[Gllug] security check
Simon Wilcox
essuu at ourshack.com
Wed Aug 12 09:57:16 UTC 2009
On 12/8/09 10:28, James Laver wrote:
> I'm pretty sure it doesn't do any signature verification, but that is
> a far-from-trivial problem. At the very least, even without a
> signature pad, they could run it as a CNP (Cardholder Not Present)
> transaction, thus not needing signature.
I'm not aware that humans do any signature verification either. In the
last days of my C&S card I routinely signed the chits with a completely
different signature to that on the card and it was never queried. Not once.
To protect my C&P cards I use a card with a small limit for on line
purchases and a debit card for in person & cash machines that's drawn
against a current account with no overdraft and only as much cash in it
as I need at that time to limit any possible exposure.
With regards to CNP, it's against the merchant rules to take a CNP when
the card holder is present. You could probably fake it on the odd
occasion when you take a mix of present and not present but I imagine it
would be a bit harder to claim a telephone sale at a filling station :-)
S.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list