Why are credit cards so insecure?


Status
Not open for further replies.
G

goering

New Member
Sep 5, 2003
434
0
0
In the light of the recent credit card scam, I have been wondering why is a multi-trillion industry so wilfully insecure?

To do a credit card transaction all you need is the credit card number, expiry date and perhaps billing address - information that you can easily pick up - all that it takes is to pass your credit card to the waiter at a restaurant for payment and your details could be compromised in a flash

Even the much smaller NETS requires a PIN number to authorise a transaction. Why isn't a PIN or some other secured means required for credit cards?
 

most places don't even validate your signature, just scribble some words and you're cleared for the bill. :bsmilie:
 

It's all in the name of convenience.
Imagine you are stuck in a country where they don't speak your language, don't use your currency and then worst of all... you forgot your pin.

And from another point of view, what if your pin got stolen. A pin is just a set of numbers which can easily be replicated. A signature on the other hand, can carry the nuances and quirks of handwriting which can be quite hard to copy ( Or so some people think).
 

Maybe they should design credit cards that use either thumbprint or eyeball for authorization? :think:
 

goering said:
Even the much smaller NETS requires a PIN number to authorise a transaction. Why isn't a PIN or some other secured means required for credit cards?
Click to expand...

Visa & Mastercard have implemented a similar to NETS PIN authorisation for online transaction.
However, sad to say, our Singapore banks have yet to support the issuing of such cards.

See here for more info:
VBV (Verified By Visa) system
http://usa.visa.com/business/accepting_visa/ops_risk_management/vbv_how_it_works.html

MasterCard SecureCode system
http://www.mastercard.com/securecd/welcome.do

To my knowledge, for SouthEast Asia, there are some banks in Thailand supporting the above two systems.
i.e. they issue credit cards that can be enabled for the above PIN security.
VBV and MasterCard SecureCode are quite widely supported out of Asia Pacific countries
 

dolpjki said:
Visa & Mastercard have implemented a similar to NETS PIN authorisation for online transaction.
However, sad to say, our Singapore banks have yet to support the issuing of such cards.

See here for more info:
VBV (Verified By Visa) system
http://usa.visa.com/business/accepting_visa/ops_risk_management/vbv_how_it_works.html

MasterCard SecureCode system
http://www.mastercard.com/securecd/welcome.do

To my knowledge, for SouthEast Asia, there are some banks in Thailand supporting the above two systems.
i.e. they issue credit cards that can be enabled for the above PIN security.
VBV and MasterCard SecureCode are quite widely supported out of Asia Pacific countries
Click to expand...

Alot of countries in Europe and 3rd world countries have migrated to EMV standard. It is actually a smart chip on a card. User need to key in pin instead of signature. To implement this migration, it takes a lots of effort and money for the banks. Malaysia have already started using the EMV card due to high fraud rate.

In Singapore's case? I dunno.. see what the garment say lah... Looks like magnetic stripe still rules...
 

Drudkh said:
most places don't even validate your signature, just scribble some words and you're cleared for the bill. :bsmilie:
Click to expand...

that's for singapore

when i use my card in Hong kong, the shop checked and they almost rejected it cos i haven't sign at the back of the card when i got it from the bank
 

As long as the banks accept (and people 'demand') credit card transactions done by post, fax or over the phone, the system is going to be vulnerable.

The banks are simply trading the fraud risk against convenience. Also realize that the banks for the most part have shifted the risk onto their customers. Read your credit card conditions of use....

While the above is allowed (phone payments) it doesn't matter what technology they use, there is a gaping large hole in the system.

The banks don't even check the signatures on the current system - it's up to the merchant to check. The bank will only check in the event of a customer dispute and then I belive they push the risk to the merchant - for not checking the signature properly.

A friend recently found a funny article on the 'net - some guy decided to see how far he could push it. He was signing credit card slips with all sorts of silly names, or drawing little cartoons. Including at places where you sign an electronic touch pad. He took photos.
Most of the time the clerks ignored what he was doing and continued as normal and his bank never rejected a single transaction.

The Credit card system is really one big joke. And the banks have them selves covered by pushing the risk to the merchants and customers.

As a customer you have a choice - don't have a credit card. Use nets or 'chip and pin' or 'eftpos' (as we call it in Aus). Not perfect systems but at least a PIN is required.

But a merchant is in a difficult position. If they don't like the conditions and the risk, they can't accept credit cards, the banks are not going to budge.
So the merchant will probably loose customers as in general, people like to pay with credit cards...
 

Let's be realistic here. The banks are mammoth money-making machines - do you really think they care about the customers?! I would even go so far as to say that they are legal 'loan-sharks'!
 

Prismatic said:
It's all in the name of convenience.
Imagine you are stuck in a country where they don't speak your language, don't use your currency and then worst of all... you forgot your pin.

And from another point of view, what if your pin got stolen. A pin is just a set of numbers which can easily be replicated. A signature on the other hand, can carry the nuances and quirks of handwriting which can be quite hard to copy ( Or so some people think).
Click to expand...

I still think PIN is more secure....

if someone lost his wallet, the card can be used immediately as there will be some shops which dun check signature. also signature is written behind the card which sometimes is hard to verified if the person forged close enough.

if lose ATM card, it is not everyone on the street can crack a ATM PIN easily.
 

Astin said:
Maybe they should design credit cards that use either thumbprint or eyeball for authorization? :think:
Click to expand...

this is bad advice ..... then we may see rich Singaporeans coming back from tours without thumbs or eyeballs! .... :dunno:
 

Status
Not open for further replies.

Similar threads

RSSNewsFeeder
PetaPixel New SD Express Memory Card Costs $300, Is Slower Than ‘Old’ SD Cards
Replies
0
Views
348
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
PetaPixel Camera Makers Have Ignored Security, Putting Photographers at Risk
Replies
0
Views
324
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
PetaPixel Adata Launches SD Express Cards, A Format No Camera Supports
Replies
0
Views
347
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
PetaPixel Photographer Allison Stewart Explores the Construction of American Identity
Replies
0
Views
223
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
PetaPixel The Hidden Costs of NFTs: Ecological Impact and Unpredictable Volatility
Replies
0
Views
276
News from the Net
RSSNewsFeeder
RSSNewsFeeder
Top Bottom
Back