Chip and PIN

Ian Batten ukcrypto at chiark.greenend.org.uk
Fri, 25 Jan 2008 13:31:29 +0000 

On 25 Jan 08, at 1204, James Davis wrote:

> Peter Tomlinson wrote:
>
>> So why cannot we get them to divulge their investigative methods  
>> (if indeed they do investigate)?
>
> I've never been convinced that the banks understand their systems  
> well enough to investigate. Out of the three times my card has been  
> locked due to suspected fraud the reasons have been..

I've had two in the past year.  One was Tower Records Hiroshima,  
which I never got to the bottom of.  I phoned my bank before I left  
England, and told them I was going to Japan, mostly Tokyo, but  
probably some weekend trips.  The card worked for a hotel and for  
lunch, but then got bounced when I bought some CDs (nifty cardboard  
replicas of the first three Police albums).  I then had a blazing row  
with the bank when they claimed that the pre-notification doesn't  
make any odds and there's no point in doing it: so why didn't they  
tell me that while I was doing it?

The second was on Wednesday, when a company I have booked a flat in  
Venice through (*) put through the deposit, and then because it was  
due almost immediately put through the main payment.  The fraud  
prevention stuff triggered on two payments from the same source for  
large amounts, probably not helped by having done three small  
payments to Amazon (+) and fifteen quid to phones4u (#).

The first one probably wasn't worried that I was in Hiroshima as  
opposed to being in Hounslow (there's a come friendly bombs gag to be  
avoided here): I suspect ``cheap hotel, a meal and some CDs six  
hundred miles from the last transaction'' looks shaky anyway.   The  
second one strikes me as entirely righteous: make a couple of Amazon  
transactions to check the card's not been notified, top up your  
phone, then spend a fortune ``in a hotel'' (which is what Visa saw  
the agency as).

ian

(*) uk.railway/ukcrypto cross-over readers will be aware that I tried  
to do it by train, but cavilled at paying 1200 quid Birmingham-- 
Venice for four when BA only want 380 from LGW.

(+) Two automated, but the fraud prevention system may not know.   
Those wanting some offsite backup who have the ability to cut code  
themselves should look at S3 disk: amazingly cheap.

(#) Cult Classic Motorola F3 including 10 pounds of topup is fifteen  
quid post paid, ie the phone is a fiver.  How could I resist buying a  
second?