[Gllug] security check

Tue Aug 11 10:05:14 UTC 2009

On Tue, Aug 11, 2009 at 10:18:40AM +0100, Phil Reynolds wrote:
> Quoting "James Laver" <gllug at jameslaver.com>:
> 
> > Until the chip and pin system is properly discredited (or the law
> > is changed to shift liability back to the bank), I'll stick with
> > signature, thanks. And yes, I like my chequebook.
> 
> When you consider that the main thrust of the argument was to shift  
> liability away from the retailer, they shifted it in the wrong  
> direction.

The liability has always been with the bank, but the bank's contract with the retailer then shifts it again. The same is true with chip and signature, but I'm not fussed about who has the liability as long as it's not me. See also: 3dinsecure, which resulted in a MASSIVE dropout during the payment cycle for a 
previous client. My next venture will not be doing 3dsecure but will just be doing CVC check and to hell with the small rates of fraud.

Of course I have a personal vendetta against 3dsecure for not only making my life harder but for shifting liability wholesale onto me, whatever the retailer decides to do with my card after I've paid. Oh and for not being even remotely secure (I keep meaning to write those slides so I can speak about it).

> My partner's "chip and signature" card was refused (in advance of the  
> "let the customer sign" rule being withdrawn) by one outlet where we  
> frequently used the card. He had it replaced with a "chip and pin"  
> card in advance of the normal cycle but I did write to head office  
> pointing out that "the chip says signature and should not be refused"  
> - I got back a "local management decision" fob-off, so I responded via  
> the web countering their arguments one by one. I also had a card that,  
> at the time, was "chip and signature" so on a future visit tried that  
> and they accepted it.

There was a lot of confusion around that time, retailers were being told varying things by different banks and noone really knew what was going on. The government ended up publishing information to guide consumers, as I recall. Certainly, however, chip and signature should have been accepted, since they were 
required to take american cards as well for a year or so after the change to chipped cards.

Generally if your partner just mentions the DDA and that they have no right to refuse his card on ground of 'signatureness', then they'll cave after only a couple of minutes of argument. I've only had a problem with 3 retailers in about 4 months.

> I also got some funny looks in a branch of PC World - I presented the  
> same card, a slip printed for signing and the transaction was nearly  
> cancelled. I pointed to the slip, where it said "ICC - Signature",  
> explained that the card was a "signed for" one in line with the  
> practice at the time of its issue and that some people would still  
> have them, a manager heard me and explained to the till operator "that  
> is correct - if it prints a slip for signing, rather than prompting  
> for pin, it is acceptable" - this was after the "must use pin" rule  
> came in.

Sainsburys voided my transaction 3 times because it kept asking me to sign, thus causing Lloyds to apply a fraud block. Not taking my card is bad enough, but messing about and getting it blocked is just unacceptable. I don't think the customers waiting in the queue behind were happy either, and the manager who 
got a call at home (and who then proceeded to instruct them to reject the transaction) was probably a bit miffed he got called on his day off.

> The card was later replaced with a chip and pin card as part of the  
> normal replacement cycle.
>
> I know that the way the rules are written, chip and signature is  
> better for the customer, but I am not going to ask for such a card, at  
> least yet.

Perhaps a C+S card with a pin would be more appropriate for you? Personally I don't want the liability.

--James
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug