Sunday, November 19, 2006

Security first

Following on from the ChipPin away at fraud post, here is an unhappy story showing how secure the Chip and PIN system isn't.
On a recent visit to Brussels I was in a late bar and there were 19 attempted transactions on my BOI [Bank Of Ireland] credit card, in total E8000 was taken from my credit card. Once I discovered this I contacted the bank immediately and they cancelled my credit card—confident that my pin number was not disclosed to anyone I thought that it would be easy to go to the bank and advise that these were not legitmate transactions.

On arriving back I contacted BOI and they advised that all the transaction (5 successful out of 19) were verified by pin and advised that they believe that I had a copy of my pin in my wallet and are refusing to refund me, citing negligence on my behalf and basically accusing me of being a liar, while admiting that there was fraudulent activity on my account.

I put it to them that there promotional material advises that the bank may contact the merchant if they suspect fraud and that this did not happen and they have replied—negligence. I contacted their CEO and got a letter of acknowledgement and a further letter advising of my negligence from a seperate dept.

The banks seem to be shirking all responsibility as the pin was verified and they are going to be insisting that all consumers use chip and pin on all transactions from 17/03/07. If I had to sign these slips as per previous credit cards I would not have been liable for these costs. Is the new chip and pin technology the new 'get out' clause for the banks so that they no longer have to look after their customers?

The short answer here is "yes".

2 comments:

Anonymous said...

Bank of Ireland have a reputation for looking after their phishing victims too.

Looking at the transaction pattern, it appears that whatever device authenticated correctly, but that the limit on the card caused the declines. It implies that the correct PIN was used but the leap to "you had it in your wallet" is several jumps further than seems justified. This smells, but not as bad as the BOI customer service does.

Anonymous said...

Has to be the dumbest question asked ever !

The whole point of Chip and PIN is to offload the costs of fraud. You have to be an idiot to think it is secure.

WTF they don't just put pictures on Credit Cards I don't know.