Times: Fraud victims left in the lurch by banks

Thank God that chip and pin is absolutely safe.

This confrms absolutely what many of us here have been saying about how C&P puts the onus on customers, and makes a mockery of those who made statements about how C&P was safer for customers, and how the onus was on banks to prove fraud had occurred. This includes Jim Lay, Peter Crosland, Derek Hornby, Alex Heney and even the usually 'on the ball' John Boyle who spent a fair bit of time saying it was impossible to clone a C&P card and use it to obtain money from an ATM.

I give you the following snippet;

From Mike Scott:

From JB

What say you now JB?

And Tim, here's a snippet from you?

Doesn't appear so without a shed load of hassle does it, much of the hassle beyond the means of the average citizen, who, if he presses it, has to weigh up the possibility he might be prosecuted for fraud.

Similar story in the Telegraph:

In message , Tumbleweed writes

Exactly the same. The case here was enabled via the old magstripe system on an old ATM that has now been updated. Not C&P.

Not at issue on this point.

JB: 'if he still had the card, it couldnt happen'.

It did.

In message , Tumbleweed writes

Not under C&P it didnt. It was an old ATM under the old system. The clone was not C&P it was Magstripe. The main ATM concerned has now been upgraded.

It was to stop things like this that C&P was introduced.

"Tumbleweed" wrote

"Tumbleweed" wrote

I give you the following snippet from the quoted article: After refusing to accept a "full and final settlement" of 350, the Parkers wrote to Sir Fred Goodwin, chief executive of Royal Bank of Scotland, the banking group that owns NatWest, threatening to take their compensation claim to the Financial Ombudsman Service. This prompted NatWest to offer a full refund "in the spirit of conciliation", along with 500 compensation.

Result - even got 500 compo! And didn't even need to go to the FOS or court!

The moral of this story is, that when the counter staff don't know what they are doing - go straight to the top of the organisation. Those at the top will realise that the bank needs to prove the customer was involved, and (where they can't) will therefore back down.

Oh, and don't think that it'll be loads of bother. At the first sniff of "... it's your fault, sir...", go home and write one letter to the top man...

It wont. This was a C&P card. The same fraud could happen at any non-UK ATM.

Thats fine for those 'in the know', I:m sure everyone posting here will be fine. For the weak, uninformed, and perhaps many of the elderly, they will suffer aggravation, stress and possible financial loss.

In message , Tumbleweed writes

You have misunderstood the article.

Quote :

A NatWest spokesman says: "After further investigation, and contrary to what has been said previously, the transactions were not made using chip-and-PIN technology. While the customer's card was a chip-and-PIN card, it still contains a magnetic strip. This strip appears to have been cloned and the PIN read."

NatWest says that it has since upgraded its cash dispenser in Muswell Hill. A spokesman adds: "As we are now nearing completion of the roll-out of chip-and-PIN, the opportunities for gangs to exploit the old magnetic strip technology are reducing."

Certainly, anywhere there is old technology there is a risk, but that isnt a C&P fault.

The problem is that the guy had to go right to the top to get this. Previously he had been told that the official report said something completely different.

This wasn't a simple mistake, he had been directly lied to.

If the banks can lie about the contents of an official report to get the result that they want, how can we believe them about anything else.

But there *is* a cloning risk until *all* old style machines have been removed. The type of card that the punter has is irrelevent because it still has the mag stripe (and will continue to do so until the whole world has C&P). This is the complete opposite to what the bank are claiming which is, because *you* have a C&P card it can't be cloned at all. This is a lie (not a mistake).

tim

In message , "tim (moved to sweden)" writes

No they didnt lie, they just cocked up.

I accept your point, but I am not arguing this point > I am arguing that a C&P card cant be cloned (yet).

The cloning risk relates to the magstripe element, not the C&P card. I have never claimed otherwise.

I have never seen anything that says that a C&P card cant be cloned at all. Where did you get this from? All that has ever been promulgated is that C&P will drastically reduce crime. At the moment cloning af a C&P card is beyond the abilities of those who clone magstripe cards (which doesnt need much technical nouse at all)

In UK almost event ATM will be changed by Valentines Day (or so I have been informed). Therefore, the opportunity for fraud is very very substantially reduced.

I stand by my statement.

Who cares? Fraud isn't a major problem for consumers, they just pay for it as part of the markup by shops which accept credit cards.

The real worry to consumers is the apparent loss of protection

Whereas in the past they paid the 3% markups, part of which were hidden premiums for what was in effect anti-fraud insurance, now they are still going to pay the same markups, but lose the benefit of the insurance, since banks/shops will do their utmost to make the consumer carry the risk.

The risk reduction is, in other words, of no benefit to the consumer at all.

It's like introducing some new magic technology which is somehow going to result in 99% fewer houses burning down, but which is not going to lead to lower house insurance premiums despite fire cover becoming excluded because the nature of the technology is to make it "impossible" (or so the promoters of the technology would claim) for houses to burn down except as a result of owner-instigated arson.

Missed point RR, and I think you are becoming influenced by some of the hysterical and neurotic posts we have seen here of late about C&P.

In this thread Tumbleweed has misread the OP and Tim also is confusing the issue.

The point is simple : C&P cards are a damned sight harder to clone. In UK this will reduce the main and incipient source of card fraud. Misuse of PINs is irrelevant, because with C&P (as far as I can see) it doesnt matter how many people know you pin, its whether they have your card that matters.

The OP was about a magstripe clone fraud, they very typoe C&P is here to stop. OK, it wont work abroad, so is that a reason not to have it? Nobody has said it is the panacea of all evils, but it helps.

Regarding banks attitudes, then I wont insult you by repeating any of the numerous true stories I have posted here in the past about the prevalent widespread misuse of PINs by cardholders who pass the PINs to friends and relatives. These days, explaining your problem to a cashier is futile, to believe what they say is stupidity. You need to press on.

NONE of the news reports we have seen here about PIN misuse relates to C&P technology, it ALL relates to the least bits of magstripe technology as it is phased out.

I would like to see what this group is reporting about card misuse in a year's time and then we can see what actually happens in particular to see if the hysteria and neuroses have died down.

john boyle wrote: ...

Agreed. But "harder" is not the same as "impossible", which appears to be the banks' line. Also the extra use of the PIN in potentially uncontrolled circumstances makes accidental disclosure much more likely than use solely at an ATM.

So why have a secret PIN in the first place if posession of the card were all that mattered? In fact, why bother with C&P at all if that were so?

Does it? Scenario: Bad Guy Shopkeeper skims C&P card's stripe and records the PIN. He sells the info to his mates in Bangkok or wherever who clones a striped card and vists local ATMs. You have a problem. The banks says it's a C&P card so their system must be secure, therefore it's your fault.

There may be a problem in that fraud apparently dies down, where in actual fact the "events" concerned have merely been reclassified as "card-holder at fault" on the grounds that the system is "known" to be fault-free. You can see this could well be self-perpetuating: because the system is secure, any incident is down to the card-holder; therefore fewer frauds are logged, thus helping substantiate the claim that the system is secure.

Incidentally, after a local bank manager effectively called me a liar when she absolutely and totally denied the existence of chip&/sig/ cards (and this in the face of me waving about one the bank had already issued to me!) I wrote an /extremely/ strong letter to thewir complaints people, and had a suitable apology. But such brazen attitudes as hers do not inspire confidence in anyone within the banking system, much less provide any expectation that the bank would offer real help in the event of any problem with a C&P card.

That point is irrelevant. In the story, a non-C&P clone *was* created from a C&P master, and it appears that the bank mistakenly declared this to have been impossible.

True. But my point is that this is not going to relieve customer worry. That fraud incidence overall will be vastly reduced is not denied, but the consumer is not as well protected as before, because although it will be less likely that any given cardholder will become a victim of fraud (since, accepting for the moment that cloning of the chip is not possible, and that in due course all domestic card readers will no longer accept non-chip cards), and therefore any fraud which does occur will tend almost invariably to involve card theft, the problem for cardholders is that when it *does* happen, they are going to be given a hard time by the banks (as has been demonstrated in the story) who will accuse them of having stolen the money themselves or having deliberately or negligently disclosed their PIN.

But it's not being phased out globally, and so it seems likely that we will be seeing more and more reports.

And the reports *do* relate to C&P technology. Although the technology itself wasn't compromised, the fact that it existed was used by the bank to deny the possibility of the victim being innocent.

"Tumbleweed" wrote

Unfortunately, that's life.

Just because some people don't know what to do in this situation, doesn't mean that my earlier comments were invalid!

"Mike Scott" wrote

You don't have to accept that.

Can you cite even just a single case, where the bank has *not* backed-down after the cardholder went to "top-man" / newspaper / Financial Ombudsman?

If the financial ombudsman has never held any of these up then he should be requiring the banks to sort their systems out and stop wasting everyones time and money going to the FO.

Jim.