Re: Disputed ATM transaction
- From: "M.I.5¾" <no.one@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 27 Mar 2009 10:25:02 -0000
"Iain" <spam@xxxxxxxxx> wrote in message
news:732554FstsmqU1@xxxxxxxxxxxxxxxxxxxxx
"The Todal" <deadmailbox@xxxxxxxx> wrote in message
news:731hdjFstb2dU1@xxxxxxxxxxxxxxxxxxxxx
A customer of a bank finds that 300 quid was drawn from his account at a
cash machine that he has never used - also, he never draws cash from ATMs
because he is in the habit of drawing cash at supermarkets instead, using
the Cashback procedure.
The bank insists that it was a legitimate transaction and that if he
didn't use his card to draw the money he *must* have allowed his card to
be used by someone else, and disclosed his Pin number to them.
Presumably (assuming the customer is telling the truth) either the card
was cloned, or it was some sort of computer error in the banking system.
The banking ombudsman has decided to take the side of the bank and to say
that there is no obligation on the bank to refund the money. The customer
is contemplating suing the bank.
Are there any useful resources on the Web about this problem (disputed
ATM transactions) and do the banks secretly acknowledge that some such
transactions occur by reason of computer error?
As I understand it, there were two systems of 'chip and pin' available.
Both were thought to be fraud-proof. The banks went for the cheaper
version. It was then discovered that this system was not infallible and
the cards could be used fraudulently. It seems, however, that the banks
still maintain that the system is fraud-proof and so in some cases will
not concede nor repay amounts stolen.
You are refering to the system known as CAP (Complex Authentication
Protocol), originating in France but now used throughout most of Europe, but
originally except the UK. The UK banks impemented a simpler and cheaper
system which goes by the name of SAP (Simple Authentication Protocol). The
SAP system suffered from the problem that it was discovered that it was
possible to transfer the PIN number from one card to another, or to transfer
the bank details from another card to a card of known PIN number. The
banks, of course, denied that this was possible* and they continue to do so.
The Shell card cloning scam worked because the scammers were able to
transfer customers' bank details to cards with known PIN numbers. Since
banks like Barclays insist that whenever a PIN is used, the customer must be
a party to the transaction, they are in no hurry to implement any more
expensive (and secure) system.
SAP has caused problems for UK card holders when they try to use their cards
abroad because unless the retailer's terminal is programmed for SAP cards,
they will not be accepted. Most card operated petrol stations, for example,
won't accept SAP cards. Many banks (but not all) are migrating to CAP
cards.
* The banks similarly denied that it was possible to transplant magnetically
encoded PIN number when the PIN was stored on the card's magnetic stripe (a
practice that did eventually get stopped). The banks insisted that because
the PIN was securely encrypted, it was not possible to read it. They
completely ignored the fact that it is not necessary to decrypt the PIN
number in order to copy it.
.
- Follow-Ups:
- Re: Disputed ATM transaction
- From: Iain
- Re: Disputed ATM transaction
- Prev by Date: Re: Speeding cop jailed
- Next by Date: Re: UK Shoplifting laws
- Previous by thread: Re: Disputed ATM transaction
- Next by thread: Re: Disputed ATM transaction
- Index(es):
Relevant Pages
|
Loading
