On 11/10/2012 18:54, Chris Blunt wrote: ....
Where of course you enter secure information on an untrusted terminal. Good system the banks have set up. :-|
On 11/10/2012 18:54, Chris Blunt wrote: ....
Where of course you enter secure information on an untrusted terminal. Good system the banks have set up. :-|
Surely they use 'trap-door' functions. Even if you know exactly what is on the card chip it doesn't tell you the PIN.
Robert
Why is the terminal itself any less trustworthy than one in the UK would be? I felt that handing the card to the waiter was the most untrustworthy part of the transaction.
Chris
I didn't suggest it would be. General issue - /you/ have to authenticate yourself - but the bank provides no means for verifying its communications chain.
Maybe we should all go back to the good old days and pay for everything in cash. I mean, whoever heard of people losing money from cash being stolen?
Chris
The thing about cash is that you can never lose more than you're carrying.
It is *impossible* to get a card that does not have a pin. Even if you have a chip and signature card, there will still be a pin for use in cash points.
If I drop my wallet it might have up to 100 pounds in it. If someone dishonest finds it they can take that 100. But there are also three cards in it with pins. So they've got about a 1 in 1000 chance of guessing and getting a valid pin with zero risk. If they fail to guess, they just throw the wallet and cards away - it's reported as a lost wallet and nobody even knows that a fraudulent attempt was made with the cards. If they guess right then they will be able to steal something like 500 pounds from a cash point plus large amounts at shops.
I'm likely to notice my wallet missing within about 24 hours. As I'm writing this I know I had my wallet at 20:30 last night. But since then I haven't touched or used it. I know where it is supposed to be. But if I dropped it last night rather than putting it back in my bag then someone has potentially had about a 1 in 1000 chance of having all of Saturday to go on a spending spree.
I would never use my credit cards for cash. So why can I not block that useage of the card completely? I don't want the card to work in a cash point. In fact, although I have on a couple of occasions over the last couple of decades accidentally put my credit card into a cash point, I'd prefer it if the cash point swallowed the card because most likely, if it gets put into a cash point it's because someone else has got my wallet and is trying something nefarious)
If someone is willing to try to unlock the locked card at a cash point then they get six attempts rather than just the three to guess the pin. But that's slightly more risk and will at least be recorded. The first three guesses can be done at home.
I don't know how many wallets are dropped per year and I don't know how many of the finders are potentially dishonest. But I could well believe there could be a few dozen cases per year where a lucky guess recovers a pin.
Tim.
No. My chip'n'signature cards don't work in cashpoints. I /do/ have a cashpoint card though, which has a PIN - but you can't buy anything with it, and so losses are capped by the max daily withdrawal limit.
Mind you, the situation can be complex - IIRC you could in theory have a single card that has a PIN for cashpoints, needs a signature for shops, and provides low value items with no authorization (indeed, I have used my PIN-less credit card once in a rail ticket machine for a local ticket). Depends what the bank cares to set up.
+1. This is a feature I've often asked for from the credit card company but they have all refused.
Not all banks are the same. When I reported an unknown £10 transaction to the bank they immediately froze my card and sent me a new one. As it happens changing all the periodic direct debits was very inconvenient. Perhaps I should have risked a potential fraud.
Steve
BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.