Re: Chip & Pin Fraud

"Alex" <no.spam@xxxxxxxx> wrote in
news:xn0ely50q2qu1zd00j@xxxxxxxxxxxxxxxxxxx:

Then it's not ultimate is it? Banks dragging their heels has been
going on as long as banks have been around. Whether they like it or
not, they're still subject to the law.

Now what about the fraudulent transactions that the bank has deemed
were not fraud? With Chip and PIN, the onus is on you to prove that
fraud occurred

No, it isn't. If the customer holds out, they will eventually have to
go to court where the burden of proof will be on the bank. Has any
case made it to court yet?

Have you actually taken the time to read the terms and conditions that
govern your use of your Chip and PIN card? If so, would you care to post
what those T&C's say about negligence and/or disclosure of your PIN, and
which bank is involved?

In my original post, I said "Chip and PIN *effectively* moves liability
for fraud from the banks to the retailers and cardholders." All the bank
has to do is show that the transaction was made using your PIN and the
terms and conditions entitles them to hold you negligent. The onus is
then on you to prove that you were not negligent. Effectively, you are
guilty unless proven innocent. In contrast, for signature systems the
onus is on the bank to *prove* the authenticity of the signature. With a
signature system, you are innocent until proven guilty.

http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2000_3/bohm/ might help
you understand the issue. The abstract of that piece states:

Banks must prove the authenticity of their customers' handwritten
instructions if challenged, but for telephone and online banking
some banks are adopting terms which could make customers liable for
transactions they have not authorised. Neither the security
technology available to customers, nor the security techniques that
ordinary customers can be expected to use, are adequate to protect
customers from this risk of liability, and the terms in question are
arguably unfair.

Of course, this piece was written in 2000, before Chip and PIN, but the
terms and conditions for Chip and PIN are broadly the same as for use of
ATMs, and so the same concerns apply. As Prof. Anderson pointed out, it
is much easier to fraudulently discover someone's PIN now that we are
expected to use the same four-digit number everywhere.

Another relevant extract from the same piece follows:

.... the limitation of the customer's liability for fraudulent
transactions to £50 typically does not apply where the customer has been
'grossly negligent'. This expression does not have a standard legal
meaning, and is defined in the banks' individual terms. The wider the
definition, the more easily the customer can lose the benefit of the £50
limit. Cases where the customer will be regarded as grossly negligent are
normally defined as including:
- failing to take all available steps to keep the card and the
PIN safe at all times;
- writing the PIN on the card or anything usually kept with it;
- writing the PIN down without disguising it;
- not destroying the PIN notification receipt;

So if a fraudster has your PIN, the terms and conditions under which you
use your card lets the bank deem you to be grossly negligent and thus
deny you the £50 limit of liability that would have applied had you not
been 'grossly negligent'. The burden of proof is then on you to show that
you had take all available (note, this is more than merely reasonable)
steps to keep the card and PIN safe.

--
Geoff
.

Relevant Pages

  • Re: NatWest card reader
    ... Chip and pin was to cut down on fraud because signature checks were so ... Those who just don't trust banks etc will ... The credit card companies are trying to pass the blame onto the vendor ...
    (uk.comp.os.linux)
  • Re: Chip and Pin
    ... majority of the major banks in the UK thesituation is that some banks ... do not have the technology in place to offer a chip and signature card ... PIN terminals do exist they do not have them at the moment on the ...
    (uk.people.disability)
  • Re: smart card versus credit card
    ... > That's why I was complaining that if the banks want to place more trust ... > in the PIN verification process they ... Own Plastic Savings Cards, PO Card Acoount Cards, Store Cards to name ... implemented the Chip and sPIN System. ...
    (sci.crypt)
  • Re: Credit card without chip and pin
    ... Customers are generally happy to use Chip and PIN (after the initial fear of ... not when Chip & Pin is not available on a card. ... There was no problem with her paying a House of Fraser store card ...
    (uk.legal)
  • RE: Linux on military aircraft
    ... Internet so that ... threading security can review it to see if there are any holes. ... And customers want to head from their vendor when they ... Banks had 0 experience in modern technology, ...
    (comp.os.vms)
Loading