Whats the truth about C&P?

I was in a couple of shops which were C&P enabled yesterday and the staff were merrily swiping C&P cards still and getting the customer to sign so the final part of your statement might well be true but I can't really see the logic in that, surely that defeats the object of C&P unless the side effect is every non pin transaction now gets online authorisation.

Chris

The only logic I can think of is to encourage retailers to start installing the equipment ready for when they do eventually make it mandatory for customers to use their PIN.

My card, which has had C&P on it since about July, still doesn't even go to PIN but remains a signature, never mind whether or not I know it!

The truth is that the liability for fraud is being moved to the retailer if C&P is not used. I suspect also that there will be more onus on the customer (proving that you didn't give your PIN number away is harder than proving that someone forged your signature).

Topic has been discussed here before but also look at

for instance. btw - there is no formal cut-off date. It is up to individual retailers to decide their policy in the light of now being liable for and signature fraud.

Tony Lewis wrote: ...

Make that "impossible".

What's happened as of Jan 1st is that retailers are now expected to have C&P (aka EMV) terminals. If they haven't, they'll have to use a signature as before, but the retailre, not the bank, carries the can if there's a problem.

If they have the EMV terminal kit, then they have to follow the instructions - get a PIN if one's requested, or a signature if the terminal asks for that (you can get a signature-only card, no PIN, and it doesn't work in an ATM ) - and if they follow the instructions, the bank accepts liability -- which AFAICT means in practice a C&P card's owner pays irrespective of who actually used it, because they can't prove they didn't give the PIN away.

The whole business is a con as far as I can see; it'll achieve its aim of saving the banks money, but at others' expense. Expect some unhappy customers when their PIN has been obtained by camera or rigged terminal, and then their card stolen or duplicated (it *will* happen).

Your card has a chip on it but is a chip and signature card, not chip and pin.

where i work they originally said 1st Jan - but i dont see that happening as there would be mayhem with the amoutn of people who dont know what their PIN is or what the hell is even going on - so it will be pushded back IMO....

Without a hint of irony, "Marx Peterson" astounded uk.finance on 04 Jan 2005 by announcing:

What a surprise. As I have oft stated, the PMO[1] has not yet mandated a cut-off date for PIN bypass.

That's when retailers became liable for fraudulent non-EMV transactions.

It depends on who they listened to.

Possibly. The confusing thing is that nobody's really sure of the liability in PIN bypass transactions. Or for C&S transactions for that matter.

[1] The UK body overseeing EMV[2] [2] Europay-Mastercard-VISA; commonly referred to as C&P

Without a hint of irony, "Chris" astounded uk.finance on 04 Jan 2005 by announcing:

They may have the terminals/PINpads installed but they may not be integrated or working yet. This is certainly the case in some places.

Well they said they are issuing them with the chips on ready for C&P when the card first arrived...I have had a replacement within the last month and it istill isn't utilising it.

Without a hint of irony, "Marx Peterson" astounded uk.finance on 04 Jan 2005 by announcing:

Which will never happen. They may remove the PIN bypass recommendation but the merchant (with agreement from their bank) will always have the option to allow non-PIN transactions and even non-EMV transactions. Indeed, they will have no alternative if their systems crash for instance. However, leaving that quibble aside, it makes no financial sense for them to have the equipment installed, and not use it until PIN bypass is removed, when they have spent the money but remain liable for any fraud.

Without a hint of irony, Mike Scott astounded uk.finance on 04 Jan 2005 by announcing:

The bank...

Or do you mean the customer? The cardholder is not the card owner. In any case, the chargeback rules remain unchanged. It is up to the merchant to prove the cardholder was party to the transaction. The CC company don't really care; they'll get their money back either way.

Without a hint of irony, "mo" astounded uk.finance on

04 Jan 2005 by announcing:

They said 1st Jan about what? Asking for PIN or being able to ask for PIN? It the former, they have misunderstood.

We already ask for PIN when people know it but let them use signatures - they said they would force people to start using PINs if it was enabled on

1st Jan (I went to work on Sunday but if it had started it would start from monday I reckon, so i will check it out today)

But i think they will be forced to push it back because of the amount of people who will have problems.

people should be clear now if they go into a shop and they dont know the PIN on their cards they can be refused.

Without a hint of irony, "mo" astounded uk.finance on

04 Jan 2005 by announcing:

Then they are acting against the PMO guidelines. They are entitled to do so, of course, but their customers won't be happy.

In message , Mike Scott writes

You forgot to insert here "and the customers dont tell their bank about the theft" or duplicated (it *will* happen).

We wait and see if it reaches the current levels of cloning which have prompted this change.

Alex wrote: ...

I wondered immediately after posting whether anyone would be so pedantic.....

The point is that use of the PIN is prima facie evidence that it was the cardholder who authorized the transaction. After all, he's the only one who's supposed to know the PIN. If the PIN and card details were somehow obtained illegitimately and the card used fraudulently, it won't in general be possible for the cardholder to prove he did not use the card nor divulge the PIN. So the cardholder pays..... and may himself be prosecuted for attempted fraud should he complain - I've heard rumours on the net of such.

It may be a significant time before they find out; long enough for a good illicit spending spree. But even so, would the bank believe the PIN had been snooped, or would they prefer not to admit this possibility?

...

I think the cards are supposed to be unclonable, aren't they? I can't believe that; but time will tell.

Meanwhile, I kicked my bank hard some weeks ago, explained my reservations, and obtained a chip&sig card instead. I feel much safer.

Without a hint of irony, Mike Scott astounded uk.finance on 04 Jan

2005 by announcing:

Oh well; it must be true then.