Card cloning syndicate bust

PeterCH said:
The transaction can be done using the mag stripe instead of the Chip. In case of technical problems the machine falls back to the Magnetic stripe and/or older models work that way too.
Click to expand...

Thought so. That's why I said earlier, get rid of mag stripe altogether.
 
koffiejunkie said:
Thought so. That's why I said earlier, get rid of mag stripe altogether.
Click to expand...

The mag stripe and signature work. They protect the card holder. And many places in SA and around the world, do not have chip readers.

The only way is if they steal your PIN and draw cash, but if they do that, then CHIP and PIN are more dangerous since you enter your PIN at each transaction point, it is easy for someone to hand you a dud machine to capture the PIN code or even distract you or look over your shoulder. Many of these keyboards are flat like calculators and it is easy for someone to spot your 4 digit code, thump you on the head and draw all the cash from your card. Signatures are safer as the thief would have to be excellent at copying your signature and even then you could prove it wasn't yours (handwriting expert).

Remember the PIN is instead of and not in addition to the signature. If someone gets your card and your PIN (easy to do now that you have to enter it everywhere) you are sunk. If they steal your mag card and do transactions that way they must still fake your signature (not easy).

The best way IMO is a CHIPPED and MAG card which uses the CHIP to verify that the card is real but does not ask for a PIN. Let the teller ask for proof of ID but for goodness sakes don't force PIN entry at each and every step. In ABSA ATMS for instance you have to enter the PIN for each transaction - eg do a statement - enter the PIN, then draw cash - enter PIN again, then do a transfer - enter PIN again. This is very dangerous especially in a violent society like SA.
 
Last edited:
That's all very well but I don't remember the last time I did a transaction that doesn't involve typing my pin, where the cashier actually checked my signature and verified that I have ID matching the name on the card. It relies too much on people.

With regards to where the liability lies, I agree mag stripe has the advantage for the user, but that is a policy problem, not a technical problem.
 
koffiejunkie said:
That's all very well but I don't remember the last time I did a transaction that doesn't involve typing my pin, where the cashier actually checked my signature and verified that I have ID matching the name on the card. It relies too much on people.
Click to expand...
If you enter the PIN, you don't have to sign and the signature carries no validity anyway. The fact that the cashier asks you to sign is indicative of poor training. The authorisation lies in the PIN entry ONLY.
If you do a non-PIN transaction it's the cashier's responsibility to check your ID for large purchases. You are not liable if your card is stolen, or cloned, because the signature is not yours. The shop (and the poorly trained teller/her manager) bear the responsibility. Under the new system they are absolved of all responsibility.

With regards to where the liability lies, I agree mag stripe has the advantage for the user, but that is a policy problem, not a technical problem.
Click to expand...
It's not a policy problem but a good thing. It no longer exists with CHIP and PIN cards.

Ideally the cards should be CHIP but not require PIN entry and only work on signature authorisation (and ID check if the store is prudent). The cards should be chipped to help combat cloning but hey they will be able to clone those too - eg. many laptops come with smart card readers/writers which are used to authenticate the user to the laptop. The technology to clone the chip is there and it's only a matter of time before the fraudsters will be using that too and then they'll be able to read the PIN off the chip as it is stored locally and not in the Credit Card bureau.
 
PeterCH said:
It's not a policy problem but a good thing. It no longer exists with CHIP and PIN cards.
Click to expand...

You misunderstand me (perhaps deliberately?). The policy of customer liability with chip&pin is wrong. The banks should guarantee the authentication systems they provide.
 
koffiejunkie said:
You misunderstand me (perhaps deliberately?). The policy of customer liability with chip&pin is wrong. The banks should guarantee the authentication systems they provide.
Click to expand...

OK. I misunderstood you but not deliberately. I don't think the banks will want to take on this responsibility - they never did - and the vendors are happy they're no longer responsible. Besides, few people recognise this problem and most
see CHIP and PIN as a good thing with no drawbacks, which goes along with the marketing hype banks are spreading.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X