Debit card details over the phone, what info is necessary?

ChiefGrasscutter

MissSunshine wrote: »

I was going to say the same thing, the card machine I use asks for the numbers of the postcode and house number if the cardholder's not present.

Just curious
But what do you for addesses like mine with only a house name?

jen245

ChiefGrasscutter wrote: »

Just curious
But what do you for addesses like mine with only a house name?

If there is no house number, our system allows us to put NONE in for the house number, so it will go through with just the postcode

pqrdef

dalesrider wrote: »

Funny how people are scared of handing card details out over the phone. Yet happly use the cards at retailers all the time....

? In a shop, they don't record the CVV number, and they may not have your address or even your name. And unless it's contactless you have to give your PIN, but the shop doesn't get it.

You're only in trouble if the shop is seriously dodgy - doctored card readers, hidden cameras, stuff like that.

When buying online or by phone, you must always give all the information that anybody else needs to go shopping with your identity.

dalesrider

Gromitt wrote: »

Really? At least with a cheque there's a chance that someone will actually look over the cheque, the signature, etc.

The only real insecure thing about cheques is people who write "Pay cash" on them, but these are typically scrutinised much more than cheques which are deposited in an account.

Well unless its a very quiet branch, the chance of a sig check is fair to none.... And only the bank who's cheque it is, could check the signature. So long as they hold one on their systems.

You are forgetting about cheque books intercepted in the post, a stolen cheque out of a book, a altered cheque or a counterfiet one...
Not forgetting the best one. A cheque paid to a co and a member of staff takes and pays it into their account.

Cheque fraud is far more common that DD fraud.

pqrdef

pinkdalek wrote: »

Direct debits are a much more convenient method of payment. They are also covered by the direct debit indemnity scheme.

Won't protect you against identity fraud. If the payee tells the bank that it's definitely you, the bank will just debit the money again.

With a DD, the bank does no identity checking whatsoever at any point, it relies entirely on whatever checking is done by the payee, which is often useless.

pqrdef

innovate wrote: »

Organisations will need to get authorised before they can accept DDs and it doesn't come cheap.

However, there are now payment processing firms that will operate DDs on behalf of small businesses, so that businesses can use DDs without having to register with BACS.

This might work if the third-party processing firm did identity checking direct with the customer, but of course it doesn't, it just passes on whatever the business tells it.

Another one bites the dust.

pqrdef

dalesrider wrote: »

Can't comment on other banks systems. But know that ours works by known fraud spending patterns and is updated by us as each case comes in.
So random blocking does not come into it.

Santander queried an FP to my account at another bank. I often do FPs to my accounts at other banks. There was absolutely nothing to make this one look more suspicious than the others. Don't tell me it wasn't random.

Nationwide blocked a debit card payment to an investment company. I've made several previous payments of similar size to the same company in previous weeks and months, using the same card. Not a CPA though, no stored data, details supplied by me every time. And Verified by Visa (except of course it's verified by the bank, not by Visa). Do fraudsters buy investments?

Lloyds blocked a second instalment on insurance, after paying the first instalment to the same broker on the same card less than a month ago. Do fraudsters buy insurance? How would they claim?

The cardholder's name and address match the policy details, the policy was a renewal, and I didn't phone the broker, the broker phoned me. How many simple checks say it wasn't fraud? But if I'd been away from hone, the broker would have cancelled the policy. This one will be a cheque next year.

The banks are buying this software from third-party companies and they don't know what they're buying.

dalesrider wrote: »

But by far, most people are happy to have checks in place to help protect them.

It's not me that's being protected, it's the bank.

dalesrider wrote: »

Perhaps rather than knocking the way banks security works. You should turn your thoughts to how you could assist and come up with a system that is 100% effective in stopping fraud and allowing genuine transactions through.

When you register, you're offered a list of 50 questions. You pick a dozen that you can remember the answers to and give those answers. When you make a transaction, you're asked 3 or 4 questions, but you only have to give one letter of the answer, e.g. 3rd letter of father's middle name. Online, there are some extra tricks to make life difficult for keyloggers. The bad guiy will need to collect more info than Eamonn Andrews.

Can work online with a connection to the bank, or offline with a chipped card and card reader.

dalesrider wrote: »

What insecure about the DD system ????

I haven't got all day.

[Deleted User]

pqrdef wrote: »

I haven't got all day.

I'll just leave this here then:

http://news.bbc.co.uk/1/hi/7174760.stm

Gromitt

pqrdef wrote: »

When you register, you're offered a list of 50 questions. You pick a dozen that you can remember the answers to and give those answers. When you make a transaction, you're asked 3 or 4 questions, but you only have to give one letter of the answer, e.g. 3rd letter of father's middle name.

So it would be like verified by Visa, but instead of a single password, it would be requesting characters from various answers? Thats going to be fun for corporate Visa cards, where payments can be made by several authorised employees who can use the card 10+ times per day. They'll be spending most of there time using a printed out matrix with the answers on. Hardly secure. If your going to go that far, you might as well just tell them to use a card reader to ensure they have the card + pin, just as they would have to in a shop, but then thats more equipment, and most banks don't want to issue them due to cost.

Another idea would be to send the user a OTP via text messaging if they are spending over an agreed limit, like £100.

pqrdef wrote: »

Online, there are some extra tricks to make life difficult for keyloggers

Like the Halifax and TSB login systems which force you to use the mouse instead of keyboard? Even though modern keyloggers take screenshots and record which entries in a list have been selected using a mouse, so all it does is cause inconvenience for the user.

dalesrider

pqrdef wrote: »

. And Verified by Visa (except of course it's verified by the bank, not by Visa). Do fraudsters buy investments?

I haven't got all day.

Neither have I....

But VbyV is a retailer and visa based system. That has nothing to do with your bank....

Retailer pay Visa for the system. Visa checks the details.

So please at least try to get your facts straight