ATM fraud and C&P

True, but can a chipped card be cloned and used in a non chip reading ATM? (An ATM that reads magstrips only). If so this makes every single credit card that now has a chip (and PIN) vulnerable to fraud at these type cash machines at home or abroad.

On the other hand if you don't have a PIN!!!!!!! and a Chip and Signature instead then forget ATM fraud.

$4&sSheet=/money/2004/11/20/ixfrontperson.html "If you do become a victim of cash machine fraud, you are entitled to a refund on any money stolen, provided you have not been negligent. Ms Smith said: "For example, if someone wrote down their Pin and kept it with their card, which was then stolen or lost, the bank would say they were liable for the loss."

Not only should you get your cash back, but you should also get back any interest lost on your account and any overdraft fines. However, it can take between 10 days and six weeks to have your stolen cash refunded, and some banks are taking even longer as the number of cases increases."

For cash machine fraud read 'any type of PIN' based fraud.

Will banks start asking 'how did someone acquire your PIN? What other practice could be considered 'being negligent' with your PIN. Maybe not changing ALL your cards to operate with the same PIN, or if you don't change your PIN regularly (as is good practice with passwords), or if your written down PIN is thinly disguised?

Bottom line is, if you don't have a PIN you can't be negligent with it or held liabile for it's misuse.

In message , Tumbleweed writes

We seem to be going back a few threads here. PINS have been stored on the card form the outset.

In that case why do ATMs accept cards, ask for and accept a valid pin and then refuse to continue the transaction because the card is not a type / financial institution that the ATM will do business with?

James wrote: ...

It is of course utterly impossible to prove you haven't divulged your PIN - and the banks afaict seem happy to say the mere use by someone else is enough to prove the customer's negligence ("our systems are secure, Sir").

Indeed. Which is why my wife and I have chip&sig cards. I forget the last either of us needed an ATM - there's so far been no problem relying on cash-back from retailers.

That in itself doesn't prove anything. However, if you know of such a machine you might try your card in it and enter the wrong PIN -- then come back and tell us what happened.

Matti

"Mike Scott" wrote

Why do you think that matters? Do you think that 'the banks' are above the law?

The customer, I am sure, could also be "happy to say the mere use by someone else is NOT enough to prove negligence ("I have *not* divulged my PIN, Sir")."

What either side is "happy to say" won't necessarily be the winning argument in court!

Are you saying that chips never fail? It should be up to the retailer to accept or decline the card, knowing that he/she might bear the costs if it is fraudulent.

It proves:

1. That all finacial instututions have the knowledge of the correct pin stored in their system and not on the card.

1. The pin is stored on the card.

Conclusion:

1. Very unlikely,

1. Very likely.

Some time or other when I can be bothered I might try. Why don't you try?

No, of course not. But the one or two cases lately that I've seen some details of suggest that there are problems: in effect, the banks seem to say their systems are secure so it's the customer's problem; yet the customer (a) cannot prove he isn't at fault, while (b) the banks' systems appear to be considered proprietary and are not examinable fully by the customer in court - so the customer cannot prove the bank to be at fault. It just seems (and maybe my bias is showing) that the banks want it - and can have it - both ways. I stand to be corrected if anyone can show otherwise from a real case.

There was, however, some discussion of probabilities in another thread. AIUI, the bank only needs to show the customer "probably" (ie >50% chance) divulged their PIN somehow; others' opinions differ though, I have to admit. I'm neither lawyer nor statistician - just a worrier :-(

No. More likely "happy to pay" I think.

Without a hint of irony, john boyle astounded uk.finance on 20 Nov 2004 by announcing:

No.

Without a hint of irony, Henning Makholm astounded uk.finance on 19 Nov 2004 by announcing:

Because the PIN you entered was encrypted and sent online to your issuer for authentication. UK transactions do not use online PIN.

Without a hint of irony, john boyle astounded uk.finance on 20 Nov 2004 by announcing:

No, they haven't. Where do you imagine they have been stored? On the mag stripe where anyone can read it?

Without a hint of irony, the_black snipped-for-privacy@crapbin.org.uk astounded uk.finance on 20 Nov 2004 by announcing:

ATMs contact the issuing bank to verify the PIN.

However likely you think it is, you're incorrect. PINs are not stored on mag stripes.

Without a hint of irony, Henning Makholm astounded uk.finance on 20 Nov 2004 by announcing:

And those transactions have almost certainly been processed online.

In message , Alex writes

Yes. Dont forget its only relatively recently that ATMs have been 'on line'. See my numerous posts passim.

In message , Alex writes

No they dont.

Yes they are. Dont forget that ATMs, originally, were not 'online. And only contacted the banks network at various times during the day. We have been over this numerous times before.

In message , Alex writes

Please explain how offline ATMs worked then.

Without a hint of irony, john boyle astounded uk.finance on 20 Nov 2004 by announcing:

Your previous posts are irrelevant if they claim that PINs have been stored on the mag stripe. This has never been the case in the UK.

Without a hint of irony, john boyle astounded uk.finance on 20 Nov 2004 by announcing:

Yes, they do.

No, they're not. Would you care to inspect the ISO standards and the actual card scheme specs?