Jon Ison
|
 posted on 24/4/06 at 01:22 AM |
|
|
Interesting thread.........
To be found here
|
|
|
|
|
Mike R-F
|
| posted on 24/4/06 at 06:55 AM |
|
|
Yes, security on Chip & Pin isn't very high. My wife uses my building society card in Tesco's all the time 'cos she can't
remember her own pin (it's a joint account, anyway) but does remember mine. Not once has she been asked why she is using a card that has a mans
name & Mr at the beginning. And, no, she doesn't look like a man! Just goes to show how easy it would be to use a cloned card.
|
|
|
James
|
| posted on 24/4/06 at 07:43 AM |
|
|
quote:
Originally posted by Jon Ison
To be found here
Seems to be a bit of a Shell theme there... one of their stations near me has just had some staff arrested over it.
------------------------------------------------------------------------------------------------------------
"The fight is won or lost far away from witnesses, behind the lines, in the gym and out there on the road, long before I dance under those lights."
- Muhammad Ali
|
|
|
andylancaster3000
|
| posted on 24/4/06 at 08:17 AM |
|
|
A lot of it’s been happening at a few stations in Guildford recently too.
Supposedly they drop the pretend to drop your card behind the counter and swipe it through the cloning machine while picking it up. I think a couple
of stations may have been temporarily shut down due to it.
Andy
|
|
|
David Jenkins
|
| posted on 24/4/06 at 08:30 AM |
|
|
I prefer to go to the places where the staff never touch your card - I put the card in the slot, type in the number while attempting to conceal what
I'm entering, and take it out myself at the end of the transaction.
One gripe - when using chip & pin in Germany many years ago, the pin entry keypad was nearly always covered by a box or screen that only allowed
the user to see the pad (and not very clearly, either!). Why don't our data entry boxes come similarly equipped?
David
|
|
|
wildchild
|
| posted on 24/4/06 at 08:33 AM |
|
|
quote:
Originally posted by Mike R-F
Yes, security on Chip & Pin isn't very high
Because scribbling your name on a bit of paper was so much higher security?
|
|
|
bilbo
|
| posted on 24/4/06 at 09:09 AM |
|
|
Some people say that the only reason chip and pin was introduced was so that it shifted the responsibility from the card firms over to the customer ie
'we're not giving you the money back for those fraudulent transactions as it's your fault you gave your pin number away'
Part of the problem is that there is no standard orientation to how the cards go in the slot. Over-helpfull/impatient shop assistants will snatch the
card off you if it's in reach. Try never to let them get hold of your card. If you can't see the machine, or can't clearly see which
way in the card goes, hold the card away from the person behind the counter and ask.
And another thing,   the pin is only stored on the card itself. It's encrypted, but sooner or later, someone will crack/steal that
encryption and be able to read the pin of any card that's put into a reader. Even now it would be possible to make a fake one of those card
machines. It copies the data off you chip, then you kindly enter your pin number for it as well - It's not happend yet as far as I know, but
if I can think it up, I'm sure your criminal master mind has as well.
|
|
|
smart51
|
| posted on 24/4/06 at 09:49 AM |
|
|
quote:
Originally posted by wildchild
quote:
Originally posted by Mike R-F
Yes, security on Chip & Pin isn't very high
Because scribbling your name on a bit of paper was so much higher security?
Just because a signature wasn't secure doesn't mean that Chip and Pin can't be insecure as well.
[Edited on 24-4-2006 by smart51]
|
|
|
wildchild
|
| posted on 24/4/06 at 10:09 AM |
|
|
my point was that while chip and pin isn't entirely secure, it's a hell of an improvement on 'chip and pen', particularly
given the proportion of till monkeys who didn't even check your signature.
|
|
|
Mike R-F
|
| posted on 24/4/06 at 10:23 AM |
|
|
A 'hell of an improvement' might be your opinion but I'm sure it's not shared by those who've had their accounts
emptied! The point I was trying to make was that some till operators don't even check to see if the card belongs to a man or a woman. If my wife
can get away with using my card, it seems to me that chip & pin is every bit as insecure as a signature!
|
|
|
trogdor
|
| posted on 24/4/06 at 11:52 AM |
|
|
well since ur wife knows ur pin it is abit safer as only she knows it she is the only other person who can use ur card. When using signtures anyone
could of picked ur card off the floor etc or stolen it and just tried to use it. and probally get away with it.
when i worked as a shop assistant i always checked peoples signtures carefully. unfortunalty i was in the minority.
also i have used my dads card in the same way in asda as well.
|
|
|
MikeR
|
| posted on 24/4/06 at 01:15 PM |
|
|
quote:
Originally posted by bilbo
Some people say that the only reason chip and pin was introduced was so that it shifted the responsibility from the card firms over to the customer ie
'we're not giving you the money back for those fraudulent transactions as it's your fault you gave your pin number
away'
I think you might find that was one of the main motivators behind the implementation of chip and pin from the card companies point of view!
|
|
|
smart51
|
| posted on 24/4/06 at 02:19 PM |
|
|
A guy I once worked with was so sick of his local petrol station not checking signatures that he started signing as Mickey Mouse in very clear
letters. He was never questioned either by the filling station or his bank.
|
|
|
indykid
|
| posted on 24/4/06 at 02:41 PM |
|
|
quote:
Originally posted by Mike R-F
The point I was trying to make was that some till operators don't even check to see if the card belongs to a man or a woman. If my wife can get
away with using my card, it seems to me that chip & pin is every bit as insecure as a signature!
how are you supposed to check what's embossed on the card when people like bilbo are so scared of letting you even look at it?
i work in retail, and will take the card off people, mainly because halfords chip and pin system appears to be different to most other places and they
don't get where the card goes, but every now and again, you'll get the arsy person that wants to keep hold of their card. it's those
people i'll take the card off espescially to check it. if it's legit, you've got no reason not to give someone your card, and
there's no reason for it ever to leave your sight, but you don't complain at sainsbury's where the card reader is integrated into
the till computer.
pdq machines will always print out the full card number on the merchant copy, so combnine that with the security code off the back, and customers
details for warranty certificates for stereos, and you're away on the internet. it's that easy, but i'll never do it because
i'm not dodgy scum. don't even get me started on eastern europeans though!
while ever you pay with digital money, there'll always be a chance you'll lose it, but signatures were more secure for both retailer and
customer. shame you can't refuse pin anymore though.
tom
|
|
|
MikeR
|
| posted on 24/4/06 at 05:29 PM |
|
|
quote:
shame you can't refuse pin anymore though.
tom
I'll wait to be proven wrong, but you don't have to use chip and pin, there is no law saying you have too. the problem is the suppliers of
systems have ganged up to "improve security" and move the risk from them to the retailer. The concept is, if the retailer is going to lose
money, they will be a lot more careful and reduce fraud.
You can still legally use a signature, its just that most people are being conditioned into thinking you can't. Its not easy at the end of the
day arguing your point with some 18 year old cashier who's been told "only do chip and pin".
|
|
|
Peteff
|
| posted on 24/4/06 at 05:45 PM |
|
|
I hate the chip and pin, I've all on remembering my birthday and now I have to remember numbers for debit and credit cards.  Best one I saw
was in the post office when the old dear in front of me was paying by card, she said the number out loud as she was putting it in .
yours, Pete
I went into the RSPCA office the other day. It was so small you could hardly swing a cat in there.
|
|
|
indykid
|
| posted on 24/4/06 at 06:28 PM |
|
|
quote:
Originally posted by MikeR
quote:
shame you can't refuse pin anymore though.
tom
I'll wait to be proven wrong, but you don't have to use chip and pin, there is no law saying you have too. the problem is the suppliers of
systems have ganged up to "improve security" and move the risk from them to the retailer. The concept is, if the retailer is going to lose
money, they will be a lot more careful and reduce fraud.
You can still legally use a signature, its just that most people are being conditioned into thinking you can't. Its not easy at the end of the
day arguing your point with some 18 year old cashier who's been told "only do chip and pin".
since february the 14th, if the retailer bypasses the pin, and allows the customer to sign, if there is any dispute over the transaction, for instance
if the card had been stolen etc. etc, the retailer has no come back and will lose the money.
if the pdq machine doesn't request a pin, as with some barclay cards and a lot of amex cards, you can still sign, but if it prompts a pin, the
customer must use the pin or there is no come back on a dodgy card.
as i say, this came in on the 14th of feb. stupid sytem i know, but you can always go to the cash machine and get cash, but that's a whole other
can of scams
tom
|
|
|
chockymonster
|
| posted on 24/4/06 at 06:56 PM |
|
|
quote:
Originally posted by bilbo
And another thing, the pin is only stored on the card itself. It's encrypted, but sooner or later, someone will crack/steal that
encryption and be able to read the pin of any card that's put into a reader.
Already been done!
|
|
|
locoboy
|
| posted on 24/4/06 at 07:22 PM |
|
|
talking of lack of security and checking a persons details..............
An American mate of mine aged 27, came into the UK from the US to visit me and only after him having stayed with me for 4 days did he realise he had
come into the UK on his DADS passport
They dont even look the same! never mind the 31 year age gap
It was pointed out to him when he tried to cash a travellers cheque in a local Barclays branch.
He had to get his folks to UPS his passport to him in the UK to be sure he got back home without any problems.
ATB
Locoboy
|
|
|
Tim 45
|
| posted on 24/4/06 at 08:01 PM |
|
|
quote:
Originally posted by wildchild
my point was that while chip and pin isn't entirely secure, it's a hell of an improvement on 'chip and pen', particularly
given the proportion of till monkeys who didn't even check your signature.
The problem with this though is how to tell if it is fraudulent. If the signature is so bad due to chnage in pen style, accident etc, then it could be
fraud. If its too good it could be well practiced and hence fraud. Its a tie off, at least with chip and pin there is only one way of entering the
correct number.
|
|
|
greggors84
|
| posted on 24/4/06 at 11:58 PM |
|
|
The signiture strip on my debit card wore off a while ago leaving 'VOID VOID VOID VOID in red letters instead, this was before chip and pin was
everywhere and the places where i had to sign the card very very rarely checked the card, if they did had they would have clearly seen the card was
void! Infact the first time someone noticed it and questioned me i phone up and got a replacement as it was a bit embarassing being refused. I was
just too lazy to bother before!
Chip and pin is safe in the fact that if someone find your card in the street or nicks your wallet, they have little chance or being able to use it
unless the have the technology, where as a signiture can easily be copied to the level that looks ok to most cashiers who dont even check!
Of course people who purposely go out to copy cards will have the means to take your money and there isnt many ways to stop it.
Chris
The Magnificent 7!
|
|
|
wildchild
|
| posted on 25/4/06 at 07:31 AM |
|
|
yep, at the end of the day, the professional criminal is still going to find ways of stealing your money.
however chip and pin is safer if you lose your wallet/handbag/whatever, or someone snatches it off you, or any number of other scenarios more likely
than you being the victim of professional fraud.
signing for stuff does none of this.
|
|
|
