OT you can be sure of Shell ??

This site contains affiliate links for which LandyZone may be compensated if you make a purchase.
beamendsltd wrote:
> In message <[email protected]>
> Mother <"@ {mother} @"@101fc.net> wrote:
>
>
>>On Fri, 19 May 2006 21:34:29 +0100, Ian Rawlings
>><[email protected]> wrote:
>>
>>
>>>Despite instructions that neither of these bits of info should be
>>>stored, many credit-card processing systems do store them, with the
>>>end result being that when the system gets hacked, not only does your
>>>normal card details get leaked, but your PIN number does too, allowing
>>>thieves to walk up to cashpoints and withdraw your money, not
>>>something they were able to do before "chip and pin".
>>
>>Chip and Pin was introduced for the convenience of the wunch of
>>bankers who only have limited vision - there is no way - in reality,
>>that it is safer than a sig - it's cheaper to maintain and administer,
>>though.
>>
>
>
> There's considerable evidence to refute that. Speaking as a retailer,
> C&P is a hell of a lot simpler to use, and any doubt about signatures
> is removed (it's always the retainlers fault, so we used to take the
> hit every time). Now they either know the PIN or they don't which
> is nice and tidy.
>
> <snip>
>
>
> Richard

Over here in France they've been doing it (Chip 'n' Pin that is) for
years, without any major hassles. When we first got here, all I had was
a credit card (which had a chip on it) which everyone tried to put into
the reader, and didn't know what to do when the machine said "swipe" (in
French of course!) Most times I didn't sign anything, they just handed
the receipt back to me without any verification. On the motorways, the
toll booths are set up so that they take cards with using the PIN.
Presumably they have an arrangment to take the hits, and the losses must
be low enough to compensate for the time factor (and hence the
possibility of massive queues)

Stuart
 
On Sat, 20 May 2006 13:39:59 +0100, beamendsltd
<[email protected]> wrote:

>There's considerable evidence to refute that. Speaking as a retailer,

Our experiences differ. We put around 100K via 'chip-n-pin' in retail
(customer present) and over 750k* online (customer not present) -
we've only ever had one issue 'online', countless (alright, about 40
or so) following the introduction of chip'n'pin in retail.


(* if you include our customers who use the systems we developed, then
just over 9.7 Million in the financial year 2005-2006).




--
"We have gone from a world of concentrated knowledge and wisdom to one
of distributed ignorance. And we know and understand less while being
increasingly capable." Prof. Peter Cochrane, formerly of BT Labs
In memory of Brian {Hamilton Kelly} who logged off 15th September 2005
 
In message <[email protected]>
Ian Rawlings <[email protected]> wrote:

> On 2006-05-20, Austin Shackles <[email protected]> wrote:
>
> > the scumbags can put their cloning machine on the front of an ATM though.
>
> Sure, but I rarely draw money out of any ATM other than the one near
> my house, I work from home so not much call for getting money out
> elsewhere. Also you can keep your eyes open for such things, all in
> all much less risk than trusting your details to countless shoddy
> software implementations all over the place that you can't assess in
> any way shape or form.
>

But all that is to do with "curtomer not present" transactions -
chip & pin has nothing whatever to do with this. There are some
trials going on, allegedly, into some sorts of on-line security
code or whatever but they all seem to either require additional
hardware for both the user and vendor which is doomed to failure
on cost/practicallity grounds, or using software which is just
as open to abuse as now and would therefore not achieve much.

The simplest solution would be only to allow goods to be sent
to the cards registered address - but the would upset customers.


Richard
--
www.beamends-lrspares.co.uk [email protected]
RISC-OS - Where have all the good guys gone?
Boycott the Yorkshire Dales - No Play, No Pay
 
In message <[email protected]>
Mother <"@ {mother} @"@101fc.net> wrote:

> On Sat, 20 May 2006 13:39:59 +0100, beamendsltd
> <[email protected]> wrote:
>
> >There's considerable evidence to refute that. Speaking as a retailer,
>
> Our experiences differ. We put around 100K via 'chip-n-pin' in retail
> (customer present) and over 750k* online (customer not present) -
> we've only ever had one issue 'online', countless (alright, about 40
> or so) following the introduction of chip'n'pin in retail.
>

But on-line has nothing to do with C&P. We get plenty of "declined"s
from on-line orders, but what the hell, no authorisation, no goods.
We've never yet had a charge-back, even from Lativa! If the customer
knows their pin and the transaction is done corectly, then you
should never get a charge-back from a cutomer present sale either.

>
> (* if you include our customers who use the systems we developed, then
> just over 9.7 Million in the financial year 2005-2006).
>
>
>
>

Richard

--
www.beamends-lrspares.co.uk [email protected]
RISC-OS - Where have all the good guys gone?
Boycott the Yorkshire Dales - No Play, No Pay
 
In message <[email protected]>
"Bob Hobden" <[email protected]> wrote:

>
> "Dave Liquorice" wrote ((snip))
> > This is the major part of it and it appears is "real time", at least for
> > some cards. TBH I'm not surprised most of us are creatures of habit and
> > have pretty predictable spend patterns. Mind you they are tightening up,
> > got a flyer with one of my statements asking me to tell them before I go
> > abroad, dates & locations etc. I guess the hidden meaning is that *any*
> > foreign stuff appearing on my account could lead it to being blocked.
> >
> Every time we go to France for the day to buy red wine and stuff, after the
> first transaction the next purchase gets the instruction "Phone Card Issuer"
> on the terminal. Of course nobody in the shops ever does, they just ask for
> another card, so the computer then stops the original card automatically.
> Ended up with three cards stopped between us a couple of weeks ago.
> Eventually got a call on the mobile from a person and they went through my
> last few transactions one of which was Eurotunnel for the tickets, now I
> would have thought that would have given them a starter for ten but we are
> talking about a computer, at least they unstopped that card. Didn't get the
> other cards unstopped until back in UK.
> We have even phoned beforehand to warn them we will be shopping abroad but
> still have the problem, thank goodness for mobile phones.
>
> The fault isn't with the Bank, they are just trying to protect both of us,
> it's the shops for being lazy and not phoning when asked.

You should report the shops, or at least threaten to. Assuming they
have similar merchant agreements then the it is part of the contract
that phoning up when instructed to is *compulsory* - not doing so
can lead to the service being withdrawn or suspended. It is an A1
pain the bum having to ring, but it's part of the overall security
system and retailers who don't play play ball arn't helping.

Richard
--
www.beamends-lrspares.co.uk [email protected]
RISC-OS - Where have all the good guys gone?
Boycott the Yorkshire Dales - No Play, No Pay
 
beamendsltd wrote:

|| The simplest solution would be only to allow goods to be sent
|| to the cards registered address - but the would upset customers.

Before the days of T'internet, I always assumed this was the case. It still
amazes me that you can quote CC details over the phone or net (which only
proves you have the card, whoever it belongs to) in your hand, and have the
goods sent anywhere in the world. OK, you have to give an address, which
means you could eventually be traced if anyone can be bothered, but it seems
like an open invitation to theft.

How hard would it be for the banks to offer the option of "only post goods
to cardholder's address" on every CC they issue?

Answer: about as difficult as Orange found it to place a monthly ceiling on
my daughter's mobile phone which was registered to me, in other words,
impossible. The system won't allow it, which translates as "we are making
far too much money out of this to do it any other way."

--
Rich
==============================

I don't approve of signatures, so I don't have one.


 
Richard Brookman wrote:

> Answer: about as difficult as Orange found it to place a monthly ceiling on
> my daughter's mobile phone which was registered to me, in other words,
> impossible.

The 330 quid in a month job ? Been there done that. Took her MONTHS to
pay that off.

Steve
 
On Sun, 21 May 2006 11:17:57 +0100, "Richard Brookman"
<[email protected]> wrote:

>|| The simplest solution would be only to allow goods to be sent
>|| to the cards registered address - but the would upset customers.
>
>Before the days of T'internet, I always assumed this was the case.

It still is the case - in almost every merchant services agreement.

Should a vendor deliver to any other address, any subsequent query or
repudiation claim goes immediately against the vendor, who will rarely
see the money again and probably find it isn't worth trying to chase.


--
"We have gone from a world of concentrated knowledge and wisdom to one
of distributed ignorance. And we know and understand less while being
increasingly capable." Prof. Peter Cochrane, formerly of BT Labs
In memory of Brian {Hamilton Kelly} who logged off 15th September 2005
 
On Sun, 21 May 2006 08:51:21 +0100, beamendsltd
<[email protected]> wrote:

>But on-line has nothing to do with C&P. We get plenty of "declined"s
>from on-line orders, but what the hell, no authorisation, no goods.

Sure, the point I'm making is more about the industry, rather than
just chip'n'pin though. The pin is by no means safer than a sig - the
only caveat to this being that if all cards had (as Alliance and
Leicester used to) the photograph of the holder on. Even that is not
a failsafe as Charlotte often uses my debit card and pin these days
(for convenience) - never been questioned about the 'name' on the
card. I could, I expect, quite legitimately repudiate many of those
transactions.

>We've never yet had a charge-back, even from Lativa! If the customer
>knows their pin and the transaction is done corectly, then you
>should never get a charge-back from a cutomer present sale either.

We had a series of 'call for authorisation' on every single
transaction when I had the shop - on one day, a busy Saturday, it was
happening for one in two transactions. I've never had any issues
'on-line', apart, obviously for the immediately declined.


--
"We have gone from a world of concentrated knowledge and wisdom to one
of distributed ignorance. And we know and understand less while being
increasingly capable." Prof. Peter Cochrane, formerly of BT Labs
In memory of Brian {Hamilton Kelly} who logged off 15th September 2005
 
steve wrote:

|| Richard Brookman wrote:
||
||| Answer: about as difficult as Orange found it to place a monthly
||| ceiling on my daughter's mobile phone which was registered to me,
||| in other words, impossible.
||
|| The 330 quid in a month job ? Been there done that. Took her MONTHS
|| to pay that off.
||
|| Steve

Er, yeah, something like that. Partly my fault as I had taken to ignoring
the Orange bills until they started arriving in full A4 envelopes (not the
usual A5) and thicker than an Argos catalogue. Living apart doesn't help,
as it's hard to be the angry Dad when you only see them every blue moon.

--
Rich
==============================

I don't approve of signatures, so I don't have one.


 
In message <[email protected]>
"Richard Brookman" <[email protected]> wrote:

> beamendsltd wrote:
>
> || The simplest solution would be only to allow goods to be sent
> || to the cards registered address - but the would upset customers.
>
> Before the days of T'internet, I always assumed this was the case. It still
> amazes me that you can quote CC details over the phone or net (which only
> proves you have the card, whoever it belongs to) in your hand, and have the
> goods sent anywhere in the world. OK, you have to give an address, which
> means you could eventually be traced if anyone can be bothered, but it seems
> like an open invitation to theft.
>

It's not quite that simple - the card holders address is required to
do transaction "properly".

> How hard would it be for the banks to offer the option of "only post goods
> to cardholder's address" on every CC they issue?

They actually sort of do - it's the retailers discretion, and risk,
to send to another address effectively.

>
> Answer: about as difficult as Orange found it to place a monthly ceiling on
> my daughter's mobile phone which was registered to me, in other words,
> impossible. The system won't allow it, which translates as "we are making
> far too much money out of this to do it any other way."
>

It would certainly be diffcult to find example of a bank behaving
in a manner that does not rotect themselves first and the customer
second.

Richard

--
www.beamends-lrspares.co.uk [email protected]
RISC-OS - Where have all the good guys gone?
Boycott the Yorkshire Dales - No Play, No Pay
 
On 2006-05-21, beamendsltd <[email protected]> wrote:

> But all that is to do with "curtomer not present" transactions -
> chip & pin has nothing whatever to do with this.

Yes I know. I stated that I use my credit card rather than my debit
card because I get the chance to challenge before I have to pay, and
that I didn't suffer much risk of my cashpoint card PIN being stolen
as I only use one cashpoint. This doesn't mean I'm confusing C&P and
online purchasing.

--
Blast off and strike the evil Bydo empire!
 
On or around Sun, 21 May 2006 12:18:47 +0100, Mother <"@ {mother}
@"@101fc.net> enlightened us thusly:

>On Sun, 21 May 2006 08:51:21 +0100, beamendsltd
><[email protected]> wrote:
>
>>But on-line has nothing to do with C&P. We get plenty of "declined"s
>>from on-line orders, but what the hell, no authorisation, no goods.
>
>Sure, the point I'm making is more about the industry, rather than
>just chip'n'pin though. The pin is by no means safer than a sig - the
>only caveat to this being that if all cards had (as Alliance and
>Leicester used to) the photograph of the holder on. Even that is not
>a failsafe as Charlotte often uses my debit card and pin these days
>(for convenience) - never been questioned about the 'name' on the
>card. I could, I expect, quite legitimately repudiate many of those
>transactions.
>

The thing about C&P in my observation is that the merchants don't check the
card at all, quite often. Some of them take the card from you and put it in
the slot and thus have the opportunity to examine the name thereon and see
if it says "Mrs Jones" when you're quite obviously a bloke. But often they
don't even touch the card, so if I had a stolen or cloned one I could bung
it in, type the pin and the name on the card could be Yussuf Amin for all
the merchant knew about it.
--
Austin Shackles. www.ddol-las.net my opinions are just that
"You praise the firm restraint with which they write -_
I'm with you there, of course: They use the snaffle and the bit
alright, but where's the bloody horse? - Roy Campbell (1902-1957)
 
On Sun, 21 May 2006 18:34:08 +0100, Austin Shackles wrote:

> Some of them take the card from you and put it in the slot and thus
> have the opportunity to examine the name thereon and see if it says
> "Mrs Jones" when you're quite obviously a bloke. But often they
> don't even touch the card, so if I had a stolen or cloned one I could
> bung it in, type the pin and the name on the card could be Yussuf Amin
> for all the merchant knew about it.

Yep, comes of having the card slot on the keypad and not the EPOS kit.
It's much easier for the sales assistant to let the customer put the card
in than reach round and awkwadly put it into a slot aimed at the customer
not them. Mind even those that do put the card in for you don't do much
more than a very casual glance if that.

Certainly seems like two steps forward one step back. Probably because,
as is typical these days, no body really thought through the
implimentation and ergonomics of the C 'n P system.

Personally I don't like C 'n P, I keep forgetting the numbers. Seems I
can remember 2 no trouble, but bung in a third and it bumps one of the
others out of my memory. Bit of a problem when I have 3 cards I use
regulary (ATM, Business CC, Personal CC). I'm tempted to make all cards
all the same but that somewhat defeats the object...

--
Cheers [email protected]
Dave. pam is missing e-mail



 
On or around Sun, 21 May 2006 18:07:37 +0100, Ian Rawlings
<[email protected]> enlightened us thusly:

>On 2006-05-21, beamendsltd <[email protected]> wrote:
>
>> But all that is to do with "curtomer not present" transactions -
>> chip & pin has nothing whatever to do with this.
>
>Yes I know. I stated that I use my credit card rather than my debit
>card because I get the chance to challenge before I have to pay, and
>that I didn't suffer much risk of my cashpoint card PIN being stolen
>as I only use one cashpoint. This doesn't mean I'm confusing C&P and
>online purchasing.

I have a "business card" which functions as a mastercard but is in fact a
chegecard rather than a credit card - an added advantage of this is that the
bank transaction to pay it is a single transaction, and thus only gets one
transaction charge, whereas using a debit card, you get a transaction charge
per transaction. not a big advantage, but it adds up over the year. same
applies to credit cards, of course, if you clear them with a single monthly
payment.

--
Austin Shackles. www.ddol-las.net my opinions are just that
In Touch: Get in touch with yourself by touching yourself.
If somebody is watching, stop touching yourself.
from the Little Book of Complete B***ocks by Alistair Beaton.
 
On or around Sun, 21 May 2006 19:50:26 +0100 (BST), "Dave Liquorice"
<[email protected]> enlightened us thusly:

>On Sun, 21 May 2006 18:34:08 +0100, Austin Shackles wrote:
>
>> Some of them take the card from you and put it in the slot and thus
>> have the opportunity to examine the name thereon and see if it says
>> "Mrs Jones" when you're quite obviously a bloke. But often they
>> don't even touch the card, so if I had a stolen or cloned one I could
>> bung it in, type the pin and the name on the card could be Yussuf Amin
>> for all the merchant knew about it.
>
>Yep, comes of having the card slot on the keypad and not the EPOS kit.
>It's much easier for the sales assistant to let the customer put the card
>in than reach round and awkwadly put it into a slot aimed at the customer
>not them. Mind even those that do put the card in for you don't do much
>more than a very casual glance if that.
>
>Certainly seems like two steps forward one step back. Probably because,
>as is typical these days, no body really thought through the
>implimentation and ergonomics of the C 'n P system.
>
>Personally I don't like C 'n P, I keep forgetting the numbers. Seems I
>can remember 2 no trouble, but bung in a third and it bumps one of the
>others out of my memory. Bit of a problem when I have 3 cards I use
>regulary (ATM, Business CC, Personal CC). I'm tempted to make all cards
>all the same but that somewhat defeats the object...

in that case, though, you have minimal extra risk. If all the cards are
stolen, then the thief still has to guess the number, and know that they're
all the same. If you lose one card, the risk is identical. The actual
number is as immune to guessing as any other number, even if you put 0000 -
in fact, I expect 0000 would be less prone to guessing; no half-intelligent
thief would think that anyone would be daft enough to put 0000 as a PIN.

but in general, numbers like your date of birth are more prone to guessing
by people who know you, but no more prone to guessing by a complete stranger
unless they also have something like a driving licence which has your DoB on
it.

so all in all, changing 'em all to the same PIN represents a very small
increased risk and makes it much less likely that you forget it. You could,
I suppose, reduce the risk slightly by changing the PIN at intervals, then
if someone has observed you typing in your PIN there's a chance that in due
course if they nick the card you'll have changed it.


--
Austin Shackles. www.ddol-las.net my opinions are just that
"My centre is giving way, my right is in retreat; situation excellent.
I shall attack. - Marshal Foch (1851 - 1929)
 
On Mon, 22 May 2006 09:59:39 +0100, Austin Shackles wrote:

>> I'm tempted to make all cards all the same but that somewhat defeats
>> the object...
>
> in that case, though, you have minimal extra risk.

Unless some shoulder surfs (or electronic equivalent) and lifts me
wallet...

> The actual number is as immune to guessing as any other number, even if
> you put 0000 - in fact, I expect 0000 would be less prone to guessing;
> no half-intelligent thief would think that anyone would be daft enough
> to put 0000 as a PIN.

Any sensible system wouldn't let you change your PIN to 0000, 1111, etc,
a sensible system would insist in four different digits.

> but in general, numbers like your date of birth are more prone to
> guessing by people who know you, but no more prone to guessing by a
> complete stranger unless they also have something like a driving
> licence which has your DoB on it.

Which if they had my wallet they would have... I don't use my DOB or any
other personal info for PINs.

--
Cheers [email protected]
Dave. pam is missing e-mail



 
On or around Mon, 22 May 2006 11:22:53 +0100 (BST), "Dave Liquorice"
<[email protected]> enlightened us thusly:

>On Mon, 22 May 2006 09:59:39 +0100, Austin Shackles wrote:
>
>>> I'm tempted to make all cards all the same but that somewhat defeats
>>> the object...
>>
>> in that case, though, you have minimal extra risk.
>
>Unless some shoulder surfs (or electronic equivalent) and lifts me
>wallet...
>
>> The actual number is as immune to guessing as any other number, even if
>> you put 0000 - in fact, I expect 0000 would be less prone to guessing;
>> no half-intelligent thief would think that anyone would be daft enough
>> to put 0000 as a PIN.
>
>Any sensible system wouldn't let you change your PIN to 0000, 1111, etc,
>a sensible system would insist in four different digits.
>
>> but in general, numbers like your date of birth are more prone to
>> guessing by people who know you, but no more prone to guessing by a
>> complete stranger unless they also have something like a driving
>> licence which has your DoB on it.
>
>Which if they had my wallet they would have... I don't use my DOB or any
>other personal info for PINs.

Some time ago I used 1966. not any more, though, so don't get ideas. I
don't used dob any more.

But the extra risk in having all the cards the same is only in what you say,
if someone finds out and nicks 'em they can use 'em all. But only if they
know that you have 'em all the same.
--
Austin Shackles. www.ddol-las.net my opinions are just that
0123456789112345678921234567893123456789412345678951234567896123456789712345
1 weebl: What's this? | in recognition of the fun that is weebl and bob
2 bob: it a SigRuler! | check out the weebl and bob archive:
3 weebl: How Handy! | http://www.weebl.jolt.co.uk/archives.php
 
On Mon, 22 May 2006 19:32:01 +0100, Austin Shackles wrote:

> But the extra risk in having all the cards the same is only in what you
> say, if someone finds out and nicks 'em they can use 'em all. But only
> if they know that you have 'em all the same.

It must be worth a punt once you have a valid pin to try it on the other
cards as well, remember you get three tries before you get locked out.

--
Cheers [email protected]
Dave. pam is missing e-mail



 
You must log in or register to reply here.

Similar threads

K
L322 L405 market - I’m sure I’m in the same boat as a lot of you l322 owners?
Replies
11
Views
4K
domino
domino
S
How tolerant of leaks can you be?
Replies
14
Views
2K
steveyorks
S
tina2709
octagon...wot a joke!!!
Replies
4
Views
1K
tina2709
tina2709
Saint.V8
  • Sticky
200TDi Timing Belt Change and Cylinder head Refurb How To....
Replies
5
Views
15K
IamRobbie
IamRobbie
Saint.V8
200TDi Timing belt change and cylinder head refresh HOW TO...
Replies
6
Views
9K
toms3
T
Back
Top