reliance on technology to combat fraudulent behaviour leads to a breakdown in the vigilance that is customarily exercised, thus increasing rather than decreasing the opportunities for fraudulent behaviour'. This was seen in shops, where chip-and-pin technology has made cashiers far less vigilant than they were.
Putrid poetry, dismal doggerel, extrava-stanzas...
"Tiddy Ogg" wrote
In what respect? What have they been failing to do?
I don't think that's possible, one chap in the US always signs Mickey Mouse as a ruse, I don't think anyone has once questioned it.
I bought some petrol and handed them my new card by mistake which I hadn't signed (naughty me, but the dates overlapped with the old card), the chap kindly pointed this out so I signed both the receipt and card there and then ;)
A male and female researcher swapped cards, and used them for a fortnight without query, despite the gender differencce. The argument is that they don't now bother to check anything on the card, relying only on the pin. But from Aztec's post, this was probably always so. The article also went on about pin numbers easily being discovered, simply by peeping over the shoulder, etc.
Putrid poetry, dismal doggerel, extrava-stanzas...
I have just checked my cards - two (Barclaycard and Amex) show no gender, two (Maestro, Co-op Visa) show Mr. My real christian name is one that can be male or female. Presumably the two researchers swapped PIN's as well? - isn't that against the T&C's of using such a card?
Isn't it also the case that fewer shop assistants actually get to handle the card anyway - certainly at rail stations and John Lewis they invite the cardholder to insert and remove the card.
Yes that's true, and that's regarded as a security feature... if you don't let the card out of your hand no-one can nobble it, but I simply quoted a fraction of the article.
Putrid poetry, dismal doggerel, extrava-stanzas...
I knew that our criminals can be trusted to keep up with technological developments.
Of course, cashiers are less vigilant, since if a C&P card is misused with a PIN, the shop is not liable. In fact, this is a great incentive for the crooks to set up a shop with a C&P terminal where they can use the stolen cards.
I wrote to three card issuers last year (Co-op Visa, Barclaycard and First Direct) asking them how I could tell a genuine C&P terminal from a fake one. I assumed that just such a scam would be used to harvest the PIN, together with the card number to make a magnetic strip card to which the thief now had the PIN.
All three denied there was any opportunity for fraud. I disagreed and asked all three to place details on my account of my concern etc. I later read that a magnetic card with PIN could still be used in most ATM's where the cardholder had been issued a C&P card, to get cash. I had cash withdrawals disabled on one of the Visa cards as a result. The other issuer would not do this so I had added to my record a note that I would never use the card for csash advances and that they should treat any such transaction automatically as a fraudulent transaction and suspend the account. They reluctantly agreed to add this detail to my customer record.
I am still not clear how to tell a genuine C&P reader from a fake.
This is a variant of the "irony of automation". For example when you automate a dangerous, but skilled process (like landing a plane) it becomes much safer. If the automation breaks down the human(s) in the process may not notice the problem until too late or they may lack the skill to recover from the error (because errors are too infrequent for skill and vigiliance to be maintained). The sensible thing is to design around this. For example, most airlines require pilots to land in good conditions (e.g., day) in order to maintain skill. Baggage scanners at airports throw up test images of bombs etc. to keep the scanners vigilent. I'm (almost) surpirised this wasn't considered with chip & pin and incorporated into the process.
Thom
I meant a genuine card reader operated by the crooks themselves or by a friendly shopkeeper for a share of the profits. The transactions would show as purchases, so it would not help if cash withdrawals were flagged. Having the card and the PIN, the criminals could make transactions up to your credit limit, and this way they could realise most of the money in cash, rather than having to buy goods and sell them at a fraction of their real value. It is perfectly safe for the shopkeeper, since he is not liable, it is a matter for you and the bank to sort out whether you were negligent or not, and I would guess you would have a hard time to convince them that you were not.
Perhaps because the true agenda wasn't security but liability?
They interviewed the researcher on the Radio and then had a response from an official rep of C&P. She said it was totally irrelevent because under C&P it was the cardholders responsibility not the shops' (or banks'). And she didn't make it much less direct than that.
As an aside to this. At my local Shell garage they now have C&P terminals which you put your card into yourself. The result is that for Stripe and Sig cards you swipe it yourself - sign the slip and the cashier never even sees the sig on the card.
This approach seems to have been operating in US supermarkets (grocery stores) for about the past 10 years now.
In message , rob. writes
Thats pretty useless then!
But at my Shell it isnt quite like that. 'Swipe' cards cant be swiped by the C&P pin pad, there is nowhere to 'swipe' them so the cashier swipes them on his 'swiper' in the normal way.
>
The slot for C&P cards is so deep on this particular device that the whole stripe is inside when you stick the card in. That way the process is the same for Chips and Stripes - except that once inserted the display says enter PIN or remove card depending. I guess it is to avoid confusing the cashier with two options. :-)
In message , rob. writes
Hmm, that would still imply that the magnetic strip is not 'swiped'. The mag strips cant be read whilst stationary.
Perhaps they are read as the card slides into the unit?
Anyway I am being asked increasingly to insert my card with chip into readers, even though I have to sign at the moment.
For this to work on a C&P terminal the card would need to be completely inserted which means you wouldnt be able to get it out despite there being a 'finger' cut out.
They still obtain the data from the chip.
Well the strip is completely within the reader. There is a gap to enable you to pull it out. It works with cards that have no chip so I guess it reads the strip.
PINs - being forced into using PINs with a credit cards when you can never be sure that your PIN hasn't been compromised should entitle you to a Chip and Signature Card and here is how:
My bank decided that it would prefer to give me a Chip & Signature credit card rather than have me comply with their T&C on the Chip & PIN card.
The terms of the C&P card required "cardholders to notify the bank immediately the cardholder suspected anyone else knew their PIN" - the banks words not mine. I pointed out that everytime I used the card in a store I must suspect that someone knew my PIN (shop assistant, customer behind, CCTV camera operator). Even if I shielded my PIN I could not be sure nobody knew. Therefore I was duty bound to call them and advise them of my suspicion and they could take what action they deemed necessary.
The T&C did not specify what action they would take and I would not insist on any. When they told me that the automatic action they would take was to cancel the card and re-issue it, the penny then dropped with the bank that they could either issue me 50 plus cards a year or issue a C&S card.
The thing I found interesting was the bank commenting that they didn't expect people to read the T&Cs. I wonder why.
"If you forget your PIN, many retailers still let you sign. But this option will end, unless you have a disability that stops you from using a PIN." WHICH? September 2005. OR you comply with the card issuers own Terms & Coditions!
If you think this positing will help someone you know who has difficulty or issues with PINs or PIN pads then let them know!
BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.