New secure credit cards?

[Sylvia Else]

Mr.T wrote:

"Sylvia Else" <sylvia@not.at.this.address> wrote in message
news:0018c87b$0$20704$c3e8da3@news.astraweb.com...
wrong
What a strange response. How can you possible say that will not be how
things work in future?

Easily, you both have to wait to see who is right

MrT.

It will never be possible to show that I was wrong.

Sylvia.

 

[Mr.T]

"Sylvia Else" <sylvia@not.at.this.address> wrote in message
news:008fcd14$0$1018$c3e8da3@news.astraweb.com...

It will never be possible to show that I was wrong.

Not to you anyway, you've made that much clear already.

MrT.

 

[Sylvia Else]

Mr.T wrote:

"Sylvia Else" <sylvia@not.at.this.address> wrote in message
news:008fcd14$0$1018$c3e8da3@news.astraweb.com...
It will never be possible to show that I was wrong.

Not to you anyway, you've made that much clear already.

MrT.

I think you've missed the point. I've said that at some time in the
future some event will occur. If it occurs, then I'm proved right. If it
doesn't occur by some point in time, that just means that it could occur
later.

So showing that I was wrong would involve waiting for the rest of
eternity to check the the predicted event never occurs.

Sylvia.

 

[Mr.T]

"Sylvia Else" <sylvia@not.at.this.address> wrote in message
news:00a1b511$0$23825$c3e8da3@news.astraweb.com...

It will never be possible to show that I was wrong.

Not to you anyway, you've made that much clear already.

I think you've missed the point. I've said that at some time in the
future some event will occur. If it occurs, then I'm proved right. If it
doesn't occur by some point in time, that just means that it could occur
later.
So showing that I was wrong would involve waiting for the rest of
eternity to check the the predicted event never occurs.

I doubt people or banks will last for eternity. In any case it hardly
matters after we are both dead
Of course there is another more likely possibility, any banking decision may
occur, and be reversed any number of times between now and eternity!

MrT.

 

[Jasen Betts]

On 2009-02-18, David L. Jones <altzone@gmail.com> wrote:

Just got a new Westpac Ignite Mastercard today (they bought out
Virgin). It's got a nice shiny smart card style chip in it. Supposedly
a "CHIP based card for increased fraud protection" or some such said
the blurb.
I didn't know there were any infrastructure/readers etc out there that
could take advantage of such a thing.
It's still got the magnetic strip as well of course.
Anyone got any idea how it works or what it's intended for?

the chip holds your card details and is supposedly harder to forge than
the mag stripe

I have seen eft-pos machines etc with chip-card slots in the top and
with magstripe groove in the side.

 

[atec 77]

Mr.T wrote:

"Sylvia Else" <sylvia@not.at.this.address> wrote in message
news:008fcd14$0$1018$c3e8da3@news.astraweb.com...
It will never be possible to show that I was wrong.

Not to you anyway, you've made that much clear already.

MrT.


she revels in her ignorance worn like a mantle across her shoulders

the rest of the world points and laffs.

 

[Sylvia Else]

Jasen Betts wrote:

On 2009-02-18, David L. Jones <altzone@gmail.com> wrote:
Just got a new Westpac Ignite Mastercard today (they bought out
Virgin). It's got a nice shiny smart card style chip in it. Supposedly
a "CHIP based card for increased fraud protection" or some such said
the blurb.
I didn't know there were any infrastructure/readers etc out there that
could take advantage of such a thing.
It's still got the magnetic strip as well of course.
Anyone got any idea how it works or what it's intended for?

the chip holds your card details and is supposedly harder to forge than
the mag stripe

I have seen eft-pos machines etc with chip-card slots in the top and
with magstripe groove in the side.

The supposed protectiona against forgery is an illusion as long as
systems are willing to fallback to using the magnetic stripe if the chip
communication fails.

On a related note,

"Organized crime tampers with European card swipe devices"

http://www.theregister.co.uk/2008/10/10/organized_crime_doctors_chip_and_pin_machines/

Sylvia.

 

[kreed]

On Feb 18, 9:40 pm, "Gary R. Schmidt" <grschm...@acm.org> wrote:

David L. Jones wrote:
On Feb 18, 8:30 pm, "David L. Jones" <altz...@gmail.com> wrote:
Just got a new Westpac Ignite Mastercard today (they bought out
Virgin). It's got a nice shiny smart card style chip in it. Supposedly
a "CHIP based card for increased fraud protection" or some such said
the blurb.
I didn't know there were any infrastructure/readers etc out there that
could take advantage of such a thing.
It's still got the magnetic strip as well of course.
Anyone got any idea how it works or what it's intended for?

Dave.

Ah-ha, found it, this is what Westpac say:
http://www.westpac.com.au/internet/publish.nsf/Content/PBCCCS+Chip+FAQs

Sounds like no real benefit over my other credit card that I use the
pin number with, much better than the useless signature method.

They've been using them in the UK for a while now - and there's been a
massive increase in CC fraud as a result.

Absolutely no audit trail to protect you - when you report a fraudulent
transaction, they say, "You must have given someone the card and
number..."  At least with the bit of paper you can say, "Show me."

        Cheers,
                Gary    B-)

--
______________________________________________________________________________
Armful of chairs: Something some people would not know
                   whether you were up them with or not
                                      - Barry Humphries

The more I hear of these frauds, and the less I feel like buying these
days, the more I realise why I like using cash.

Of course that could always be rendered worthless if there is a big
currency crash, or the worldwide money printing currently going on to
"stimulate the economy" dilutes the value of your money ending in
similar result (given enough time)

 

[Mark Harriss]

atec 77 wrote:

she revels in her ignorance worn like a mantle across her shoulders
the rest of the world points and laffs.

Actually I thought you were acting like a bit of a stupid knob Atec.
"wrong" Bwahaha!

 

[atec 77]

Mark Harriss wrote:

atec 77 wrote:

she revels in her ignorance worn like a mantle across her shoulders
the rest of the world points and laffs.


Actually I thought you were acting like a bit of a stupid knob Atec.
"wrong" Bwahaha!
I will defend your right to be (and you are) now who said it ?

 

[Chris Jones]

David L. Jones wrote:

On Feb 19, 11:29 am, Sylvia Else <syl...@not.at.this.address> wrote:
David L. Jones wrote:
On Feb 19, 10:57 am, Sylvia Else <syl...@not.at.this.address> wrote:
David Segall wrote:
Sylvia Else <syl...@not.at.this.address> wrote:
David L. Jones wrote:
Just got a new Westpac Ignite Mastercard today (they bought out
Virgin). It's got a nice shiny smart card style chip in it.
Supposedly a "CHIP based card for increased fraud protection" or
some such said the blurb.
I didn't know there were any infrastructure/readers etc out there
that could take advantage of such a thing.
It's still got the magnetic strip as well of course.
Anyone got any idea how it works or what it's intended for?
Dave.
It's intended to allow the banks to blame fraudulent transactions on
the customer.
See
http://www.chipandspin.co.uk/spin/index.html
Thanks for this Sylvia. I think it implies that Australians should
not change to using a PIN instead of a signature until the credit
card providers force us to. Agreed?
Yes. I have never had a PIN issued for my credit card, although
admittedly I have an EFTPOS card with a PIN.

I've had a PIN on my credit card for some time now, and I love it. You
can request a PIN for many cards, more and more places are accepting
the PIN now. Quite unusual for me now not to find a place that will
accept the PIN.

If credit cards had PIN only and no signature then they would be far
safer for over-the-counter transactions, as a stolen card couldn't be
used in a shop for instance, just like a stolen KeyCard. The quicker
they drop the useless signature the better IMO.

PINS can be captured by looking over someone's shoulder, by using video
cameras, by using compromised card readers (that can also copy the
stripe), etc. PINS are very insecure.

But those technical means with which to acquire that PIN are not
trivial, almost certainly not available to your usual pick-pocket for
example. You can also overcome some of those issues by being aware.
It is extremely common in the UK. The ATM near my local supermarket has had

pin capture devices removed from it twice in one day, and on several days
in one month. I do not use machines that are not physically located inside
a bank unless I have to, and I am told by a work colleague that even one of
them has been found with a skimmer fitted.

The advantage of a signature is that it has to be genuine (not merely a
good facsimile), otherwise you're not liable. The onus of proof is
pretty much on the bank.

Yep, I know this, but still a pain in the arse when it happens, and
having the signature makes this more likely to happen I think if your
card is stolen.
But if say your wallet gets stolen and your card was only usable with
a PIN (or online where they can track you), it would be much less
valuable to the common thief.
Except that the common thief can sell it to his local uncommon thief, and

then some money disappears from your account (as happened to a different
work colleague whose card *did* have a chip). It is a commonly held belief
that if you report a phantom withdrawal in the UK you are likely to be
arrested for fraud, because the bank claims that its system is infallible,
so you must be lying, and the police arrive and take your DNA, and then it
is up to you to prove you DIDN'T make the withdrawal. Your main hope is to
find CCTV of yourself in a different town at the time in question but it is
not easy. One school of thought is that it is better to just accept the
financial loss and forget about it. Maybe this is what the bank wants.

google the following: chip and pin fraud

Chris

 

[Sylvia Else]

Chris Jones wrote:

Except that the common thief can sell it to his local uncommon thief, and
then some money disappears from your account (as happened to a different
work colleague whose card *did* have a chip). It is a commonly held belief
that if you report a phantom withdrawal in the UK you are likely to be
arrested for fraud, because the bank claims that its system is infallible,
so you must be lying, and the police arrive and take your DNA, and then it
is up to you to prove you DIDN'T make the withdrawal.

A commonly held belief perhaps, but certainly untrue.

Your main hope is to
find CCTV of yourself in a different town at the time in question but it is
not easy. One school of thought is that it is better to just accept the
financial loss and forget about it. Maybe this is what the bank wants.

I wonder what happens to those cases where the customer cuts straight to
the chase after the bank refuses a refund, and sues. It wouldn't
surprise me if a settlement invariably follows. Particularly if the
customer demonstrates knowledge of methods of defeating the security of
chip and PIN. The banks don't want that kind of publicity.

Sylvia.

 

[Swanny]

Sylvia Else wrote:

Chris Jones wrote:

Except that the common thief can sell it to his local uncommon thief, and
then some money disappears from your account (as happened to a different
work colleague whose card *did* have a chip). It is a commonly held
belief
that if you report a phantom withdrawal in the UK you are likely to be
arrested for fraud, because the bank claims that its system is
infallible,
so you must be lying, and the police arrive and take your DNA, and
then it
is up to you to prove you DIDN'T make the withdrawal.

A commonly held belief perhaps, but certainly untrue.

Your main hope is to
find CCTV of yourself in a different town at the time in question but
it is
not easy. One school of thought is that it is better to just accept the
financial loss and forget about it. Maybe this is what the bank wants.

I wonder what happens to those cases where the customer cuts straight to
the chase after the bank refuses a refund, and sues. It wouldn't
surprise me if a settlement invariably follows. Particularly if the
customer demonstrates knowledge of methods of defeating the security of
chip and PIN. The banks don't want that kind of publicity.

Sylvia.

It's not up to the banks. They don't own the cards. Think about who
profits from the fraud, besides the fraudsters.

 

[Sylvia Else]

Swanny wrote:

Sylvia Else wrote:
Chris Jones wrote:

Except that the common thief can sell it to his local uncommon thief, and
then some money disappears from your account (as happened to a different
work colleague whose card *did* have a chip). It is a commonly held
belief
that if you report a phantom withdrawal in the UK you are likely to be
arrested for fraud, because the bank claims that its system is
infallible,
so you must be lying, and the police arrive and take your DNA, and
then it
is up to you to prove you DIDN'T make the withdrawal.
A commonly held belief perhaps, but certainly untrue.

Your main hope is to
find CCTV of yourself in a different town at the time in question but
it is
not easy. One school of thought is that it is better to just accept the
financial loss and forget about it. Maybe this is what the bank wants.
I wonder what happens to those cases where the customer cuts straight to
the chase after the bank refuses a refund, and sues. It wouldn't
surprise me if a settlement invariably follows. Particularly if the
customer demonstrates knowledge of methods of defeating the security of
chip and PIN. The banks don't want that kind of publicity.

Sylvia.

It's not up to the banks. They don't own the cards. Think about who
profits from the fraud, besides the fraudsters.

The cards are owned by the card issuers, which in many cases are indeed
banks, in the normal sense of the word. However, for the purpose of this
discussion, "bank" is a convenient shorthand for whoever it is that
asserts the right to payment for amounts disbursed as a result of
fraudulent use of a credit card.

Sylvia.

 

[Swanny]

Sylvia Else wrote:

Swanny wrote:
Sylvia Else wrote:
Chris Jones wrote:

Except that the common thief can sell it to his local uncommon
thief, and
then some money disappears from your account (as happened to a
different
work colleague whose card *did* have a chip). It is a commonly held
belief
that if you report a phantom withdrawal in the UK you are likely to be
arrested for fraud, because the bank claims that its system is
infallible,
so you must be lying, and the police arrive and take your DNA, and
then it
is up to you to prove you DIDN'T make the withdrawal.
A commonly held belief perhaps, but certainly untrue.

Your main hope is to
find CCTV of yourself in a different town at the time in question but
it is
not easy. One school of thought is that it is better to just accept
the
financial loss and forget about it. Maybe this is what the bank wants.
I wonder what happens to those cases where the customer cuts straight to
the chase after the bank refuses a refund, and sues. It wouldn't
surprise me if a settlement invariably follows. Particularly if the
customer demonstrates knowledge of methods of defeating the security of
chip and PIN. The banks don't want that kind of publicity.

Sylvia.

It's not up to the banks. They don't own the cards. Think about who
profits from the fraud, besides the fraudsters.

The cards are owned by the card issuers, which in many cases are indeed
banks, in the normal sense of the word. However, for the purpose of this
discussion, "bank" is a convenient shorthand for whoever it is that
asserts the right to payment for amounts disbursed as a result of
fraudulent use of a credit card.

Sylvia.

That's not how it works. There are 3 parties to the transaction apart
from the consumer. The banks are the "acquirers" and only one part of
the picture. They co-brand the card.

 

[Sylvia Else]

Swanny wrote:

Sylvia Else wrote:
Swanny wrote:
Sylvia Else wrote:
Chris Jones wrote:

Except that the common thief can sell it to his local uncommon
thief, and
then some money disappears from your account (as happened to a
different
work colleague whose card *did* have a chip). It is a commonly held
belief
that if you report a phantom withdrawal in the UK you are likely to be
arrested for fraud, because the bank claims that its system is
infallible,
so you must be lying, and the police arrive and take your DNA, and
then it
is up to you to prove you DIDN'T make the withdrawal.
A commonly held belief perhaps, but certainly untrue.

Your main hope is to
find CCTV of yourself in a different town at the time in question but
it is
not easy. One school of thought is that it is better to just accept
the
financial loss and forget about it. Maybe this is what the bank wants.
I wonder what happens to those cases where the customer cuts straight to
the chase after the bank refuses a refund, and sues. It wouldn't
surprise me if a settlement invariably follows. Particularly if the
customer demonstrates knowledge of methods of defeating the security of
chip and PIN. The banks don't want that kind of publicity.

Sylvia.
It's not up to the banks. They don't own the cards. Think about who
profits from the fraud, besides the fraudsters.
The cards are owned by the card issuers, which in many cases are indeed
banks, in the normal sense of the word. However, for the purpose of this
discussion, "bank" is a convenient shorthand for whoever it is that
asserts the right to payment for amounts disbursed as a result of
fraudulent use of a credit card.

Sylvia.

That's not how it works. There are 3 parties to the transaction apart
from the consumer. The banks are the "acquirers" and only one part of
the picture. They co-brand the card.

Someone is asserting a right to payment. That's the only person the
consumer is bothered with.

Sylvia.

 

[Mauried]

On Thu, 19 Feb 2009 19:59:57 +1100, Sylvia Else
<sylvia@not.at.this.address> wrote:

Jasen Betts wrote:
On 2009-02-18, David L. Jones <altzone@gmail.com> wrote:
Just got a new Westpac Ignite Mastercard today (they bought out
Virgin). It's got a nice shiny smart card style chip in it. Supposedly
a "CHIP based card for increased fraud protection" or some such said
the blurb.
I didn't know there were any infrastructure/readers etc out there that
could take advantage of such a thing.
It's still got the magnetic strip as well of course.
Anyone got any idea how it works or what it's intended for?

the chip holds your card details and is supposedly harder to forge than
the mag stripe

I have seen eft-pos machines etc with chip-card slots in the top and
with magstripe groove in the side.




The supposed protectiona against forgery is an illusion as long as
systems are willing to fallback to using the magnetic stripe if the chip
communication fails.

On a related note,

"Organized crime tampers with European card swipe devices"

http://www.theregister.co.uk/2008/10/10/organized_crime_doctors_chip_and_pin_machines/

Sylvia.

How do credit cards now work when there is no signature at all.
For example, all over the phone transactions dont require a signature
but the banks still happily pay out.
Just what is the mechanism that allows them to do this.

 

[Swanny]

Sylvia Else wrote:

Swanny wrote:
Sylvia Else wrote:
Swanny wrote:
Sylvia Else wrote:
Chris Jones wrote:

Except that the common thief can sell it to his local uncommon
thief, and
then some money disappears from your account (as happened to a
different
work colleague whose card *did* have a chip). It is a commonly held
belief
that if you report a phantom withdrawal in the UK you are likely
to be
arrested for fraud, because the bank claims that its system is
infallible,
so you must be lying, and the police arrive and take your DNA, and
then it
is up to you to prove you DIDN'T make the withdrawal.
A commonly held belief perhaps, but certainly untrue.

Your main hope is to
find CCTV of yourself in a different town at the time in question but
it is
not easy. One school of thought is that it is better to just accept
the
financial loss and forget about it. Maybe this is what the bank
wants.
I wonder what happens to those cases where the customer cuts
straight to
the chase after the bank refuses a refund, and sues. It wouldn't
surprise me if a settlement invariably follows. Particularly if the
customer demonstrates knowledge of methods of defeating the
security of
chip and PIN. The banks don't want that kind of publicity.

Sylvia.
It's not up to the banks. They don't own the cards. Think about who
profits from the fraud, besides the fraudsters.
The cards are owned by the card issuers, which in many cases are indeed
banks, in the normal sense of the word. However, for the purpose of this
discussion, "bank" is a convenient shorthand for whoever it is that
asserts the right to payment for amounts disbursed as a result of
fraudulent use of a credit card.

Sylvia.

That's not how it works. There are 3 parties to the transaction apart
from the consumer. The banks are the "acquirers" and only one part of
the picture. They co-brand the card.

Someone is asserting a right to payment. That's the only person the
consumer is bothered with.

Sylvia.

That's an oversimplified view of the way it works.
There are three parties to the transaction. The merchant (who is the
party asserting the right to be paid), the network and the acquirer.
The two major CC issuers operate the network. They make a percentage of
the transaction in both charge and chargeback situations and
irrespective whether it is fraudulent or not. The acquirer (usually a
bank, but can be other companies) takes the credit risk and mostly
profits from the high interest rate on credit. However it's a high risk
unsecured credit transaction. The merchant must take all reasonable
steps to ensure that the identification of the customer and
authentication of the card. Failure to do this will render the merchant
liable for the fraudulent transaction (this is mostly the case). If the
merchant can show that all reasonable steps were taken to ensure the
integrity of the transaction then the acquirer takes the loss. Notice
how the network has absolved itself from the credit risk? There is very
little incentive for the network (who own the infrastructure and issue
the cards) to remedy the situation.

 

[Sylvia Else]

Swanny wrote:

Sylvia Else wrote:
Swanny wrote:
Sylvia Else wrote:
Swanny wrote:
Sylvia Else wrote:
Chris Jones wrote:

Except that the common thief can sell it to his local uncommon
thief, and
then some money disappears from your account (as happened to a
different
work colleague whose card *did* have a chip). It is a commonly held
belief
that if you report a phantom withdrawal in the UK you are likely
to be
arrested for fraud, because the bank claims that its system is
infallible,
so you must be lying, and the police arrive and take your DNA, and
then it
is up to you to prove you DIDN'T make the withdrawal.
A commonly held belief perhaps, but certainly untrue.

Your main hope is to
find CCTV of yourself in a different town at the time in question but
it is
not easy. One school of thought is that it is better to just accept
the
financial loss and forget about it. Maybe this is what the bank
wants.
I wonder what happens to those cases where the customer cuts
straight to
the chase after the bank refuses a refund, and sues. It wouldn't
surprise me if a settlement invariably follows. Particularly if the
customer demonstrates knowledge of methods of defeating the
security of
chip and PIN. The banks don't want that kind of publicity.

Sylvia.
It's not up to the banks. They don't own the cards. Think about who
profits from the fraud, besides the fraudsters.
The cards are owned by the card issuers, which in many cases are indeed
banks, in the normal sense of the word. However, for the purpose of this
discussion, "bank" is a convenient shorthand for whoever it is that
asserts the right to payment for amounts disbursed as a result of
fraudulent use of a credit card.

Sylvia.
That's not how it works. There are 3 parties to the transaction apart
from the consumer. The banks are the "acquirers" and only one part of
the picture. They co-brand the card.
Someone is asserting a right to payment. That's the only person the
consumer is bothered with.

Sylvia.

That's an oversimplified view of the way it works.
There are three parties to the transaction. The merchant (who is the
party asserting the right to be paid), the network and the acquirer.
The two major CC issuers operate the network. They make a percentage of
the transaction in both charge and chargeback situations and
irrespective whether it is fraudulent or not. The acquirer (usually a
bank, but can be other companies) takes the credit risk and mostly
profits from the high interest rate on credit. However it's a high risk
unsecured credit transaction. The merchant must take all reasonable
steps to ensure that the identification of the customer and
authentication of the card. Failure to do this will render the merchant
liable for the fraudulent transaction (this is mostly the case). If the
merchant can show that all reasonable steps were taken to ensure the
integrity of the transaction then the acquirer takes the loss. Notice
how the network has absolved itself from the credit risk? There is very
little incentive for the network (who own the infrastructure and issue
the cards) to remedy the situation.

My point was that the consumer is unconcerned provided they are not
expected to pay. Thus regardless of the underlying contractual details,
the only party that the consumer can be concerned about in the context
of a fraudulent transaction is the one demanding money from them.

Sylvia.

 

[Sylvia Else]

Mauried wrote:

On Thu, 19 Feb 2009 19:59:57 +1100, Sylvia Else
sylvia@not.at.this.address> wrote:

Jasen Betts wrote:
On 2009-02-18, David L. Jones <altzone@gmail.com> wrote:
Just got a new Westpac Ignite Mastercard today (they bought out
Virgin). It's got a nice shiny smart card style chip in it. Supposedly
a "CHIP based card for increased fraud protection" or some such said
the blurb.
I didn't know there were any infrastructure/readers etc out there that
could take advantage of such a thing.
It's still got the magnetic strip as well of course.
Anyone got any idea how it works or what it's intended for?
the chip holds your card details and is supposedly harder to forge than
the mag stripe

I have seen eft-pos machines etc with chip-card slots in the top and
with magstripe groove in the side.



The supposed protectiona against forgery is an illusion as long as
systems are willing to fallback to using the magnetic stripe if the chip
communication fails.

On a related note,

"Organized crime tampers with European card swipe devices"

http://www.theregister.co.uk/2008/10/10/organized_crime_doctors_chip_and_pin_machines/

Sylvia.

How do credit cards now work when there is no signature at all.
For example, all over the phone transactions dont require a signature
but the banks still happily pay out.
Just what is the mechanism that allows them to do this.

Basically, the merchant takes the risk that the consumer will repudiate
the transaction, and the merchant will not get paid. Usually there's a
requirement that any goods that have to be physically delivered are sent
to the address that the card issuer has for the holder. If the goods are
delivered, but the consumer denies having ordered them, then at least
the merchant can get the goods back.

In the end, its a business decision - take the risk to get the custom.

Sylvia.