Re: Chip & Pin Fraud

Go To Mortgage 101

Return To Group Index

Newsgroups: uk.finance
Subject: Re: Chip & Pin Fraud
From: Geoff Lane 
Date: 06 May 2006 22:55:03 GMT

Graham Murray  wrote in
news:878xpex1bm.fsf@newton.gmurray.org.uk: 

>> The association's spokeswoman Sandra Quinn said: "They have used an
>> old style skimming device. They are skimming the card, copying the
>> magnetic details - there is no new fraud here.
> 
> So maybe the specification for card chip readers needs to be changed
> to mandate that 
> 
> 1) The customer has to insert their card into the reader, and not hand
>    it to the salesperson.
> 
> AND
> 
> 2) That the card only be entered far enough to read the chip (which is
>    close to the edge of the card) and specifically that the card must
>    not be inserted far enough to enable the magnetic stripe to be
>    read. 
>    
> 
> Also, that retailers not be allowed to swipe the magnetic stripe
> (neither before or after insertion into the chip reader) during a
> transaction where the customer enters a pin.

As I wrote, the fraud was possible only because of Chip and PIN. Thus, 
Chip and PIN is less secure than the signature system in this case.

One of the big issues that I have with Chip and PIN is that there is no
standard reader. Each retailer must obtain their own reader - so you,
the customer, can't tell whether the device to which you've just
disclosed your PIN is kosher or something a scammer has knocked up to
defraud you. 

What is clear is that the terms and conditions of your account have 
changed with Chip and PIN. Any disclosure of your PIN is deemed to be 
unauthorised even if fraud is involved - and thus the responsibility for 
losses falls on you, the customer. Today's Daily Mail report cites one 
customer defauded of over Ł1,300 who can prove they were not present 
when purchases were made on their acount in Paris. The customer reported
the fraud weeks ago yet still is unsure whether she will be reimbursed -
and this is a high-profile case where the bank knows that the media are
involved. So what hope has your average person-in-the-street who falls
victim to such a scam! 

On a related note, when Chip and PIN was first announced, Sandra Quinn 
said that anyone who had difficulty remembering their PIN would be 
provided with a Chip and Signature (PIN-suppressed) card. However, she 
lied because the banks won't accept not being able to remember your PIN 
as a valid reason for issuing a Chip and Signature card (at least, my 
bank won't).

FWIW, I fall into the "can't remember" category with one of my cards 
because, except for cardholder not present transactions, I only use it 
for fuel. Most of the service stations at which I use that card don't use 
Chip and PIN - so I only actually need my PIN once every couple of 
months. I have over a dozen of these four-digit numbers to remember, so 
can't remember the least used and have had the embarrassment of filling 
up with over sixty quid's worth of diesel, handing over my card, and then 
realising I couldn't remember the PIN. So far, the banks "most helpful" 
suggestion has been to use the same PIN for all my cards, my mobile 
phones, and door access - which has to be a huge security no-no. The same 
"helpful" person suggested writing down my PINs - which is something else 
I refuse to do on security grounds.

I just wish there was an alternative!

-- 
Geoff