Can anyone use your credit card in the US?

Factual Questions
21

A lot stricter than the US by the sounds of it!

You guys must be getting ripped off big style by the companies who (contrary to MannyL’s slightly optimistic viewpoint) will most certainly be passing the cost of fraud onto the consumers in the long run. Not sure what the figures are regarding fraud in the UK and how much its been improved since we changed to PIN verification, will google that later,

Basically, since earlier on this year (Valentines day actually), you have had to use your PIN in the UK and all retailers were obliged to install the equipment to accept it. Although something i’m confused about is that we too have pay at pump facilities which do not require PIN input. Similarly, my local supermarket has a self-service checkout that does not require PIN when you pay by card. I’m not sure why they wouldn’t, i mean there’s no resaon you couldn’t input PIN to a keypad, the supermarket checkout even has a touch-screen so why no verification? Would be interested in where they stand if you deny the transaction was legitimate.

Before chip and PIN i’d say retailers always as a rule checked the signatures matched. i remember being asked to sign again or provide another card with a signature specimen if my scrawl didn’t look like a match.

This point takes us slightly off original topic here (as i was the OP i think it’s allowed!), but there’s been a few interesting points about being held liable for transactions you did not authorise on your card.

Basically the policy in the UK (as best i understand it) is that the credit card company are responsible for proving you made any transactions you dispute. As long as you have not disclosed your PIN to anyone then you can deny any transaction and are not liable (unless of course there’s CCTV footage of you using the card or something - which i guess most petrol stations have by default so maybe pay at pump is ok for that reason - or if it was an internet order delivered to your address etc).

When i found transactions on my credit card that weren’t mine i simply called up my CC company and they said, ‘ok then, we’ll credit you back’. No questions asked the first time. Second time i had to fill in a form and they sent me a new card number but still no question of me being liable. The situation was different with my bank account debit card for some reason though. When that was used without my knowledge i had to file a police report and give them a crime number before they would take action.

BTW - if anyone knows the answer to clairobscur’s question about why chips are necessary to implement PIN verification i’d be grateful. Was wondering about that too.

Thank for all the responses guys, curiousity almost satisfied :slight_smile:

22

I’d say the odds of your merchant doing this are around the same as the odds that you’re transgender.
I’ve only ever had ONE vendor follow the merchant agreement on this matter, and that was Best Buy. I’ve been told the USPS is also a stickler.

Incidentally, if you follow your agreement, you usually can’t ask a consumer for ID.

23

Because that’s what the signature is there for, to act as the ID.

24

I’ve used my credit card in the US (in New York City) quite happily. No questions asked. Just sign here.

25

In Australia one of the ‘news’ shows did a story on credit card acceptance. They got women to sign “Mickey Mouse” on Phillip Walters’ credit card. 20 out of 20 retailers accepted the card payment, even though it was a woman using the card and signing a completely different credit card.

Note to Spingears- if you did not sign back of card, but wrote something else, you would be breaking the terms and conditions of the credit card. If a fraudaulent transaction was made on your card, and you had not signed it correctly, the bank could legally not re-imburse you for that fraudaulent transaction.

26

In France they certainly had PIN numbers in 1994

I was over there on business and a bunch of us went out for a meal.
The restauranteur realized that we were involved in taking credit cards (I’m a programmer) and showed us an interesting trick.

He had a mobile credit card reader, he swiped a card, then entered a PIN, then said
‘at this point I could say that there is something wrong with the machine, and go out the back to a cash machine’

He pressed a button and there was that ‘password style’ entered PIN clearly printed on the screen. Apparently it was a bug in the system, so I guess the machines were pretty new.

The French people with us looked distinctly nervous.

In the UK they added a ‘chip’ it is not really needed, but the idea is to get rid of the mag strip which gets damaged or erased pretty easily.

The PIN stuff in shops is crazy, because it takes the same PIN that is used in an ATM

What has been happening is that ‘service engineers’ have been visiting sites and modifying the PIN readers, they then collect the PIN and the basic card details (you only really need Track2 which is card number and expiry date plus undefined garbage) they then send the info overseas.

A blank mag card is produced - stick it in an ATM almost anywhere in the World, type in the PIN and yo! - you have cash. It gets worse, overseas cash withdrawels don’t get flagged up as atypical behaviour, as someone could well be abroad.

If someone disputes a signed (no PIN) transaction, then the credit card company freezes the sum in the retailer’s account until they can produce a slip with a signature - if they can’t find it or the sig is obviously wrong, the retailer takes the hit.

With the PIN version in the UK, the lure for the retailer is that if the PIN was entered correctly then the credit card company pays up and gives the customer hell.

Well that was the theory, but with ‘PIN skimming’ the credit card companies’ plans have come unstuck

  • what the idiots have done is to open up another vulnerability in ATMs, but magnified 100 fold. Until then you had ATM skimming - small cameras to watch the PIN being typed in and an attachment on the reader (totally fake ATMs worked rather well)

  • now every time you use a card in a shop you are at risk, and far greater risk, because it is easier to rig a machine in a shop than an ATM.

It would have helped if one had two PINs - but that is too much for most people.

There is another cheap and simple solution that worked for a Middle Eastern country where the punters could not read or write.

Also, those chips are cloneable, anything physical is cloneable.

I’ve long thought credit card issuers thick, VISA International started fining my clients if they did not take the entire Track2, reluctantly I stored it, rather than just the key numbers.
Obviously I pointed out that they should keep a ‘loose CRC’ rather than raw data.

About a year later, they realized that they were forcing people to skim the card, so they insisted that all Track2 data was deleted after 3 months. No sweat, 20 minutes pattering on the keyboard.

But … what about the deep archive stuff compressed on DVDs and stored (and replicated) in multiple locations… :slight_smile:

The UK guy whose corner shop does not mess with this stuff, has a pretty smart retailer

  • the guy probably rings for authorization for anyone he does not know
    (if it is over his house limit - unlikely)
  • checks sigs carefully
  • and stores all dockets in a day or week envelope so disputes are no problem
27

Agree. We use PINs only with debit cards.

However, do not confuse PINs with security codes. Most credit cards now carry a 3- or 4-digit number (each association calls it something different), which is on the signature panel of a Visa or MasterCard, for example. This number is generally used for card-not-present transactions to make it the equivalent of a properly signed card-present transaction. If the merchant confirms that number, then the merchant is protected against fraudulent use of the card.

28

Interesting post, but you never explained what the solution was in this case.

29

You mean how they sorted it out for the Arabs ?

Simple biometrics

The ratio of the lengths of the fingers on one hand are pretty much unique, and measuring them is low technology. Rheostats or photoelectric cells, I’m not sure which they used.

That was about 20 years ago, I’ll have a dig tomorrow.

I know of one airport (there are probably many) that uses something similar for express check in - it works - simple technology is very effective.

30

On the whole petrol pump payment with a credit card thing…
When out in Asia , copying credit cards was pretty common and we werre all advised to sign up with the local branch of western banks. The reason being that they kept an extreamly close eye on transactions and patterns and would quite regularly give you a call on you cell phone and ask - did you just spend xyz at abc. This is something the credit card issuing people back in UK or US would not do to anywhere near the same extent.
One way to guaruntee a call would be to pay for gas at the pump with your credit card then go shopping, 5 mins after checking out you would get a call. It would apear that people who have just scaned / forged a credit card using your number and name - 1t thing they would do is head to the petrol staion and buy a small ammount of gas - if the card worked all was good for a shoping expedition. If it didnt work - try the next one and as you are out at the pump - very few witnesses.

Anyone heading out east for a tip my advice is cash is king - no matter how used you are to paying for everything with switch/plasticheque etc etc in the western world, you can do the same over asia way, but uness you are in a super high end place - best avoided if at all possible.
blondchap

31

In the US, we’re often prompted when paying for gas at the pump to enter our billing ZIP code before the transaction is accepted. Ideally, the thief wouldn’t know your ZIP code and the transaction would be rejected. (Although if he’s just stolen your entire wallet, it might be on your driver’s license.)

32

Zip? That’s a new one on me. I’ve never had to verify anything at a gas pump, just slide the card.

33

What do foreigners with credit cards that don’t have PINs do?

34

They can still sign for a transaction instead. This option is also available to a handicapped person who feels he cannot use the pin-pad to enter a number. In this case they must apply for a special card. To quote an a newspaper article :-

*There are now only three situations in which signatures should still be accepted: when using one of the 13 million old-style cards which have not yet been replaced; when using cards from other countries which are not equipped with chip and PIN, or when using special “chip and sign” cards issued by banks for the disabled and elderly who cannot use or remember a PIN.
*

35

Why aren’t CC companies obliged to have YOUR picture on the card? As of now, you sign your name on a narrow strip, and your signature rubs off in a few days. A picture car would prevent a lot of fraud. :smack:

36

Perhaps it’s regional. Here in southern California, it’s pretty much universal at stations I frequent. Some phased it in over the past year or so, IIRC, while others have been at it for longer.

Probably the most likely way that I’d lose my credit card is by losing my entire wallet, and as Dewey Finn points out the miscreant would have my ZIP code from my driver’s license in that case. Small comfort there, frankly.

37

I only know of one UK credit card that had a photo

It was the National Provincial

Supposedly their fraud rate was … zero

The dumb thing is that I would pay to have a photo on my cards

  • as I once had to pay to have a card at all
38

They have added a prompt for Zip code to the DVD rental machines that are installed in some local grocery stores. It used to just ask you to swipe a credit card.

My credit card came with a PIN, but I’ve never been asked for it. I’m not sure why they bother generating them and mailing them.

39

That pin is used for cash advances from an ATM.

40

For the record, cards require signatures:
http://usa.visa.com/business/accepting_visa/ops_risk_management/card_present.html