ATM scam

Quentin Campbell Q.G.Campbell at newcastle.ac.uk
Thu, 10 Jun 1999 10:46:09 +0100 (GMT) 

Security would be easy if humans were not involved. Bank card security: 
the good, the bad and the inconvenient... 

Good: our bank adds my photo and my signature.

Bad:  our bank contrived to issue duplicate Debit cards to a large
      group of customers who were due for renewal in May. No warning
      was subsequently issued to explain or ask us to check whether
      both were received.

Inconvenient: our bank changes the PAN on each card when it re-issues
              them. It does this, it says, to "protect us from fraud".
              The change has no practical impact on my use of the card
              but is inconvenient because I have to notify "Card Safe"
              (cf "Sentinel", etc) of the new PAN. The bank will consider
              doing this on my behalf in future as part of the service.
 
I have made this posting because I am slightly embarrassed at being
annoyed by a security feature (the PAN change) that is carried out for my
protection.

As Brian Gladman, Ross Anderson and others point out, security measures
cannot work unless they are operated correctly; no short cuts because 
the procedures are "inconvenient". 

However is this realistic within the consumer environment? It seems to me
that banks and other commercial organisations still have a lot to learn
about the behaviour of their customers. :-( 
 
Quentin
--
PHONE: +44 191 222 8209     Computing Service, University of Newcastle
FAX:   +44 191 222 8765     Newcastle upon Tyne, United Kingdom, NE1 7RU.
-------------------------------------------------------------------------
"Any opinions expressed above are mine. The University can get its own."