I would suggest that any Card with a PIN is a must have for a fraudster. Why? Because they can use one without ever being challenged.
There's definately safety in numbers - for crooks!
If your a victim of card fraud ask yourself this. Would you rather it was committed with someone using your signature or PIN. You can always challenge a signature but how can you deny that you weren't negligent with your PIN?
Unless you wish to draw cash at an ATM with your credit card Opt for a Chip & Signature Credit Card - you know it makes sense. You can even be supplied with a debit card which doubles as a cheque guarantee card and can be used at banks ATMs only (which in the event of a disputed transaction are covered by CCTV).
Alternatives are available. Worth thinking about - just look at high incidences of cash-point fraud where PINs are required!
The real sad point is that credit cards becuase they are retaining magstrips can still be cloned and used with a PIN at non-Chip compliant cash-machines.
Yep a Chip is more secure but from the cardholders perspective only if chip reading terminals are universally mandatory and in situ.
Whats to stop a crook cloning a chipped credit card (becasue it retains the mag strip) and using the cloned card with a genuine PIN in a non chip compliant cash-machine at home or abroad?
Several banks responded (reported in the news) that they were increasing the use of CCTV at banks own ATMs.
Unless you want to use a credit card to with draw cash at a cash-machine why have a PIN? Chip & Signature Cards are an option - I presently have two.
A bit bored and a bit nervous I sat with my LLoyds TSB debit card fiddling with it (the card that is !) and the chip "insert" came loose and separated around 90% of it's periphery.
The chip had come completely loose on my previous card. (Yes I do fiddle with "it" a lot.)
Suddenly remembering that some places were already using the chip (but not pin) I hurredly pushed it back into its hole in the card. Next time I came to use it it worked just fine.
What is secure about a system whereby the chip could be removed and retained by an operator and replaced by a dud ( it would take ages to discover) and the functioning chip taken away to be dealt with at leisure?
You can insist on following the card to the terminal. After all, many (all?) credit card agreements actually say that you should never let the card out of your sight!
Would (or should) it not work the same as in French restaurants where the waiter brings a portable terminal to your table? So that you retain possession of the card at all times.
This (fake terminal intercepts keyed PIN, card then stolen) is also my big concern about chip & pin, because the onus will now be on the cardholder to explain how the PIN became known -- and how is he expected to do so?
I've e-mailed my card issuer about this and it will be interesting to see their response.
It could have been avoided by the "enter digits 2, 5, 7 and 8 of your PIN" approach. Is there anyone here who knows why they rejected that?
At a guess, the focus groups and usability labs will have discovered that the average punter is too thick to get this right often enough to make it worthwhile. After all, plenty of people have enough trouble remembering a four-digit number, let alone select any four from an 8-digit number. They have to strike a balance between `too short to be useful' and `so long that people write them down'.
I was once phoned up by someone who claimed to be from my bank, who tried to take me through security clearance (`second and fourth digits of your PIN, please). I objected because she could have been anyone, and she gave me the opportunity to call back in, which I did. We went through security clearance, and she asked me if I wanted a [bank X] Visa card. Sigh. So now, not only have I ranted and railed to the bank about avoiding completely unnecessary security clearance (after all, she could have asked me if I wanted the card and gone through it if I'd said yes) but I have a codeword lodged with my account record (shipped by the bank's `secure messaging' service) that I get to ask them for, if they call me. So, in the end, I was moderately impressed.
But I still don't fancy trying to argue the `not my transaction, mate' thing with the bank once C&P becomes the norm.
Well lets see, the press have been full of stories about how millions of OAP's cant remember a single 4- digit number for their new pension arrangements, many more millions of people cant remember the several 4-digit PINS for their multiple credit cards, half the population cant set the timer on their VCR, and you want an 8-digit (at least) number with random digits chosen? Nope, can't think why they rejected that.
Instead of worrying about ludicrously far-fetched hi-tech attempts to intercept a PIN (just *where* is this fake terminal? How did you install it in the supermarket? How come the shop didnt see it being installed?who is it who follows the person home and steals the card, the cashier???that'll make you a bit suspicious wont it?) , worry about low-tech ones, such the "Mk
1Eyeball" (have you seen the C&P PIN terminals?) and even then you've still got to steal it.
When was the last time anyone actually had their signature scrutinised or was asked for supplementary ID?
Chip and Pin has to be safer than passing your card over to Debbie and asking for 50 cash back while she ignores you because she's telling Shaz what she's wearing to the party this weekend!!!
Me thinks if you do a search in Google you will come up with lots of examples of different methods crooks are using to acquire PINs, PINs & Cards etc.
If you don't believe the media on the high incidences of Cash Point Fraud then have a look at the official figures - a 34% rise in fraud at ATMs.
Card Fraud The Facts 2004
formatting link
Here is one example from a Google Group:
A friend of mine has an Alliance and Leicester account. He recently discovered that £500 had been taken out from his account using his cash-point card and pin. He has never disclosed his pin to any 3rd party and is still in possession of his card.
He reported the matter to Alliance and Leicester who told him to report the matter to the Police.
When he spoke to Coventry Police they asked him whether he had used his cash-point card at HSBC, Walsgrave Road, Coventry last Saturday. He said he had and asked how did the police know this? At this point, he had not told the police where he had used his card or given them any account details.
The police have told him that they have had numerous reports of people using HSBC, Walsgrave Road, Coventry last Saturday and then discovering that their card has been copied and the card being used to withdraw money at cash-points in Birmingham.
Apparently, the police have a large number of transactions to process from numerous card holders so it may take some time before they get back to my friend.
Does anyone know what is going on? Has anyone any experience of this happening to them?
Graham
If you really have concerns over having a PIN with your card and you never use a credit card to withdraw money then here's what you can do:
EGG:
Do I have to have a Chip and PIN card? Yes. All your credit and debit cards will be replaced with Chip and PIN cards over the next two years. If you feel there are circumstances why you cannot use a Chip and PIN card and you'd like to be issued with a signature Egg Card instead, please get in touch. We can review this on an individual basis.
NATIONWIDE. Chip and PIN technology and disabled people Chip and PIN technology will have benefits for many disabled people. However, a small number of people may find it difficult, or impossible, to use a PIN. Customers in this position may request a Chip and Signature card to allow them to use their debit or credit cards without the use of a PIN. This card will allow people to continue to authorise transactions by signature. If a disability prevents you from using a PIN, please ask for a Chip and Signature card. Your local branch will be pleased to help you, or contact Nationwide's Call Centre on 08457 30 20 10
I've got Chip & Signature Credit Cards from both of these card issuers. Reasons, I have great difficulty remembering seldom used numbers and taking card issuers advice I do not write my PIN down anywhere.
...none of which involve someone fitting an additional terminal to capture the PIN in anything other than an ATM, something that happens today without C&P cards. Never seen a report of a fake terminal in, say, a restaurant, have you? If the waiter is crooked he can today just take a copy out of your sight. And today the cards can be cloned so there is a point to doing it, but not with a C&P card which cant be cloned(yet?). With a C&P card, the waiter could either do what you suggest which is devise and build, or obtain, a high tech expensive bit of hardware which somehow connects onto the real terminal, or do what I suggest, which is look as you type the PIN in.
Nothing to do with the point under discussion,and not in dispute (thats the reason why they are introducing C&P!) I just pointed out that your ludicrous high tech supposed method of capturing PINs has at least one other much simpler way of getting it, looking!
The significant change with C&P is the way the onus of proof is going to move to the cardholder to show that he hasn't disclosed his PIN. When you report a card stolen and the banks find that it has been subsequently used, they will say "Aha -- you must have been careless with your PIN; therefore we don't have to compensate you for the loss." This wasn't a problem with signatures.
Most PIN acquisition is going to be done by overlooking the keying process, of course. Some will be achieved by noticing the piece of paper which the little old lady uses to remember her PIN going back into her pocket, and simply picking it out again. Some will be done by high-tech means, tampering with portable terminals without the knowledge of the retailer. C&P represents a huge saving for the banks, partly at the cost of criminals and partly of innocent cardholders.
Perhaps you could explain how this tampering would be done, and what the crimimal (a staff member?) would do once they had the PIN? And more to the point, why they would need a high tech device when many customers just type it in so it can be easily seen anyway. Just watch at your local supermarket.
Agreed. Also more problematic where one household member is stealing from another without their knowledge, for example kids from parents. Note the PIN when out shopping with your mum(say), borrow the card later, use it, put it back again. Might see quite a lot more of that because there is no signature needed and its easier now than it was.
Under the signature system, is it up to the cardholder to prove that a forged signature was actually forged (I would hope not!) - or is it up to the credit company to prove that it is genuine (I'd assume this one)?
So are you saying that on the one hand, with a signature the *company* would need to prove that the transaction was carried out by the cardholder, whereas with a PIN the *cardholder* would need to prove that the transaction was *not* carried out by them?
Just where in the card's terms & conditions has this change been made??
With a signature there was no clear onus of proof; but the literature being produced about C&P stresses the importance of keeping the PIN secret, and I'm assuming that if a stolen card is successfully used the banks will argue that there has been a _prima facie_ breach of that condition. This wasn't possible for them with C&S.
For example, here's a quote from Abbey's guide to the use of their C&P debit card: "When you receive [your PIN], please memorise it. Never write it down or disclose it to anyone else. Without it, your card cannot be used." All good stuff, of course, but all leading towards the conclusion that if anyone else discovers your PIN then it MUST have been your own fault.
Exactly, and we have seen this behaviour quite clearly already with debit cards and ATMs where in some cases at least it is quite clear that there has been a bank mistake but the bank insisted that the holder of the card must have disclosed the PIN to someone.
BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.