Why are credit cards so insecure?


Status
Not open for further replies.

goering

New Member
Sep 5, 2003
434
0
0
#1
In the light of the recent credit card scam, I have been wondering why is a multi-trillion industry so wilfully insecure?

To do a credit card transaction all you need is the credit card number, expiry date and perhaps billing address - information that you can easily pick up - all that it takes is to pass your credit card to the waiter at a restaurant for payment and your details could be compromised in a flash

Even the much smaller NETS requires a PIN number to authorise a transaction. Why isn't a PIN or some other secured means required for credit cards?
 

Drudkh

Senior Member
Mar 2, 2004
6,129
0
0
lulu island
#2
most places don't even validate your signature, just scribble some words and you're cleared for the bill. :bsmilie:
 

Prismatic

Senior Member
Feb 25, 2003
1,323
0
36
38
In the void.
Visit site
#3
It's all in the name of convenience.
Imagine you are stuck in a country where they don't speak your language, don't use your currency and then worst of all... you forgot your pin.

And from another point of view, what if your pin got stolen. A pin is just a set of numbers which can easily be replicated. A signature on the other hand, can carry the nuances and quirks of handwriting which can be quite hard to copy ( Or so some people think).
 

dolpjki

New Member
Aug 21, 2004
344
0
0
#5
goering said:
Even the much smaller NETS requires a PIN number to authorise a transaction. Why isn't a PIN or some other secured means required for credit cards?
Visa & Mastercard have implemented a similar to NETS PIN authorisation for online transaction.
However, sad to say, our Singapore banks have yet to support the issuing of such cards.

See here for more info:
VBV (Verified By Visa) system
http://usa.visa.com/business/accepting_visa/ops_risk_management/vbv_how_it_works.html

MasterCard SecureCode system
http://www.mastercard.com/securecd/welcome.do

To my knowledge, for SouthEast Asia, there are some banks in Thailand supporting the above two systems.
i.e. they issue credit cards that can be enabled for the above PIN security.
VBV and MasterCard SecureCode are quite widely supported out of Asia Pacific countries
 

jimtong

Senior Member
May 8, 2002
1,528
0
36
Singapore
jimmyto.ng
#6
dolpjki said:
Visa & Mastercard have implemented a similar to NETS PIN authorisation for online transaction.
However, sad to say, our Singapore banks have yet to support the issuing of such cards.

See here for more info:
VBV (Verified By Visa) system
http://usa.visa.com/business/accepting_visa/ops_risk_management/vbv_how_it_works.html

MasterCard SecureCode system
http://www.mastercard.com/securecd/welcome.do

To my knowledge, for SouthEast Asia, there are some banks in Thailand supporting the above two systems.
i.e. they issue credit cards that can be enabled for the above PIN security.
VBV and MasterCard SecureCode are quite widely supported out of Asia Pacific countries
Alot of countries in Europe and 3rd world countries have migrated to EMV standard. It is actually a smart chip on a card. User need to key in pin instead of signature. To implement this migration, it takes a lots of effort and money for the banks. Malaysia have already started using the EMV card due to high fraud rate.

In Singapore's case? I dunno.. see what the garment say lah... Looks like magnetic stripe still rules...
 

Wai

Senior Member
Jan 17, 2002
5,270
0
36
39
South Pole with Penguin
singastro.org
#8
Drudkh said:
most places don't even validate your signature, just scribble some words and you're cleared for the bill. :bsmilie:
that's for singapore

when i use my card in Hong kong, the shop checked and they almost rejected it cos i haven't sign at the back of the card when i got it from the bank
 

matthew

New Member
Apr 19, 2002
122
0
0
Sydney
www.sleeper.apana.org.au
#9
As long as the banks accept (and people 'demand') credit card transactions done by post, fax or over the phone, the system is going to be vulnerable.

The banks are simply trading the fraud risk against convenience. Also realize that the banks for the most part have shifted the risk onto their customers. Read your credit card conditions of use....

While the above is allowed (phone payments) it doesn't matter what technology they use, there is a gaping large hole in the system.

The banks don't even check the signatures on the current system - it's up to the merchant to check. The bank will only check in the event of a customer dispute and then I belive they push the risk to the merchant - for not checking the signature properly.

A friend recently found a funny article on the 'net - some guy decided to see how far he could push it. He was signing credit card slips with all sorts of silly names, or drawing little cartoons. Including at places where you sign an electronic touch pad. He took photos.
Most of the time the clerks ignored what he was doing and continued as normal and his bank never rejected a single transaction.

The Credit card system is really one big joke. And the banks have them selves covered by pushing the risk to the merchants and customers.

As a customer you have a choice - don't have a credit card. Use nets or 'chip and pin' or 'eftpos' (as we call it in Aus). Not perfect systems but at least a PIN is required.

But a merchant is in a difficult position. If they don't like the conditions and the risk, they can't accept credit cards, the banks are not going to budge.
So the merchant will probably loose customers as in general, people like to pay with credit cards...
 

sfhuang

New Member
Jan 21, 2002
914
0
0
sfhuang.clubsnap.org
#10
Let's be realistic here. The banks are mammoth money-making machines - do you really think they care about the customers?! I would even go so far as to say that they are legal 'loan-sharks'!
 

Paul_Yeo

Senior Member
Feb 27, 2004
2,155
0
0
Sengkang
www.boo.sg
#11
Prismatic said:
It's all in the name of convenience.
Imagine you are stuck in a country where they don't speak your language, don't use your currency and then worst of all... you forgot your pin.

And from another point of view, what if your pin got stolen. A pin is just a set of numbers which can easily be replicated. A signature on the other hand, can carry the nuances and quirks of handwriting which can be quite hard to copy ( Or so some people think).
I still think PIN is more secure....

if someone lost his wallet, the card can be used immediately as there will be some shops which dun check signature. also signature is written behind the card which sometimes is hard to verified if the person forged close enough.

if lose ATM card, it is not everyone on the street can crack a ATM PIN easily.
 

Canonised

Senior Member
Aug 27, 2003
2,998
4
0
#12
Astin said:
Maybe they should design credit cards that use either thumbprint or eyeball for authorization? :think:
this is bad advice ..... then we may see rich Singaporeans coming back from tours without thumbs or eyeballs! .... :dunno:
 

Status
Not open for further replies.
Top Bottom