Comments on: Chip and PIN on Trial

By: joe bloggs

joe bloggs — Mon, 24 Aug 2009 11:38:52 +0000

Hi Mr Bovell, yep that does sound strange but to be honest i am a fed up with the whole argument, it gets really boring (that isn’t having a go at you by the way, so please don’t think it is)

As i said before unless someone discovers a ‘copy’ of someones card with a chip in it then i think there is no proof that it can be done. As soon as this can be proved i would back people 100%.

As i stated before i have no loyalty to the bank (it is just a job, have a go at me if you like, i’m not really bothered). I work in this industry and there hasn’t been 1 cloned card found that had a chip in it, so how can the chip be read in the machine if it is not present in the card???

As for the CCTV, well don’t get me started, i get so angry with the police on this front. The police don’t care (as i have been told by officers on many occasions) because it is considered low level crime. Asking a police officer to get cctv is like getting blood from a stone in most cases, obviously there are exceptions to the rule and sometimes helpful officers do everything they can, this is few and far between though!

If CCTV was installed in ATM’s then the problem would be solved as you could see who made the transaction. If you know them then great it is solved, if you don’t then the police could try help identify them.

Anyway as I said I am bored with the whole argument now. To me it is fairly black and white, if it can be proven that it was your card then someone known to you must have used it and put it back, if it cannot be proven you should get your money refunded.

By: Mr Bovell

Mr Bovell — Mon, 17 Aug 2009 17:36:58 +0000

I have recently had this type of crime happen to me, and I have to say that I totally agree with Mr Job. Joe as it has not happened o you or someone you know personally, and you work in a bank, I can understand you scepticism about this type of fraud. However transactions occured on my account when I can say 100% that my card was with me.
My card was swallowed at an ATM the following day of the fradulent activity which was how I found out the transactions had taken place (after calling my bank). The bank agreed that my card was read at the ATM where it was swallowed but could not produce the card, hence it has most likely been destroyed (how convenient). I sleep with a lock on my door so noone could have either got to my card or got it back to me, bar some kind of flying machine to my window.
I am not saying that my card was cloned as I have no idea about the complexities of bank fraud and identity theft, but something has occured whereby money has been taken from my account without my autorisation, through no negligence of my own, and noone has taken my card from me and returned it without my knowing.
It would seem far more likely to even a totally independent third party that perhaps instead of the many people that report ‘phantom withdrawals’ being liars, that perhaps criminals have done now what they have managed to do for many many years… get one step ahead of those who might seek to stop them.
In my case as with MrJob it seems unlikely Halifax is going to reimburse me. They would not even go into any sort of investigation like using cctv at the argos or cash machine where the transactions took place in order to see the assailant.
The banks don’t seem to care as long as they don’t lose out, and of course noone that can do what ever type of activity goes into this crime is not going to openly advertise it.
Perhaps this type of crime will only be exposed with enough publication, or perhaps the victim using his/her card at the same time as the perpetrator, but even then the bank probably pays the money back, the customer is happy and everybody else none the wiser. One things for sure, until something like this happens pleas from the victims of this crime will continue to fall on deaf ears from both the banks, the police and the apparently independent ‘bank funded’ FOS.

By: joe bloggs

joe bloggs — Mon, 13 Jul 2009 10:25:15 +0000

Mr Job I completely agree about the recorded levels of fraud. This is something that should be made public. My concern is that time and time again I attempt to report this type of fraud to the police but more often than not they do not want to know and immediately file the crime as undetected (some forces do not even bother logging the crime!!)

In regards to what you say about “someone apparently working in the bank fraud investigation team, having the assumption that chip and pin can not be clone is the wrong way to start your analysis” I’m afraid I completely disagree with this. I am 100% confident that at present chip and PIN cards cannot be copied and used in a UK ATM machine, there has been no evidence of this and I truly believe that if this had been possible then at least 1 card would have been recovered and therefore the industry would have proof that this is taking place. Until I see that proof I think the whole ‘chip and pin isn’t secure’ argument has no weight at all as there is no proof that it has failed.

Therefore my personal opinion is that if Barclays can show that the chip in your card was read in each transaction then my feeling is that you as a card holder are liable as it is beyond the banks control to protect you someone taking your card from a ‘secure’ place. If the bank cannot provide this documentary evidence then yes I agree that you should be refunded.

I think we may have to just agree to disagree on some of these points.

By: Job

Job — Fri, 10 Jul 2009 12:17:22 +0000

Mr Joe i appreciate your comments and the clarifications you tried to make.
The real fact of the matter is that, the secrecy surrounding card fraud complaints is calling for suspicion that the real level of this crime is unknown.
banks should have interest in letting any member of the public know exactly the level of fraud reported but we now know that there isn’t any data available either from the police, the FOS or bank on which we can assess the level of the chip and pin fraud complaint to admit your assertions about the safety of the Chip and Pin. the peole i referred to all had Chip and Pin cards and the money was given to most because they had an alibi you can check on http://www.finextra.co/whosemoneyisitanyway comments line and you will understand.
If a major bank can’t recreate data that any other business has to keep for 6 years then it could be better banking in Zimbabwe.
Again it is not personal, but as someone apparently working in the bank fraud investigation team, having the assumption that chip and pin can not be clone is the wrong way to start your analysis, it is not because you haven’t seen it that means it should not exist.
If nobody from my household didn’t take the card and i say i did not authorize anyone to take my card and conduct the disputed withdrawals i would still expect the bank to admit liability.
The fact the bank knew i was complaining should have made them to keep all my banking relating data safe.
They had the money from the tax payers which i could not access therefore they could go to any court, why didn’t the bank prosecute me if they thought i wanted to swindle the money away from them?
It is me today but remember no man is an island.

By: joe bloggs

joe bloggs — Wed, 08 Jul 2009 12:15:57 +0000

Hi, I certainly hope that I will never be in a similar situation, and I do feel for the position you are in, no one deserves this. I am certainly not saying that any of your family are responsible, but if it is the original card that was used then it must be someone who was able to take it and put it back again. I understand that you don’t believe that it was the original card but from my personal experience if there is any doubt then it just gets refunded, maybe this is not the case with Halifax, again I cannot comment on that. That said if your statement at the time of the transactions said they were taken from a cash point then that’s where they were taken from, I cannot see the Halifax falsifying your bank statements to make you think they came from there if they didn’t.

You mentioned above about other ways of debiting an account. If the money came out of a cash point then it came out of a cash point, simple. However I absolutely agree with you regarding the destruction of the data that was needed. That is suspect and as a major bank I cannot see why this cannot be produced. My personal opinion is that if they cannot show the money came from a cash point and it was chip read then they should refund the money, but again that is just my personal opinion. I am inclined to think that this data was lost, although that is just me speculating.

What I have said regarding a chip and pin card not being copied is because in my experience of dealing with this sort of fraud, I have never seen a chip card be able to be copied and used in a uk atm machine. As I have said above, the security feature regarding fallback to magnetic stripe should stop this. I have not seen any instance where transactions fall back and are read by the magnetic stripe when the original card is a chip and pin card (in the last 2/2.5 years). If other people have seen this then fair enough, however, I can only comment on the experience I have.

As far as I can guess the only reason I can think that this would be refunded if someone was able to prove they were somewhere else is because their card was not a chip card. Therefore it can be copied and the copy used whilst they have the original somewhere else.

My final view on it is that if Halifax are so willing to go all the way to court to prove it was the original card used then they must be pretty sure. Like yourself, if you are willing to go all the way to court then I have no doubt that you too are innocent, but, someone must be responsible. If it is the original card used then that person must be someone who was able to access the card, use it and then put it back. Please Mr Job’s do not take this as a personal attack at yourself, it is by no means meant in that way. I wish you all the luck with this case.

By: Job

Job — Wed, 08 Jul 2009 10:56:24 +0000

@Joe bloggs
As you work for a bank, you will probably never be victim of a similar problem like the experience i have to go through with my family for more than 3 years now.
You seem to suggest that because a chip and pin card can’t be copied, there isn’t any other way of debiting the money from a customer account.
one would at least want a credible bank in the United Kingdon to respect the EMV protocol dispute rules which requires that a bank produces transaction cryptograms of a disputed transaction.
The very fact that Halifax said they destroyed this vital element should have given you some caution in what you wanted to say.
At the moment, we are not even sure if the money was taken at all through the said ATMs cash machines, as the bank wouldn’t produce the receuipts from the ATMs tills, you would agree with me that even your conner shop can produce the receipts of their till whenever requirred.
I hope to believe that you are not suggesting that, my daughters, or my late wife were the one who grabbed the card, used it and brought it back; these are people i have live with for more than 5 years in the uk with a bank account and money in it without ever to go through this.
Could you now explain, why banks pay back money to similar victims like me because they can prove they were somewhere else at the moment of the disputed withdrawalls if the Chip and Pin was so secured?

By: joe bloggs

joe bloggs — Wed, 08 Jul 2009 08:06:34 +0000

Anyone know why Mr Job felt it neccessary to ‘hide’ the card in the garden if he was convinced that someone had a copy of his card?!?! surely it would be irrelevant where his card was if someone had a copy!

Hiding a card in the garden is really not normal behaviour! that sounds like something you would do if you were trying to hide the card from someone in specific …….. like someone you live with!

By: joe bloggs

joe bloggs — Tue, 07 Jul 2009 09:25:38 +0000

well counselling has always been an option.

By: Ross Anderson

Ross Anderson — Tue, 07 Jul 2009 09:07:29 +0000

I worked for a bank myself, twenty years ago. Don’t worry, it’s an ailment from which you can recover …

By: joe bloggs

joe bloggs — Tue, 07 Jul 2009 08:20:15 +0000

god i’m such a stain on society!