Card security - do the banks actually care?

lisyloo

lisyloo: Not only credit cards use these numbers. I have to deal with a mix of personal and business credit and debit cards, vehicle security codes, mobile phone PIN codes, door access codes, web site PINs, etc. I probably have a couple of dozen of these things to remember, and must not only remember the numbers but also which number applies to what.

We all do, don't we?

I agree you should be able to get a signature card.
But what you re describing does mean that YOU have a problem, because everyone I know has cards, alarms, websites etc.

Any

I use the same PIN for most of my cards and internet signs in-this number is completely random and no one knows it or could guess it if the tried for million years (unless the could go through all the variations obviously:-))

Don't make it too hard on yourself-there is no point fighting it, you won't win, just accept it and find way to make it easy on yourself.

Other thing I use (for cards I don't normally use)-I put it as a part of a phone number in my mobile, under normal name, but without actually having a friend of that name.

Geenie

mayling03 wrote: »

I think you are only making it hard for yourself. You have said face to face banking is not feasible, less and less places are accepting cheques plus it will die out within a decade any way. You say you HAVE to remember website codes and door access codes, make this ia necessity too as the ONLY way to access your cash is
a) via an atm using a pin code
b) cashback from supermarket using a pin code
c) post office withdrawals, again using a pin code.

If you don't use it often then try using it all the time, I don't think it's too hard remembering a 4 digit pin for something so important. And to be honest you are only embarrassing yourself by typing it in 3 times, having your card blocked and reissued by the bank again delaying the proces and you end up with a new pin to remember anyway.

I agree with this. You can't blame the banks if your memory is not the best.

OP trying finding a pin number that you can note down somewhere safe, but is not obvious, ie your great grandfathers date of birth. So your prompt would be marked down as Bert, but no dates recorded.
I use the name of a small German village I visited 20 years ago and the year I went there for pins to access many of my banking and Barclaycard sites.

I also made up a completely random pin for many accounts where numbers only were allowed, but recorded it on my mobile and diary/phone book under a name I could remember and with the last 4 digits being the pin number.

So for example.....Petra......779248514402, so the last 4 I would know were the pin. Could be the first 4 of course.

You have to get pins into your brain, and even if not using the card or site regularly, repeat them and the prompts so they stay in your brain.

Good luck OP.

GeoffL

I made my OP not because I want to have a go at the banks for not letting me have a Chip 'n Signature card but because, now that they've used Chip 'n PIN to transfer much of the liability for fraud from themselves to traders and consumers, I'm concerned about the 'cavalier' attitude they seem to have towards my security. For example, automated phone systems that ask for sufficient information to facilitate fraud, 'security questions' that ask for the same information that you entered into your telephone to get to speak to the person who's asking the question, but most of all the dodgy 'advice' they've given me to work around some flaws of Chip 'n PIN.

To those who suggest writing down PINs or recording them in some fashion: please know that doing so is expressly against the terms and conditions of every card I have. Here's an excerpt from one:

You must:

• follow instructions we give you, which we reasonably consider are needed to protect you and us from unauthorised use of your card or security details.
• ....
• Not let anyone else use your card or security details.
• do all you reasonably can to make sure no one finds out your security details, for example by not:
  • choosing an obvious PIN;
  • writing your security details on (or keeping them with) your card or banking documentation;
  • writing your security details in a way that is recognisable; or
  • letting anyone listen in to your calls with us, or watch you entering or making use of your security details.

So if you (for example) commit your PIN to your mobile phone and the bank deems that it was done in an obvious fashion, they can avoid liability for fraudulent transactions on your account up to the time you reported it was compromised. Similarly, if someone 'shoulder surfs' your PIN or otherwise obtains it, their T&Cs mean that you can be liable for fraudulent transactions as you have let someone watch you making use of your security details.

FWIW, I have a way of jogging my memory for the PIN that gives me the biggest headache. Unfortunately, just like many methods suggested in this thread, my method (strictly) contravenes the T&Cs under which my card was issued and so (strictly) I could be liable for fraudulent transactions until I ask the provider to stop my card:- and that makes me feel uncomfortable.

ironlady2022

I have several pins for several cards and have no problem remembering them. The bank is not shifting the blame at all and if they thought it was less secure than the previous signature strip then they would not have adopted the chip and pin method or offer telephone or Internet banking. I'm afraid they will not change their ways and if you are not happy then you can opt out of using a bank account altogether.

GeoffL

mayling03 wrote: »

I think you are only making it hard for yourself. You have said face to face banking is not feasible, less and less places are accepting cheques plus it will die out within a decade any way. You say you HAVE to remember website codes and door access codes, make this ia necessity too as the ONLY way to access your cash is
a) via an atm using a pin code
b) cashback from supermarket using a pin code
c) post office withdrawals, again using a pin code.

I don't have to remember many of the other codes as I can legitimately write them down. However, they're still there amongst my memories to cloud the issue when I'm trying to remember a PIN I may not write down. FYI, you can still do your b) and c) with a Chip 'n Signature card; even though you can't use it at an ATM.

If you don't use it often then try using it all the time, I don't think it's too hard remembering a 4 digit pin for something so important. And to be honest you are only embarrassing yourself by typing it in 3 times, having your card blocked and reissued by the bank again delaying the proces and you end up with a new pin to remember anyway.

You've lost me. What do you mean by 'try using it all the time'? Are you suggesting PIN-sharing or some other way of reducing my security?

TBH I hope that I've been embarrassed for the last time - although my memory jogger, while not obvious, is strictly against the providers T&Cs. But you can take it from me that it isn't funny getting stuck with a locked card, having the proprietor of a filling station intent on prosecuting you for attempted theft, and only becoming reasonable when a police officer points out that he'd need to show that I'd set out to steal the fuel, which he would be unlikely to do given the circumstances.

GeoffL

mayling03 wrote: »

I have several pins for several cards and have no problem remembering them.

Lucky you! Some of us aren't that fortunate!

The bank is not shifting the blame at all and if they thought it was less secure than the previous signature strip then they would not have adopted the chip and pin method or offer telephone or Internet banking. I'm afraid they will not change their ways and if you are not happy then you can opt out of using a bank account altogether.

The banks have shifted liability, not blame. Chip 'n PIN is better for them. When they introduced the system into France, the banks reported an 80% reduction in the cost of fraud. However, that was the cost to the banks and there have been claims that the actual amount of fraud may have actually increased but the majority was now being passed to traders and consumers. Of course the banks want to continue with Chip 'n PIN - they've never had it so good. However, the story isn't so rosy for their customers (check out that Vigay piece I cited upthread - sn.im/1whx4z will redirect to it).

Unfortunately, it's almost impossible to opt out of the banking system. Cash is on the way out. Tax, utilities, etc. almost all require a direct debit, electronic payment, or other banking function. If you run a business, you must implicitly by law have Internet access (to operate PAYE etc. at least) and (except MBB) you can't get that without a bank account. Also, you won't be able to get credit if you're outside the banking system. So while it might in theory be possible to 'opt out' in practice it's all but impossible.

ironlady2022

Precisely my point you cannot opt out of banking so just accept that's how it goes.

Any

GeoffL wrote: »

To those who suggest writing down PINs or recording them in some fashion: please know that doing so is expressly against the terms and conditions of every card I have. Here's an excerpt from one:So if you (for example) commit your PIN to your mobile phone and the bank deems that it was done in an obvious fashion, they can avoid liability for fraudulent transactions on your account up to the time you reported it was compromised.

I don't get why would you tell them that it is in your phone written one way or another.. Or anyone else for that matter and how therefore could it be compromised.

GeoffL

Any wrote: »

I don't get why would you tell them that it is in your phone written one way or another.. Or anyone else for that matter and how therefore could it be compromised.

The point is that they're loose and free with your security. IMO, they're that way because they've passed much of the liability for fraud to you and those you trade with. The fact is that writing down your PIN or otherwise recording it in an obvious manner is almost certainly against the conditions under which your card was issued.

Thankfully, we've never had a Chip 'n PIN card stolen. However, pre Chip 'n PIN, someone stole my wife's handbag while she was at work and then went to town on her cards. One of the questions the bank asked was whether she'd written her PIN down anywhere. Since more than one person has suggested committing PINs to a fake phone numbers, I suspect that the banks know about this. So, assume that your card gets stolen and a several fraudulent PIN-authorised transactions are made. You contact the bank and they ask you whether you've written down or otherwise recorded your PIN. You then have to lie (and hence probably commit some offence) or admit to storing it on your phone. If you tell the truth they can then quote their own T&Cs to avoid liability.