Chip & pin


Ad

Advertisements

C

Charlie+

It was suggested a while back that upon receiving a card, you should
scratch the CVV number off it (after memorizing it). It's not needed for C
+P usage, and removing it means anyone handling your card can't clone it
for cardholder not present transactions.
Interesting - I hadnt heard of that trick - is the CW no. used for
anything else that might make you regret altering the card?
Assuming of course you dont forget the no..
C+
 
J

Jethro_uk

Interesting - I hadnt heard of that trick - is the CW no. used for
anything else that might make you regret altering the card? Assuming of
course you dont forget the no.. C+
No, it's *only* use is for CNP transactions. Really, you should never
need to hand your card to anyone anyway. I can't recall where I read it
now, but there was a warning a while back that you should be especially
wary of situations where you are required to hand your card to someone
for a C+P transaction - a lot of card fraud originates in cards that are
swiped to be cloned for use in non C+P countries. The scam goes something
like you hand your card over, and it gets surreptitiously swiped before
going into the C+P reader.

Never ever let your card out of your sight. Restaurants are probably the
riskiest places, as it's trivial to engineer a situation where you have
handed over your card, and the waiter has to "go and get the machine".
 
C

Chris Blunt

No, it's *only* use is for CNP transactions. Really, you should never
need to hand your card to anyone anyway. I can't recall where I read it
now, but there was a warning a while back that you should be especially
wary of situations where you are required to hand your card to someone
for a C+P transaction - a lot of card fraud originates in cards that are
swiped to be cloned for use in non C+P countries. The scam goes something
like you hand your card over, and it gets surreptitiously swiped before
going into the C+P reader.

Never ever let your card out of your sight. Restaurants are probably the
riskiest places, as it's trivial to engineer a situation where you have
handed over your card, and the waiter has to "go and get the machine".
An exception to that is when using your card in overseas countries
where the locally issued cards don't use C+P.

Establishments are not geared up with mobile terminals of the type
that exist in the UK, and you just hand over your card to the waiter
as you used to do in the UK prior to C+P. Several times I've been
asked to go to some back office where the cashier is located because
their authorisation terminal has requested a PIN to be entered.

Chris
 
M

Mike Scott

On 11/10/2012 18:54, Chris Blunt wrote:
.....
Establishments are not geared up with mobile terminals of the type
that exist in the UK, and you just hand over your card to the waiter
as you used to do in the UK prior to C+P. Several times I've been
asked to go to some back office where the cashier is located because
their authorisation terminal has requested a PIN to be entered.
Where of course you enter secure information on an untrusted terminal.
Good system the banks have set up. :-|
 
R

RobertL

Now, let's look at this logically. If indeed it is possible to 'clone'
chip and pin cards then use them in ATM's, this would now be a very
serious problem. The crook would still need the PIN, and theoretically
this could be extracted in the 'cloning' exercise.
Surely they use 'trap-door' functions. Even if you know exactly what is on the card chip it doesn't tell you the PIN.

Robert
 
Ad

Advertisements

C

Chris Blunt

On 11/10/2012 18:54, Chris Blunt wrote:
....

Where of course you enter secure information on an untrusted terminal.
Good system the banks have set up. :-|
Why is the terminal itself any less trustworthy than one in the UK
would be? I felt that handing the card to the waiter was the most
untrustworthy part of the transaction.

Chris
 
M

Mike Scott

Why is the terminal itself any less trustworthy than one in the UK
would be? I felt that handing the card to the waiter was the most
untrustworthy part of the transaction.
I didn't suggest it would be. General issue - /you/ have to authenticate
yourself - but the bank provides no means for verifying its
communications chain.
 
C

Chris Blunt

I didn't suggest it would be. General issue - /you/ have to authenticate
yourself - but the bank provides no means for verifying its
communications chain.
Maybe we should all go back to the good old days and pay for
everything in cash. I mean, whoever heard of people losing money from
cash being stolen?

Chris
 
T

Tim Woodall

Maybe we should all go back to the good old days and pay for
everything in cash. I mean, whoever heard of people losing money from
cash being stolen?
The thing about cash is that you can never lose more than you're
carrying.

It is *impossible* to get a card that does not have a pin. Even if you
have a chip and signature card, there will still be a pin for use in
cash points.

If I drop my wallet it might have up to 100 pounds in it. If someone
dishonest finds it they can take that 100. But there are also three
cards in it with pins. So they've got about a 1 in 1000 chance of
guessing and getting a valid pin with zero risk. If they fail to guess,
they just throw the wallet and cards away - it's reported as a lost
wallet and nobody even knows that a fraudulent attempt was made with the
cards. If they guess right then they will be able to steal something
like 500 pounds from a cash point plus large amounts at shops.

I'm likely to notice my wallet missing within about 24 hours. As I'm
writing this I know I had my wallet at 20:30 last night. But since then
I haven't touched or used it. I know where it is supposed to be. But if
I dropped it last night rather than putting it back in my bag then
someone has potentially had about a 1 in 1000 chance of having all of
Saturday to go on a spending spree.

I would never use my credit cards for cash. So why can I not block that
useage of the card completely? I don't want the card to work in a cash
point. In fact, although I have on a couple of occasions over the last
couple of decades accidentally put my credit card into a cash point, I'd
prefer it if the cash point swallowed the card because most likely, if
it gets put into a cash point it's because someone else has got my
wallet and is trying something nefarious)

If someone is willing to try to unlock the locked card at a cash point
then they get six attempts rather than just the three to guess the pin.
But that's slightly more risk and will at least be recorded. The first
three guesses can be done at home.


I don't know how many wallets are dropped per year and I don't know how
many of the finders are potentially dishonest. But I could well believe
there could be a few dozen cases per year where a lucky guess recovers a
pin.



Tim.
 
M

Mike Scott

The thing about cash is that you can never lose more than you're
carrying.

It is *impossible* to get a card that does not have a pin. Even if you
have a chip and signature card, there will still be a pin for use in
cash points.
No. My chip'n'signature cards don't work in cashpoints. I /do/ have a
cashpoint card though, which has a PIN - but you can't buy anything with
it, and so losses are capped by the max daily withdrawal limit.

Mind you, the situation can be complex - IIRC you could in theory have a
single card that has a PIN for cashpoints, needs a signature for shops,
and provides low value items with no authorization (indeed, I have used
my PIN-less credit card once in a rail ticket machine for a local
ticket). Depends what the bank cares to set up.
 
Ad

Advertisements

M

Mark

I would never use my credit cards for cash. So why can I not block that
useage of the card completely? I don't want the card to work in a cash
point.
+1. This is a feature I've often asked for from the credit card
company but they have all refused.
 
Ad

Advertisements

S

Stephen Wolstenholme

Having said that, when my credit card account was used fraudulently
recently, I was not asked to prove my innocence. Although the matter
was handled really badly by the bank and took over 6 months to sort
out, I was not accused of fraud myself.
Not all banks are the same. When I reported an unknown £10 transaction
to the bank they immediately froze my card and sent me a new one. As
it happens changing all the periodic direct debits was very
inconvenient. Perhaps I should have risked a potential fraud.

Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

chip and pin 12
Chip & PIN - Bin the PIN. 69
Chip & PIN in Saibsury's 54
Chip and pin fraud. 268
Chip & Pin ready? 29
Chip & Signature - confused by Chip and PIN! 22
Chip & PIn (AGAIN)!! 23
Chip&Pin cashback 6

Top