snipped-for-privacy@tiscali.co.uk wrote
Well, isn't it?
Try telling your bank that you think you've lost your wallet with £50 in, and asking them to cancel those notes and send you replacements in a few days. ;-)
Judge for yourself:
Alex Harvie lost nearly £2,000 after her card was stolen while she was sitting in a cafe.
Her bank refused to pay the money back because the fraudster entered her PIN number correctly every time, despite the fact that Ms Harvie had never used the number herself.
Video clip from ITN News:
Why Won't Bank Believe Me?
Ross Anderson said: "The problem at its heart is one of liability.
"The banks have used Chip and PIN to shift responsibility onto the consumer."
At 09:19:36 on 02/07/2006, snipped-for-privacy@tiscali.co.uk delighted uk.finance by announcing:
Has this been through the ombudsman yet? No, it hasn't.
In message , snipped-for-privacy@tiscali.co.uk writes
?? Its Sky actually
None of the above relates to changes as a result of C&P, they are both magstripe fraud.
Sorry John, should have read SKY news:
Card Cloning - Your right it has nothing to do with at least the Chip part of Chip & PIN. It certainly has something to do the the PIN part. As all UK issued cards are hybrid, Chip, PIN and Magstrip, they are ALL vulnverable to cloning, and the cloned card used with a PIN at ATMs, home and abroad.
Re the Sky News Case, this is what Prof Anderson said on You and Yours, BBC Radio 4, Monday 19 June 2006.
"Now it is increasingly apparent that Chip cards are being used without the PIN having been compromised and there is a relatively straightforward technical way of doing this, which you copy the details from one Chip card that you've stolen and whose PIN you don't know, to another Chip card whose PIN you do know. This is now a big deal in France and it may well be that the Alex Harvey case is the first incidence of it happening in the UK."
At 09:52:13 on 03/07/2006, snipped-for-privacy@tiscali.co.uk delighted uk.finance by announcing:
And as soon as the banks switch to DDA this will completely eliminate that particular avenue (which is only open as long as a transaction stays offline anyway).
Shouldn't card issuers have a duty of care to their cardholders, by telling them what sort of Chip they have in their card?
Or a duty of care by informing cardholders if they've used their card at suspect ATMs or PIN entry device?
The cardholders PIN could have been compromised and they will never know.
Upgrading to DDA won't solve the problem, merely displace it. Before you say this and rightly so, displacement is never 100%
At 18:08:26 on 03/07/2006, snipped-for-privacy@tiscali.co.uk delighted uk.finance by announcing:
"Mr Jones, you have a SDA card." "Oh, right. So what?"
What possible difference will it make to the cardholder?
That would be nice.
That depends on which problem you are trying to solve. It will completely solve (for the time being) the problem of recording and replaying transactions which seems to be Prof. Anderson's main complaint right now.
]
Fore warned is fore armed. Mr Jones might, just might, be a wee bit more reticent with his statements, if he has a SDA card.
If he did fall victim to fraud, then more strength to his elbow if he was disputing PIN misuse
I would say the good Professor's main complaint is one he quoted on ITN, and I would agree. This is not verbatim, but as I recall.
"The police should be investigating the banks for defrauding the public into thinking Chip & PIN is safe".
If the industry can't guarantee PIN integrity, how can they hold anyone liablie for disputed PIN misuse?
In message , snipped-for-privacy@tiscali.co.uk writes
For a Prof you think he would be more objective. He fails to acknowledge the different C&P system in France in which cloning is relatively easily done, unlike here, and he relies on the words 'it may be'.
He is scaremongering about C&P. he should be calling it straightforward magnetic card fraud.
wrote
You've (finally!) hit the nail on the head -- no-one can guarantee PIN integrity, which is why cardholders aren't automatically liable for all PIN misuse.
So - now what's your problem with C+P?
well mine is, that by their changed behaviour, banks now behave as if they hold cardholders responsible. Hence all the stories we are reading about the lengths people have to go to to reclaim their money, something which wouldn't be true if it was all as rosy as you and JB seem to think.
...
If that is his case, then it's undermined by the fact that France has largely (in my experience) upgraded their systems to the EMV one.
Quite.
BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.