Chip & Pin credit card security

Re: Logistics of chip and pin in (say) restaurants

Regardless of chip and PIN ... in general financial institutions advise that you don't let anybody take your credit card out of your sight at any time. If this means following the waiter up to the desk where the card is swiped then so be it. Of course most people don't do this in practice for various reasons and so expose themselves to some level of risk of card fraud. As far as I know some outlets will have mobile chip and pin units while others will simply require the payer to present themselves at the cash desk in order to punch in the PIN.
 
Re: Logistics of chip and pin in (say) restaurants

They give you half an hour to enter the text into the website. Personally I have to drive about 3 miles to get a mobile signal so if you gee yourself up it is just about possible but not exactly convenient.

You would have to feel sorry for their call centre agents and the complaints they have to put up with which they have to answer with awful scripts... probably they only get minimum wage too. And to think I still have Vodafone shares which are so tiny as not to be worth selling in protest, as a result of the Eircom debacle. Sigh.

Imogen
 
Re: Logistics of chip and pin in (say) restaurants

In most restaurants, the waiting staff bring you the bill, take the card away and return with card and receipt to be signed.
Click to expand...
They will if you let them. If on the other hand you take your card up to the till, you reduce the risk of skimming. Mind you, you don't entirely eliminate it unless you watch your card like a hawk to ensure it only goes through the proper card reader.

With chip and pin, will they be going around with a pin keypad in their back pockets or will the pay from your table practice go out the door with chip and pin?
Click to expand...
I understand they have portable units to bring to the table. I saw similar units operating in France about 3 years ago.
 
Re: Logistics of chip and pin in (say) restaurants

I was asked for my pin for the first time last weekend.
I didn't know it. I have the envelope I just haven't gotten around to changing the pin to something I'll remember.

So both places allowed me to sign. If a Pin is not entered immediately, the machine seems to go into Sign Mode.

I wonder how long that will continue??

-Rd
 
Re: Logistics of chip and pin in (say) restaurants

The important point is the onus is on the Credit Card card holder to make sure they don't give out their PIN number to anybody else. With an ATM card, your liability was 300 every day (the max somebody could withdraw) but with a Credit Card potentially the loss could be the Credit Card limit!
In the past the maximum you were liable for was 50 Euro (even then they never enforced it) as the fraudsters attempt to forge your sig was nearly always a rubbish attempt as they knew the staff in the shops never bothered to check them.
So what happens in the following situations
(A) Somebody breaks into your house and finds a slip of paper with the PIN number on it, then mugs the card holder for the card and buys goods up to the credit limit?
(B) Somebody beats you up and gets the PIN number and card from you and then buys goods to the credit card limit?
 
Re: Logistics of chip and pin in (say) restaurants

So both places allowed me to sign. If a Pin is not entered immediately, the machine seems to go into Sign Mode.

I wonder how long that will continue??
Click to expand...

It is up to the acquirers as to how long they allow this PIN Bypass feature. It is only supposed to be offered for the "transition" period before the public are used to entering the PIN.

Another driver for removing this facility will be that the retailer is liable for any fraud using this facility too, as the PIN was not checked. If the PIN is used and there is fraud, then the card issuer is generally liable.

Note that if you continue bypassing the PIN, you will start getting transaction declined or referred - better to learn the PIN or change it to something you will remember.
 
Re: Logistics of chip and pin in (say) restaurants

(A) Somebody breaks into your house and finds a slip of paper with the PIN number on it, then mugs the card holder for the card and buys goods up to the credit limit?
Click to expand...
Doesn't sound very realistic to me. The card holder shouldn't write down the PIN anyway.
(B) Somebody beats you up and gets the PIN number and card from you and then buys goods to the credit card limit?
Click to expand...
If someone is going to beat you up & hold you hostage to ensure that you can't report the stolen pin/card to the Gardai and the credit card company, then unauthorised transactions are the least of your worries.
 
Let's not get carried away here ...

Last month, without C + P, a stolen credit card and a PIN would enable unlawful withdrawal from an ATM. It is no different with C + P other than the fact that now, everyone will have to remember their PIN.

Likewise, last month, if someone stole my credit card and used it for payment over the phone or 'net, they were on a winner. Just because the liability for the losses is tilting away from the banks, it does not mean that the fraudsters are going to be rubbing their hands and doubling their efforts. What do they care about the ultimate liability.

Certainly there are concerns regarding the shift in liability, but do we really think fraud will increase as a result of C + P?
 
I don't think fraud will increase as a result of Chip & PIN but I also don't think it will disappear like IPSO are claiming.

What has happened in the UK is a shift towards postal interception - criminals can see your PIN in the post & know that the card will soon follow. Article in the Financial Times on 4 October discussed this. As a result UK banks are allowing customers in certain areas to pick up their cards in branches, sending cards to work rather than home addresses and using different types of envelopes from the usual ones that any fool would know contained a PIN or credit card. Royal Mail are investigating this.

Would be very hard to prove that you never received your card or PIN when someone has been using it & no signature to verify it was/was not you. Some banks require you to telephone & give a password to activate your card.

If it comes down to your word against the bank's & T&Cs say that if PIN used it's proof that you authorised it, who do you think will win?????
 
Received new C & P credit card in the post on Monday, the PIN arrived last Friday. When I received the card, I had to ring a number provided to confirm that I have received it. Had to answer standard date of birth and mother's maiden name questions.
 
That's exactly what I mentioned in last post - card activation procedures. As far as I know only Ulster Bank, MBNA & Tesco (MBNA card) have this in place.
 
No one has answered the question I asked AIB and they couldn't or wouldn't answer which is how can a customer ever prove they weren't careless with their PIN? The bank will always be believed, not the customer.

Imogen
 
If some individuals don't like the terms & conditions of such a card agreement and their implications for card holder liability in the even of fraud (whether due to contributory negligence or not) then they are at liberty to decline to use such cards.
 
then they are at liberty to decline to use such cards.
Click to expand...

They may not be for much longer. I lived for a year without a Credit Card, it's surprisingly difficult. Pretty soon all CC's will have this feature.

That said, I have no problem with Chip And Pin, it seems like a very logical solution to me. CC's always struck me as remarkable insecure devices.

In the states recently most of the stores had electronic pads to capture your signature. So you signed with a styles rather than a pen. (Like writing on a Pal Pilot).

Some of the signatures I produced look like a 4 year old with a crayon, and bear absolutely no relation to the signature on the card. But it was accepted without question.

Remember your card comes with a sig on the back. Someone stealing your card can see the type of sig they need to mimick, and I don't think they even have to be that good.

Chip and Pin may have flaws, but it's a heck of a lot better than what we've had to date.

-Rd
 
card activation procedures. As far as I know only Ulster Bank, MBNA & Tesco (MBNA card) have this in place.
Click to expand...

Tesco (which is a Bank of Scotland - not MBNA - card) doesn't have any card activation procedures.

On a different note - has anyone noticed how slow C+P transactions are?
 
On a different note - has anyone noticed how slow C+P transactions are?

It depends on several factors including the speed of the terminal.

Next generation terminals should handle the C+P operations more quickly.
 
pin

Quote: "Your Bank or card issuer does not know your PIN. It is generated and distributed securely in an certified standards-compliant automated process. "

When I got my new chip and pin card, the pin number i received from my bank was the same pin number that I had been using on my old card - how did my Bank know this number? And if they know it and post it out to me, can I not state that I am not the only person with access to the pin and therefore not alone liable?
 
No can do. Your PIN is not the password, but rather the [broken link removed]. The password stored on the CC issuer's system is probably nothing more exotic than your CC account number. C&P devices are and will remain sluggish until 802.11b (or greater) wireless technology becomes widely available. C&P handshaking and message-passing is relatively verbose or chatty in order to handle the terminal CHAP (challenge and response authentication protocol).<!--EZCODE BR START--><!--EZCODE BR END--><!--EZCODE BR START--><!--EZCODE BR END-->HTH
 
You must log in or register to reply here.
Back
Top