We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
does Square invalidate credit card protection ?
Options
Comments
-
I might be over cautious, but I just don't trust them. Isn't there a risk with giving people the 3 digit number that they could simply input the details to your card for any amount...I don't like doing business over the phone like that...it's always seemed like a risky thing to do to me.
The 3 digit No (CVV) is like a online PIN. But it does NOT have to be entered in Customer Not Present transactions. Although retailer should be asking for it.
Also it is against regulations for this to be stored in in any form... Retailer has been fined for doing this in the past.
As to your main point.
Just how does the debit show on your statement?Life in the slow lane0 -
This malarkey about breaking the DCS chain when the retailer uses a payment service provider is (in my opinion, which I know counts for nothing) complete nonsense.
What seems to get missed in these debates is just how a DCS chain comes about and what exactly makes it linked. My understanding is that a DCS chain will only exist when there are pre-existing arrangements between the debtor, creditor and supplier for handling the financial processing.
Consider a transaction on a NatWest credit card at a retailer acquired by Barclays. The payments will be processed through Visa/MasterCard and that is not deemed to be breaking the DCS chain. Why? Because there are pre-existing arrangements between all parties to allow the payments to be processed.
So, where a retailer contracts with Square, iZettle, PayPal etc to have their incoming payments processed, there are pre-existing arrangements in place and the DCS chain remains in tact. This should apply for CHIP & PIN, ecommerce, MOTO transactions etc.
Where a cardholder uses a processor such as PayPal, that is clearly different in that the customer is simply loading up an e-wallet to use as they wish. If they then use the e-wallet to buy something from a supplier, that payment is made as a new, one-off arrangement and there was never any pre-existing arrangement between the supplier and your e-wallet service provider.
Just because a card issuer says there is no S75 liability due to a broken DCS chain, doesn't mean they are correct. This particular aspect hasn't been tested in law (I believe). I know I've laboured this point before but you only have to look at the history of what card issuers have said is the position to know that they have got it wrong consistently since the beginning.
First they said, no credit card transactions were covered at all - wrong.
Then they said, only on-us transactions are covered (same issuer and acquirer bank) - wrong.
Then they said, foreign transactions were not covered - wrong.
Now they are saying transactions through retailers who use a payment service provider are not covered (except if by CHIP & PIN) - how long before that is found to be wrong? (which it surely will be).0 -
Thanks Eco warrior, I'd be interested in knowing why there is a difference. It's not quite the same as 'card present' system, and probably not make any difference, but I intend to go to the merchant's office with my card and input all the details myself to their terminal because I don't want them to have my 3 digit security number either.
Although not a 100% safeguard against inappropriate use of the CVV2 on the back of the card, no retailer is permitted to store this value in any form. This is in card scheme rules and should also be incorporated into all Merchant agreements held with acquirers.0 -
Terry_Towelling wrote: »Although not a 100% safeguard against inappropriate use of the CVV2 on the back of the card, no retailer is permitted to store this value in any form. This is in card scheme rules and should also be incorporated into all Merchant agreements held with acquirers.
Although a dodgy employee is hardly likely to care about breaking their employers contractual obligations
0 -
....I wish I had more confidence but having worked in the banking industry and being witness to all sorts of frauds by people that one just would not have suspected....I'm possibly more eagle eyed than others.0
-
Thank you Terry Towell for such a comprehensive reply. This is definitely a grey area, and even if I get this particular situation resolved, I shall be wondering about future transactions and how safe they are - especially larger £££ transactions.0
-
It is headed Square with the details of the transaction under, the company name I paid shown as the creditor. One would think this is enough to establish the relationship, but apparently not....0
-
thanks Eco. It's not just this instance I'm thinking about, when I MAY lose some money if things go wrong, (and while that would be highly annoying, it's not the end of the world ) but also future transactions when perhaps there are larger amounts at stake.0
-
there is absolutely no way I would give anyone my PIN and there is a lot of info online saying never to do this.... so I cannot see how giving the 3 digit number (pin) has become so accepted and easily widespread....as safe? It seems to me that convenience has somehow overtaken safety.0
-
there is absolutely no way I would give anyone my PIN and there is a lot of info online saying never to do this.... so I cannot see how giving the 3 digit number (pin) has become so accepted and easily widespread....as safe? It seems to me that convenience has somehow overtaken safety.
Quite right about the 4-digit PIN. That was never designed to be revealed to anyone. The 3-digit CVV2/CVC2 was different in concept from the start. Revealing this number hasn't become accepted or widespread per se; rather the entire rationale for its existence was that it should be revealed as a way of verifying that the person making a remote transaction (Ecommerce/Telephone Order) was in fact the correct person and in possession of the card.
I'm not certain how fraud liabilities are currently assigned when this security number forms part of a transaction. Originally, however, the over-riding position was that the retailer was always liable for Card-Not-Present (CNP) fraud and the CVV2/CVC2 was only positioned as a tool to help those retailers reduce the risk of accepting a fraudulent transaction, rather than to reassign losses to the card issuer/cardholder.
As you might imagine, many retailers protested about the cost of adopting this new check process if they were still going to be held liable for any fraud arising. So, the fact that this number was being revealed, did not stop issuers from raising Chargebacks for fraud even where it had been quoted. On that basis, there was never any need to worry about this number getting into the wrong hands.
I suspect, however, that fraud liabilities have probably altered over the years and I also fear that some issuers may refuse Chargeback protection (rightly or wrongly) where this number has formed part of the transaction process.
Can any current Chargeback practitioners/Fraud operatives give any views on CNP liabilities where this number has been used?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards