Comments: Naked Payments II - uncovering alternates, merchants v. issuers, Brits bungle the risk, and just what are MBAs good for?

I have seen it asserted that the real "gain" of chip+pin isn't any additional security, but elimination of signatures.

An obscure bit of uk banking law states that the risk of failing to recognise a paper-and-pen signature is the banks - not the customers, or the retaillers, but the banks. the bank has to eat the loss if fraud takes place based on a handwritten signature.

On the other hand, if you use a pin, then that doesn't apply - and currently, the new merchant agreements state that the risk falls squarely on the retailler, just like customer-not-present transactions always did.

Chip and pin has already cleared its profit - not due to increased security (although it also makes skimming a bit harder) but due to the offset of risk onto people who can't alter the risk at all (the retailers) so have to deal with it statistically. Any actual reduction in fraud is a bonus, but to be honest doesn't matter to the banks, as it goes into retailer bank accounts, not theirs.

Posted by Dave Howe at June 11, 2006 05:32 AM

Dave writes:
> On the other hand, if you use a pin, then that doesn't
> apply and currently, the new merchant agreements state
> that the risk falls squarely on the retailler, just like
> customer-not-present transactions always did.

re:
https://financialcryptography.com/mt/archives/000744.html

other subsequent posts also make reference to possible transfer of liability

re:
http://www.garlic.com/~lynn/aadsm24.htm#7

has this reference:

UK bank card security flaws warning
http://euronews.net/create_html.php?page=detail_eco&article=363719&lng=1

and
http://www.garlic.com/~lynn/aadsm24.htm#12

has this reference:

Chip and SPIN; The switch to Chip and PIN may be for the benefit of banks rather than consumers, suggests Gervase Markham
http://business.timesonline.co.uk/article/0,,9075-2247493,00.html

and now comes this more recent article that has been
picked up in several places:

UK Banks Consider Making Customers Liable for Online Fraud
http://www.ecommercetimes.com/story/LW3h8x0sQjgTOW/UK-Banks-Consider-Making-Customers-Liable-for-Online-Fraud.xhtml
UK Banks Consider Making Customers Liable for Online Fraud
http://www.crmbuyer.com/story/LW3g1ZYzCnnQ88/UK-Banks-Consider-Making-Customers-Liable-for-Online-Fraud.xhtml
UK Banks Consider Making Customers Liable for Online Fraud
http://www.technewsworld.com/story/51732.html

and this article

Consumer groups, banks battle about components of ID theft legislation
http://www.daytondailynews.com/business/content/business/daily/071606identity.html
Consumer groups, banks battle over ID theft legislation
http://www.oxfordpress.com/business/content/shared/news/stories/IDENTITY_THEFT16_COX_W1718.html

Posted by Lynn Wheeler at July 16, 2006 09:07 AM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x55af04582dc8) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.