Neil Hopcroft

A digital misfit

Third rate tobacconist steals PIN data

The reason, apparently, that ‘Chip and PIN’ is important is that it shifts the liability in case of fraud. If you are signing for transactions then it is the bank (or the shop) checking the signature against the card. It is far more difficult to claim fraud in case of entering a PIN, since it must be your fault for disclosing the PIN.

So, a question: Does the oft-quoted 80% fraud reduction in France mean a real fraud reduction or a reduction in the amount /banks/ are liable for?


Categories: Memories.

/ 17 Comments

17 comments

    • neilh

      Well, most of the signature based liability is already with the shops, now they’re passing the rest of it onto us as customers.

      Reply
      • evilmandykins

        actually the signature based thing? the liability is with the banks currently.
        however, come january that changes, and the shops take the hit for fraud if they take a signature. but if it is chip and pin, it is the bank’s laibility. apparently.
        i would also like to point out its a good thing for the people on the tills. signature comparison is a bloody nightmare, especially where i work.
        what i don’t trust is that at least in our case a slip with all the info prints up ( not with the pin but all other info )
        and gets put in the till.
        holloway road has a significant amount of theft. we’ve been cleaned out a couple of times this year, and had equipment stolen 3 times this year. loose papers with account details worry me. ;/

        Reply
        • crazyscot

          Merchants like C+P because it reduces not only their liability, but there’s talk of the banks reducing their cut in the merchant agreement. (I was under the impression that merchants who didn’t check the signature were liable at present for chargebacks?)

          Banks like C+P because “nobody can forge the chip card” and “nobody but you knows the PIN”, therefore if there is a transaction you don’t recognise on your statement it “must” have been made by you or with your permission and therefore it’s your problem. If you try to reverse such a transaction the bank will probably have you charged with fraud, as they have done in various ATM “phantom withdrawal” cases over the years.

          Reply
          • evilmandykins

            i usually find taht what my bank likes is usually bad for me tho, so this comes as no surprise.
            but it is better for merchants generally. staff, after 2 hours at a busy till, are usually cross-eyed looking at signatures, or correcting prices on screens etc. ( i work in a university bookshop.)

            it will be interesting to see what banks do when the first round of frauduant c+p transactions start popping up…
            also interesting will be what happens with foreign cards, as i don’t think US cards are chip and pinning yet…

          • crazyscot

            Of course; banks, like other commercial enterprises, are only really interested in making money at the end of the day. They’d treat you like dirt if it wouldn’t drive customers away.

            They can’t stop accepting traditional mag-stripe cards for the exact reason that foreign cards may not have (compatible) chips. (Believe it or not, some companies here in the UK still use the old zip-zap machines. I’ve had a couple of such receipts this year.)

          • evilmandykins

            hehehe they do treat people like dirt. but you pretty much are forced to have a bank account.
            i think i will pay for things in cash. or better still, cheque. ehehehheeh
            we have one of those machines for events we do out of the shop. nasty annoying fiddly things lol
            most banks don’t process them tho- they have to be sent off to a central branch to be dealt with…
            (btw hello! i don;t think i know you. but hi! *waves*)

        • neilh

          They tend to pass them back to the merchants through chargebacks, plus, if you have too many, they’ll charge higher percentages too… and when they say ‘its the banks liability’, what they mean is ‘its not the shops liability’, actually it falls back to the (banks) customer.

          Reply
  3. jamese

    I’ve been wondering about this. Wouldn’t it make more sense to have a seperate pin for shopping and cash withdrawls? or it that to much for joe public to cope with.

    Reply
    • neilh

      Jeez, not more numbers! I already remember around 60 4-digit PINs, lets face it there are only so many 4-digit numbers it ultimately becomes a matter of remembering what goes with which one, rather than remembering the numbers themselves. And getting it wrong only exposes you to giving away some other secret number for some other purpose.

      Reply
  4. jamese

    I don’t have a pin on my credit card. I was more worried about someone watching me type in the pin and then running down to the cash machine and withdrawing all my money. After stealing the card or course.

    This isn’t any different to people doing the same thing at cash machines which has happened to me twice now but it’s that much easier to hang around a store and do it then to hover around cash machines.

    Reply
  6. neilh

    My answer, recently at least, has been to not-go-shopping. But I’m now having trouble making inspired meals from tins of tomato soup and rice….have to break the drought after christmas.

    Reply
  7. neilh

    Identity != trustworthy

    Suing people can act, also, as a deterrent to prevent people from being untrustworthy. However, in order for it to be a deterrent it has to be severe enough to make it an easy choice.

    My concern is that now the banks are going to start suing people who’ve been frauded for attempting to fraud the bank. This is always going to be a difficult one to call, but PINs seem to weight things in favour of the banks, as far as I see it.

    Reply

Leave a Reply

Your email address will not be published.