Chip 'n' Pin - A Quick Guide Discussion Area

James · 30 June 2007 at 4:18PM

NZ Banking Code:

The code also warns users that they could be liable for any loss if they have chosen an obvious PIN or password, such as a consecutive sequence of numbers, a birth date or a pet's name; disclosed a PIN or password to a third party or kept a "written or electronic record" of it.

NZ banks demand a peek at customer PCs in fraud cases.

Alfie_E · 30 June 2007 at 6:46PM

No.

It’s too intrusive. People wouldn’t accept it, and it would be open to legal challenge.
It would mean you couldn’t use any device you don’t personally own. So, no Internet café, no computer in a library or other public place. No college or employer’s computer, where you have permission. Not even a relative’s computer. You couldn’t guarantee the security of those computers, and the owner is unlikely to let someone else’s bank start prodding through it.
The government wouldn’t like it. It wants to close the “digital divide”, not widen it. Those too poor to have their own device, would be at greatest risk of losing out.
It’s too vague. Who says what is and isn’t good enough security? The bank would need to know the security of the device at the time it was used to access its facilities, not when they finally get around to looking at it, which could be months down the line.
What if you’ve used a number of devices, some that you own, some that are public access? Is the bank going to need to look at all of them? If it finds one that has “inadequate” security at the time that they look at it, are you liable, even if that’s not where your details were compromised?
The providers of public Internet access wouldn’t like it. If a bank refuses to reimburse you because they claim your details were compromised at an Internet café or library, could you then sue that Internet café or library for failing in their duty of care?

For reasons like these, UK banks are looking at more sensible ideas. Many will soon be rolling out two-factor authentication systems. In addition to your current password, there will be a one-time code generated by a small piece of hardware issued to you by your bank.

I don’t know the New Zealand banking Code of Practice, but suspect that “written or electronic record” would be similar to the requirements made by the UK banks – that you don’t do it in an obvious way. There probably wouldn’t be a problem, if it were in some way concealed.

James · 13 July 2007 at 9:22AM

Alfie, UK banks maybe looking at 'more sensible' ideas but they don't seem to be able to agree amongst themselves what's 'sensible' UK wide, never mind worldwide.

A couple of silly crooks seem to be going to extremes to get their hands on PIN entry devices;

A PAIR of thieves who hacked through wires to steal two chip-and-pin machines in a bizarre raid on a city petrol station may have wasted their time.

The Police response was overwhelming:

More than 10 police vehicles, some with sniffer dogs, raced to the scene to deal with the incident.

Story click here.

Although we've had the Shell Garage Fiasco spring last year, and garages of all persuasion being hit throughout the UK to the tune of an estimated £30 Million, the card industry still maintain PIN entry devices are tamperproof.

These guys seem to have been successfully, but thankfully caught.

Scott-Hubbard, 64, and computer programmer Warburton, 53, were arrested after a modified chip and pin machine was discovered at a Shell garage in London. Later analysis revealed that Warburton had fitted it with pin-retaining software.

Story click here.

seabiscuit_2 · 23 July 2007 at 10:15PM

Can someone find me a link for a signature card as I have been unable to pursuade our current provider to let my elderly parents have a signature card, and I have been unable to find any mention of one on the Morgan Stanley site as mentioned earlier in this thread

TIA

James · 24 July 2007 at 8:35AM

I had a Morgan Stanley Chip & Signature Credit Card. If your parents want their Chip & PIN cards replaced by a Chip & Signature cards, why not give Morgan Stanley another chance. Write to them at

Morgan Stanley
Consumer Banking Group International.
PO Box 3598
Glasgow
G68 9YW

Put in writing that (parents name) are having great difficulty using PINs and complying with PIN terms and conditions. Therefore in the interest of thier personal safety and security they would want their Chip & PIN cards replaced by Chip & Signature.

Don't forget it's what your parents can manage, not what card issuers think they can manage that matters.

See Private Message for more info.

Hope this helps.

The FT aren't wrong: Banks Failing Elderly Over Chip & PIN.

wiganshale · 25 July 2007 at 1:04PM

Why is it my fault if someone steals my identity?
If it was the banks' responsibility, I wouldn't have to shred all my mail, keep my utility bills under lock and key and have to rely on chip and pin.
Chip and pin is not safe. Apart from shoulder surfing and recording your card details using data-loggers or pin-hole cameras, the technology for cloning chipped cards has been available for some time.

Too much responsibility is being shuffled down to the consumer (the same everywhere, including waste disposal).
Remember half the population is, by definition, below average intelligence. The people making these decisions are supposed to be intellectually superior, which is why they pay themselves large salaries and which is why they should come up with systems that cater for us, for the !!!!less and for the criminal.
(f e c k le s s is in the dictionary but "net nanny" thinks it's a swear word)

I was recently invited by a card issuer to join a scheme for using a pin on-line.
This would give me greater security, it said.
The small print stated that it was my responsibility if anyone took money using my pin.
At present it is the card issuer's responsibility.
I didn't sign up to it.
My life is too busy to chase around after fraudsters.
The banks have a trained staff that specialise in these. That is why we use banks, else we could all go back to keeping our money under the bed.
Re-instate The Truck Acts and give me my wages in cash.

James · 25 July 2007 at 1:13PM

Brits Keep PINs With Their Cards.

I bet a high percentage of the above haven't got the faintest idea that they could have Chip & Signature Cards.

trubster · 14 August 2007 at 7:22PM

that post was put there about a actual spam message which was deleted... it was not refering to your post.

Alfie_E · 14 August 2007 at 7:27PM

I’m sure trubster’s learnt his lesson, and will, in future, write “Ignore the above post by <spammer’s user name>.” It was a particularly big fat juicy spam – several screenfuls of it – before it was consigned to the Room 101 of spam. I always wonder why spammers think that someone stupid enough to fall for their scam is going to be able to work their way flawlessly through all their detailed instructions.

James · 18 August 2007 at 6:56AM

Room for thought:

Alliance & Leicesters Latest:

Please note that with immediate effect we are placing limits on the funds that can be withdrawn from ATM's in certain foreign countries.

On the same day that APACS put out the following Press Release:

Protect Your PIN.

"Customers should be confident that using their Chip & PIN card with a PIN is the best way of preventing fraud on their card".

Chip 'n' Pin - A Quick Guide Discussion Area

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free