Chip & pin


P

peterwn

Who hasn't at some time in the past has had to enter their PIN a
second time ? The vast majority of  errors of this type will be
inadvertant. I would assume that an ATM will only allow a certain
number of attempts in entering the PIN and any errors will be noted
whether cash is successfully withdrawn or not.
Would depend on bank - probably three wrong PIN's in a row (not
necessarily at same ATM) the card is 'blocked' and if a ATM, the card
is 'swallowed'. And if a card is 'swallowed' the bank may insist on a
re-issue and payment of lost card fee (I had a bit of brain fade one
day and had both ATM and credit cards swallowed - and that is what
happened).
 
Ad

Advertisements

B

Big Les Wade

®i©ardo said:
But only where the card has been removed from that customer's care by a
third party, due to theft, carelessness and so on, exacerbated in many
cases by the PIN being kept with the card.

No, it happens where the bank *deems* that those things happened,
without having any proof. The customer is then left with a fight to get
back *his* money, which the *bank* gave away to a third party because
the *bank's* security systems were not adequate.

The customer has virtually no say in the matter - ither than changing
banks, which will do him no good because all the banks do the same.
 
C

Chris Blunt

Many banks use a 6 digit PIN for online banking. Select any 3 or 4 for
access.

For some reason, I can remember 6 digit numbers easier than 4 digit.
[Possibly - 4 digit numbers begin to blend into each other].

It should be possible for ATMs to use the same principle. So that even
seeing someone entering their partial PIN would not help.

But would it be worth it? A more onerous system to reduce a relatively
small problem.
I suspect that such a system would lead to far more people writing
their PINs down and carrying them in their wallet. Memorising 6 digits
and then being asked to select 3 of those digits is beyond the mental
capability of many people.

Chris
 
C

Chris Blunt

Where does it say that he made a purchase? The article states the
opposite: "... Black says he couldn't possibly have passed on his
Barclaycard's pin to the thieves, as Barclays has alleged, because he
doesn't know it, or ever use it. He says he only uses the card to make
holiday bookings over the phone, which doesn't require the use of a
pin. Barclays has confirmed that he has not made any chip and pin
purchases using the card."
But later on he claims the PIN is not an obvious number such as a date
of birth or something as simple as 1234. How could he make such a
statement if he doesn't know what the PIN is? This apparent
inconsistency made me a bit suspicious about his story.

Chris
 
B

Big Les Wade

Mel Rowing said:
Then if that's what you think then there is no reason why you should
have one. They are not compulsory.
Yes, they are. If you open a bank account, they issue you with a debit
card. You can't stop them. You can, of course, destroy the card, but
that won't stop them blaming phantom withdrawals on you, because they
did issue you with the card.

If you reply "Well of course you don't have to open a bank account", I
shall reply "Yes you do."
 
M

Mel Rowing

Yes, they are. If you open a bank account, they issue you with a debit
card. You can't stop them. You can, of course, destroy the card, but
that won't stop them blaming phantom withdrawals on you, because they
did issue you with the card.
I wouldn't try to stop them neither would I use them.

I've two HBS cards in the drawer right now never been used never been
activated. they've been there about 3 years. It's not that I fear
fraud it's just that I don't want any more of the bloody things in my
wallet. The initial PIN numbers are there too with their wax scratch
masks intact.

I wanted to open a couple of ISAs requested that the cards should not
be sent since I would have no use for them The lady explained that we
would need them to identify ourselves. OK there's no answer to that
but if ever you fears materialise it will be difficult to suggest that
they have been used.

As I say again, a bank can only lose by defrauding its customers and
they have all sorts of ways of legitimately making money from you.
 
Ad

Advertisements

P

Peter Turtill

Are you thinking of John Munden?

"John Munden, as you may recall, was one of our local police constables,
who complained about six phantom withdrawals on his account with the
Halifax Building Society when he returned from holiday in Greece. Their
response was to have him prosecuted and convicted for attempting to
obtain money by deception."


Discussed here:-

<http://www.doc.ic.ac.uk/~ids/dotdot/misc/titbits/phantom_ATM_withdrawals
.html?
Alas my memory is not that good but it does sound familiar. I can
remember interesting aspects of life but names and places do not stay
with me long.

pete
 
M

Mike Scott

Yes, they are. If you open a bank account, they issue you with a debit
card. You can't stop them. You can, of course, destroy the card, but
that won't stop them blaming phantom withdrawals on you, because they
did issue you with the card.
No. In practice, you do need bits of plastic. But they don't have to be
chip&pin, the pin being where most of the issue is. Lean on a bank
enough, and you can get a chip & /signature/ card. Much more secure for
the customer. And no number to remember :-} But banks tend to deny,
wrongly, that they exist.
 
C

Charlie+

But later on he claims the PIN is not an obvious number such as a date
of birth or something as simple as 1234. How could he make such a
statement if he doesn't know what the PIN is? This apparent
inconsistency made me a bit suspicious about his story.

Chris
You are overlaying other people with your own ways and assuming they
must behave like you - probably this user as he had no use for the pin
didnt even bother to change it from the bank issued number. Therefor he
would know the pin if he looked it up from the issuing time and would
also know that the Bank would not issue a guessable sequence in the
first place even if he couldnt find the original issue pin.
 
M

Mark

Three attempts are allowed with First Direct, who are part of HSBC, and
I assume that the other banks do the same.
And if you have to use a signature instead of the PIN the card is
blocked immediately after (for C&P purchases).
 
J

Jethro_uk

Time has come when PIN's should be five digit (Decades ago Post Office
engineers figured that 5 digit numbers were as much as people can handle
- hence letters on dials in the large cities - so people should be able
to handle 5 digit PIN's).

And customers should be able to change PIN's or disable cards via
internet banking, and disable cards via telephine banking.
Why use numbers - something a vast proportion of people find
problematic ? I still think the idea I saw 20 years ago, or thereabouts
(on "Tomorrows World" ?) where your "PIN" is actually a sequence of
presses related to faces.

Nowadays, it would be possible to supply your bank with (say) 10 pictures
of people you know - say family, friends. And associate each picture with
a series of facts. When you need to access your account, you are
challenged with a selection of faces, and a fact. Because the chances of
a thief picking great aunt edna's picture out, as a reply to "Who met
Churchill in 1944" are as high as to be practically impossible.

However, in the same way we have the unemployed we are prepared to pay
for, we have the security we are prepared to pay for.
 
Ad

Advertisements

J

Jethro_uk

For some reason, I can remember 6 digit numbers easier than 4 digit.
[Possibly - 4 digit numbers begin to blend into each other].
6 digits lend themselves to notable dates : DDMMYYYY
 
M

Mark

For some reason, I can remember 6 digit numbers easier than 4 digit.
[Possibly - 4 digit numbers begin to blend into each other].
6 digits lend themselves to notable dates : DDMMYYYY
That's 8 digits ;-) Dates are particularly bad pieces of information
to use as passwords/PINs since they have low entropy.
 
M

Mark

Why use numbers - something a vast proportion of people find
problematic ? I still think the idea I saw 20 years ago, or thereabouts
(on "Tomorrows World" ?) where your "PIN" is actually a sequence of
presses related to faces.

Nowadays, it would be possible to supply your bank with (say) 10 pictures
of people you know - say family, friends. And associate each picture with
a series of facts. When you need to access your account, you are
challenged with a selection of faces, and a fact. Because the chances of
a thief picking great aunt edna's picture out, as a reply to "Who met
Churchill in 1944" are as high as to be practically impossible.
The current system is poor but I have a feeling that your scheme could
make it trivial for someone who knows the victim well to access their
account.

The same goes for all the 'memorable information' that banks think
improves security.
 
B

Big Les Wade

Mel Rowing said:
I wouldn't try to stop them neither would I use them.

I've two HBS cards in the drawer right now never been used never been
activated. they've been there about 3 years. It's not that I fear
fraud it's just that I don't want any more of the bloody things in my
wallet. The initial PIN numbers are there too with their wax scratch
masks intact.

I wanted to open a couple of ISAs requested that the cards should not
be sent since I would have no use for them The lady explained that we
would need them to identify ourselves. OK there's no answer to that
but if ever you fears materialise it will be difficult to suggest that
they have been used.
Not at all. The bank simply asserts that they sent you a card, so you
could have used it, so you must have used it for these disputed
withdrawals. What can you say in response other than "No I didn't",
which as we have seen doesn't cut any ice with them?
 
B

Big Les Wade

Mike Scott said:
No. In practice, you do need bits of plastic. But they don't have to be
chip&pin, the pin being where most of the issue is. Lean on a bank
enough, and you can get a chip & /signature/ card.
Not true. I tried to get a chip and sig card when my CC company issued
me with a PIN, but they wouldn't. They said (I kid you not) it was
illegal to issue them to anyone without a doctor's certificate of
disability.

It's very well to talk about "leaning hard enough". It didn't matter how
many times I asked them, they simply said no, and there was *nothing* I
could do about it.
 
Ad

Advertisements

®

®i©ardo

No, it happens where the bank *deems* that those things happened,
without having any proof.
They've as much proof as the person who claims to have lost money, when
the money has been extracted from the account using the appropriate card
and PIN number. Why should the bank pay for the customer's negligence?

The customer is then left with a fight to get
back *his* money, which the *bank* gave away to a third party because
the *bank's* security systems were not adequate.
But what if it's the customer's inadequate security that's to blame?
The customer has virtually no say in the matter - ither than changing
banks, which will do him no good because all the banks do the same.
What are the odds of guessing the correct PIN - even with three goes at
it - from 9,999 available combinations? After all, if someone other than
the card holder has both the card and the PIN, why should the bank be
liable? Have a read of the terms and conditions regarding the PIN.

The only person's card that I could take a good guess at the number of
would be my brother's, and that's because I know what his army serial
number was. Eight digits you never, ever forget. I don't think he knows
what mine is...
 
B

Big Les Wade

®i©ardo said:
They've as much proof as the person who claims to have lost money, when
the money has been extracted from the account using the appropriate
card and PIN number.
If they only have as much proof as the customer has, then the bank
should pay, because it created and imposed the system that made such
frauds possible.
Why should the bank pay for the customer's negligence?
Perhaps it shouldn't if the customer really has been negligent. But that
is often *not* the case, except by the banks' own special definition of
the word "negligent". It is known that there are ways of obtaining a PIN
fraudulently that are certainly not the customer's fault. Some of these
are no doubt technically sophisticated but others are as simple as
shoulder surfing combined with pickpocketing.
The customer is then left with a fight to get

But what if it's the customer's inadequate security that's to blame?


What are the odds of guessing the correct PIN - even with three goes at
it - from 9,999 available combinations? After all, if someone other
than the card holder has both the card and the PIN, why should the bank
be liable?
Have a read of the terms and conditions regarding the PIN.
They are imposed by the bank and thus are not relevant to the question
of fairness or equity. If you reply "But the customer did not have to
accept these T&Cs, he could have chosen a different bank", I will reply,
"yes he did, because all banks impose the same terms".
 
B

Bill

Peter Turtill said:
Alas my memory is not that good but it does sound familiar. I can
remember interesting aspects of life but names and places do not stay
with me long.

pete
I met him once, we had some lengthy discussions, his name is engraved
in my memories!! Although I only heard about his credit card problems
some years after they occurred.
 
Ad

Advertisements

G

Graham Murray

Big Les Wade said:
Not true. I tried to get a chip and sig card when my CC company issued
me with a PIN, but they wouldn't. They said (I kid you not) it was
illegal to issue them to anyone without a doctor's certificate of
disability.
I hope you then asked them which act of parliament, statutory instrument
or order in council makes it illegal.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

chip and pin 12
Chip & PIN - Bin the PIN. 69
Chip & PIN in Saibsury's 54
Chip and pin fraud. 268
Chip & Pin ready? 29
Chip & Signature - confused by Chip and PIN! 22
Chip & PIn (AGAIN)!! 23
Chip&Pin cashback 6

Top