Sprinkler Systems
Uhaul move
Lawn care
Roses and trees
Ford Parts
Chrysler Parts
Lake Powell
New IPod Touch Apps
New IPhone Apps
IPhone Apps
IPad Information
IPad Apps
Android APPS
Android Games APPS
Android Systems
Android Tablets APPS and Beyond
Smartphone Apps
Smartphone Games Apps Repair and Tools
Tablet PC
Car Sharing Car Leasing
Tabler Pc
Fly Fishing
Toyota Cars
Vacation Rentals
Stock market
NYSE
SSE Stock
Freight & Shipping News
Gluten
Lactose
Gout
My Coupon Life
Campgrounds Check
Outdoor
Kitchen Design and Redoo
Bath Remodeling
Palm Springs
Las Vegas Vacation Tipps
Lake Powell Boating
Homes for lease
|
Finances / Finanzen » uk.finance » Chip & Pin Fraud
| Chip & Pin Fraud [message #385015] |
Sa, 06 Mai 2006 13:47 |
|
Teletext is reporting (with few details) that 8 people have been
arrested in connection with a 'chip & PIN' fraud ring. Is this
accurate, or are they just sensationalising and it is just a
mag-stripe cloning ring and nothing to do with Chip & PIN?
|
|
|
| Re: Chip & Pin Fraud [message #385019 ] |
Sa, 06 Mai 2006 14:08 |
|
Graham Murray wrote:
> Teletext is reporting (with few details) that 8 people have been
> arrested in connection with a 'chip & PIN' fraud ring. Is this
> accurate, or are they just sensationalising and it is just a
> mag-stripe cloning ring and nothing to do with Chip & PIN?
It is magstripe cloning - but using the C&P terminals in petrol stations to
harvest stripes and PINs.
|
|
|
| Re: Chip & Pin Fraud [message #385021 ] |
Sa, 06 Mai 2006 14:42 |
|
rob wrote:
> Graham Murray wrote:
>> Teletext is reporting (with few details) that 8 people have been
>> arrested in connection with a 'chip & PIN' fraud ring. Is this
>> accurate, or are they just sensationalising and it is just a
>> mag-stripe cloning ring and nothing to do with Chip & PIN?
>
> It is magstripe cloning - but using the C&P terminals in petrol
> stations to harvest stripes and PINs.
I posted about this a coupole of days ago - but it has not appeared. There
is a copy that then posted on google groups but it has not appeared here.
It also fails to post to uk.test - odd
|
|
|
| Re: Chip & Pin Fraud [message #385023 ] |
Sa, 06 Mai 2006 15:03 |
|
Graham,
Here's the links with more of the same, including Clarks Shoe shop at
Stanstead Airport having their chip and PIN point of sale terminals
rigged to capture card details and PINs.
http://www.itv.com/news/britain_1161192.html
Customers across the country have had their credit and debit card
details copied by fraudsters, and then money withdrawn from their
accounts.
The scam works by criminals implanting devices into chip and pin
machines which can copy a bank card's magnetic strip and record a
person's pin number.
http://www.guardian.co.uk/uklatest/story/0,,-5803656,00.html
Shell banned chip and pin in favour of traditional signatures at their
600 petrol stations to protect customers.
http://www.mirror.co.uk/news/tm_objectid=17039713&method =full&siteid=94762&headline=gang-hit-chip-and-pin-ca rds--name_page.html
Customers warned that shops can access their accounts
http://www.limerickpost.ie/dailynews.elive?id=7305&categ ory=Daily-Sat
So send back your CREDIT card PINs and ask for Chip & Signature,
prefereably a card with the cardholders photo:
|
|
|
| Re: Chip & Pin Fraud [message #385032 ] |
Sa, 06 Mai 2006 18:37 |
|
"rob" <occasionallychecked [at] hotmail.com> wrote in message
news:445c9a65$1_3 [at] mk-nntp-2.news.uk.tiscali.com...
> rob wrote:
> > Graham Murray wrote:
> >> Teletext is reporting (with few details) that 8 people have been
> >> arrested in connection with a 'chip & PIN' fraud ring. Is this
> >> accurate, or are they just sensationalising and it is just a
> >> mag-stripe cloning ring and nothing to do with Chip & PIN?
> >
> > It is magstripe cloning - but using the C&P terminals in petrol
> > stations to harvest stripes and PINs.
>
> I posted about this a coupole of days ago - but it has not appeared.
There
> is a copy that then posted on google groups but it has not appeared here.
> It also fails to post to uk.test - odd
I am quite shocked that there has not be a flood of "I told you so!!!"
Shell have switched off C&P at about 100 of their petrol stations. This
follows fraud taking place at less than 10 of them. The only one I have
heard identified is Aldershot Rd Guildford. It seems to have been taking
place in mid-March. 8 people have been arrested.
There seems to have been a gang at work who were using the C&P pads to
harvest card details and PINs. They were then creating working copies of
the card (presumably just the mag stripe). These were then used to withdraw
cash from ATMs in: North London, France, Germany, Italy, Pakistan.
Reports are unclear as to how the harvesting happened. There are
suggestions that the pads had been tampered with, but the pad company said
their pads were fine and it was the environment.
Seems to have been a sizeable operation, but how this compares with the
previous frauds that were going on before C&P I don't know.
Final para deleted as it will not post with it present.
|
|
|
| Re: Chip & Pin Fraud [message #385033 ] |
Sa, 06 Mai 2006 19:20 |
|
LOL, of all the ways peopel were syaing C+P would be hacked I bet no one
suggested that C+P terminals would be altered.
|
|
|
| Re: Chip & Pin Fraud [message #385037 ] |
Sa, 06 Mai 2006 19:55 |
|
On Sat, 06 May 2006 18:20:25 +0100, mo wrote:
> LOL, of all the ways peopel were syaing C+P would be hacked I bet no one
> suggested that C+P terminals would be altered.
Well, probably lots of us thought of it, but we were assured by the card
industry that the terminals were to be tamper-proof/tamper-evident. With
that in mind, most of us moved on to other, more likely threat scenarios.
Best Regards,
Alex.
--
Alex Butcher Renew for Freedom! Renew your passport in May 2006 and
Bristol, UK resist compulsory UK ID Cards and National ID Database
PGP/GnuPG ID:0x5010dbff <http://www.renewforfreedom.org>
|
|
|
| Re: Chip & Pin Fraud [message #385043 ] |
Sa, 06 Mai 2006 22:26 |
|
"rob" <occasionallychecked [at] hotmail.com> wrote in news:445cd1b3$1_3 [at] mk-nntp-
2.news.uk.tiscali.com:
> I am quite shocked that there has not be a flood of "I told you so!!!"
Quoting a Daily Mail article:
The association's spokeswoman Sandra Quinn said: "They have used an old
style skimming device. They are skimming the card, copying the magnetic
details - there is no new fraud here.
Er... I hate to mention this but this fraud is made possible entirely
because of Chip and PIN. Were it not for the cardholder being forced to
disclose their PIN to the terminal, all the scammers would have got was an
imprint of the magnetic strips - and would have needed to obtain the PIN by
other means.
Chip and PIN effectively moves liability for fraud from the banks to the
retailers and cardholders. IMO, that's why they're pushing so hard for it
and being so unreasonable to anyone who requests a chip and signature card.
--
Geoff
|
|
|
| Re: Chip & Pin Fraud [message #385047 ] |
Sa, 06 Mai 2006 22:34 |
|
Bitstring <pan.2006.05.06.17.55.08.189359 [at] assursys.co.uk>, from the
wonderful person Alex Butcher <alex.butcher.news0306 [at] assursys.co.uk>
said
>On Sat, 06 May 2006 18:20:25 +0100, mo wrote:
>
>> LOL, of all the ways peopel were syaing C+P would be hacked I bet no one
>> suggested that C+P terminals would be altered.
>
>Well, probably lots of us thought of it, but we were assured by the card
>industry that the terminals were to be tamper-proof/tamper-evident. With
>that in mind, most of us moved on to other, more likely threat scenarios.
To get the PIN all it needs is an appropriately positioned camera in
most cases, however hacking the terminal isn't going to be that hard - a
simple duplicate keypad mechanically coupled to the real one, with extra
pressure sensors, would likely not be detected and wouldn't even break
the seal on the terminal.
Which is why I decline to use anything which can use the same card & PIN
to withdraw cash from a hole in the wall machine.
--
GSV Three Minds in a Can
Google may be your friend, but groups.google.com posters definitely aren't.
|
|
|
| Re: Chip & Pin Fraud [message #385048 ] |
Sa, 06 Mai 2006 23:07 |
|
mo wrote:
> LOL, of all the ways peopel were syaing C+P would be hacked I bet no
> one suggested that C+P terminals would be altered.
ISTR that it was suggested here but it was thought to have too many
problems. ie too easy to identify who was involved at the shop.
It was also pointed out that making a copy of the mag stripe is pointless
because even with the PIN it wont work in an ATM as they are all C&P now.
But it did happen in this case.
And it was suggested that because of the changes to ATMs making them all C&P
the mag stripe details could be exported to other countries. This again was
said to not be worth it. Except in this case...
HOWEVER the question remains as to how extensive this type of fraud will
turn out to be in the long run and how this compares to the methods that
have been stopped by C&P. It sounds like they got away with £1M in this
case. Is that worth the cost? I don't know the bottom line for organised
crime multinationals but it sounds quite small.
|
|
|
| Re: Chip & Pin Fraud [message #385054 ] |
Sa, 06 Mai 2006 23:58 |
|
Geoff Lane <geoff [at] nospam.gjctech.co.uk> writes:
> The association's spokeswoman Sandra Quinn said: "They have used an old
> style skimming device. They are skimming the card, copying the magnetic
> details - there is no new fraud here.
So maybe the specification for card chip readers needs to be changed
to mandate that
1) The customer has to insert their card into the reader, and not hand
it to the salesperson.
AND
2) That the card only be entered far enough to read the chip (which is
close to the edge of the card) and specifically that the card must
not be inserted far enough to enable the magnetic stripe to be
read.
Also, that retailers not be allowed to swipe the magnetic stripe
(neither before or after insertion into the chip reader) during a
transaction where the customer enters a pin.
|
|
|
| Re: Chip & Pin Fraud [message #385056 ] |
So, 07 Mai 2006 00:06 |
|
"rob" <occasionallychecked [at] hotmail.com> wrote in message
news:445c9a65$1_3 [at] mk-nntp-2.news.uk.tiscali.com...
> rob wrote:
>> Graham Murray wrote:
>>> Teletext is reporting (with few details) that 8 people have been
>>> arrested in connection with a 'chip & PIN' fraud ring. Is this
>>> accurate, or are they just sensationalising and it is just a
>>> mag-stripe cloning ring and nothing to do with Chip & PIN?
>>
>> It is magstripe cloning - but using the C&P terminals in petrol
>> stations to harvest stripes and PINs.
>
> I posted about this a coupole of days ago - but it has not appeared.
> There
> is a copy that then posted on google groups but it has not appeared here.
> It also fails to post to uk.test - odd
>
It did appear. Dont know why you cant see it but the problem must be at your
end.
--
Tumbleweed
email replies not necessary but to contact use;
tumbleweednews at hotmail dot com
|
|
|
| Re: Chip & Pin Fraud [message #385057 ] |
So, 07 Mai 2006 00:08 |
|
"Graham Murray" <newspost [at] gmurray.org.uk> wrote in message
news:878xpex1bm.fsf [at] newton.gmurray.org.uk...
> Geoff Lane <geoff [at] nospam.gjctech.co.uk> writes:
>
>> The association's spokeswoman Sandra Quinn said: "They have used an old
>> style skimming device. They are skimming the card, copying the magnetic
>> details - there is no new fraud here.
>
> So maybe the specification for card chip readers needs to be changed
> to mandate that
>
> 1) The customer has to insert their card into the reader, and not hand
> it to the salesperson.
>
> AND
>
> 2) That the card only be entered far enough to read the chip (which is
> close to the edge of the card) and specifically that the card must
> not be inserted far enough to enable the magnetic stripe to be
> read.
>
>
> Also, that retailers not be allowed to swipe the magnetic stripe
> (neither before or after insertion into the chip reader) during a
> transaction where the customer enters a pin.
AFAIK thats not the issue, according to other posters here the magstripe can
be constructed from the basic facts about the card, eg no, expiry date, etc
so not swiping it woudnt help if the basic data is captured anyway.
--
Tumbleweed
email replies not necessary but to contact use;
tumbleweednews at hotmail dot com
|
|
|
| Re: Chip & Pin Fraud [message #385061 ] |
So, 07 Mai 2006 00:55 |
|
Graham Murray <newspost [at] gmurray.org.uk> wrote in
news:878xpex1bm.fsf [at] newton.gmurray.org.uk:
>> The association's spokeswoman Sandra Quinn said: "They have used an
>> old style skimming device. They are skimming the card, copying the
>> magnetic details - there is no new fraud here.
>
> So maybe the specification for card chip readers needs to be changed
> to mandate that
>
> 1) The customer has to insert their card into the reader, and not hand
> it to the salesperson.
>
> AND
>
> 2) That the card only be entered far enough to read the chip (which is
> close to the edge of the card) and specifically that the card must
> not be inserted far enough to enable the magnetic stripe to be
> read.
>
>
> Also, that retailers not be allowed to swipe the magnetic stripe
> (neither before or after insertion into the chip reader) during a
> transaction where the customer enters a pin.
As I wrote, the fraud was possible only because of Chip and PIN. Thus,
Chip and PIN is less secure than the signature system in this case.
One of the big issues that I have with Chip and PIN is that there is no
standard reader. Each retailer must obtain their own reader - so you,
the customer, can't tell whether the device to which you've just
disclosed your PIN is kosher or something a scammer has knocked up to
defraud you.
What is clear is that the terms and conditions of your account have
changed with Chip and PIN. Any disclosure of your PIN is deemed to be
unauthorised even if fraud is involved - and thus the responsibility for
losses falls on you, the customer. Today's Daily Mail report cites one
customer defauded of over £1,300 who can prove they were not present
when purchases were made on their acount in Paris. The customer reported
the fraud weeks ago yet still is unsure whether she will be reimbursed -
and this is a high-profile case where the bank knows that the media are
involved. So what hope has your average person-in-the-street who falls
victim to such a scam!
On a related note, when Chip and PIN was first announced, Sandra Quinn
said that anyone who had difficulty remembering their PIN would be
provided with a Chip and Signature (PIN-suppressed) card. However, she
lied because the banks won't accept not being able to remember your PIN
as a valid reason for issuing a Chip and Signature card (at least, my
bank won't).
FWIW, I fall into the "can't remember" category with one of my cards
because, except for cardholder not present transactions, I only use it
for fuel. Most of the service stations at which I use that card don't use
Chip and PIN - so I only actually need my PIN once every couple of
months. I have over a dozen of these four-digit numbers to remember, so
can't remember the least used and have had the embarrassment of filling
up with over sixty quid's worth of diesel, handing over my card, and then
realising I couldn't remember the PIN. So far, the banks "most helpful"
suggestion has been to use the same PIN for all my cards, my mobile
phones, and door access - which has to be a huge security no-no. The same
"helpful" person suggested writing down my PINs - which is something else
I refuse to do on security grounds.
I just wish there was an alternative!
--
Geoff
|
|
|
| Re: Chip & Pin Fraud [message #385065 ] |
So, 07 Mai 2006 01:24 |
|
"Geoff Lane" <geoff [at] nospam.gjctech.co.uk> wrote in message
news:Xns97BBF34DB4FA2gjctcswxnsrt [at] 84.92.1.10...
>
> One of the big issues that I have with Chip and PIN is that there is no
> standard reader. Each retailer must obtain their own reader - so you,
> the customer, can't tell whether the device to which you've just
> disclosed your PIN is kosher or something a scammer has knocked up to
> defraud you.
Would that help? Suppose they all were identical? Whats to stop someone
making a device that looked exactly like the standard one? Use it on a
transaction every so often (so it would be difficult to tell that a
particular shop was the origination of these readings), it would 'fail'
because it wasnt real but it did capture the PIN, then swap to a real one,
customer goes away suspecting nothing but they would then have captured the
card details (enough to build a magstripe) and your PIN, xmit the details
to someone in another country who builds a magstripe and the cash gets
withdrawn just a few minutes later.
Hmm, this is kind of scary, I cant see what would stop this at all.
The issue is the magstripe. Perhaps we need one card for UK transactions and
another for foreign ones, because magstripe on foreign readers isnt going
away for a very long time?
> realising I couldn't remember the PIN. So far, the banks "most helpful"
> suggestion has been to use the same PIN for all my cards, my mobile
> phones, and door access - which has to be a huge security no-no.
Not only that I've heard them say (on the radio) that you shouldnt do it!
>The same
> "helpful" person suggested writing down my PINs - which is something else
> I refuse to do on security grounds.
>
Holy shit what crap advice!
There is an answer to remembering PINS though for as many cards as you want.
Think of 4 numbers which you will be able to remember, because its going to
be the same for all your cards. Lets say they are 7,3, 1, 8. Then change the
PIN on each card to the 7th, 3rd, 1st, and 8th digits of that card. Each PIN
will be different, but you only need remember one number for all.
--
Tumbleweed
email replies not necessary but to contact use;
tumbleweednews at hotmail dot com
|
|
|
| Re: Chip & Pin Fraud [message #385066 ] |
So, 07 Mai 2006 01:53 |
|
"Tumbleweed" <thisaccountneverread [at] yahoo.com> wrote in
news:4c4paoF13l47hU1 [at] individual.net:
> ... but they would then have captured the
> card details (enough to build a magstripe) and your PIN, xmit the
> details to someone in another country who builds a magstripe and the
> cash gets withdrawn just a few minutes later.
>
> Hmm, this is kind of scary, I cant see what would stop this at all.
One way to stop all this would be to have two PINs per card. One for use
with the chip, and one for use with the magstripe. IOW, you use a
different PIN for the ATM than you do for retail transactions. That way,
capturing your retail PIN and skimming the magstripe wouldn't give the
scammers enough to withdraw on your account. However, for people like me
who have difficulty remembering little-used PINs, there'd be twice as
many PINs to remember.
> There is an answer to remembering PINS though for as many cards as you
> want. Think of 4 numbers which you will be able to remember, because
> its going to be the same for all your cards. Lets say they are 7,3, 1,
> 8. Then change the PIN on each card to the 7th, 3rd, 1st, and 8th
> digits of that card. Each PIN will be different, but you only need
> remember one number for all.
Now that's a lateral way out that might just work, but if enough use that
technique it will be almost as insecure as PIN-sharing. Of course, there
is another gotcha because, although you can remember the "key", you won't
be able to access the PIN once you've presented your card because it will
be in the reader with the number obscured! Even if it works for cards,
your suggestion doesn't help with mobile phone PINs, door access codes,
etc. In my case, I suffer with "PIN overload" -- I just have too many
four-digit numbers to remember and so the least-used are forgotten.
With all that said, there is a basic flaw with Chip and PIN. From the
bank's point of view, the same four digits are just as valid no matter
whether or not they're entered fraudulently, which puts the onus on you
to prove that you didn't either make the transaction or unauthorisedly
disclose your PIN. Now, if we had Chip and biometric cards (thumbprint,
iris scan, etc.) ...
--
Geoff
|
|
|
| Re: Chip & Pin Fraud [message #385067 ] |
So, 07 Mai 2006 01:56 |
|
"Tumbleweed" <thisaccountneverread [at] yahoo.com> wrote in message
news:4c4paoF13l47hU1 [at] individual.net...
>
> "Geoff Lane" <geoff [at] nospam.gjctech.co.uk> wrote in message
> news:Xns97BBF34DB4FA2gjctcswxnsrt [at] 84.92.1.10...
>
>>
>> One of the big issues that I have with Chip and PIN is that there is no
>> standard reader. Each retailer must obtain their own reader - so you,
>> the customer, can't tell whether the device to which you've just
>> disclosed your PIN is kosher or something a scammer has knocked up to
>> defraud you.
>
> Would that help? Suppose they all were identical? Whats to stop someone
> making a device that looked exactly like the standard one? Use it on a
> transaction every so often (so it would be difficult to tell that a
> particular shop was the origination of these readings), it would 'fail'
> because it wasnt real but it did capture the PIN, then swap to a real one,
> customer goes away suspecting nothing but they would then have captured
> the card details (enough to build a magstripe) and your PIN, xmit the
> details to someone in another country who builds a magstripe and the cash
> gets withdrawn just a few minutes later.
>
> Hmm, this is kind of scary, I cant see what would stop this at all.
>
> The issue is the magstripe. Perhaps we need one card for UK transactions
> and another for foreign ones, because magstripe on foreign readers isnt
> going away for a very long time?
>
>> realising I couldn't remember the PIN. So far, the banks "most helpful"
>> suggestion has been to use the same PIN for all my cards, my mobile
>> phones, and door access - which has to be a huge security no-no.
>
> Not only that I've heard them say (on the radio) that you shouldnt do it!
>
>>The same
>> "helpful" person suggested writing down my PINs - which is something else
>> I refuse to do on security grounds.
>>
>
> Holy shit what crap advice!
>
> There is an answer to remembering PINS though for as many cards as you
> want. Think of 4 numbers which you will be able to remember, because its
> going to be the same for all your cards. Lets say they are 7,3, 1, 8. Then
> change the PIN on each card to the 7th, 3rd, 1st, and 8th digits of that
> card. Each PIN will be different, but you only need remember one number
> for all.
>
> --
> Tumbleweed
>
> email replies not necessary but to contact use;
> tumbleweednews at hotmail dot com
Chequebook and pen using the debit card as a cheque guarantee card?
>
>
|
|
|
| Re: Chip & Pin Fraud [message #385072 ] |
So, 07 Mai 2006 08:18 |
|
Graham Murray wrote:
> So maybe the specification for card chip readers needs to be changed
> to mandate that
>
> 1) The customer has to insert their card into the reader, and not hand
> it to the salesperson.
>
> AND
>
> 2) That the card only be entered far enough to read the chip (which is
> close to the edge of the card) and specifically that the card must
> not be inserted far enough to enable the magnetic stripe to be
> read.
Point 2 is the issue with this case. It was a Shell petrol station, and
they use PIN pads where the customer pushes the card right in - there is a
built in mag-strip reader. The system is then smart enough to cope with
C&P, C&S, or Mag-stripe only cards and give the correct instructions to the
operator. As I mentioned some months ago, this means that if you have a
signature card the operator never even touches your card, let alone looks to
compare the sig!
|
|
|
| Re: Chip & Pin Fraud [message #385073 ] |
So, 07 Mai 2006 08:26 |
|
Tumbleweed wrote:
>> I posted about this a coupole of days ago - but it has not appeared.
>> There
>> is a copy that then posted on google groups but it has not appeared
>> here. It also fails to post to uk.test - odd
>>
>
> It did appear. Dont know why you cant see it but the problem must be
> at your end.
Odd. I had a line on the end about where I had got my info and this seems
to be the problem. I can only assume that Tiscali use a badly configured
content filter.
|
|
|
| Re: Chip & Pin Fraud [message #385075 ] |
So, 07 Mai 2006 08:46 |
|
It was also pointed out that making a copy of the mag stripe is
pointless
because even with the PIN it wont work in an ATM as they are all C&P
now.
But it did happen in this case.
Rob you maybe surprised to learn that an ITV London programme titled
The Truth Behind Chip & PIN highlighted Chips being tampered with and
ATMs falling back to the read magstrip. In addition the vast majority
of UK cashpoints, bank and indpendant are not what you suggest.
However the industry is working with manufacturers to make ATMs
tamper-proof. I wonder if they'll do the same with point of sale
terminals - difficult as so many different types and design are already
in operation.
Chip & Signature makes sense. Chip & Signature with the cardholders
photo even more sense. But whose worried about the cardholder?
|
|
|
| Re: Chip & Pin Fraud [message #385081 ] |
So, 07 Mai 2006 09:16 |
|
"Tumbleweed" <thisaccountneverread [at] yahoo.com> writes:
> AFAIK thats not the issue, according to other posters here the magstripe can
> be constructed from the basic facts about the card, eg no, expiry date, etc
> so not swiping it woudnt help if the basic data is captured anyway.
In which case the suggestion that the card remain in the cardholder's
possession, not being given to the sales person, could solve the
problem. This would also require that the till/card terminal not
display the card number, expiry date etc to the store. There should be
no need for the store staff to know this, all they need to know is
that the terminal has authorised the transaction. The card information
is (or I sincerely hope it is) encrypted when the terminal sends
(either at the time of the transaction or later as part of a batch
update) the transaction information to the bank. So (IMHO) should also
be encrypted when stored on the terminal, either for later
transmission or as part of the audit log. I can think of no reason
why the store personnel should need to see the card numbers on the
audit log.
|
|
|
| Re: Chip & Pin Fraud [message #385082 ] |
So, 07 Mai 2006 10:12 |
|
mo wrote:
> LOL, of all the ways peopel were syaing C+P would be hacked I bet no one
> suggested that C+P terminals would be altered.
Actually I wrote to Barclaycard and Co-Op Visa pointing out this
possibility early last year and demanding that the cash advance facility
be removed from both cards. Barclaycard did remove it - Co-op refused
and told in in writing that there was nothing to worry about.
|
|
|
| Re: Chip & Pin Fraud [message #385083 ] |
So, 07 Mai 2006 10:13 |
|
"Eric Jones" <ejones999 [at] btinternet.com> wrote in
news:aZqdnUKUiKBqqsDZRVnygg [at] bt.com:
> Chequebook and pen using the debit card as a cheque guarantee card?
Except for "cardholder not present" transactions, I only use my card at
filling stations. Most, if not all, of the filling stations that I use no
longer accept cheques so, for me, that is not an option.
--
Geoff
|
|
|
| Re: Chip & Pin Fraud [message #385085 ] |
So, 07 Mai 2006 10:22 |
|
On Sat, 06 May 2006 21:34:49 +0100, GSV Three Minds in a Can wrote:
> Bitstring <pan.2006.05.06.17.55.08.189359 [at] assursys.co.uk>, from the
> wonderful person Alex Butcher <alex.butcher.news0306 [at] assursys.co.uk> said
>>On Sat, 06 May 2006 18:20:25 +0100, mo wrote:
>>
>>> LOL, of all the ways peopel were syaing C+P would be hacked I bet no
>>> one suggested that C+P terminals would be altered.
>>
>>Well, probably lots of us thought of it, but we were assured by the card
>>industry that the terminals were to be tamper-proof/tamper-evident. With
>>that in mind, most of us moved on to other, more likely threat scenarios.
>
> To get the PIN all it needs is an appropriately positioned camera in most
> cases, however hacking the terminal isn't going to be that hard - a simple
> duplicate keypad mechanically coupled to the real one, with extra pressure
> sensors, would likely not be detected and wouldn't even break the seal on
> the terminal.
One wouldn't even need a camera, given how carelessly most people enter
their PINs - they're usually quite easy to 'shoulder surf' (observe from
behind whilst stood in the queue). With that in mind, even the duplicate
keypads seem like too much trouble. Still, I suppose if you want to rip
off PINs en masse, that's the way to go...
> Which is why I decline to use anything which can use the same card & PIN
> to withdraw cash from a hole in the wall machine.
Same here. All my cards are C & Signature.
Best Regards,
Alex.
--
Alex Butcher Renew for Freedom! Renew your passport in May 2006 and
Bristol, UK resist compulsory UK ID Cards and National ID Database
PGP/GnuPG ID:0x5010dbff <http://www.renewforfreedom.org>
|
|
|
| Re: Chip & Pin Fraud [message #385086 ] |
So, 07 Mai 2006 10:23 |
|
On Sun, 07 May 2006 09:12:13 +0100, Colin Forrester wrote:
> mo wrote:
>> LOL, of all the ways peopel were syaing C+P would be hacked I bet no one
>> suggested that C+P terminals would be altered.
>
> Actually I wrote to Barclaycard and Co-Op Visa pointing out this
> possibility early last year and demanding that the cash advance facility
> be removed from both cards. Barclaycard did remove it - Co-op refused and
> told in in writing that there was nothing to worry about.
Yup, Barclaycard asked if it was OK to remove the cash advance facility
from their card when I had them send me a Chip and Signature card. Odd,
really, when you consider that you can't sign to make an ATM withdrawal.
Oh well...
Best Regards,
Alex.
--
Alex Butcher Renew for Freedom! Renew your passport in May 2006 and
Bristol, UK resist compulsory UK ID Cards and National ID Database
PGP/GnuPG ID:0x5010dbff <http://www.renewforfreedom.org>
|
|
|
| Re: Chip & Pin Fraud [message #385087 ] |
So, 07 Mai 2006 10:31 |
|
On Sat, 06 May 2006 23:53:47 +0000, Geoff Lane wrote:
> Now, if we had Chip and biometric cards (thumbprint,
> iris scan, etc.) ...
In any widely-deployed system, biometrics take on the properties of names,
rather than passwords, because there are so many valid biometrics and they
are casually left everywhere (e.g. on the last pint glass or door
handle you used).
<http://www.schneier.com/crypto-gram-0205.html#5>
Best Regards,
Alex.
--
Alex Butcher Renew for Freedom! Renew your passport in May 2006 and
Bristol, UK resist compulsory UK ID Cards and National ID Database
PGP/GnuPG ID:0x5010dbff <http://www.renewforfreedom.org>
|
|
|
| Re: Chip & Pin Fraud [message #385090 ] |
So, 07 Mai 2006 11:36 |
|
At 21:26:49 on 06/05/2006, Geoff Lane delighted uk.finance by announcing:
> Chip and PIN effectively moves liability for fraud from the banks to the
> retailers and cardholders.
No, it doesn't.
|
|
|
| Re: Chip & Pin Fraud [message #385091 ] |
So, 07 Mai 2006 11:38 |
|
At 08:16:13 on 07/05/2006, Graham Murray delighted uk.finance by announcing:
> "Tumbleweed" <thisaccountneverread [at] yahoo.com> writes:
>
> > AFAIK thats not the issue, according to other posters here the magstripe
> > can be constructed from the basic facts about the card, eg no, expiry date,
> > etc so not swiping it woudnt help if the basic data is captured anyway.
>
> In which case the suggestion that the card remain in the cardholder's
> possession, not being given to the sales person, could solve the
> problem. This would also require that the till/card terminal not
> display the card number, expiry date etc to the store. There should be
> no need for the store staff to know this, all they need to know is
> that the terminal has authorised the transaction. The card information
> is (or I sincerely hope it is) encrypted when the terminal sends
> (either at the time of the transaction or later as part of a batch
> update) the transaction information to the bank.
It isn't, no.
|
|
|
| Re: Chip & Pin Fraud [message #385097 ] |
So, 07 Mai 2006 12:53 |
|
"Alex" <no.spam [at] mail.com> wrote in
news:xn0elxxg32glkny006 [at] news.individual.net:
>> Chip and PIN effectively moves liability for fraud from the banks to
>> the retailers and cardholders.
>
> No, it doesn't.
In best pantomime fashion, Oh yes it does!
Before Chip and PIN, you could challenge a forged signature; if it wasn't
your signature you weren't liable. If someone stole your card and used it
fraudulently, you were not liable even for transactions that happened
before you discovered your card was missing and informed the bank. If the
forgery was reasonably accurate, the bank was liable.
With Chip and PIN came a change in your terms and conditions - you must not
disclose your PIN to anyone. If a fraudster knows your PIN it must have
been unauthorisedly disclosed to the fraudster (even if the PIN was
obtained fraudulently). Any transaction authorised via PIN is deemed to be
valid. So if a fraudster obtains your PIN and steals your card (e.g. by
shoulder surfing or with a rigged terminal) *you* are liable for all
transactions up to the point where you notify the bank of the issue and the
card is stopped. The changes in terms and conditions also makes the
retailer liable for the fraudulent use of your card where Chip and PIN
could have prevented that fraud. So:
1. The card is used with the fraudulently obtained PIN; or
2. The card is used with a forged signature:
In the first case, you are deemed to have unauthorisedly disclosed the PIN
and are held liable. In the second case, the bank deems that Chip and PIN
could have prevented the fraud and the retailer is held liable.
In either case, the bank is not liable where under the old system there it
is highly probably they would have been. Thus Chip and PIN has moved
liability from the banks to the retailers and cardholders.
--
Geoff
|
|
|
| Re: Chip & Pin Fraud [message #385101 ] |
So, 07 Mai 2006 13:33 |
|
At 11:53:31 on 07/05/2006, Geoff Lane delighted uk.finance by announcing:
> "Alex" <no.spam [at] mail.com> wrote in
> news:xn0elxxg32glkny006 [at] news.individual.net:
>
> >> Chip and PIN effectively moves liability for fraud from the banks to
> >> the retailers and cardholders.
> >
> > No, it doesn't.
>
> In best pantomime fashion, Oh yes it does!
>
> Before Chip and PIN, you could challenge a forged signature; if it wasn't
> your signature you weren't liable. If someone stole your card and used it
> fraudulently, you were not liable even for transactions that happened
> before you discovered your card was missing and informed the bank. If the
> forgery was reasonably accurate, the bank was liable.
That depends entirely on the procedures followed. Any of the retailer,
retailer's (acquiring) bank or cardholder's (issuing) bank could be liable.
> With Chip and PIN came a change in your terms and conditions - you must not
> disclose your PIN to anyone.
I've had that in my Ts&Cs for years.
> If a fraudster knows your PIN it must have
> been unauthorisedly disclosed to the fraudster (even if the PIN was
> obtained fraudulently). Any transaction authorised via PIN is deemed to be
> valid. So if a fraudster obtains your PIN and steals your card (e.g. by
> shoulder surfing or with a rigged terminal) you are liable for all
> transactions up to the point where you notify the bank of the issue and the
> card is stopped. The changes in terms and conditions also makes the
> retailer liable for the fraudulent use of your card where Chip and PIN
> could have prevented that fraud.
Correct. The retailer is liable *if they don't use EMV*. In the same way the
acquiring and issuing banks are liable *if they don't use EMV*. This is a
VISA/Mastercard mandate and card schemes must follow this if they want the
relevant logo on their card and the acceptance levels that go along with it.
> So:
>
> 1. The card is used with the fraudulently obtained PIN; or
> 2. The card is used with a forged signature:
>
> In the first case, you are deemed to have unauthorisedly disclosed the PIN
> and are held liable.
Nearly 18 months after its introduction, I'm still waiting for news that this
has actually happened; i.e. the cardholder has ultimately been held liable for
a fraudulent transaction they were not complicit in.
> In the second case, the bank deems that Chip and PIN
> could have prevented the fraud and the retailer is held liable.
Correct. If the retailer does not have EMV capability, or they bypassed that
capability, then they will be held liable. Otherwise, they won't.
> In either case, the bank is not liable
Oh yes they are! In the first case they are liable if the cardholder was not
complicit in the fraud. In the second case they (the issuing bank) are liable
if the card is not EMV capable.
> where under the old system there it
> is highly probably they would have been. Thus Chip and PIN has moved
> liability from the banks to the retailers and cardholders.
If your claims above were valid, then you'd be right. Since they're not,
you're not.
|
|
|
| Re: Chip & Pin Fraud [message #385104 ] |
So, 07 Mai 2006 14:13 |
|
"Alex" <no.spam [at] mail.com> wrote in
news:xn0ely0ib2krfa700f [at] news.individual.net:
>> So:
>>
>> 1. The card is used with the fraudulently obtained PIN; or
>> 2. The card is used with a forged signature:
>>
>> In the first case, you are deemed to have unauthorisedly disclosed
>> the PIN and are held liable.
>
> Nearly 18 months after its introduction, I'm still waiting for news
> that this has actually happened; i.e. the cardholder has ultimately
> been held liable for a fraudulent transaction they were not complicit
> in.
It has happened in the case that sparked off this thread. According to
the Daily Mail, Mary Adkins lost £1,300 and the bank is still wriggling
more than a month later even though the bank knows the media is involved.
Now what about the fraudulent transactions that the bank has deemed were
not fraud? With Chip and PIN, the onus is on you to prove that fraud
occurred - and that's something you can't easily do. (Don't forget that
banks have a history for denying liability in the case of phantom ATM
withdrawals.) There is thus an implicit shift of liability.
>
>> In the second case, the bank deems that Chip and PIN
>> could have prevented the fraud and the retailer is held liable.
>
> Correct. If the retailer does not have EMV capability, or they
> bypassed that capability, then they will be held liable. Otherwise,
> they won't.
>
>> In either case, the bank is not liable
>
> Oh yes they are! In the first case they are liable if the cardholder
> was not complicit in the fraud. In the second case they (the issuing
> bank) are liable if the card is not EMV capable.
In the first case, the bank are only liable if the cardholder can prove
that fraud has occurred and that they were not complicit in that fraud.
Prior to you informing your bank that you are not in possession of your
card, you are liable for all transactions authorised by PIN. This is a
world apart from the situation before Chip and PIN where the bank had to
show the signature was valid. There is thus an implicit shift of
liability.
In the second case, as you say, the bank is liable if the card is not EMV
capable. Presumably, the bank is not if the card is EMV capable. Thus, by
your own statement, there is a shift of liability.
>
>> where under the old system there it
>> is highly probably they would have been. Thus Chip and PIN has moved
>> liability from the banks to the retailers and cardholders.
>
> If your claims above were valid, then you'd be right. Since they're
> not, you're not.
>
There is an implicit shift in liability - period. My claims only echo the
concerns expressed by Prof. Ross Anderson et al. Here are some references
that better explain:
http://www.saynotochipandpin.co.uk/
http://www.cl.cam.ac.uk/users/sjm217/papers/cl05chipandspin. pdf
--
Geoff
|
|
|
| Re: Chip & Pin Fraud [message #385109 ] |
So, 07 Mai 2006 16:23 |
|
At 13:13:15 on 07/05/2006, Geoff Lane delighted uk.finance by announcing:
> "Alex" <no.spam [at] mail.com> wrote in
> news:xn0ely0ib2krfa700f [at] news.individual.net:
>
> >> So:
> >>
> >> 1. The card is used with the fraudulently obtained PIN; or
> >> 2. The card is used with a forged signature:
> >>
> >> In the first case, you are deemed to have unauthorisedly disclosed
> >> the PIN and are held liable.
> >
> > Nearly 18 months after its introduction, I'm still waiting for news
> > that this has actually happened; i.e. the cardholder has ultimately
> > been held liable for a fraudulent transaction they were not complicit
> > in.
>
> It has happened in the case that sparked off this thread. According to
> the Daily Mail, Mary Adkins lost £1,300 and the bank is still wriggling
> more than a month later even though the bank knows the media is involved.
Then it's not ultimate is it? Banks dragging their heels has been going on as
long as banks have been around. Whether they like it or not, they're still
subject to the law.
> Now what about the fraudulent transactions that the bank has deemed were
> not fraud? With Chip and PIN, the onus is on you to prove that fraud
> occurred
No, it isn't. If the customer holds out, they will eventually have to go to
court where the burden of proof will be on the bank. Has any case made it to
court yet?
> - and that's something you can't easily do. (Don't forget that
> banks have a history for denying liability in the case of phantom ATM
> withdrawals.) There is thus an implicit shift of liability.
>
> >
> >> In the second case, the bank deems that Chip and PIN
> >> could have prevented the fraud and the retailer is held liable.
> >
> > Correct. If the retailer does not have EMV capability, or they
> > bypassed that capability, then they will be held liable. Otherwise,
> > they won't.
> >
> >> In either case, the bank is not liable
> >
> > Oh yes they are! In the first case they are liable if the cardholder
> > was not complicit in the fraud. In the second case they (the issuing
> > bank) are liable if the card is not EMV capable.
>
> In the first case, the bank are only liable if the cardholder can prove
> that fraud has occurred and that they were not complicit in that fraud.
The cardholder has to prove nothing. It is for the bank to prove that the
customer performed the transaction.
> Prior to you informing your bank that you are not in possession of your
> card, you are liable for all transactions authorised by PIN.
Yes. This is, and has always been, the case for lost/stolen cards. We are not
discussing that.
> This is a
> world apart from the situation before Chip and PIN where the bank had to
> show the signature was valid. There is thus an implicit shift of
> liability.
>
> In the second case, as you say, the bank is liable if the card is not EMV
> capable. Presumably, the bank is not if the card is EMV capable. Thus, by
> your own statement, there is a shift of liability.
If the card is EMV capable and an EMV transaction has taken place then it is
virtually guaranteed that it is the original card. In which case, the customer
must inform the bank if the card was lost or stolen; there is no change here.
If the card has been reported then the liability rests with whoever authorised
the transaction; again there's no real change.
> >> where under the old system there it
> >> is highly probably they would have been. Thus Chip and PIN has moved
> >> liability from the banks to the retailers and cardholders.
> >
> > If your claims above were valid, then you'd be right. Since they're
> > not, you're not.
> >
>
> There is an implicit shift in liability - period.
Until the courts have ruled against the cardholder I have no concerns over my
personal liability.
|
|
|
| Re: Chip & Pin Fraud [message #385117 ] |
So, 07 Mai 2006 18:40 |
|
Another way to stop it would be to wipe/destroy the mag strip on the back of
your card. This way the chip will still work but if anyone tries to skim the
card they get nothing, as long as the card doesn't leave your sight I doubt
most people will sit there writing down the card details ;).
"Geoff Lane" <geoff [at] nospam.gjctech.co.uk> wrote in message
news:Xns97BC91EC4430gjctcswxnsrt [at] 84.92.1.10...
> "Tumbleweed" <thisaccountneverread [at] yahoo.com> wrote in
> news:4c4paoF13l47hU1 [at] individual.net:
>
>> ... but they would then have captured the
>> card details (enough to build a magstripe) and your PIN, xmit the
>> details to someone in another country who builds a magstripe and the
>> cash gets withdrawn just a few minutes later.
>>
>> Hmm, this is kind of scary, I cant see what would stop this at all.
>
> One way to stop all this would be to have two PINs per card. One for use
> with the chip, and one for use with the magstripe. IOW, you use a
> different PIN for the ATM than you do for retail transactions. That way,
> capturing your retail PIN and skimming the magstripe wouldn't give the
> scammers enough to withdraw on your account. However, for people like me
> who have difficulty remembering little-used PINs, there'd be twice as
> many PINs to remember.
>
>> There is an answer to remembering PINS though for as many cards as you
>> want. Think of 4 numbers which you will be able to remember, because
>> its going to be the same for all your cards. Lets say they are 7,3, 1,
>> 8. Then change the PIN on each card to the 7th, 3rd, 1st, and 8th
>> digits of that card. Each PIN will be different, but you only need
>> remember one number for all.
>
> Now that's a lateral way out that might just work, but if enough use that
> technique it will be almost as insecure as PIN-sharing. Of course, there
> is another gotcha because, although you can remember the "key", you won't
> be able to access the PIN once you've presented your card because it will
> be in the reader with the number obscured! Even if it works for cards,
> your suggestion doesn't help with mobile phone PINs, door access codes,
> etc. In my case, I suffer with "PIN overload" -- I just have too many
> four-digit numbers to remember and so the least-used are forgotten.
>
> With all that said, there is a basic flaw with Chip and PIN. From the
> bank's point of view, the same four digits are just as valid no matter
> whether or not they're entered fraudulently, which puts the onus on you
> to prove that you didn't either make the transaction or unauthorisedly
> disclose your PIN. Now, if we had Chip and biometric cards (thumbprint,
> iris scan, etc.) ...
>
> --
> Geoff
|
|
|
| Re: Chip & Pin Fraud [message #385123 ] |
So, 07 Mai 2006 20:01 |
|
At 17:40:57 on 07/05/2006, Ben delighted uk.finance by announcing:
> Another way to stop it would be to wipe/destroy the mag strip on the back of
> your card. This way the chip will still work but if anyone tries to skim the
> card they get nothing, as long as the card doesn't leave your sight I doubt
> most people will sit there writing down the card details ;).
Or they could read the same data off the chip quite easily.
|
|
|
| Re: Chip & Pin Fraud [message #386438 ] |
Mo, 08 Mai 2006 10:28 |
|
"Alex" <no.spam [at] mail.com> wrote in
news:xn0ely50q2qu1zd00j [at] news.individual.net:
> Then it's not ultimate is it? Banks dragging their heels has been
> going on as long as banks have been around. Whether they like it or
> not, they're still subject to the law.
>
>> Now what about the fraudulent transactions that the bank has deemed
>> were not fraud? With Chip and PIN, the onus is on you to prove that
>> fraud occurred
>
> No, it isn't. If the customer holds out, they will eventually have to
> go to court where the burden of proof will be on the bank. Has any
> case made it to court yet?
Have you actually taken the time to read the terms and conditions that
govern your use of your Chip and PIN card? If so, would you care to post
what those T&C's say about negligence and/or disclosure of your PIN, and
which bank is involved?
In my original post, I said "Chip and PIN *effectively* moves liability
for fraud from the banks to the retailers and cardholders." All the bank
has to do is show that the transaction was made using your PIN and the
terms and conditions entitles them to hold you negligent. The onus is
then on you to prove that you were not negligent. Effectively, you are
guilty unless proven innocent. In contrast, for signature systems the
onus is on the bank to *prove* the authenticity of the signature. With a
signature system, you are innocent until proven guilty.
http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2000_3/bohm/ might help
you understand the issue. The abstract of that piece states:
Banks must prove the authenticity of their customers' handwritten
instructions if challenged, but for telephone and online banking
some banks are adopting terms which could make customers liable for
transactions they have not authorised. Neither the security
technology available to customers, nor the security techniques that
ordinary customers can be expected to use, are adequate to protect
customers from this risk of liability, and the terms in question are
arguably unfair.
Of course, this piece was written in 2000, before Chip and PIN, but the
terms and conditions for Chip and PIN are broadly the same as for use of
ATMs, and so the same concerns apply. As Prof. Anderson pointed out, it
is much easier to fraudulently discover someone's PIN now that we are
expected to use the same four-digit number everywhere.
Another relevant extract from the same piece follows:
.... the limitation of the customer's liability for fraudulent
transactions to £50 typically does not apply where the customer has been
'grossly negligent'. This expression does not have a standard legal
meaning, and is defined in the banks' individual terms. The wider the
definition, the more easily the customer can lose the benefit of the £50
limit. Cases where the customer will be regarded as grossly negligent are
normally defined as including:
- failing to take all available steps to keep the card and the
PIN safe at all times;
- writing the PIN on the card or anything usually kept with it;
- writing the PIN down without disguising it;
- not destroying the PIN notification receipt;
So if a fraudster has your PIN, the terms and conditions under which you
use your card lets the bank deem you to be grossly negligent and thus
deny you the £50 limit of liability that would have applied had you not
been 'grossly negligent'. The burden of proof is then on you to show that
you had take all available (note, this is more than merely reasonable)
steps to keep the card and PIN safe.
--
Geoff
|
|
|
| Re: Chip & Pin Fraud [message #386446 ] |
Mo, 08 Mai 2006 12:25 |
|
At 09:28:26 on 08/05/2006, Geoff Lane delighted uk.finance by announcing:
> "Alex" <no.spam [at] mail.com> wrote in
> news:xn0ely50q2qu1zd00j [at] news.individual.net:
>
> > Then it's not ultimate is it? Banks dragging their heels has been
> > going on as long as banks have been around. Whether they like it or
> > not, they're still subject to the law.
> >
> >> Now what about the fraudulent transactions that the bank has deemed
> >> were not fraud? With Chip and PIN, the onus is on you to prove that
> >> fraud occurred
> >
> > No, it isn't. If the customer holds out, they will eventually have to
> > go to court where the burden of proof will be on the bank. Has any
> > case made it to court yet?
>
> Have you actually taken the time to read the terms and conditions that
> govern your use of your Chip and PIN card? If so, would you care to post
> what those T&C's say about negligence and/or disclosure of your PIN, and
> which bank is involved?
"If we have a good reason (for example if you break this agreement, or there is
suspected fraud involving the card, PIN or password) and we consider it
reasonably necessary, we may suspend, withdraw or restrict the use of the card,
PIN and password at any time. We will tell you before we take this action, or
as soon as possible afterwards."
"If your card is lost or stolen, or you suspect that someone knows your PIN or
password, you must phone us on..."
"If the card is misused before you tell us of it's loss or theft, or that
someone else knows the PIN, you will only have to pay up to £50 for any misuse.
If the card is misused by someone who has it with your permission, you will
have to pay for all transactions carried out with the card by that person."
I believe the issuing bank is RBOS.
> In my original post, I said "Chip and PIN effectively moves liability
> for fraud from the banks to the retailers and cardholders." All the bank
> has to do is show that the transaction was made using your PIN and the
> terms and conditions entitles them to hold you negligent.
They certainly don't. And even if they did, I doubt they could be enforced.
> The onus is then on you to prove that you were not negligent.
Not if it gets to court, which is presumably why we haven't yet heard of a case
making it that far.
|
|
|
| Re: Chip & Pin Fraud [message #386450 ] |
Mo, 08 Mai 2006 12:47 |
|
On Sun, 07 May 2006 09:12:13 +0100, Colin Forrester
<colin [at] thefrogslepthere.com> wrote:
>mo wrote:
>> LOL, of all the ways peopel were syaing C+P would be hacked I bet no one
>> suggested that C+P terminals would be altered.
>
>Actually I wrote to Barclaycard and Co-Op Visa pointing out this
>possibility early last year and demanding that the cash advance facility
>be removed from both cards. Barclaycard did remove it - Co-op refused
>and told in in writing that there was nothing to worry about.
Strange. I also have both Barclaycard and Co-Op VISA credit cards.
Both of them refused to remove the possibility of using ATMs for cash
withdrawls.
The only thing I could think of is to write to them stating that I
would never withdraw cash and to regard any such transactions as
fraudulant.
Mark
|
|
|
| Re: Chip & Pin Fraud [message #386451 ] |
Mo, 08 Mai 2006 12:49 |
|
On Sat, 6 May 2006 21:34:49 +0100, GSV Three Minds in a Can
<GSV [at] quik.clara.co.uk> wrote:
>Which is why I decline to use anything which can use the same card & PIN
>to withdraw cash from a hole in the wall machine.
I have yet failed to find any way of achieving this (disabling cash
withdrawls from ATMs). Please tell me how this can be done.
Mark
|
|
|
| Re: Chip & Pin Fraud [message #386454 ] |
Mo, 08 Mai 2006 13:27 |
|
>
> I just wish there was an alternative!
>
I guess we could go back to the old days of using cash :-)
|
|
|
| Re: Chip & Pin Fraud [message #386463 ] |
Mo, 08 Mai 2006 17:50 |
|
Bitstring <ge8u52p2o9jh35gse6skk0si7noffl6t5v [at] 4ax.com>, from the
wonderful person Mark <nospam [at] nospam.spam> said
>On Sat, 6 May 2006 21:34:49 +0100, GSV Three Minds in a Can
><GSV [at] quik.clara.co.uk> wrote:
>
>>Which is why I decline to use anything which can use the same card & PIN
>>to withdraw cash from a hole in the wall machine.
>
>I have yet failed to find any way of achieving this (disabling cash
>withdrawls from ATMs). Please tell me how this can be done.
Get a chip + Sig card and it is done automatically. If you don't do
that, then a few vendors can still do it with Chip & Pin (well, a few
will admit to knowing how).
--
GSV Three Minds in a Can
Google may be your friend, but groups.google.com posters definitely aren't.
|
|
|
Gehe zu:
aktuelle Zeit: Mo Mai 21 23:36:05 CEST 2012
Insgesamt benötigte Zeit, um die Seite zu erzeugen: 0,12829 Sekunden |
