Always look at the bright side
-
@arh said:
@morbiuswilters said:
@pkmnfrk said:
To be fair, these are the exact same problems you have with personal cheques.
But not a cashier's check. And it's pretty hard to defraud someone with a personal check (although it can happen). What's to stop me from "buying" something from someone, asking for their bank details and then never sending payment? I can write a bad check, but: 1) I'm (likely) giving the seller my info; 2) the checks themselves give some level of authenticity; 3) check fraud is a felony and it's a lot easier to prove with a bad check--proving that someone said they'd transfer money when they didn't is difficult; 4) the seller can call the bank to confirm the account before giving me my purchase; 5) the seller can insist on a cashier's check (which is pretty standard for any large purchase).
Fraud? Over here, that's usually only done by gypsies from eastern europe. We're working on it.
Oh, good, he's a racist, too.
-
@pkmnfrk said:
@morbiuswilters said:
@arh said:
If I buy something from an individual he gives me his account number and I transfer the required amount.
Soo.. people just hand you their routing and account numbers? And they trust that you are going to transfer the money after you take the purchase? Wow, which country do you live in, again? I bet I could really clean up with all the suckers there.
To be fair, these are the exact same problems you have with personal cheques.
No it is the exact opposite problem. With peronal cheques the person "spending" the money reveals their information, prior to the introduction of some payment services, it was the reciever who would have to reveal their information...
-
@ender said:
...or before - or you do it in front of them, and they check that the money has arrived immediately.
So you're giving money to someone before you've actually bought something? And in front of them? So you can't buy something unless both parties have a smartphone?
And it's not like I can't send someone money electronically, but why the hell would I when I have checks?
-
@morbiuswilters said:
@arh said:
@morbiuswilters said:
@pkmnfrk said:
To be fair, these are the exact same problems you have with personal cheques.
But not a cashier's check. And it's pretty hard to defraud someone with a personal check (although it can happen). What's to stop me from "buying" something from someone, asking for their bank details and then never sending payment? I can write a bad check, but: 1) I'm (likely) giving the seller my info; 2) the checks themselves give some level of authenticity; 3) check fraud is a felony and it's a lot easier to prove with a bad check--proving that someone said they'd transfer money when they didn't is difficult; 4) the seller can call the bank to confirm the account before giving me my purchase; 5) the seller can insist on a cashier's check (which is pretty standard for any large purchase).
Fraud? Over here, that's usually only done by gypsies from eastern europe. We're working on it.
Oh, good, he's a racist, too.
Haven't you heard? Newest theory as to how the european financial crisis came to pass is "foreigners did it". Seems to be gaining popularity as well, so I guess it must be true then.
-
@morbiuswilters said:
@ender said:
...or before - or you do it in front of them, and they check that the money has arrived immediately.
So you're giving money to someone before you've actually bought something? And in front of them? So you can't buy something unless both parties have a smartphone?
And it's not like I can't send someone money electronically, but why the hell would I when I have checks?
You can use a PC if you like. Or just go to an ATM and take out cash. Point is, you get the money there and then and don't have to go to the bank. If you're selling something and get a check/cheque it's only a promise of money, nothing more. But I guess it all boils down to culture. Anything that involves paper is frowned upon here and people don't want to carry around anything extra unless they really have to.
But hey, what do I know, I'm a racist [i]and[/i] I outsource to India.
-
@arh said:
Newest theory as to how the european financial crisis came to pass is "foreigners did it".
Europeans did it to themselves. I'd laugh, except we did it to ourselves, too.
-
@arh said:
Haven't you heard? Newest theory as to how the european financial crisis came to pass is "foreigners did it". Seems to be gaining popularity as well, so I guess it must be true then.
Well, that's one problem with being part of a currency union like theirs. Most of the governments using your currency are foreigners.
-
@arh said:
You can use a PC if you like.
"Here, let me bring along a laptop so I can make this purchase. Or take it everywhere in case I find myself needing to make a purchase."
@arh said:
Or just go to an ATM and take out cash.
It's a hell of a lot harder to prove you paid with cash. Checks provide extra proof that payment was received. Also, I'd be hesitant to accept much cash from an untrusted party because of counterfeiting or theft.
@arh said:
If you're selling something and get a check/cheque it's only a promise of money, nothing more.
Well, no, it's an intent to pay. If they cancel the check, I have proof that they at least intended to pay, which would make a suit easier.
@arh said:
Anything that involves paper is frowned upon here and people don't want to carry around anything extra unless they really have to.
Except, apparently, a laptop. Or hundreds of dollars in cash. Yeah, that sounds far more reasonable than a check.
-
@boomzilla said:
@arh said:
Haven't you heard? Newest theory as to how the european financial crisis came to pass is "foreigners did it". Seems to be gaining popularity as well, so I guess it must be true then.
Well, that's one problem with being part of a currency union like theirs. Most of the governments using your currency are foreigners.
Yeah, but, deep-down, they're all filled with the same squishy, pink goo.
Which you can see for yourself, once you're cleaning it out of our tank treads.
-
@serguey123 said:
@morbiuswilters said:
This is how I pay all my bills.So how do you pay rent or make large purchases from an individual?
Goats?
-
@dcardani said:
@arh said:
@mott555 said:
@El_Heffe said:
@arh said:
Mac OSX doesn't have home=beginning of line and end=end of line, and instead prefers cmd+left or cmd+right, which coincidentally happens to be the same as go back/forward in Firefox
That's a bigger WTF than the rest of your story.
I never realized how often I use Home and End while coding, until I started using OSX and XCode and found that Home and End go to the beginning or end of the document instead of the line. I've deleted entire code files that way, just expecting to nuke the current line. They also don't seem to let you scroll past words using Ctrl-arrow keys like you can in Windows/Visual Studio. Taking my hand off the keyboard to use the mouse to change my cursor location is so much slower.
Oh my god, don't get me started. I take my hat off for anyone who actually manages to develop in XCode, especially when coming from Visual Studio. I used XCode about 10 minutes before deciding to continue with MonoTouch, and every time I try "going native" I end up with the same decision. AppCode is better, but still.. it's like going back in time and start waiting for the present.
You can set up your own bindings, you know. It's in the prefs. All of the functionality you want is there, just take 5 minutes to set up your environment how you like it.
It took me so many hours of frustration trying to map correct Home/End keys in OSX and I still haven't figured it out. Maybe I'm stupid, but that would really just be a relief! I managed to find a keyboard layout for my PC keyboard, but any attempt on mapping proper Home/End keys has turned up half-working solutions, often with side effects. If you could tell me how to do this properly -- and maybe even tell me how to map ctrl+ins/shift+del/shift+ins to copy/cut/paste, I'll mail you some nordic samliac candy as a token of my eternal gratitude!
-
@mott555 said:
They also don't seem to let you scroll past words using Ctrl-arrow keys like you can in Windows/Visual Studio. Taking my hand off the keyboard to use the mouse to change my cursor location is so much slower.
You can use alt/option + arrow keys to scroll past individual words. It won't stop XCode being a terrible pile of shite, but each little thing helps slow the descent into insanity.
-
@mott555 said:
I never realized how often I use Home and End while coding, until I started using OSX and XCode and found that Home and End go to the beginning or end of the document instead of the line. I've deleted entire code files that way, just expecting to nuke the current line. They also don't seem to let you scroll past words using Ctrl-arrow keys like you can in Windows/Visual Studio. Taking my hand off the keyboard to use the mouse to change my cursor location is so much slower.
Try Alt-arrow keys . And emacs-like stuff like C-a or C-k work almost everywhere.The default behaviour of home/end is still annoying.
-
@arh said:
No, when you make the transfer it takes max an hour before it's on the other person's account; if you have the same bank it happens instantly. Checques require paper and going to the bank and stuff, seriously, that's too much hassle for my generation. Besides, you don't know if it will bounce or whatever.
Actually, you can know if it will bounce. Modern POS terminals can read the routing and account numbers, verify funds, and in fact can transfer the funds immediately.
-
@Cat said:
@arh said:
No, when you make the transfer it takes max an hour before it's on the other person's account; if you have the same bank it happens instantly. Checques require paper and going to the bank and stuff, seriously, that's too much hassle for my generation. Besides, you don't know if it will bounce or whatever.
Actually, you can know if it will bounce. Modern POS terminals can read the routing and account numbers, verify funds, and in fact can transfer the funds immediately.
When you deposit a regular check from a different bank, you (and your bank) have no way to know if it will bounce. Checks are processed in batches on both sides of the transaction, and there is no final rubber stamp saying that a check has cleared. If Bank A receives a check from Bank B, it will request funds from Bank B to cover the amount and send a copy of the check within a few days. If Bank A and Bank B have a good banking history, Bank B will wire the money to Bank A immediately, and will then follow its internal process to withdraw funds from the sending account at its earliest convenience (could take an hour or a week). By then if the fund are not available, Bank B will let Bank A know, and Bank A will reimburse the money. There is no fixed amount of time to cover this process, it may take a few days or a few weeks; based on their experience with Bank B, Bank A may decide to freeze the amount until enough time has passed and odds that the check will bounce are low. If the client's account is in good standing, Bank A could make the fund available immediately, but if the check bounce later it will withdraw the amount with no prior notice.
A certified check is something else; the sending bank is making a commitment that the check won't bounce and that if there is not enough fund it will swallow the loss. Which is why they are expensive and more complicated to prepare for the client.
-
@Speakerphone Dude said:
@Cat said:
@arh said:
No, when you make the transfer it takes max an hour before it's on the other person's account; if you have the same bank it happens instantly. Checques require paper and going to the bank and stuff, seriously, that's too much hassle for my generation. Besides, you don't know if it will bounce or whatever.
Actually, you can know if it will bounce. Modern POS terminals can read the routing and account numbers, verify funds, and in fact can transfer the funds immediately.
When you deposit a regular check from a different bank, you (and your bank) have no way to know if it will bounce. Checks are processed in batches on both sides of the transaction, and there is no final rubber stamp saying that a check has cleared. If Bank A receives a check from Bank B, it will request funds from Bank B to cover the amount and send a copy of the check within a few days. If Bank A and Bank B have a good banking history, Bank B will wire the money to Bank A immediately, and will then follow its internal process to withdraw funds from the sending account at its earliest convenience (could take an hour or a week). By then if the fund are not available, Bank B will let Bank A know, and Bank A will reimburse the money. There is no fixed amount of time to cover this process, it may take a few days or a few weeks; based on their experience with Bank B, Bank A may decide to freeze the amount until enough time has passed and odds that the check will bounce are low. If the client's account is in good standing, Bank A could make the fund available immediately, but if the check bounce later it will withdraw the amount with no prior notice.
A certified check is something else; the sending bank is making a commitment that the check won't bounce and that if there is not enough fund it will swallow the loss. Which is why they are expensive and more complicated to prepare for the client.
All correct, although I have not been able to find a bank [USA] that will truely do a certified check in years. Invariably they are "cashiers checks". In this case the money is withdrawn from the senders account as the check is written, and the check is actually against the banks funds with no further involvement of the sender.
Also (to the best of my knowledge) time limiets (again USA) have been established, although it can indeed be a few weeks for international checks [which is how so many of the online scams work]
-
@Cat said:
Actually, you can know if it will bounce. Modern POS terminals can read the routing and account numbers, verify funds, and in fact can transfer the funds immediately.
Yes, because everyone has POS terminals at home.
-
@ender said:
@Cat said:
Actually, you can know if it will bounce. Modern POS terminals can read the routing and account numbers, verify funds, and in fact can transfer the funds immediately.
Yes, because everyone has POS terminals at home.I think the point is that just with the routing and account numbers, payments can be made electronically and quickly.
- At home, this process begins with someone keying in the information to an ecommerce site.
- In shops, this information can be read directly from the card using the POS terminal, saving the cardholder from manually inputting the values
-
@Cassidy said:
BTW, I've no idea what "routing" numbers are. Are they like a "Sort Code" in UK?
Probably - before we switched to IBAN, the account numbers had the form 12345-6789012345, with the first 5 numbers identifying the bank and account type. I assume this is what routing number/sort code is (the switch to IBAN just meant we needed to add SI56 in front, and maybe space the numbers a bit differently, though most forms don't care).
-
@Cassidy said:
BTW, I've no idea what "routing" numbers are. Are they like a "Sort Code" in UK?
Don't you limeys have something like a Wikipedia over there?
Yes, they are the same.
-
@Cassidy said:
- At home, this process begins with someone keying in the information to an ecommerce site.
Oh, yeah, and I don't think most people are going to give up bank account information for paying online. Paypal does offer it as an option, but they obviously keep the details hidden from the seller. Just use a blasted credit card.
-
@morbiuswilters said:
Oh, yeah, and I don't think most people are going to give up bank account information for paying online.
Giving my bank account info to a site wouldn't do it any good, since all they could use if for is transferring money to me. Quite a lot of shops in EU actually let you pay by bank transfer, but this works because they give their account info to me, not the other way around.
-
@ender said:
@morbiuswilters said:
Oh, yeah, and I don't think most people are going to give up bank account information for paying online.
Giving my bank account info to a site wouldn't do it any good, since all they could use if for is transferring money to me. Quite a lot of shops in EU actually let you pay by bank transfer, but this works because they give their account info to me, not the other way around.That sounds better (I wish our ACH system only allowed one-way transfers) but I'd still be wary. "But people can only give you money, what's to worry about?" But there are a few people I can think of who I wouldn't want to be able to deposit money directly into my account.
I'm not saying checks are super awesome and will be around forever; I just don't think the European system sounds much better for private transactions (which is really the only case I'd be using a check). Hopefully something simple, anonymous (in that I don't have to give any account info to anyone), foolproof and secure will replace it in the next few decades, like e-cash or something.
-
@morbiuswilters said:
Don't you limeys have something like a Wikipedia over there?
No. Do you have recommendations for an alternative? TVTropes and /. don't count....
-
@PJH said:
@morbiuswilters said:
Don't you limeys have something like a Wikipedia over there?
No. Do you have recommendations for an alternative? TVTropes and /. don't count....Ah, found it! Better hurry, looks like this is the final printing and it's almost sold out.
-
@morbiuswilters said:
Just use a blasted credit card.
I thought we were talking about a CC... but looking back, I may have conflated it with a Direct Debit card, which is essentially your bank account in a Chip n Pin format. People DO use those over here - there's a financial incentive to do so - but I've falled back on the safety of the CC for most (paying) transactions.
Anyone tried that new-fangled "eCash phone app"? Lacking a smart phone I've not investigated further - it sounds a good idea in principle but just curious as to what checks are in place should the phone itself be stolen.
@morbiuswilters said:
Ah, found it! Better hurry, looks like this is the final printing and it's almost sold out.
I'd order it, but I'll probably wait for the English re-printing.
-
@Cassidy said:
I have a Debit Mastercard I use for everything, ranging from $0.30 to $5700. I don't understand why most people don't use some kind of card (credit or debit or otherwise) for pretty much everything... the only times I need to worry about having cash on me are when I'm going to buy a bus ticket on the bus or if I know I'm going to some backwards place that doesn't take EFTPOS in this day and age.As a sidenote, I also don't understand why the US doesn't seem to be taking up chip cards and PINs yet but that's a discussion for a later date.I thought we were talking about a CC... but looking back, I may have conflated it with a Direct Debit card, which is essentially your bank account in a Chip n Pin format. People DO use those over here - there's a financial incentive to do so - but I've falled back on the safety of the CC for most (paying) transactions.
-
@Douglasac said:
As a sidenote, I also don't understand why the US doesn't seem to be taking up chip cards and PINs yet but that's a discussion for a later date.
I would assume that the increased benefits over existing credit / debit cards aren't worth the expense of change over, not only by merchants but consumers, too.
-
@Douglasac said:
I have a Debit Mastercard I use for everything, ranging from $0.30 to $5700. ....
I have basically given up using Debit cards, it is simply too difficult to get back the funds in case of fraud (all different levels, including authorized vendors shipping incorrect or bad product). If I use my credit card, then a simple call to the credit card provider, and the charge is recognized as disputed; no money out of pocket.
-
@TheCPUWizard said:
I have basically given up using Debit cards, it is simply too difficult to get back the funds in case of fraud (all different levels, including authorized vendors shipping incorrect or bad product). If I use my credit card, then a simple call to the credit card provider, and the charge is recognized as disputed; no money out of pocket.
Debit Mastercards work in the same way as Credit Mastercards: if a fraudulent transaction takes place, I call the bank and can initiate chargebacks and etc. My Cirrus Keycard, on the other hand, has no such facility.
-
@boomzilla said:
@Douglasac said:
As a sidenote, I also don't understand why the US doesn't seem to be taking up chip cards and PINs yet but that's a discussion for a later date.
I would assume that the increased benefits over existing credit / debit cards aren't worth the expense of change over, not only by merchants but consumers, too.
I don't get how it's different than the magnetic stripe-and-pin system we have now.
Also we didn't have the comedy duo of Fish and Cushion promoting it.
-
@Douglasac said:
@TheCPUWizard said:
I have basically given up using Debit cards, it is simply too difficult to get back the funds in case of fraud (all different levels, including authorized vendors shipping incorrect or bad product). If I use my credit card, then a simple call to the credit card provider, and the charge is recognized as disputed; no money out of pocket.
Debit Mastercards work in the same way as Credit Mastercards: if a fraudulent transaction takes place, I call the bank and can initiate chargebacks and etc. My Cirrus Keycard, on the other hand, has no such facility.You can call the bank, and they *may* do something, but there is only limited legal requirements. I have had personal problems with Bank issues Mastercard and Visa [both major banks each starting with a "C"] and it took weeks before the money was restored to the account in one case, and in another I did not get the funds back until I took the vendor to court [they settled].
-
@blakeyrat said:
I don't get how it's different than the magnetic stripe-and-pin system we have now.
Since it's a smartcard, it can't be duplicated. However, since a PIN is required to authorize the transaction, it also means that if both your card and PIN are stolen, you're responsible for any charges. Unfortunately, since the system is so complicated, researchers have already been able to trick terminals into thinking that the transaction was approved by signature instead of PIN (while entering any 4 numbers), and there are indications that criminals are doing the same thing, except that when this happens, it's nearly impossible to prove that your PIN wasn't disclosed.
At least around here, PINs have been used to authorize transactions with debit cards years before chip cards started appearing some 10 years ago (terminals with chip and magnetic readers have been similarly available for a long time, but at least some stores didn't even know they could use the chip reader, which caused me some trouble a few years ago when one of my cards got demagnetized).
-
@Douglasac said:
`I don't understand why most people don't use some kind of card (credit or debit or otherwise) for pretty much everything
Stop doing the work of the Devil!
@Saint John the Divine said:
And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads. And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.
Revelation 13:16-17And if you need an incentive:
@Saint John the Divine said:
And I saw thrones, and they sat upon them, and judgment was given unto them: and I saw the souls of them that were beheaded for the witness of Jesus, and for the word of God, and which had not worshipped the beast, neither his image, neither had received his mark upon their foreheads, or in their hands; and they lived and reigned with Christ a thousand years.
Revelation 20:4You have a choice: Living and reigning with Christ for a thousand years or earning MasterCard Cashback for a mere 25-50 years.
-
@Speakerphone Dude said:
You have a choice: Living and reigning with Christ for a thousand years or earning MasterCard Cashback for a mere 25-50 years.
I can't wait until I die, I want my heaven now!!
-
@boomzilla said:
@Douglasac said:
As a sidenote, I also don't understand why the US doesn't seem to be taking up chip cards and PINs yet but that's a discussion for a later date.
I would assume that the increased benefits over existing credit / debit cards aren't worth the expense of change over, not only by merchants but consumers, too.
Most banks here didn't just go "right here's your new chip card", they simply changed them over whenever they had to be reissued for whatever reason. And has also been said elsewhere, they're harder to duplicate because they're smartcards. Also, most of Europe and Australia are starting to phase out magstripe and signature, with chip and PIN becoming the preferred method (Visa won't take signatures in Australia from some time early next year and I imagine Mastercard has similar plans in place), so if you don't have a PIN and you go to a country that doesn't take signatures anymore you're going to be screwed.
-
@ender said:
Since it's a smartcard, it can't be duplicated.
I doubt it. It's harder to duplicate than a magnetic card, but it can surely be duplicated. Also, I don't think duplicated cards are as big of a problem in the US as stolen card numbers used for online purchases.
-
@ender said:
Unfortunately, since the system is so complicated, researchers have already been able to trick terminals into thinking that the transaction was approved by signature instead of PIN (while entering any 4 numbers), and there are indications that criminals are doing the same thing, except that when this happens, it's nearly impossible to prove that your PIN wasn't disclosed.
The criminals are getting very sophisticated. A typical scam is to go into a small retail store, switch the terminal with one that looks identical but that logs the information, then come back a day or two later to switch it back. Not sure if they are interested in debit or credit cards, it's the same machine. A friend of mine has a retail store (clothes) in a busy mall and this happened to him a few years ago. Since then he caught people trying to do it again twice, one time he even chased the guy and he was lucky that security stopped the thief in the parking lot.
In his case the thieves are always males in 30s or 40s from a specific ethnic background and his typical customers are teenage girls from another ethnic background so thieves are easy to spot (for now) but it's always a delicate thing for him when he wants his employees to be on the lookout because of the whole "racial profiling" issues...
-
@Douglasac said:
I don't understand why most people don't use some kind of card (credit or debit or otherwise) for pretty much everything
Two things come to mind - (1) some people don't like being tracked, (2) some businesses (in the UK at least) impose a minimum spend, because they get charged per-transaction, usually a percentage of the transaction amount with a minimum charge.
-
@morbiuswilters said:
It's harder to duplicate than a magnetic card, but it can surely be duplicated.
As far as I know, short of an electron microscope, you won't be able to duplicate a smartcard (the chip will erase itself if you access it improperly).
@morbiuswilters said:Also, I don't think duplicated cards are as big of a problem in the US as stolen card numbers used for online purchases.
Main problem with magnetic strips is that they're completely unprotected, and really easy to copy - you can hear about readers inserted in front of the card slot at ATMs pretty often around here. These are getting much harder to spot, and they work by reading the magnetic stripe, and either recording the PIN entry, or sometimes by placing a duplicate keypad over the original one, then the criminals create copies of the cards and use them to get money in places that have ATMs without chip readers.
@Speakerphone Dude said:A typical scam is to go into a small retail store, switch the terminal with one that looks identical but that logs the information, then come back a day or two later to switch it back.
Doesn't have to be a small store at all - I've read of this happening in several stores. Usually a several people would come to the store, some would distract the cashiers, while others would either replace the terminals, or just attach readers (but it has been a while since I've heard of this happening - chips are helping here.
-
@ender said:
@morbiuswilters said:
It's harder to duplicate than a magnetic card, but it can surely be duplicated.
As far as I know, short of an electron microscope, you won't be able to duplicate a smartcard (the chip will erase itself if you access it improperly).Ok, but let's say you're trying to sell this system to US consumers.
Why do I, as a consumer, give a shit about that?
Especially while reading this thread which is quickly showing that even through the chip and pin technology might be technically better, it's certainly not doing much holistically to prevent identity theft. I think we're fine with our magnetic stripes.
-
@blakeyrat said:
@ender said:
@morbiuswilters said:
It's harder to duplicate than a magnetic card, but it can surely be duplicated.
As far as I know, short of an electron microscope, you won't be able to duplicate a smartcard (the chip will erase itself if you access it improperly).Ok, but let's say you're trying to sell this system to US consumers.
Why do I, as a consumer, give a shit about that?
Especially while reading this thread which is quickly showing that even through the chip and pin technology might be technically better, it's certainly not doing much holistically to prevent identity theft. I think we're fine with our magnetic stripes.
I suspect that the real purpose of the chips is to gradually move the burden of fraud countermeasures from the banks to the customers and merchants.
-
@Speakerphone Dude said:
@blakeyrat said:
@ender said:
@morbiuswilters said:
It's harder to duplicate than a magnetic card, but it can surely be duplicated.
As far as I know, short of an electron microscope, you won't be able to duplicate a smartcard (the chip will erase itself if you access it improperly).Ok, but let's say you're trying to sell this system to US consumers.
Why do I, as a consumer, give a shit about that?
Especially while reading this thread which is quickly showing that even through the chip and pin technology might be technically better, it's certainly not doing much holistically to prevent identity theft. I think we're fine with our magnetic stripes.
I suspect that the real purpose of the chips is to gradually move the burden of fraud countermeasures from the banks to the customers and merchants.
That sounds very plausible.
-
@morbiuswilters said:
@Speakerphone Dude said:
@blakeyrat said:
@ender said:
@morbiuswilters said:
It's harder to duplicate than a magnetic card, but it can surely be duplicated.
As far as I know, short of an electron microscope, you won't be able to duplicate a smartcard (the chip will erase itself if you access it improperly).Ok, but let's say you're trying to sell this system to US consumers.
Why do I, as a consumer, give a shit about that?
Especially while reading this thread which is quickly showing that even through the chip and pin technology might be technically better, it's certainly not doing much holistically to prevent identity theft. I think we're fine with our magnetic stripes.
I suspect that the real purpose of the chips is to gradually move the burden of fraud countermeasures from the banks to the customers and merchants.
That sounds very plausible.
It is, in part. Because it can't be duplicated, the number of reasons behind fraudulent chip\PIN transactions is reduced to about two: the person is either lying about the chargeback because they don't want to pay the charge (or whatever) or the person has told someone else their PIN and that person who was told the PIN used the card without permission. In both cases, neither are valid reasons for chargeback.
-
@Douglasac said:
Because it can't be duplicated...
You know, I would expect tech people to be more skeptical of claims that a technology is 100% secure.
-
@morbiuswilters said:
Really?
Really. The card wasn't duplicated - original card was sitting in a reader, while a card emulator was connected to the terminal, and the emulator passed the requests to the actual card (this is the attack I mentioned above). The card must be physically stolen for this attack to work (but there are indications that this attack was being used in the field successfully).
-
@ender said:
@morbiuswilters said:
Really?
Really. The card wasn't duplicated - original card was sitting in a reader, while a card emulator was connected to the terminal, and the emulator passed the requests to the actual card (this is the attack I mentioned above). The card must be physically stolen for this attack to work (but there are indications that this attack was being used in the field successfully).The article says the card can be cloned from the info read.
-
I think we're talking cross-purposes here:
- the card can't be duplicated
- enough information can be gleaned to fool devices into believing it's the same card (ghost duplicate)
Whether or not the card can be duplicated isn't important to me: what is important is whether or not chip n pin is as secure as they make out, or more succintly: could someone trick technology into authorising a payment upon my behalf?
In the context of that article... yes, it seems so. Worse still, stubbornly believing C&P is flawless means logic eliminates the true perpetrators of the crime.
-
@Cassidy said:
enough information can be gleaned to fool devices into believing it's the same card (ghost duplicate)
How is that not the same as a duplicate? Am I missing something here? I mean, when someone duplicates a mag stripe card, aren't they doing the same thing?
@Cassidy said:
In the context of that article... yes, it seems so. Worse still, stubbornly believing C&P is flawless means logic eliminates the true perpetrators of the crime.
Which I think is partially by design (as noted by Speakerphone Dude). Follow this timeline:
- New "100% secure" technology* is introduced. Initially, it is an unknown and is time-consuming and expensive to duplicate.
- Laws and court cases come down which move liability for fraud from banks to customers. People are initially accepting of this because, after all, if someone has a fraudulent charge then they must've done something wrong; they deserve to pay for their own mistakes.
- Fault lines appear. As with any security technology, it becomes easier and cheaper to bypass as time goes on. Before long, crackheads are duplicating chip-and-pin cards using nothing more than their government-issued welfare smartcard, some chewing gum and a butane lighter.
- Customers are still on the hook for fraudulent transactions. The law is slow to move. "Improvements" are made which slow attackers but ultimately don't fix the core issue: no technology is 100% secure. Courts and lawmakers see these "improvements" as a sign of good faith and keep liability with the customer.
- Banks save millions (or billions) a year in fraud. Customers end up paying for it (although technically they were in the old system, too).
- Anyone who believes any security technology can't be defeated is very naive.
- New "100% secure" technology* is introduced. Initially, it is an unknown and is time-consuming and expensive to duplicate.
-
@morbiuswilters said:
@Cassidy said:
enough information can be gleaned to fool devices into believing it's the same card (ghost duplicate)
How is that not the same as a duplicate? Am I missing something here? I mean, when someone duplicates a mag stripe card, aren't they doing the same thing?
Achievement of the same result without physical duplication of said object.
I recall talk years ago of adding various tat to a card (holograms, etc) to make their physical duplication more difficult (not impossible). All of this is a moot point if a vendor simply seeks information held on the card to verify the payment, and those details are copied.
So.. virtual duplication. Or something.
(I wasn't disagreeing with you, simply being pedantic that some people understand a card being cloned implies someone's physically holding a duplicate, rather than using some means to simulate the card being there)
