1. Home
  2. UK Finance Discussions
  3. Chip & PIN Insecurity and liability shift

Chip & PIN Insecurity and liability shift

ITN News recently covered Chip & PIN insecurity issues. You and Yours, BBC Radio 4 dug deeper.

formatting link
Some quotes from the programm:

Liability for PIN misuse:

"This is shockingly common. The Banking Code says the burden of proof is on the bank. The bank considers this burden of proof to be discharged if a PIN was used." Professor Ross Anderson (Prof of Security Engineering, Cambridge Univ.).

""It's my savings account card, I've never used this card, I have no idea of the PIN almost £2000 has been taken and Cahoot says they won't refund my money because a PIN was used" Alex Harvey, (Fraud Victim)

"If you reach deadlock with your bank on this type of situation then go to the Financial Ombudsman Service." Sandra Quinn (Association for Payment Clearing Services).

Insecurity:

"In France there is a particular problem, people are now cloning chip to chip and that has been going on for a number of months." Ross Anderson

"It's becoming apparent that Chip cards being used without the PIN having been compromised and there is a straightforward way of doing this. You copy the details of one Chip card that you've stolen and whose PIN you don't know, to another Chip card whose PIN you do know." Ross Anderson

Maximum Daily Cash Withdrawal at ATMs.

"We discovered in the space of 4 hours at 2 separate ATMs, somebody had made no less than 13 withdrawals from our joint account and racked up a total of £1,300. We were in UK and the withdrawals were made in Paris." Mary Adkins (Fraud Victim).

PIN Advice:

"Some people unbelievably use passwords or PIN numbers,1234 or 1111 or 2222. I know trying to remember all these PIN numbers is very complicated, but people have to be mare careful about PINs and change them" Nigel Evans MP

"Anybody who used a Shell garage within the last six months should now seriously consider changing their PIN numbers on their credit or debit cards." Nigel Evans MP

Nigel Evans MP.

Lack of Warnings to Cardholders. (Rigged ATM's and PIN pads)

"In America if a supermarket had a skimmer put on to the cash machine in its wall, then the law would require that the supermarket notify all the customers who had used that cash machine" Ross Anderson

The only thing missing was You and Yours telling people if they feel insecure or have issues using a PIN they can opt for Chip & Signature cards.

Reply to
jjamies
Loading thread data ...

Are you actually able to set such PIN's? I haven't tried, assuming the system would reject them.

Reply to
Colin Forrester

I assumed that too, which, of course, cuts down the possibilities of guessing one by quite a lot.

Tiddy Ogg.

formatting link

Reply to
Tiddy Ogg

At 18:27:40 on 23/06/2006, snipped-for-privacy@tiscali.co.uk delighted uk.finance by announcing:

The bank can consider what it likes. They haven't felt sure enough about it to test it in court yet.

Yes. And cahoot don't issue cards on the savings account. So what's she actually talking about?

Exactly.

And it's a different system, nothing to do with C&P.

Nonsense.

Nothing to do with C&P.

Not sure the systems allow such stupid PINs.

Good advice.

Nothing to do with C&P.

Reply to
Alex

BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.