[Wolves] credit card signatures etc
Old Dan
dan at dannyboy.dnsalias.org
Wed Apr 7 10:55:34 BST 2004
> Old Dan wrote:
>
>
>> I do think the idea of completely replacing signatures is a stupid one.
>> The problem with signatures not being checked is a simple one of - well
>> -
>> signatures not being checked rather than a fundamental flaw in the
>> signature system itself.
>
> One of the main problems is that signatures are rarely if never checked
> properly and so have ceased to be a realiable security check.
Yeah I said that. And as I also said, that problem is not fundamental to
the signature system, rather widespread carelessness on the part of
cashiers. A management, rather than a technological, issue.
With chip
> & pin the onus is on the cardholder to authenticate the transaction not
> the merchant. Usually the terminals will be positioned so the cashier
> can't see the numbers being punched. As for other members of the public
> seeing the pin it would require them to snatch the card and that would
> be quite a risky thing to do in this day and age.
You've never heard of pickpockets?
>> I can see major problems with PIN numbers though. All someone would
>> have
>> to do is find out your PIN (say by standing behind you in a supermarket
>> queue and watching you enter it - not as hard as it seems, have you ever
>> tried watching someone at a cash machine? Sometimes people are so
>> obvious
>> it's hard /not/ to see the numbers they're pressing, and that's at a
>> set-back-from-direct-view ATM...), steal your bag/wallet then go to the
>> next shop or whatever and go wild before you have even noticed it
>> missing.
>
> If you had you card stolen it would be blocked on reporting to the bank
> even if the criminal had the pin.
In the time it would take for the swagbag-carrier in question to learn how
to forge your signature you would probably notice the card gone. In the
time it would take the person to pick your pocket and use your card
several times you probably wouldn't even have reached your car.
>> At least it takes some practice to forge a signature. I'm guessing the
>> rationale behind this is more to do with online card fraud(which this
>> will
>> make harder) than the on-the-street variety but I'm really not sure they
>> have thought out the implications of it. Maybe a PIN system
>> specifically
>> for online transactions would be a better idea.
>
> Chip and Pin is NOT valid for internet transactions (in fact it will not
> work with ALL cardholder not present transactions). VISA are introduced
> a system called Verified By VISA and Mastercards version is called
> Securecode. Both these systems are for internet only transactions and
> use a password rather than a pin. They guarantee 'card not present'
> transactions over the internet against "it was me" chargebacks.
OK I didn't know that, that sounds more sensible - but it only reinforces
my belief that the abolition of signatures is a daft idea....
--
Dan
More information about the Wolves
mailing list