CHIP & SIGNATURE vice CHIP & PIN

Options
James
James Posts: 2,059 Forumite
First Post First Anniversary Combo Breaker
The new FSA Rules which replaces the Banking Code is good news for everyone whose lost faith in the PIN part of Chip & PIN.

Consumers should now be made aware that there is an alternative to having a PIN and being held responsible for security of that PIN.

Industry Guidance for FSA Banking Conduct of Business Source Book:

Article 4.2.14

Firms should also provide reference to alternatives to chip and PIN in materials accompanying card issuance and in any discussion with the customer where they express difficulty with using a PIN.
«1345

Comments

  • James
    James Posts: 2,059 Forumite
    First Post First Anniversary Combo Breaker
    Options
    It's a case of you being assertive and telling your card issuer what you need i.e. a Chip & Signature Card, and not them telling you what they think you can manage.
  • stfc
    stfc Posts: 16 Forumite
    Options
    But if you've demonstrated that you can use a PIN previously on your cash, debit or credit card, you're unlikely to be successful.
  • James
    James Posts: 2,059 Forumite
    First Post First Anniversary Combo Breaker
    Options
    stfc wrote: »
    But if you've demonstrated that you can use a PIN previously on your cash, debit or credit card, you're unlikely to be successful.

    I know several people who have obtained C&S Credit Cards who still PIN with their Debit or Banks Own Savings Card. What they can't or won't do is use the same PIN for all their cards. They've successfully obtained C&S cards.
  • callum9999
    Options
    James wrote: »
    I know several people who have obtained C&S Credit Cards who still PIN with their Debit or Banks Own Savings Card. What they can't or won't do is use the same PIN for all their cards. They've successfully obtained C&S cards.

    I don't see how a signature, which is clearly on the back of the card, is more secure than the same pin on all cards.

    If I found a card in the street, I could go and use it in a shop with a signature. If it required a pin it would be useless (except for online etc. but then you don't need either for that).
  • INT1
    INT1 Posts: 1,257 Forumite
    First Anniversary Combo Breaker
    Options
    callum9999 wrote: »
    I don't see how a signature, which is clearly on the back of the card, is more secure than the same pin on all cards.

    If I found a card in the street, I could go and use it in a shop with a signature. If it required a pin it would be useless (except for online etc. but then you don't need either for that).
    Yes but your not putting your PIN number in as much so therefore is less likely to be compromised.

    People still write their PIN number down and keep them with their cards anyway so very pointless!
  • Fiddlestick
    Options
    callum9999 wrote: »
    I don't see how a signature, which is clearly on the back of the card, is more secure than the same pin on all cards.

    If I found a card in the street, I could go and use it in a shop with a signature. If it required a pin it would be useless (except for online etc. but then you don't need either for that).

    It's easier to dispute a signature than a PIN entry, as they can request the sales voucher with the signature.
  • chattychappy
    Options
    It's easier to dispute a signature than a PIN entry, as they can request the sales voucher with the signature.

    Yes.

    My view is that PIN is more secure than signature.

    BUT, when things go wrong, if a PIN has been used the bank can claim either you used it, you were negligent in allowing it to be come known, or you colluded with the user.

    With a signature, as everyone knows a signature can be copied, so its difficult for the bank to establish you were involved in its use.

    I'm sure chip'n'pin has reduced real fraud - it's reduced the number of dishonest cardholders who lie about losing their card. But I'm sure the scheme has also scooped up honest cardholders who now have trouble getting refunds. The banks are very happy to "pin" liability for fraudulent transactions onto cardholders. No wonder they trumpet its success!
  • Degenerate
    Options
    Yes.

    My view is that PIN is more secure than signature.

    BUT, when things go wrong, if a PIN has been used the bank can claim either you used it, you were negligent in allowing it to be come known, or you colluded with the user.

    It has now been demonstrated that chip & pin security can be broken by a "man in the middle" attack carried out using relatively inexpensive card reader kit concealed in a rucksack and wired to a dummy card inserted into the retail terminal. The researchers demonstrated how this enabled them to place a supposedly "PIN verified" transaction on the card they had concealed in the rucksack, whilst typing any random 4 digits into the retail terminal and not needing to know the real PIN.

    Now this cat is out of the bag, any bank that tries to use the PIN verification to place liability back onto the victim doesn't have a leg to stand on. Indeed, as they know it's been broken, they will be opening themselves to further potential liability if they try to stitch up their customers in this way.
  • ElkyElky
    ElkyElky Posts: 2,459 Forumite
    Options
    I was in line at the cash machine yesterday and there was a girl currently using it. She typed her pin in quite freely without so much as covering her hand with her purse, or even moving closer to the machine. Once she had finished, I approached her and said "your pin is 6942" and she was shocked. I then said "If I had been a mugger, how easy would it be for me to take your purse and clean out your bank account?", she replied "Point taken. I thought I was covering my pin but wasn't paying much attention, thank you for showing me how easy it could be".

    People will always make it easier for fraudsters.
    We’ve had to remove your signature. Please check the Forum Rules if you’re unsure why it’s been removed and, if still unsure, email forumteam@moneysavingexpert.com
  • chattychappy
    Options
    Degenerate wrote: »
    It has now been demonstrated that chip & pin security can be broken by a "man in the middle"
    ...
    Now this cat is out of the bag, any bank that tries to use the PIN verification to place liability back onto the victim doesn't have a leg to stand on. Indeed, as they know it's been broken, they will be opening themselves to further potential liability if they try to stitch up their customers in this way.

    Yes, agreed. But right now, I think this presumption thing is still a problem - I don't know how often cardholders actually win the day. I know there was a French court decision a few years back that accepted the PIN system wasn't secure. In England (not sure if Scotland is the same), we are only talking about "balance of probabilities" proof for civil liability. So a court only has to decide which is most likely: a scam such as you describe, or the customer fibbing/being negligent/being in cahoots.

    So my argument is that although the PIN system is probably more secure (a typical card pickpocketed, dropped, or taken as part of a burglary can't be used whereas in the past it could be), the customer is more exposed because where there is a fraud (such as you describe) it's more difficult to establish the transactions are illegitimate.
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 343.6K Banking & Borrowing
  • 250.2K Reduce Debt & Boost Income
  • 449.9K Spending & Discounts
  • 235.8K Work, Benefits & Business
  • 608.8K Mortgages, Homes & Bills
  • 173.3K Life & Family
  • 248.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards