Credit Cards/Chip and Pin/ATM withdrawls

john boyle posted

I know. I quoted the story to show that the banks *do* use the argument I quoted above ("Chip and PIN is invulnerable, these transactions were PIN-authenticated, therefore you authenticated them, therefore you're liable"). They do NOT automatically accept liability.

No, there *is* a change. We've been over this before. It's because the banks use the fact of PIN authentication to claim that the transaction

Yeah, but I don't *care* if they can do that. What *really* matters to me is not that the fraud succeeds, but that I can repudiate the phoney transactions.

Oh, I agree. There is no doubt that chip and PIN discourages the kind of fraud you describe. However, this comes at a cost. Namely, that when a crook *does* succeed in getting hold of a card and its valid PIN, then the opportunities for cash theft are *much* larger; and in addition the bank will do its best to hand over liability for this fraud to the customer.

That (contrary to what you claim above) the banks *do* assume that the cardholder was negligent. They *don't* try to show it. Not until a national newspaper forces them to anyway.

I don't. I believe a sig is probably less secure overall. But the fact remains that a signature is disclaimable where a PIN is not. So if somehow your PIN is discovered by crooks and used in Bermuda or wherever, then you're in trouble. If my signature is "discovered" and used in Bermuda, I simply say I have no passport....

It's not, to me, a question of overall security, but rather who takes the rap when (not /if/) the security is broken. I don't see why I should voluntarily take even the slightest risk of being the fall guy. Call /me/ a cynic if you will, but I'd rather be sure the bank will take the pain.

Peter Ramm wrote: ...

I had one ask me to sign it before they'd accept it. But it's not the point.

I'll bite.

Cardholder complains of unaccounted withdrawals. The card was C&P. C&P is secure. Therefore the cardholder had to be involved in the cash withdrawals. Therefore the cardholder was acting fraudulently.

Spot the weak link in the reasoning?

Footnote: having only just managed to read the /full/ article, I find that "Crucially, none of these ATMs was equipped to read chips; only the magnetic strip."

So how come the artice also says that "Evidence thrown up by chip and pin technology had left no room for doubt, a spokesman said." ???????

I don't think I'll be banking with Barclays, somehow!

No, they do not. Maybe Visa and Mastercard do, but American Express has different rules.

Axel

Unless for trivial amounts (except in America where a a non-trivial amount can be five dollars for a coffee), most countries will like some form of ID for any expensive purchase. Sometimes.

I have been pickpocketed abroad but my card was never used... why I do not know... unless either my name was significantly foreign or the card was very English to make it unlikely for the thief to carry on a deception.

Axel

I am not sure why I mention this company again (I can assure everyone that I do not work for them nor have shares), but American Express is one that does... I do not have a PIN number for my card and am quite happy to keep it that way.

Axel

Did you actually bother reading it?

LOL

I only laugh because I recently gave up my Amex credit card. It was good while the cashback was doubled but there were too many places that wouldn't accept it. Plus they have a claws (;) ) to charge if you don't use it. So just keeping it home in a safe in case I might use it at some time wasn't an option. Plus they wouldn't reduce the credit limit when I asked them to. I

They certainly don't make it easy to close an account, btw. It took me nearly 3 months before they finally wrote to say bye-byes.

Or they swipe the card and skim the magstripe which will still work in some ATM's. I found a petrol station doing that in full view of the customer - card went into a magswiper (to check it's not stolen) and then into the chip reader. Was it a skimmer or did then not realise the chip POS will tell them it's pinched? I didn't risk it and insisted on signing.

The fact that some do try it on does not mean there has been a change. It just means they are not obeying their own code.

But it is simple FACT that there has been no change to the potential liability of the customer.

They can and do.

It is much *more* likely they will do so IMO.

They are only likely to back down on this one if you demand they have the signature analysed by a handwriting expert, whereas they *usually* (not always, as the (unusual) cases you have highlighted show) back down as soon as you show them you are aware of the Banking Code with fraudulent usage of your PIN.

...and no-one has mentioned phantom withdrawals.

What I meant was, if my debit card is used to pay for goods, the money is removed directly from my account, isn't it?

That was *one* case, which was obviously unusual (or it wouldn't have been newsworthy), and which involved the bank with almost certainly the worst reputation for customer service in an industry that is not noted for having reasonable levels of customer service generally.

And I have never said that the banks always do follow their code, any more than they ever have.

But the code *is* there, and it *is* what eventually resulted in her getting her money back, even if it took a lot more effort on her part than it should have done.

"TD" wrote

As a Direct Debit that you didn't authorise? Then you complain based on the DDeb Guarantee, and get a refund.

"TD" wrote

Did I? Where?