[Wolves] credit card signatures etc

Jon Farmer jonfarmer at enta.net
Wed Apr 7 09:16:53 BST 2004


Old Dan wrote:


> I do think the idea of completely replacing signatures is a stupid one. 
> The problem with signatures not being checked is a simple one of - well -
> signatures not being checked rather than a fundamental flaw in the
> signature system itself.

One of the main problems is that signatures are rarely if never checked 
properly and so have ceased to be a realiable security check. With chip 
& pin the onus is on the cardholder to authenticate the transaction not 
the merchant. Usually the terminals will be positioned so the cashier 
can't see the numbers being punched. As for other members of the public 
seeing the pin it would require them to snatch the card and that would 
be quite a risky thing to do in this day and age.


> I can see major problems with PIN numbers though.  All someone would have
> to do is find out your PIN (say by standing behind you in a supermarket
> queue and watching you enter it - not as hard as it seems, have you ever
> tried watching someone at a cash machine?  Sometimes people are so obvious
> it's hard /not/ to see the numbers they're pressing, and that's at a
> set-back-from-direct-view ATM...), steal your bag/wallet then go to the
> next shop or whatever and go wild before you have even noticed it missing.

If you had you card stolen it would be blocked on reporting to the bank 
even if the criminal had the pin.

> At least it takes some practice to forge a signature.  I'm guessing the
> rationale behind this is more to do with online card fraud(which this will
> make harder) than the on-the-street variety but I'm really not sure they
> have thought out the implications of it.  Maybe a PIN system specifically
> for online transactions would be a better idea.

Chip and Pin is NOT valid for internet transactions (in fact it will not 
work with ALL cardholder not present transactions). VISA are introduced 
a system called Verified By VISA and Mastercards version is called 
Securecode. Both these systems are for internet only transactions and 
use a password rather than a pin. They guarantee 'card not present' 
transactions over the internet against "it was me" chargebacks.

Regards

Jon



-- 
Jon Farmer
Senior Systems Developer
Entanet International Ltd
Tel: +44 (0)1952 428969
Mob: +44 (0)7017 429590
SMS -> Email 07986200312 Prexif SMS With JF
www.enta.net




More information about the Wolves mailing list