On Mon, Jan 11, 2010 at 10:20 AM, Hardee, Charles H <charles.har...@ca.com> wrote: > I, too, don't see how they can be more secure. > Possession is supposedly 9/10ths as the saying goes, but unless there's > something bio-metric in the chip/card/human being relationship, I would > have to say that the chips cards are no more, if not less, secure than > the regular plastic we use today. > > What really peeves me is when I go into a merchant, present my plastic > for my purchase and ma told I don't need to sign anything, > What, no signature? But how do you know it's me? You didn't check my > signature on the back of the plastic against my signature at the time of > the purchase. > > And the merchant's cashier says that just the way it works. > > Personally, I try to make a mental record of where this occurs and then > attempt to NEVER return there for another purchase unless it is the ONLY > place to do so and then I pay cash. Can't remember the last time I was > in at H^&e D&p$t. (don't want to say the merchant's real name)
Why would you blame the store for this? First, if a store has a no-signature threshold, that doesn't increase YOUR risk -- if there's an issue with a charge and there's no signature, it's not your loss. In some parts of the country, folks check signatures; where I live, they NEVER do -- and I mean NEVER. I only sign the backs of my cards because I occasionally travel to areas where they do check, and I often find that when do I get asked, the signature has worn off (that tells you how rarely it happens!). Second, credit card fraud isn't at all of interest to the banks. Credit cards make the banks *in the US* something on the order of $150B/year. Loss due to fraud is on the order of $1B/year. "Wow", you say, "that's a lot of money". No it isn't: loss due to card default (bankruptcy) is 20++ times that amount. This is well-documented; I remember reading over 25 years ago about someone who had documented evidence of a $400 credit card fraud, and couldn't get the bank interested in following it up -- they just wrote it off. Sometimes it's of interest to the store -- as Tony H notes, if you're buying a car, they care. That's because they're in a business where it's going to be THEIR loss if you defraud them. If I go through the McDonald's drive-thru and rip them off for a Big Mac, they probably accept the liability -- they throw out lots of food anyway. If I go through the McDonald's drive-thru and place the order from Woody Allen's _Bananas_ (1000 grilled cheese sandwiches, 300 tuna fish, 200 BLTs... yeah, I know. McD's doesn't make those, but you know what I mean) they're going to be a lot more interested in the credit card's validity. The same applies to CNP (Card-Not-Present) transactions, such as web purchases: some businesses (e.g., used books) don't even ask for the CVV (the "magic" 3- or 4-digit number) because their liability is low. Businesses with high liability (electronics dealers, for example) care. Note that the percentage paid by the merchant is higher for CNP transactions becaus! e of the greater potential for fraud -- that's why the local mom&pop restaurant may be unhappy if your card won't swipe, even though they know you and thus aren't afraid you're ripping them off. Third, don't confuse credit and debit cards. Credit cards are one thing; debit is another. If you haven't read http://www.nytimes.com/2010/01/05/your-money/credit-and-debit-cards/05visa.html?hp you really should. Fourth, Magstripe cards are easy to copy; chip-and-pin cards are (supposedly) not. So if you have a chip-and-pin card and your number is compromised, it doesn't do them any good at an ATM that takes chip-and-pin (unless they get lucky and the ATM is offline). So to some extent it's "security by obscurity", but in a case where that actually makes sense and works. You need a PIN *and* the card. So it satisfies two of the four magic requirements: something you have, something you know. Biometrics can (and, I'm sure, will in the near future) add the other two: something you are, and something you do. I've heard of the "YES" cards, and I assume they exist, but they're not the norm yet -- cloned magstripes are. So for now, at least, chip-and-pin is more secure. As for asking for a license, sure, it doesn't guarantee anything -- but it probably stops the kid who finds a card and says "Hey, let's go buy an XBOX!". So it's not entirely worthless. If you don't think it's worthwhile, then I assume you don't bother to lock your car or house -- the true professional won't be stopped by a lousy lock, eh? Hope this helps. -- ...phsiii P.S. This is actually relevant to IBM-MAIN, as the large processors use z/OS and z/TPF for transaction processing. And they all use, like, computers. So it's more on-topic than a lot of threads on here... ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
