Re: smart card versus credit card
From: James (jjamies_at_tiscali.co.uk)
Date: 03/08/04
- Next message: Daniel James: "Re: smart card versus credit card"
- Previous message: Jussi P.: "Re: My letter to America -- requesting my divorce papers from America"
- In reply to: Daniel James: "Re: smart card versus credit card"
- Next in thread: Daniel James: "Re: smart card versus credit card"
- Reply: Daniel James: "Re: smart card versus credit card"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 8 Mar 2004 03:30:09 -0800
Daniel James <wastebasket@nospam.aaisp.org> wrote in message news:<VA.000005b3.3ab99b41@nospam.aaisp.org>...
> In article news:<471fc78e.0403060729.78dc1029@posting.google.com>,
> James wrote:
> > Cost of implementing Chip and PIN in the UK - an estimated 1100
> > million pounds, type of fraud it will prevent, if all retailers
> > comply, (and its optional), costs around 140 million.
>
> What is the source of those figures?
Sources: Card Fraud the Facts 2003 (www.cardwatch.org.uk - Media)
>
> I haven't got any figures to hand for comparison, but my gut feeling
> is that the first figure is a little low, and the second figure is
> quite a lot low (and is a /per annum/ figure).
£1.1 billion is an estimation - not a quote and agreed the level of
fraud must be low due to card fraud going unreported.
>
> > It certainly is a NO brain -er er. Think about it, can you give
> > me one good reason for wanting a PIN with a credit card?
>
> There are two issue here. One is whether a smartcard is better than
> a magstripe card, the other is whether a card+PIN is more secure
> than a card alone. You can use a smartcard without a PIN (this is
> what is done at present with chipped payment cards like my VISA
> credit and debit smartcards) and you can use a PIN with a magstripe
> card.
Without a doubt a smart card is better than a magstrip card For smart
cards to be totally effective, every single ATM machine and point of
sale terminal not only in th UK but world-wide must be capable of
interrogating smart cards. Until that time Plastic Cards with
Magstrips and Chips will still be subject to cloning. The retailing
position is that retailers who own their own terminals and decide not
to upgrade to Chip & PIN type terminals by the end of this year will
be liable for fraud that a C&P terminal could have prevented. This
will be a commerical decision for them.
I wonder what the postion will be for a retailer or cardholder when
someone acquires a genuine card and PIN, then uses it before it is
reported lost or stolen.
You are correct, you can use a Smart Card without a PIN. A Pin opt-out
with a Chipped Card is an option but it is like pulling teeth trying
to get this information from card issuers.
>
> Chip cards are to be preferred over magstripe cards because a chip
> card cannot be copied, except with great difficulty, and because a
> chip card can be required to authenticate the terminal as part of
> the payment process. Using chip cards puts attacks using duplicate
> or spoofed cards and terminals out of the reach of the majority of
> criminals.
When terminals are in place Chips will stop the vast majority of
losses due to cloning. However non-chipped credit/debit cards used by
visitors to the UK will be suspect to cloning. Banks own savings
cards, PO account cards, banks basic account cards are not being
chipped. The last two are PIN operated only.
>
> PIN authentication is a useful security measure because it makes a
> stolen (or duplicated) card useless without the PIN. If a pickpocket
> steals your wallet and so obtains your card he will not be able to
> use it as he does not know your PIN. Both the cardholder and the
> bank are protected against this sort of theft/fraud by the use of a
> PIN.
Now we are getting to the real issue - PINs. I've binned a PIN with my
credit card for several reasons.
Shift of liability for fraud.
A route to easy money.
PIN security.
PINs would make a stolen or duplicated card useless if ALL retailers
accepted payment by PIN only, they don't, can't and probably never
will.
Crooks are already going to extreme measures to acquire PINs. Mini
cameras, bogus calls, phishing on the net and the old favourite
shoulder surfing. Banks in the UAE have upgraded their ATM terminals
to include digital CCTV. Two reasons for this are to deter theft at
ATM's and customer protection over disputed ATM transactions. Can you
see UK retailers offering this added security measure at till points?
Liability for Fraud. In all cases you are not liabile for any
transactions after you report your card lost or stolen. Assuming
someone has acquired your PIN how can you prove you didn't compromise
your PIN or in banking words were not negligent with it? At the very
least with a signature you can say - that's not my signautre nor are
my prints on the shops copy of the till receipt.
PINS are now being issued automatically with most credit cards. Until
recently an option box asking if you wanted a PIN with your credit
card appeared on most credit card application forms. This gave
cardholders the option of using their credit card to withdraw money at
cash machines. I, like millions of other declined, personal choice -
it's an expensive way of obtaining cash.
IMHO, a PIN with a credit card opens a window of opportunity for
crooks. Opportunist theives used stolen credit cards without a PIN
either in shops, where they could be challenged or to purchase goods
via the internet, mail order or by post. I am sure that it isn't
escaping the criminal fraternity that a stolen card & PIN with a
credit card gives instant access to cash to the tune of up to £500 per
day per card. Furthermore the worse that can happen to them is that
the stolen card is withheld at the cash machine. Another alternative
is for the crook to go in to a Chip and PIN shop and purchase the most
expensive item they can. If there are enough funds the sale will take
place. Chances of catching them are less than before.
ATM fraud climbed by 37% in the UK last year. (source Card Fraud the
Facts 2003).
PIN security. What PIN security. Shoulder surfing is easy, try it.
One ATM in particular is sighted beneath an esculator - overhead
surfing. Look at the new type PIN pads, you hold many of them in one
hand a enter a PIN with the other. How do you shield your PIN?
>
> Of course, there is always the possibility that a mugger or
> equivalent wrongdoer might threaten a cardholder with violence if
> the PIN were not revealed -- just as they might threaten the owner
> of a chequebook to induce them to sign a number of blank cheques --
> and in such a case I am sure the banks would advise the cardholder
> to reveal the PIN and then report the card stolen. The bank can then
> cancel the card and so prevent its use even by someone who knows the
> correct PIN. The ability to cancel a card is not available for
> value-bearing cards (electronic purses), of course, as transactions
> made with such cards are made entirely off-line. With value-bearing
> cards, though, the profit available to the thief is limited to the
> value held on the card at the time of the theft.
I can only think of three types of card:
Pre paid: (electronic purse) usually very low value, if you loose it,
hard luck.
Pay Now: (debit cards) Overall medium value, used with a PIN at ATMS
or getting cash back in shops (£50).
Pay Tomorrow: (credit cards), high value, can not be used to obtain
cash unless you have a PIN.
CHIP & PIN is designed to reduce fraud at point of sale. The banking
industry agrees that it will displace fraud to other areas, identity
theft and CNP fraud in particular.
We know and agree that CHIPs will reduce counterfeit fraud if the
proper conditions are met.
If the above is achieved and close the door on counterfeit, then the
fraudulent use of lost or stolen cards will be thee point of sale
issue.
>From the Chip and PIN website, The Norhamtpon Trial Report page 7,
they say that; "The PIN proves coustomers are who they say they are."
Sorry, but this is to say the least misleading or maybe just sPIN.
In the interest of cardholders then if you can produce a card that
can't be copied with a PHOTO & signature - No cardholder liability.
My preferred option is a Chipped card, with photo, signature and
prompt given to shop staff that the cardholder (me) authenticates my
signature with my print.
Presuming ALL terminals were chip compliant then the time taken from
reporting a card lost/stolen to block being put on that card should be
greatly reduced.
> The only people who are harmed by the use of PINs with credit cards
> are thieves, and people who can't remember their own 4-8 digit
> number.
People who are harmed by PINS are: victims of identity theft, the
numerically dyslexic, the arthiritic, the blind or partially sighted,
people with certain disabilities, people who against all advice write
down their PIN (even disguised), but most of all victims of PIN fraud
who have to prove their innocence.
Having a PIN should remain consumer choice. Try telling credit card
issuers you don't want a PIN, you will be told anything from it's
compulsory to tear it up on receipt or put a note on your application
and we won't send one (experience proves they do). You won't however
be refused a card.
Regards
James.
>
> Cheers,
> Daniel.
- Next message: Daniel James: "Re: smart card versus credit card"
- Previous message: Jussi P.: "Re: My letter to America -- requesting my divorce papers from America"
- In reply to: Daniel James: "Re: smart card versus credit card"
- Next in thread: Daniel James: "Re: smart card versus credit card"
- Reply: Daniel James: "Re: smart card versus credit card"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
