I've just had a leaflet with my CC bill. Under the heading "reducing your liability" it informs me that if deatils of my PIN have been disclosed to others I will be held responsible for all PIN based transactions.
Anyone know *exactly* what they mean? Have I disclosed my PIN if somone spies on me as I enter it, without my knowledge? Is the fact that someone else knows my PIN taken to be proof that I must have disclosed it?
The latter is the worry.
Quite. I think maybe when they say "reducing your liability", they mean "your" in the loose sense of "one's" - ie the bank's.
But remember that since you are the only one who is supposed to have knowledge of your PIN, it will probably be assumed a priori that if someone else uses it, then you must have disclosed it either deliberately or negligently. Can you prove you didn't?
But I think this topic's been done to death over the past months..... and no-one has any real idea. It'll probably take a court case and expensive legal team to decide the issues.
Can the bank prove they didn't?
No. But using *balance of probabilities* (the standard of proof for a civil court case), they could probably argue it was most probably the customer - after all, their systems are secure, no? Well, they would have one think so. If nothing else, a bank would have no obvious reason for releasing a customer's PIN; a customer could easily have been negligent in shielding it during entry. And when all's said and done, a corrupt bank employee is less likely than a fraudulent or negligent customer (I hope!)
Not that I'm supporting the banks' attitude. IMO C&P simply isn't secure in practice.
"Mike Scott" wrote
... OK ...
"Mike Scott" wrote
Well, actually I'd have thought that it was much more likely for a PIN number to have been compromised from one of the cards that the *bank* had issued, rather than one of the cards that particular *customer* had ever received - simply from the numbers involved (many thousands/millions for the bank, unlikely more than a few dozen for the customer).
So, suppose the bank & customer go to court & the bank have had at least one PIN number compromised on one of their cards, and the customer has *never* had a PIN compromised on *any* of their cards. The **balance of probabilities** would then come down *against* the bank - after all, one/more of the cards they have issued has had the PIN compromised, but
*none* of the customer's cards have been!!"Mike Scott" wrote
And so are those of the customer! [Assuming of course that they are.]
Tim wrote: ...
Except the bank will now, I assume, argue that in each case the particular customer was at fault. Which will often be true - so the argument may work the other way: of 1000 people (say), 998 have been proven negligent or criminal. You're the 1000th in line - the "obvious" conclusion is.....??? (But then, you can prove anything with statistics if you try (or lie) hard enough :-)
(I do wish you'd kept the rest of that paragraph! It changes the obvious sense.)
But they aren't. The banks' systems are all locked up (or down?); your PIN number is used in some very public places (precisely because of the banks' requirements).
Eh? Why should each customer be "tarred with the same brush" as other *bad* customers??!
According to your logic, if the last 9 people charged with murder in a particular court were all found guilty, and you were the tenth person to appear charged with murder, then you should be found guilty solely because the other nine were!!!
"Mike Scott" wrote
They can be. If the customer doesn't write the PIN number down, nor otherwise record it - apart from memorising it - and never tells anyone else the number, then their systems will be very secure!
"Mike Scott" wrote
Exactly - the PIN pads are part of the **bank's** systems - the customer has no control over the design of that part of the system, although the banks do. So you cannot say that "the banks' systems are all locked up" -- because the PIN pads are part of their system & they are the obvious weak point!!
Tim wrote: ...
It's a question of populations and sampling. Take a more obvious example: a barrel of apples. You take out 10 apples and find they're all bad. Are you going to blindly remove the 11th and bite into it? I'm not trying to defend the banks - I'm just trying to indicate the sorts of rubbish arguments they might bring up (and remember from the Meadows cases that courts and lawyers and doctors seem poorly genned up on elementary statistics, never mind technical issues.)
But by the banks' view, that's part of the customers' "system", not theirs. I doubt that the banks would worry that they designed the weaknesses into it and so they view "proper use" of PIN pads etc as the
*customers'* responsibility. (IMO precisely because it is the weak part of the system. They're trying to save their *own* money, not yours and mine.)
Not always.
Indeed. But you're the second person who's selectively quoted me. What I wrote was, "....their systems are secure, no? Well, they would have one think so." Which I think changes the tenor a bit:-)
I did not think that by cutting the latter part of your message out people would think that you were agreeing with the banks' assertions wholeheartedly (indeed I thought I was preaching to the choir to cast doubt at these assertions).
Apparently you disagree, so please accept my apologies.
BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.