* prove PIN negligence?
"Mike Scott" wrote
That could only be the case if there was absolutely no way **at all** of guessing the PIN. We all know that 4-digit PINs can be guessed first-time, 1 in every 10,000 times - let alone after 3 guesses!
its an arms race. Given time they'll come up with dummy chip & pin machines
Phil
I doubt your bank cares since from next year they won't be liable for any loses if the retailer isn't using C&P, so you have to ask whether your card will still suit the majority of retailers who will be directly liable.
Az.
An interesting issue. But the C&Sig cards are intended really for the disabled; and you're not allowed to discriminate against the disabled. So retailers I think in effect *must* take the C&Sig card.
Not in a civil court.
Don't have to. It's a balance of probability thing. There's a 1 in
10000 chance of guessing a PIN (ok, better as you get 3 goes; it's still small). So if a PIN is used, which is more likely: PIN has been guessed, or known PIN was used?I wouldn't fancy trying to argue the finer points of statistics in open court: on past performance, I'd say they've been sadly misunderstood by legal types (and a certain paediatric "expert", who should have known better).
I posted the following on the UK Legal - Chip & PIN string: Cash Machine Fraud up 85% to £61m during the past year.
This also appears on the net: "That doesn't match the evidence in countries that have been using PINs at store terminals for payment. Muggings outside stores in Madrid went up 300% on the introduction of these systems. "
Who walks about with Thousands of Pounds in their wallet? - You do if you have PIN with your high value credit card!
A chip and Signature Card is an option - a very safe option IMHO James
"Mike Scott" wrote
The **MOST LIKELY** occurrence is that the PIN was "shoulder-surfed" at a C&P terminal - and that is simply down to the industry's application of the technology (lack of shielding etc). Hence, the card companies are more liable than the consumer!
"Mike Scott" wrote
Possibly *only* if the consumer is disabled. Are you?
Not obviously :-) But I don't think retailers can afford to ask too many questions - the risk of giving the 3rd degree to someone who is - but non-obviously - disabled would be high, and potentially costly.
We shall see next year.....
Wouldn't that be discriminating against him if he wasn't?
^^^^^^^^^^^^^ That's fact (give or take some rough statistics)
^^^^^^^^^^^^^^^^^^^^^^ That's opinion. With which I'd happen to agree in general - and hate to have to prove in a court of law.
There was the citibank/dci case last year. I never did find out the outcome. IIRC a South African couple being clobbered for ~£10000 "they spent" according to the bank. Looked like it was going the bank's way.
Too many false attempts and the card locks itself.
No, they just can't discriminate against the disabled. Is pressing buttons harder than signing something then if you're disabled? I guess it depends on the disability.
The disability in question is the difficulty in remembering random numbers without having to write them down.
BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.