Chip & Pin insecurity

wrote

Yes.

wrote

Don't be silly.

If the customer is so blatently negligent as to *both* :- (1) Not ensure they receive back their card; AND (2) Not attempt to cover the keypad when entering their PIN; ... then why should the (innocent) bank pay for the negligence of the customer??

Indeed, I quite agree.

Landru

Where are we told to cover the keypad while entering a PIN? What are we supposed to use as a cover? And why on earth should we have to guard against criminals employed by the UK's most profitable retailer?

It is not negligence to trust a cashier.

retailer?

Yes it is

why would trust you some minimum wage idiot?

And you have to be stupid, stupid, stupid not to take your card back.

Peter

The victim should contact Tesco and say that she is now being held liable for losses incurred through an abuse of the trust she put in Tesco's noble employees. She realises of course that the employee is no longer on Tesco's payroll, but she would never have dreamt of buying her children their Hula-Hoops from that store if she had had any reason to doubt the probity of Tesco staff. She might also express her surprise that Tesco have not taken the initiative by contacting her to express their regret at the failure of their recruitment procedures, and to ascertain whether any form of compensation might be necessary. Not only should they offer to take up cudgels against the bank: free Hula-Hoops for life should also be on offer.

If Mrs Walsh's debit card had been a 'Chip&Sig' rather than 'Chip&PIN', then the thief would not have even needed to observe the PIN! He could just copy the Sig from the back of the card...

"James" wrote

Are you trying to suggest that you *can't* get cash with a 'Signature' card (either Chip *or* non-Chip)? Have you never heard that little phrase: "...any cashback with that, sir?" ?

Don't forget, even if the card had only been a 'Sig.' card -- the till cashier ("thief") had access to equipment (the till!) with which he could put through any shop item & 'pay' with the stolen debit card, and get 50 (cashback) out of the till at the same time. The till wouldn't even be short at the end of his shift, because it would show a sale of X plus 50 cashback with a cancelling debit card payment of (X+50) from .... a Mrs Walsh!

"Andy1973" wrote

... to look after her debit card for her?

"Andy1973" wrote

... then she'd have given her card to someone else in the street to "look after"??

Get real!

As an adult you don't have to be told not to give your monthly wages to the first person you see in the street. It's fairly much common sense. This is the same, it's a secret number (like your cash card pin), it's a safe bet you should keep it covered. I paid by C&P today in tesco, the keypad has raised edges so the cashier can't see it easily.

Yes it is, do you know all cashiers? Have they been vetted by the police? No, they are normal people, and unfortunately, some normal people steal things.

I have had enough bits of paper from banks etc telling me to keep my PIN secure for it to be lodged in my subconscious. It is a message frequently repeated on cash mashines - usually accompanied by a sort of logo/icon of the left hand hiding what the right hand is doing.

I agree that this is not always easy to do - especially if you only have one hand, in which case you can either demand a sig card from your bank/ cc co or take action against the shop under the disabilities act which came into full force last autumn.

The position of the pad is not always helpful, but I don't think that can be used as an excuse acceptable to banks - although I expect to hear of legal action being taken against some shops.

I have always been taught to check my change before leaving the shop. Not that this hasn't led to a few arguments in the past.

Bitstring , from the wonderful person Tim said

Assuming they could forge the signature well enough to fool a handwriting expert. If not, the customer could fairly easily prove it was not their doing.

"GSV Three Minds in a Can" wrote

Ermmm, he wouldn't even need to do that - he could swindle the cash even if he signed the slip "Mickey Mouse"!

Bitstring , from the wonderful person Tim said

Yes, but nobody would be able to successfully claim it was the customers fault, would they.

I don't know. Sounds like a good wheeze for a genuine cardholder to sign as Mickey Mouse and then try to deny they were the shopper. Security cameras might thwart such a cunning plan, though.

The question is, can they sign "Mickey Mouse" in a handwriting style sufficiently unlike their own that it would fool a handwriting expert? If you taught yourself to write with your wrong hand, could they still tell it was you?

I don't see that it's down to the customer. Ignoring this extreme case, which is presumably why the morons at the Express chose to run it, if the customer has their card and has had unauthorised withdrawals, they simply say that they followed the C&P security instructions, then it's for the banks to prove negligence.

Once this charade of unbreakable security is challenged in court, the games up.

My brother is a software engineer on the credit card systems. He regards C&P as less secure than the previous systems.

Daytona

Daytona wrote: ...

And since the customer is the only one who had original access to the PIN, the banks will argue prima facie that if someone else also has it, the customer must have either deliberately divulged it, or was careless, and is therefore liable either way.

And no, I'm not trying to defend or justify the banks, just pointing out what's likely to happen. IMO, of course. (I leaned on Natwest pretty heavily last year and wheedled a chip&sig card out of them. My visa bank's next in line......)

You will need, I suspect, to afford a better lawyer than the banks can afford.

No they won't. Not unless you have a registered disability. I asked Cahoot repeatedly but they refused every request.

Bitstring , from the wonderful person Jim Hatfield said

So vote with your feet. Other card issuers are more flexible.

In message , Daytona writes

What is the basis of his concern?