Comments on: More info on Chip & Pin issues http://snakeoillabs.com/wordpress/2006/05/07/more-info-on-chip-pin-issues/ Random acts of hackery, geekery and skullduggery Mon, 08 Nov 2010 21:03:05 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Rose http://snakeoillabs.com/wordpress/2006/05/07/more-info-on-chip-pin-issues/comment-page-1/#comment-3239 Rose Sat, 03 Jun 2006 15:23:41 +0000 http://snakeoillabs.com/wordpress/2006/05/07/more-info-on-chip-pin-issues/#comment-3239 As you said above in your article about being able to use video surveillance to check if the transaction was carried out by yourself I beleive there is a way of doing this if only the banks and stores would enforce it. An organisation called NEC specialise in the leading technologies of Digital Identity Management soloutions and one of their services include NeoFace, face recognition software for video surveillance. (More on this in my article on our website) Why can't they work together in making Chip & PIN safer? Or are they wanting to see the service die out because it might just be a threat to both us and them? Rose As you said above in your article about being able to use video surveillance to check if the transaction was carried out by yourself I beleive there is a way of doing this if only the banks and stores would enforce it.

An organisation called NEC specialise in the leading technologies of Digital Identity Management soloutions and one of their services include NeoFace, face recognition software for video surveillance. (More on this in my article on our website)

Why can’t they work together in making Chip & PIN safer? Or are they wanting to see the service die out because it might just be a threat to both us and them?

Rose

]]> By: Ross http://snakeoillabs.com/wordpress/2006/05/07/more-info-on-chip-pin-issues/comment-page-1/#comment-3237 Ross Tue, 09 May 2006 15:10:41 +0000 http://snakeoillabs.com/wordpress/2006/05/07/more-info-on-chip-pin-issues/#comment-3237 otto - that sounds like a good idea but my UK bank has started charging me 2.50GBP / month for sending me weekly 'mini statements' that used to be free. I wouldn't be surprised if they tried charging us for the service you describe too, even though it could save them millions in fraud. otto – that sounds like a good idea but my UK bank has started charging me 2.50GBP / month for sending me weekly ‘mini statements’ that used to be free. I wouldn’t be surprised if they tried charging us for the service you describe too, even though it could save them millions in fraud.

]]> By: otto http://snakeoillabs.com/wordpress/2006/05/07/more-info-on-chip-pin-issues/comment-page-1/#comment-3236 otto Tue, 09 May 2006 00:23:11 +0000 http://snakeoillabs.com/wordpress/2006/05/07/more-info-on-chip-pin-issues/#comment-3236 There is a really cheap and simple system that has been in use in Hungary for over five years that has got fraud down to less than one twentieth (1/20th) of the UK fraud rate, and it gets the card holder involved. The bank simply sends you a text message whenever the card is used (including amount and location details). If you didn't make that transaction you simply reply 'blk' and the bank shuts the card down immediately stopping the fraud in its tracks. This works wherever your card is used including online. This approach has been succesfully copied by banks in Italy, Spain, South Africa, etc but not in the UK although the banks do know about it ... guess the ~£500M cost of fraud they pass on to consumers is seen as the best they can do There is a really cheap and simple system that has been in use in Hungary for over five years that has got fraud down to less than one twentieth (1/20th) of the UK fraud rate, and it gets the card holder involved. The bank simply sends you a text message whenever the card is used (including amount and location details). If you didn’t make that transaction you simply reply ‘blk’ and the bank shuts the card down immediately stopping the fraud in its tracks. This works wherever your card is used including online. This approach has been succesfully copied by banks in Italy, Spain, South Africa, etc but not in the UK although the banks do know about it … guess the ~£500M cost of fraud they pass on to consumers is seen as the best they can do

]]> By: Brian http://snakeoillabs.com/wordpress/2006/05/07/more-info-on-chip-pin-issues/comment-page-1/#comment-3235 Brian Mon, 08 May 2006 22:28:26 +0000 http://snakeoillabs.com/wordpress/2006/05/07/more-info-on-chip-pin-issues/#comment-3235 Reasonable, in UK law at least is a philisophical question. The question in court being "would a reasonable man x", in cases that come to court where it isn't clear what a reasonable man would do means the jurors have to decide what is reasonable in their opinion. Although banks are regulated to the hilt there are certain things that they will fight tooth and nail about. In the UK they still refuse to accept that a 'phantom withdraw' can happen, i.e. one where there is supposedly no way the card can have been cloned and its PIN discovered, i.e. clones of cards that haven't been delivered yet, and attempts to use credit cards for cash withdraws with a valid PIN when the card holder has never requested the feature. See: http://www.theregister.co.uk/2005/10/21/phantoms_and_rogues/ and http://blogs.guardian.co.uk/technology/archives/2005/10/24/how_atm_fraud_nearly_brought_down_british_banking.html The import things to note are 1. The banks claim to be infallible. 2. Bank computing/security staff went bad, and abused their system access. The infallibilty of the UK banking system has never been effectively demonstated in court. Reasonable, in UK law at least is a philisophical question. The question in court being “would a reasonable man x”, in cases that come to court where it isn’t clear what a reasonable man would do means the jurors have to decide what is reasonable in their opinion.

Although banks are regulated to the hilt there are certain things that they will fight tooth and nail about. In the UK they still refuse to accept that a ‘phantom withdraw’ can happen, i.e. one where there is supposedly no way the card can have been cloned and its PIN discovered, i.e. clones of cards that haven’t been delivered yet, and attempts to use credit cards for cash withdraws with a valid PIN when the card holder has never requested the feature.

See:
http://www.theregister.co.uk/2005/10/21/phantoms_and_rogues/
and
http://blogs.guardian.co.uk/technology/archives/2005/10/24/how_atm_fraud_nearly_brought_down_british_banking.html

The import things to note are
1. The banks claim to be infallible.
2. Bank computing/security staff went bad, and abused their system access.

The infallibilty of the UK banking system has never been effectively demonstated in court.

]]> By: matt http://snakeoillabs.com/wordpress/2006/05/07/more-info-on-chip-pin-issues/comment-page-1/#comment-3234 matt Mon, 08 May 2006 20:55:23 +0000 http://snakeoillabs.com/wordpress/2006/05/07/more-info-on-chip-pin-issues/#comment-3234 I think you're a little paranoid about banks, they're regulated to the hilt so it's hardly like they'll decide "arbitrarily that you were fraudulent or negligent and choose not to reimburse you". It wouldn't be good for their own reputation or the industry. There will always be cases where the wrong decision is made, but you can appeal or go to the banking ombudsman. The fact you said you know one guy who once got refused a refund doesn't mean it's widespread. I think you’re a little paranoid about banks, they’re regulated to the hilt so it’s hardly like they’ll decide “arbitrarily that you were fraudulent or negligent and choose not to reimburse you”. It wouldn’t be good for their own reputation or the industry.

There will always be cases where the wrong decision is made, but you can appeal or go to the banking ombudsman. The fact you said you know one guy who once got refused a refund doesn’t mean it’s widespread.

]]>