From fw at deneb.enyo.de  Sat Apr  2 20:58:15 2011
From: fw at deneb.enyo.de (Florian Weimer)
Date: Sat, 02 Apr 2011 21:58:15 +0200
Subject: Card transactions by proxy
In-Reply-To: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk> (Mark Cottle's
	message of "Wed, 30 Mar 2011 14:33:40 +0100")
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
Message-ID: <87sju0e888.fsf@mid.deneb.enyo.de>

* Mark Cottle:

> I've been asked for my thoughts on what seems to be a slightly odd 
> proposal for card transactions. I wonder if anyone here can put me 
> straight on the legal and technical positions.

Is this about credit cards?

It is my understanding that a very similar thing happens when you do
some business transaction over the phone (like booking a hotel).  The
call center agent typically enters your credit card details into a web
application on your behalf.


From pwt at iosis.co.uk  Sun Apr  3 07:29:37 2011
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Sun, 03 Apr 2011 07:29:37 +0100
Subject: Card transactions by proxy
In-Reply-To: <87sju0e888.fsf@mid.deneb.enyo.de>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<87sju0e888.fsf@mid.deneb.enyo.de>
Message-ID: <4D9813D1.3060606@iosis.co.uk>

On 02/04/2011 20:58, Florian Weimer wrote:
> * Mark Cottle:
>> I've been asked for my thoughts on what seems to be a slightly odd
>> proposal for card transactions. I wonder if anyone here can put me
>> straight on the legal and technical positions.
> Is this about credit cards?
>
> It is my understanding that a very similar thing happens when you do
> some business transaction over the phone (like booking a hotel).  The
> call center agent typically enters your credit card details into a web
> application on your behalf.
But surely that is a 'cardholder not present' transaction - and they 
must not ask you for the 3 digit CVV number off the back of the card.

Peter



From ukcrypto at absent-minded.com  Sun Apr  3 08:35:57 2011
From: ukcrypto at absent-minded.com (Mark Lomas)
Date: Sun, 3 Apr 2011 08:35:57 +0100
Subject: Card transactions by proxy
In-Reply-To: <4D9813D1.3060606@iosis.co.uk>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<87sju0e888.fsf@mid.deneb.enyo.de> <4D9813D1.3060606@iosis.co.uk>
Message-ID: <BANLkTin3m5xdEYqGZQsrspgkQ=CmJ2AXug@mail.gmail.com>

On 3 April 2011 07:29, Peter Tomlinson <pwt at iosis.co.uk> wrote:

> On 02/04/2011 20:58, Florian Weimer wrote:
>
>> * Mark Cottle:
>>
>>> I've been asked for my thoughts on what seems to be a slightly odd
>>> proposal for card transactions. I wonder if anyone here can put me
>>> straight on the legal and technical positions.
>>>
>> Is this about credit cards?
>>
>> It is my understanding that a very similar thing happens when you do
>> some business transaction over the phone (like booking a hotel).  The
>> call center agent typically enters your credit card details into a web
>> application on your behalf.
>>
> But surely that is a 'cardholder not present' transaction - and they must
> not ask you for the 3 digit CVV number off the back of the card.
>
> Here is an example of a major bank that *does* expect the customer to
provide the CVV. They call it a card security code, but it is clear from the
description that it is the same.
http://www.lloydstsbcardnet.com/merchant_account/card_not_present.asp

Usual practice is that merchants may request the CVV but are not permitted
to record it - they forward the value within an encrypted transaction then
destroy it.

Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110403/abaac433/attachment.htm>

From tony.naggs at googlemail.com  Sun Apr  3 11:44:53 2011
From: tony.naggs at googlemail.com (Tony Naggs)
Date: Sun, 3 Apr 2011 11:44:53 +0100
Subject: Card transactions by proxy
In-Reply-To: <op.vs7d50f76hl8nm@clerew.man.ac.uk>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
Message-ID: <AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>

On 31 March 2011 11:31, Charles Lindsey <chl at clerew.man.ac.uk> wrote:
>
> I think in the case under discussion, the agent should say "we cannot proces
> your card directly here, but we have a PC that you can use yourself to make
> a 'not present' transaction". Then, if the cardholder is not happy/familiar
> with web transactions, the agent can offer to assist. The essential factor
> is that the PC screen should be turned during the activity so that the
> customer can observe what is being done.

Using a PC & web form at the agent is a really bad idea. Even though a
Point Of Sale terminal is likely to be a PC under the covers at least
the shop employee is not going to be using to read email, watch Flash
mopvies or browse Facebook, naughtie pictures, etc.. during their tea
breaks. Activities which have a risk of picking up key logger or other
spyware.

> In the case of verified by Visa transactions, the customer is presumably
> already familiar with the process (having previously set up a PIN/password)
> so he should be able to do that part himself (and the agent should turn the
> screen and give him access to the keyboard at least for the PIN/password
> stage). Indeed, the agent should ideally not even see the "helpful phrase"
> displayed by Visa to remind the customer of which password he is supposed to
> use.

Yuck. I now avoid sites that want me to go through the Mastercard or
Verified by Visa sign-up to complete my purchases, I have enough
trouble remembering the strong passwords for all computers & crypto
systems I use regularly, remembering several more for an activity I do
once or twice a month is a big ask. (I did sign up 1 card to rebook a
flight home to the UK, I now don't remember which card let alone the
password.) Also I consider the terms you are asked to agree to when
setting up the password to be onerous - providing an email address I
can always be promptly contacted at. I have no control over my ISP's
spam filters and am often away from most of email accounts for several
weeks, and why do they want this? My banks already have my mobile
phone number which they use to query suspicious transactions.There has
got to be a better way of securing banking transactions.

If I go to a physical merchant or agent I would be very upset to to
presented with the Verified by Visa oblox. Locally (Cambridge) I
sometimes make my monthly council tax payment at the Post Office,
where they swipe my council issued magnetic stripe card and then take
a payment from my debit card using their Chip & Pin terminal.

Cheers,
Tony


From lists at internetpolicyagency.com  Sun Apr  3 14:56:27 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Sun, 3 Apr 2011 14:56:27 +0100
Subject: Card transactions by proxy
In-Reply-To: <AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
Message-ID: <rxfj+e+LyHmNFA4z@perry.co.uk>

In article 
<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ at mail.gmail.com>, Tony 
Naggs <tony.naggs at googlemail.com> writes

>Locally (Cambridge) I sometimes make my monthly council tax payment at 
>the Post Office, where they swipe my council issued magnetic stripe 
>card and then take a payment from my debit card using their Chip & Pin 
>terminal.

My council closed their "cash office" for good last Friday. Although it 
also took cheques, and Credit Cards for a ?2 fee.

Apparently, if I want to pay in person now, I have to find a PayPoint, 
but I doubt they take cheques and certainly don't take debit or credit 
cards.
-- 
Roland Perry


From crypto at digitaldaemons.co.uk  Sun Apr  3 13:36:53 2011
From: crypto at digitaldaemons.co.uk (Jim Murray)
Date: Sun, 03 Apr 2011 13:36:53 +0100
Subject: Card transactions by proxy
In-Reply-To: <AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>	<7Af3y+CDq5kNFAJg@perry.co.uk>
	<op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
Message-ID: <4D9869E5.3080404@digitaldaemons.co.uk>

On 4/3/2011 11:44 AM, Tony Naggs wrote:
>My banks already have my mobile
> phone number which they use to query suspicious transactions.There has
> got to be a better way of securing banking transactions.

I believe there is, unless someone with more knowledge then I have can 
see some fundamental flaw in my logic. I'm taking specifically about 
'customer not present' transactions, which are a significantly higher 
risk for fraud.

Enter our friend, the mobile phone. Almost everyone has one, or at the 
very least access to a landline on which they can be contacted. As I see 
things, the contact number - mobile or landline for a customer is 
already known to the bank. To authenticate a 'customer not present' 
transaction, the bank simply sends an automated message (text or voice, 
I personally think voice would be preferable from a security viewpoint - 
it's harder to hijack voice calls with malware) to the cardholder's 
contact number. For example, a transaction for 20.00 on website 
example.com would generate the following message :

"To confirm your payment of 20.00 to example.com please say the last 
four digits of your card number and the following authorization code 
after this message has ended. To decline the payment just say DECLINED 
or hang up. Your code is (random multi-digit code, specific to the 
transaction)"

It is by no means a bulletproof scheme - no such thing exists nor will 
it ever exist. Retailers, particularly web-based retailers with 'instant 
fulfillment' won't like it because it will slow down their processing 
times. The upside is that card fraud should decrease significantly. 
Cardholders may or may not like it - I suppose that depends on 
individual preference as much as anything else. There are issues, such 
as what happens when the phone can't be reached or when there is no 
reply (allow the retailer to retry later or continue the transaction at 
the retailer's risk would be my choices) and probably others I haven't 
considered but overall it seems easier than the whole 'Verified by 
Visa/3dSecure/SecureCode' mess.

Stealing card details becomes pointless once a real-time authentication 
system like this is in place. You'd need to steal the card details AND 
the right phone AND you'd need to use them before the owner discovered 
their property was gone. If you are going to do that, you're talking far 
more than just card fraud....

Jim Murray.


From igb at batten.eu.org  Sun Apr  3 20:46:47 2011
From: igb at batten.eu.org (Ian Batten)
Date: Sun, 3 Apr 2011 20:46:47 +0100
Subject: Card transactions by proxy
In-Reply-To: <87sju0e888.fsf@mid.deneb.enyo.de>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<87sju0e888.fsf@mid.deneb.enyo.de>
Message-ID: <178830CB-A826-4915-8DBE-35CC0309DF85@batten.eu.org>

>
> It is my understanding that a very similar thing happens when you do
> some business transaction over the phone (like booking a hotel).  The
> call center agent typically enters your credit card details into a web
> application on your behalf.
>

My recollection of booking hotels online is that it's unusual for them  
to want the CV2, even for "payment even if you don't show up" special  
offers.  I've always assumed that as their relationships with credit  
card companies are amongst the oldest, and the whole issue of things  
like "reserving credit" is there for the hotel industry's benefit (and  
car hire, I guess), they play by different rules.

ian


From igb at batten.eu.org  Sun Apr  3 20:53:52 2011
From: igb at batten.eu.org (Ian Batten)
Date: Sun, 3 Apr 2011 20:53:52 +0100
Subject: Card transactions by proxy
In-Reply-To: <4D9869E5.3080404@digitaldaemons.co.uk>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>	<7Af3y+CDq5kNFAJg@perry.co.uk>
	<op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<4D9869E5.3080404@digitaldaemons.co.uk>
Message-ID: <14B50038-9EB2-4E90-A60A-C3D7DC7C6837@batten.eu.org>

>
> Enter our friend, the mobile phone. Almost everyone has one, or at  
> the very least access to a landline on which they can be contacted.  
> As I see things, the contact number - mobile or landline for a  
> customer is already known to the bank. To authenticate a 'customer  
> not present' transaction, the bank simply sends an automated message

My bank already does that for some combination of high-value, overseas  
and dubious transactions.  I've on several occasions been phoned  
whilst stood at the counter, and asked to confirm what I'm doing.   
Using phones like this is a temping two-factor scheme.  Except...

>
> Stealing card details becomes pointless once a real-time  
> authentication system like this is in place. You'd need to steal the  
> card details AND the right phone

Or, alternatively, borrow the phone for two minutes and set up  
unconditional call forwarding on it.  The punter might not notice for  
some time, depending on how frequently they get incoming calls.  I  
don't think the caller has any way to establish the ident of the  
terminating phone, do that?

ian



From otcbn at callnetuk.com  Sun Apr  3 22:35:20 2011
From: otcbn at callnetuk.com (Peter Mitchell)
Date: Sun, 03 Apr 2011 22:35:20 +0100
Subject: Card transactions by proxy
In-Reply-To: <rxfj+e+LyHmNFA4z@perry.co.uk>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>	<7Af3y+CDq5kNFAJg@perry.co.uk>
	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk>
Message-ID: <4D98E818.3040802@callnetuk.com>

Roland Perry wrote  on 3-04-11 14:56:
> In article 
> <AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ at mail.gmail.com>, Tony 
> Naggs <tony.naggs at googlemail.com> writes
> 
>> Locally (Cambridge) I sometimes make my monthly council tax payment at 
>> the Post Office, where they swipe my council issued magnetic stripe 
>> card and then take a payment from my debit card using their Chip & Pin 
>> terminal.
> 
> My council closed their "cash office" for good last Friday. Although it 
> also took cheques, and Credit Cards for a ?2 fee.
> 
> Apparently, if I want to pay in person now, I have to find a PayPoint, 
> but I doubt they take cheques and certainly don't take debit or credit 
> cards.


One possible alternative is to pay a cheque over the counter 
at a branch of the bank where the council's collection 
account is held. Their bank will be named on the Bank Giro 
Credit slips provided in your council tax paybook.

I haven't tried this method yet myself, I just send them a 
cheque. But it does work for other paying other utility bills.





From tony.naggs at googlemail.com  Sun Apr  3 22:43:40 2011
From: tony.naggs at googlemail.com (Tony Naggs)
Date: Sun, 3 Apr 2011 22:43:40 +0100
Subject: Card transactions by proxy
In-Reply-To: <14B50038-9EB2-4E90-A60A-C3D7DC7C6837@batten.eu.org>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<4D9869E5.3080404@digitaldaemons.co.uk>
	<14B50038-9EB2-4E90-A60A-C3D7DC7C6837@batten.eu.org>
Message-ID: <AANLkTin9nURJgNNeWzyJG2wGMqpd3X5mzqdS726Rn6pG@mail.gmail.com>

On 3 April 2011 20:53, Ian Batten <igb at batten.eu.org> wrote:
>
> Or, alternatively, borrow the phone for two minutes and set up unconditional
> call forwarding on it. ?The punter might not notice for some time, depending
> on how frequently they get incoming calls. ?I don't think the caller has any
> way to establish the ident of the terminating phone, do that?

The same codes as BT uses should work on GSM phones:
*#21# queries unconditional forwarding
*#61# queries divert on no answer
*#67# queries divert on busy

Most mobiles also have query functions buried somewhere in their menus.


More directly undermining Jim's suggestion, unfortunately there is
already malware reported for mobile phones that intercepts
authentication codes sent by some banks to mobile phones, e.g.:
http://www.banktech.com/articles/227700043

ttfn, Tony


From maryhawking at tigers.demon.co.uk  Mon Apr  4 08:05:33 2011
From: maryhawking at tigers.demon.co.uk (Mary Hawking)
Date: Mon, 4 Apr 2011 08:05:33 +0100
Subject: Card transactions by proxy
In-Reply-To: <178830CB-A826-4915-8DBE-35CC0309DF85@batten.eu.org>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk><87sju0e888.fsf@mid.deneb.enyo.de>
	<178830CB-A826-4915-8DBE-35CC0309DF85@batten.eu.org>
Message-ID: <A5684A2A189849B49DF9A1D5FA86644E@MaryPC>

Every online transaction I make seems to ask for the security code - I'd
supposed it was in place of the PIN.
Is it just asked for on Visa cards?



Mary Hawking
 

-----Original Message-----
From: Ian Batten [mailto:igb at batten.eu.org] 
Sent: 03 April 2011 20:47
To: UK Cryptography Policy Discussion Group
Subject: Re: Card transactions by proxy

>
> It is my understanding that a very similar thing happens when you do 
> some business transaction over the phone (like booking a hotel).  The 
> call center agent typically enters your credit card details into a web 
> application on your behalf.
>

My recollection of booking hotels online is that it's unusual for them to
want the CV2, even for "payment even if you don't show up" special offers.
I've always assumed that as their relationships with credit card companies
are amongst the oldest, and the whole issue of things like "reserving
credit" is there for the hotel industry's benefit (and car hire, I guess),
they play by different rules.

ian






From lists at internetpolicyagency.com  Mon Apr  4 08:24:26 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Mon, 4 Apr 2011 08:24:26 +0100
Subject: Card transactions by proxy
In-Reply-To: <4D98E818.3040802@callnetuk.com>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
Message-ID: <V93s9MOqIXmNFA+L@perry.co.uk>

In article <4D98E818.3040802 at callnetuk.com>, Peter Mitchell 
<otcbn at callnetuk.com> writes

>>> Locally (Cambridge) I sometimes make my monthly council tax payment 
>>>at  the Post Office, where they swipe my council issued magnetic 
>>>stripe  card and then take a payment from my debit card using their 
>>>Chip & Pin  terminal.

>>  My council closed their "cash office" for good last Friday. Although 
>>it  also took cheques, and Credit Cards for a ?2 fee.
>>  Apparently, if I want to pay in person now, I have to find a 
>>PayPoint,  but I doubt they take cheques and certainly don't take 
>>debit or credit  cards.
>
>One possible alternative is to pay a cheque over the counter at a 
>branch of the bank where the council's collection account is held. 
>Their bank will be named on the Bank Giro Credit slips provided in your 
>council tax paybook.

But you are assuming there is uniformity between councils. Cambridge 
scrapped their paybook back in about 2000 (when they introduced the card 
that Tony mentions above). Since then, the details of their bank account 
(for people wanting to pay by standing order) has been a closely guarded 
secret. It is suspected that their motivation is to move as many people 
as possible to DD.

Similarly my own council (Rushcliffe) hasn't had a paybook all the seven 
years I've lived here. And as well as closing their cash office, this 
year they've removed the details of paying by Giro (at Post Office or a 
bank) from the back of the bill.

But they have always published the account numbers for standing order, 
just not the name of the bank [although through the magic of the 
interweb, I can turn it into the local HSBC branch; which has another 
interesting feature - they have no counter service, just a range of 
machines in the lobby that I doubt you can use for paying into random 
accounts, rather than accounts you have a special card for].

>I haven't tried this method yet myself, I just send them a cheque.

I've had problems in the past (different council) with payments being 
"lost". So I prefer to get a receipt. Indeed, when I moved at the end of 
last year it became clear that they couldn't process a payment into my 
'old' account once I'd told them I had moved. I took them a cheque and 
they handed it back because their system rejected it. At least I was 
there, and got the cheque back in my hand, rather than it being lost in 
some suspense account.

The new house was the same band as the old one, and I thought the 
easiest thing to do would be pay the final instalment on the old house, 
then have the credit moved across to the new house. But that failed, and 
the eventual fallout took two visits to the office to sort out!

What surprised me most was that I couldn't get the council employee 
concerned to accept that (because the houses were in the same band, and 
I was moving with the same parish) that my debt to the council was going 
to be exactly the same, irrespective of the day I moved. So they 
insisted on doing all the sums. My own failure to be able to explain 
this simple maths, was as frustrating as someone from the council tax 
department never having met this concept before.

>But it does work for other paying other utility bills.

And in my new house I discovered that the meter readings for "night" and 
"day" on the electronic 'white meter' were the wrong way round. I don't 
use an economy 7 (or whatever) tariff because there's not enough 
overnight consumption to make the cheaper overnight electricity balance 
out the higher cost [which they naturally fail to tell people] of the 
daytime consumption, compared to the normal tariff.

But if the previous tenant(s) were on economy 7, they they'd have been 
paying less than half as much as they should - with the bill looking 
very odd, lots of 'night-time' usage and very little in the 'day'. 
That's how I noticed it, because they sent me a bill a month after I'd 
moved in - perhaps to probe if I existed and was likely to pay, as 
normally they send them quarterly. But their billing systems clearly 
don't have an internal exception report when people's reported 
consumption is "back to front".

Three months later, and the electricity company has still failed to send 
anyone round to look at the meter (I think they believe I'm making it 
up) although they call me from time to time to say they haven't 
forgotten about it.

ps. What's this got to do with crypto (or security of payments or 
whatever)? Well, we can easily fall into the trap of making assumptions 
about the way the world (and its billing/banking systems) works. But 
sometimes those assumptions aren't right, and often it's hard to
work backwards from the public-facing information or staff, to what's 
going on underneath.
-- 
Roland Perry


From lists at internetpolicyagency.com  Mon Apr  4 08:30:09 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Mon, 4 Apr 2011 08:30:09 +0100
Subject: Card transactions by proxy
In-Reply-To: <A5684A2A189849B49DF9A1D5FA86644E@MaryPC>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<87sju0e888.fsf@mid.deneb.enyo.de>
	<178830CB-A826-4915-8DBE-35CC0309DF85@batten.eu.org>
	<A5684A2A189849B49DF9A1D5FA86644E@MaryPC>
Message-ID: <JN9rRmPBOXmNFA+Z@perry.co.uk>

In article <A5684A2A189849B49DF9A1D5FA86644E at MaryPC>, Mary Hawking 
<maryhawking at tigers.demon.co.uk> writes
>Every online transaction I make seems to ask for the security code - I'd
>supposed it was in place of the PIN.
>Is it just asked for on Visa cards?

It's unlikely to depend on the card being used, some of the clunkier 
in-house online systems just don't have that field.

I presume its because they haven't bothered (or don't qualify) to obtain 
the status with the bank to process Not-Present transactions, and aren't 
using one of the third-party gateways.

So they can still accept credit cards, but entirely at their own risk. 
Many hotels (as one example of this kind of trader) only take a print 
off the card when you check in, they don't try to make a transaction to 
either reserve a credit limit or verify the card's credentials.
-- 
Roland Perry


From igb at batten.eu.org  Mon Apr  4 08:40:56 2011
From: igb at batten.eu.org (Ian Batten)
Date: Mon, 4 Apr 2011 08:40:56 +0100
Subject: Card transactions by proxy
In-Reply-To: <A5684A2A189849B49DF9A1D5FA86644E@MaryPC>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk><87sju0e888.fsf@mid.deneb.enyo.de>
	<178830CB-A826-4915-8DBE-35CC0309DF85@batten.eu.org>
	<A5684A2A189849B49DF9A1D5FA86644E@MaryPC>
Message-ID: <32797A21-D2BB-4B1B-A9EA-BC45CA32B17C@batten.eu.org>


On 4 Apr 2011, at 08:05, Mary Hawking wrote:

> Every online transaction I make seems to ask for the security code - I'd
> supposed it was in place of the PIN.
> Is it just asked for on Visa cards?

No, it's asked for with mastercards and amex (where it's four digits, and on the front of the card rather than the rear).

I don't feel inclined to book a hotel just to find out, but I'm pretty certain they are an exception.

ian



From lists at internetpolicyagency.com  Mon Apr  4 10:14:09 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Mon, 4 Apr 2011 10:14:09 +0100
Subject: Card transactions by proxy
In-Reply-To: <32797A21-D2BB-4B1B-A9EA-BC45CA32B17C@batten.eu.org>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<87sju0e888.fsf@mid.deneb.enyo.de>
	<178830CB-A826-4915-8DBE-35CC0309DF85@batten.eu.org>
	<A5684A2A189849B49DF9A1D5FA86644E@MaryPC>
	<32797A21-D2BB-4B1B-A9EA-BC45CA32B17C@batten.eu.org>
Message-ID: <cFluT0QhvYmNFAsc@perry.co.uk>

In article <32797A21-D2BB-4B1B-A9EA-BC45CA32B17C at batten.eu.org>, Ian 
Batten <igb at batten.eu.org> writes
>I don't feel inclined to book a hotel just to find out, but I'm
>pretty certain they are an exception.

Hotels are "different" because they routinely 'reserve' some of the 
cardholder's credit, although in the relatively recent C&P world they 
seem to make a nominal ($100 or whatever) charge as a refundable 
deposit, which doesn't show up on your statement because they cancel the 
transaction when you checkout.
-- 
Roland Perry


From pwt at iosis.co.uk  Mon Apr  4 10:25:54 2011
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Mon, 04 Apr 2011 10:25:54 +0100
Subject: Card transactions by proxy
In-Reply-To: <cFluT0QhvYmNFAsc@perry.co.uk>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>	<87sju0e888.fsf@mid.deneb.enyo.de>	<178830CB-A826-4915-8DBE-35CC0309DF85@batten.eu.org>	<A5684A2A189849B49DF9A1D5FA86644E@MaryPC>	<32797A21-D2BB-4B1B-A9EA-BC45CA32B17C@batten.eu.org>
	<cFluT0QhvYmNFAsc@perry.co.uk>
Message-ID: <4D998EA2.9040506@iosis.co.uk>

On 04/04/2011 10:14, Roland Perry wrote:
> In article <32797A21-D2BB-4B1B-A9EA-BC45CA32B17C at batten.eu.org>, Ian 
> Batten <igb at batten.eu.org> writes
>> I don't feel inclined to book a hotel just to find out, but I'm
>> pretty certain they are an exception.
>
> Hotels are "different" because they routinely 'reserve' some of the 
> cardholder's credit, although in the relatively recent C&P world they 
> seem to make a nominal ($100 or whatever) charge as a refundable 
> deposit, which doesn't show up on your statement because they cancel 
> the transaction when you checkout.
That triggers something, at a tangent. Transport for London is, as many 
of you will know, adding contactless bank payment to its portfolio of 
technology methods. They want to retain exactly the same daily fare 
capping as they have with classic Oyster cards, so they will daily 
aggregate all the taps that you make with your bank card, and then 
compute overnight the amount to charge to your card account, and ship 
off one transaction to your bank. So your taps are just for card 
authentication and logging of the location of the tap. The question was 
how to do this, and thus was created the concept of the zero value 
transaction between card and terminal (and possibly associated with it 
may be online authentication back to a local server, including checking 
against a hot list - I'm not sure if that online server side transaction 
process will be implemented in London).

Peter



From David_Biggins at usermgmt.com  Mon Apr  4 11:00:16 2011
From: David_Biggins at usermgmt.com (David Biggins)
Date: Mon, 4 Apr 2011 11:00:16 +0100
Subject: Card transactions by proxy
In-Reply-To: <4D9813D1.3060606@iosis.co.uk>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk><87sju0e888.fsf@mid.deneb.enyo.de>
	<4D9813D1.3060606@iosis.co.uk>
Message-ID: <C6F343320DAC194BA010FD66AD49362351BBBB@home.usermgmt.local>

> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Peter Tomlinson
> Sent: 03 April 2011 7:30 AM
> To: UK Cryptography Policy Discussion Group
> Subject: Re: Card transactions by proxy
> 
> On 02/04/2011 20:58, Florian Weimer wrote:
> > It is my understanding that a very similar thing happens when you do
> > some business transaction over the phone (like booking a hotel).
The
> > call center agent typically enters your credit card details into a
web
> > application on your behalf.
> But surely that is a 'cardholder not present' transaction - and they
must not
> ask you for the 3 digit CVV number off the back of the card.

Strange - almost every PNP transaction I've ever made has demanded the
CVV.

At the end of the day, the decision usually comes down to how badly you
want the Pizza.

D


From pwt at iosis.co.uk  Mon Apr  4 12:24:26 2011
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Mon, 04 Apr 2011 12:24:26 +0100
Subject: Card transactions by proxy
In-Reply-To: <C6F343320DAC194BA010FD66AD49362351BBBB@home.usermgmt.local>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk><87sju0e888.fsf@mid.deneb.enyo.de>	<4D9813D1.3060606@iosis.co.uk>
	<C6F343320DAC194BA010FD66AD49362351BBBB@home.usermgmt.local>
Message-ID: <4D99AA6A.5090805@iosis.co.uk>


On 04/04/2011 11:00, David Biggins wrote:
>> -----Original Message-----
>> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
>> bounces at chiark.greenend.org.uk] On Behalf Of Peter Tomlinson
>> Sent: 03 April 2011 7:30 AM
>> To: UK Cryptography Policy Discussion Group
>> Subject: Re: Card transactions by proxy
>>
>> On 02/04/2011 20:58, Florian Weimer wrote:
>>> It is my understanding that a very similar thing happens when you do
>>> some business transaction over the phone (like booking a hotel).
> The
>>> call center agent typically enters your credit card details into a
> web
>>> application on your behalf.
>> But surely that is a 'cardholder not present' transaction - and they
> must not
>> ask you for the 3 digit CVV number off the back of the card.
> Strange - almost every PNP transaction I've ever made has demanded the
> CVV.
>
> At the end of the day, the decision usually comes down to how badly you
> want the Pizza.
Maybe my memory is failing me, then - thinking about it (sic), its a 
long time since I did a CNP over the phone with a real person - last 
voice transaction was with a voice recognition system to pay a utility 
bill.

Peter



From otcbn at callnetuk.com  Tue Apr  5 09:00:51 2011
From: otcbn at callnetuk.com (Peter Mitchell)
Date: Tue, 05 Apr 2011 09:00:51 +0100
Subject: Card transactions by proxy
In-Reply-To: <V93s9MOqIXmNFA+L@perry.co.uk>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>	<7Af3y+CDq5kNFAJg@perry.co.uk>
	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>	<rxfj+e+LyHmNFA4z@perry.co.uk>
	<4D98E818.3040802@callnetuk.com> <V93s9MOqIXmNFA+L@perry.co.uk>
Message-ID: <4D9ACC33.3020902@callnetuk.com>

Roland Perry wrote  on 4-04-11 08:24:
> In article <4D98E818.3040802 at callnetuk.com>, Peter Mitchell 
> <otcbn at callnetuk.com> writes
>> One possible alternative is to pay a cheque over the counter at a 
>> branch of the bank where the council's collection account is held. 
>> Their bank will be named on the Bank Giro Credit slips provided in 
>> your council tax paybook.
> 
> But you are assuming there is uniformity between councils. Cambridge 
> scrapped their paybook back in about 2000 (when they introduced the card 
> that Tony mentions above). 

I see. No, I didn't know that. Mine (London Borough of 
Kingston) still provides paybooks, including the collection 
account details.

They abolished their cashiers' counters some years ago. When 
they first did this it was impossible to get them
to admit that they would accept a cheque sent in the post.
In practice, if you sent them one, they'd cash it; but it
wasn't on their list of Approved Methods of paying council tax.

Naturally, direct debit is their preferred method. There's
nothing like having unrestricted access to other people's
bank accounts.

> Since then, the details of their bank account
> (for people wanting to pay by standing order) has been a closely guarded 
> secret. It is suspected that their motivation is to move as many people 
> as possible to DD.

Suspected? It is a dead cert. Every such organisation is
trying to push its customers into paying by DD. Some of them
are at least honest enough to give you a discount for it, or
(less honourably but, in the end, equivalently) charge you
for not doing it.

I haven't previously come across this ingenious method of
concealing their bank account though.

> Similarly my own council (Rushcliffe) hasn't had a paybook all the seven 
> years I've lived here. And as well as closing their cash office, this 
> year they've removed the details of paying by Giro (at Post Office or a 
> bank) from the back of the bill.
> 
> But they have always published the account numbers for standing order, 
> just not the name of the bank [although through the magic of the 
> interweb, I can turn it into the local HSBC branch; which has another 
> interesting feature - they have no counter service, just a range of 
> machines in the lobby that I doubt you can use for paying into random 
> accounts, rather than accounts you have a special card for].

If it's like my local HSBC branch, yes you can. These
machines have built-in OCR/scanners allowing you to feed in
the Bank Giro Credit slip and your cheque, and the machine
reads them and somehow pays the money over from your
chequing account into the collection account via Giro 
(whatever that is), and prints you a receipt. You don't need 
to have an HSBC account or a card.


This is a loophole that will no doubt soon be closed on
money laundering grounds, since it makes things easier for
ordinary citizens.



-- 
Pete Mitchell




From lists at internetpolicyagency.com  Tue Apr  5 10:16:56 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Tue, 5 Apr 2011 10:16:56 +0100
Subject: Card transactions by proxy
In-Reply-To: <4D9ACC33.3020902@callnetuk.com>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
Message-ID: <ekP+7iBI4tmNFAfJ@perry.co.uk>

In article <4D9ACC33.3020902 at callnetuk.com>, Peter Mitchell 
<otcbn at callnetuk.com> writes
>>the local HSBC branch; which has another  interesting feature - they 
>>have no counter service, just a range of  machines in the lobby that I 
>>doubt you can use for paying into random  accounts, rather than 
>>accounts you have a special card for].
>
>If it's like my local HSBC branch, yes you can. These
>machines have built-in OCR/scanners allowing you to feed in
>the Bank Giro Credit slip and your cheque, and the machine
>reads them and somehow pays the money over from your
>chequing account into the collection account via Giro (whatever that 
>is), and prints you a receipt. You don't need to have an HSBC account 
>or a card.

Where do you get the Giro Credit slip from, for Council tax?

One of my Credit Card providers stopped printing a Giro slip on the 
bottom of the statements a year ago "to save paper". although there's 
still as much paper, just a saving of ink in the blank space where the 
giro slip used to be. I can only pay them electronically now.
-- 
Roland Perry


From igb at batten.eu.org  Tue Apr  5 12:18:17 2011
From: igb at batten.eu.org (Ian Batten)
Date: Tue, 5 Apr 2011 12:18:17 +0100
Subject: Card transactions by proxy
In-Reply-To: <4D9ACC33.3020902@callnetuk.com>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>	<7Af3y+CDq5kNFAJg@perry.co.uk>
	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>	<rxfj+e+LyHmNFA4z@perry.co.uk>
	<4D98E818.3040802@callnetuk.com> <V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>
Message-ID: <183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>

> 
> Naturally, direct debit is their preferred method. There's
> nothing like having unrestricted access to other people's
> bank accounts.
> [...]
> If it's like my local HSBC branch, yes you can. These
> machines have built-in OCR/scanners allowing you to feed in
> the Bank Giro Credit slip and your cheque, and the machine
> reads them and somehow pays the money over from your
> chequing account into the collection account via Giro 

Last week I got two phone calls from bank branches in the east of London.  Had I recently written cheques for ?997 payable to an individual they named, and was I expecting someone to cash them in Walthamstow and Basildon?  They were nervous about the cheques, so had stopped them, and could I phone to confirm?

It turned out that a new cheque book had been stolen en route, and over the next few days there were a couple more similar calls.  In the meantime, all our accounts had had various sorts of fraud-prevention codes put on, which as it was "salaries, standing orders and direct debits" week, gave us a day of messing about until order was restored.  It was especially nerve-wracking as the account had the funds to pay several such cheques, as it was also "last chance to stick some into ISAs" week and we had money queued up in the current account ready to transfer, so had any hooky cheques been paid we'd have had some messing about to do to sort things out.

That's not the first time that's happened to us, although the last time we were able to stop the chequebook before any attempt had been made to use them.

I've operated DDs for more than twenty years, and we have about forty set up on our respective bank accounts, not one of which has ever given any trouble (it's not been forty for twenty years, but it's probably averaged 20: 400 direct-debit years).   From where I'm stood, our occasional use of cheques (and it is occasional, now we do things like paying for school meals online) is a far greater risk to us than DDs.

ian



From lists at internetpolicyagency.com  Tue Apr  5 13:40:39 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Tue, 5 Apr 2011 13:40:39 +0100
Subject: Card transactions by proxy
In-Reply-To: <183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
Message-ID: <dN8uBSRH3wmNFAsW@perry.co.uk>

In article <183534E5-99E3-4810-96C9-32E0B9D53FA6 at batten.eu.org>, Ian 
Batten <igb at batten.eu.org> writes
>I've operated DDs for more than twenty years, and we have about forty 
>set up on our respective bank accounts, not one of which has ever given 
>any trouble (it's not been forty for twenty years, but it's probably 
>averaged 20: 400 direct-debit years).   From where I'm stood, our 
>occasional use of cheques (and it is occasional, now we do things like 
>paying for school meals online) is a far greater risk to us than DDs.

The main DD "risk" as I see (and experience) it is that [particularly 
utility] companies take payments I'd rather they hadn't.

But there's the DD guarantee, I hear people say. However, that's for 
"mistakes".  And apparently cancels the DD arrangement, so you've got 
the extra hassle of setting it up again.

For example, I received an estimated bill that is approximately double 
what it should have been. And immediately sent a customer reading to the 
supplier's website. Which they seem to have ignored. Does that qualify 
as a "mistake", required to trigger the DD guarantee? In this case I 
didn't bother claiming, because overpaying for energy is usually OK, and 
prices are only going upwards.

But the principle remains, that you lose control of the money and all 
the initiative is with the customer to chase up 'errors and omissions'.
-- 
Roland Perry


From matthew at pemble.net  Tue Apr  5 13:53:12 2011
From: matthew at pemble.net (Matthew Pemble)
Date: Tue, 5 Apr 2011 13:53:12 +0100
Subject: Card transactions by proxy
In-Reply-To: <dN8uBSRH3wmNFAsW@perry.co.uk>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk>
Message-ID: <BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>

On 5 April 2011 13:40, Roland Perry <lists at internetpolicyagency.com> wrote:

>
> But the principle remains, that you lose control of the money and all the
> initiative is with the customer to chase up 'errors and omissions'.
>

Or, frankly, as Jeremy Clarkson found out to his cost (and I have
experienced with my wife being able to set up a DD on the one non-"joint and
several" account I have), anyone can set up a DD with your account because
there is no effective checking.

Which can be inconvenient, embarrassing or could even be job threatening.

M.

-- 
Matthew Pemble
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110405/ee667a80/attachment.htm>

From lists at internetpolicyagency.com  Tue Apr  5 14:23:51 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Tue, 5 Apr 2011 14:23:51 +0100
Subject: Card transactions by proxy
In-Reply-To: <BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk>
	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
Message-ID: <LNUrBoWnfxmNFA$U@perry.co.uk>

In article <BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg at mail.gmail.com>, Matthew 
Pemble <matthew at pemble.net> writes

 >>But the principle remains, that you lose control of the money and all 
 >>the initiative is with the customer to chase up 'errors and 
 >>omissions'.
>
>Or, frankly, as Jeremy Clarkson found out to his cost (and I have 
>experienced with my wife being able to set up a DD on the one 
>non-"joint and several" account I have), anyone can set up a DD with 
>your account because there is no effective checking.
>
>Which can be inconvenient, embarrassing or could even be job 
>threatening

I don't buy the Clarkson story, because he would have got a letter from 
the charity confirming the DD was set up. Although as a busy 
professional, he might not have actually seen the letter himself (but 
that doesn't apply to many people). And with bank account numbers on 
every cheque you don't need to advertise them in the newspaper for 
people to get hold of them.

The overlooked issue, in most versions of the story, is the DD can only 
be in favour of certain approved organisations, and the way it is retold 
you'd think anyone could get the money.

There's something to be said for inventing fixed-value DD's, as an 
equivalent to a standing order. It's the variable ones which are the 
most out of control.
-- 
Roland Perry


From igb at batten.eu.org  Tue Apr  5 14:53:41 2011
From: igb at batten.eu.org (Ian Batten)
Date: Tue, 5 Apr 2011 14:53:41 +0100
Subject: Card transactions by proxy
In-Reply-To: <BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk>
	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
Message-ID: <7784DDEC-7625-41A7-9219-7327C9BCC78B@batten.eu.org>


On 5 Apr 2011, at 13:53, Matthew Pemble wrote:

> On 5 April 2011 13:40, Roland Perry <lists at internetpolicyagency.com> wrote:
> 
> But the principle remains, that you lose control of the money and all the initiative is with the customer to chase up 'errors and omissions'.
> 
> Or, frankly, as Jeremy Clarkson found out to his cost (and I have experienced with my wife being able to set up a DD on the one non-"joint and several" account I have), anyone can set up a DD with your account because there is no effective checking.

Well, if you think that (for payments of a few hundred pounds or less) there's any greater policing of cheques or standing orders, I've got a bridge to sell you.  And if your fear is that DDs can be set up by anyone without checking, the saloon bar "oh, DDs are dangerous, that's why I don't have any" won't help you --- unless you can convince your bank to tag your account "no DDs to be set up", which I suspect that this side of Coutt's you can't.

> 
> Which can be inconvenient, embarrassing or could even be job threatening.  

Failing to pay your phone bill can be equally bad.  We shifted all our utilities and suchlike onto DDs when my wife was ill during her first pregnancy: it meant that if we had to suddenly drop everything and decamp to hospital for a month, we wouldn't have our utilities cut off for non-payment.   I've noticed a strong correlation between "DDs are evil and I don't have any because I pay all my bills over the counter with cheques" and "man living on own" --- for most people, there's a time/money/risk tradeoff for which DDs are an entirely rational response.    Running my eye down the last payment dates and amounts on the DDs takes a couple of minutes, online, once every few months; paying ~30 regular bills per month by cheque would take rather longer, and be a great deal more error prone.

ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110405/e1a2cc0d/attachment-0001.htm>

From otcbn at callnetuk.com  Tue Apr  5 15:36:17 2011
From: otcbn at callnetuk.com (Peter Mitchell)
Date: Tue, 05 Apr 2011 15:36:17 +0100
Subject: Card transactions by proxy
In-Reply-To: <7784DDEC-7625-41A7-9219-7327C9BCC78B@batten.eu.org>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>	<7Af3y+CDq5kNFAJg@perry.co.uk>
	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>	<rxfj+e+LyHmNFA4z@perry.co.uk>
	<4D98E818.3040802@callnetuk.com>	<V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>	<dN8uBSRH3wmNFAsW@perry.co.uk>	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
	<7784DDEC-7625-41A7-9219-7327C9BCC78B@batten.eu.org>
Message-ID: <4D9B28E1.1040600@callnetuk.com>

Ian Batten wrote  on 5-04-11 14:53:
> Well, if you think that (for payments of a few hundred pounds or less) 
> there's any greater policing of cheques or standing orders, I've got a 
> bridge to sell you.  

Cheques or SOs cannot be set up without your signature or a 
similar means of authorisation. If they are, you can 
repudiate them relatively easily, although - as with all 
frauds - the accountholder will suffer inconvenience until 
it is resolved.

> And if your fear is that DDs can be set up by 
> anyone without checking, the saloon bar "oh, DDs are dangerous, that's 
> why I don't have any" won't help you --- unless you can convince your 
> bank to tag your account "no DDs to be set up", which I suspect that 
> this side of Coutt's you can't.

That's quite true, although I'm not sure why you're putting 
it forward as an argument in favour of DDs. It seems to me 
to be a highly persuasive argument against them.

And it's interesting to speculate _why_ it's true. It must 
be technically very easy for a bank to flag an account as 
"DDs not allowed", just as they can flag one as "Overdraft 
not allowed". But, as you say, they won't.

I expect it's a conspiracy. Elvis told them not to.

The same applies to Internet banking. As a habitual tinfoil 
hat wearer, I always told my bank that I did not want 
Internet banking set up on my current account. Then, two 
years ago, somebody else did it for me and nicked six 
thousand pounds out of my account.

Nowadays I do tend to set up Internet access to my accounts. 
Not because I want to use it, but because I suppose if it's 
going to be done anyway I might as well be the one to do it.

>> Which can be inconvenient, embarrassing or could even be job 
>> threatening.  
> 
> Failing to pay your phone bill can be equally bad.  We shifted all our 
> utilities and suchlike onto DDs when my wife was ill during her first 
> pregnancy: it meant that if we had to suddenly drop everything and 
> decamp to hospital for a month, we wouldn't have our utilities cut off 
> for non-payment.   I've noticed a strong correlation between "DDs are 
> evil and I don't have any because I pay all my bills over the counter 
> with cheques" and "man living on own" --- for most people, there's a 
> time/money/risk tradeoff for which DDs are an entirely rational 
> response.    Running my eye down the last payment dates and amounts on 
> the DDs takes a couple of minutes, online, once every few months; paying 
> ~30 regular bills per month by cheque would take rather longer, and be a 
> great deal more error prone.

People like yourself should surely be allowed to use DDs, 
while these sinister-sounding "men living on their own" 
should be allowed not to.


-- 
Pete Mitchell


From otcbn at callnetuk.com  Tue Apr  5 15:38:20 2011
From: otcbn at callnetuk.com (Peter Mitchell)
Date: Tue, 05 Apr 2011 15:38:20 +0100
Subject: Card transactions by proxy
In-Reply-To: <LNUrBoWnfxmNFA$U@perry.co.uk>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>	<7Af3y+CDq5kNFAJg@perry.co.uk>
	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>	<rxfj+e+LyHmNFA4z@perry.co.uk>
	<4D98E818.3040802@callnetuk.com>	<V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>	<dN8uBSRH3wmNFAsW@perry.co.uk>	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
	<LNUrBoWnfxmNFA$U@perry.co.uk>
Message-ID: <4D9B295C.20405@callnetuk.com>

Roland Perry wrote  on 5-04-11 14:23:
> In article <BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg at mail.gmail.com>, Matthew 
> Pemble <matthew at pemble.net> writes
> 
>  >>But the principle remains, that you lose control of the money and all 
>  >>the initiative is with the customer to chase up 'errors and 
>  >>omissions'.
>>
>> Or, frankly, as Jeremy Clarkson found out to his cost (and I have 
>> experienced with my wife being able to set up a DD on the one 
>> non-"joint and several" account I have), anyone can set up a DD with 
>> your account because there is no effective checking.
>>
>> Which can be inconvenient, embarrassing or could even be job threatening
> 
> I don't buy the Clarkson story, because he would have got a letter from 
> the charity confirming the DD was set up. 

Only if the fraudster gave the charity Clarkson's real 
address, which seems unlikely (he probably wouldn't have 
known it). And even if he did, getting the letter wouldn't 
have turned back the clock and put Clarkson's money back in 
his account.

-- 
Pete Mitchell


From otcbn at callnetuk.com  Tue Apr  5 15:49:44 2011
From: otcbn at callnetuk.com (Peter Mitchell)
Date: Tue, 05 Apr 2011 15:49:44 +0100
Subject: Card transactions by proxy
In-Reply-To: <ekP+7iBI4tmNFAfJ@perry.co.uk>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>	<7Af3y+CDq5kNFAJg@perry.co.uk>
	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>	<rxfj+e+LyHmNFA4z@perry.co.uk>
	<4D98E818.3040802@callnetuk.com>	<V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com> <ekP+7iBI4tmNFAfJ@perry.co.uk>
Message-ID: <4D9B2C08.3070509@callnetuk.com>

Roland Perry wrote  on 5-04-11 10:16:
> In article <4D9ACC33.3020902 at callnetuk.com>, Peter Mitchell 
> <otcbn at callnetuk.com> writes
>> If it's like my local HSBC branch, yes you can. These
>> machines have built-in OCR/scanners allowing you to feed in
>> the Bank Giro Credit slip and your cheque, and the machine
>> reads them and somehow pays the money over from your
>> chequing account into the collection account via Giro (whatever that 
>> is), and prints you a receipt. You don't need to have an HSBC account 
>> or a card.
> 
> Where do you get the Giro Credit slip from, for Council tax?

 From the paybook, silly ... Ah. I see the problem :) Once 
again I assumed that other boroughs are like mine.

> One of my Credit Card providers stopped printing a Giro slip on the 
> bottom of the statements a year ago "to save paper". although there's 
> still as much paper, just a saving of ink in the blank space where the 
> giro slip used to be. I can only pay them electronically now.

The scamps.

I have a Santander credit card account. Their statements do 
come with Giro slips attached. These slips nominate a 
collection account owned by Santander Credit Card Services 
at Bank of Santander itself. As it happens I also have a 
Bank of Santander current account (nee Abbey). So, I 
thought, I could pay my Santander CC bill by writing a 
cheque on my Santander current account, going to my local 
Santander branch and handing the Santander cheque and 
Santander giro slip over the Santander counter to a 
Santander teller who could then pay it into the Santander 
Credit Card Services account at Bank of Santander.

But no. That's not possible. Santander don't allow it.

So I had to pay either electronically, or by posting them a 
cheque. They've got a special new wheeze to discourage the 
latter method too: they hold onto the cheque for three weeks 
before presenting it, so they can add late payment charges.

It's goodbye Santander ...

-- 
Pete Mitchell


From lists at internetpolicyagency.com  Tue Apr  5 17:38:01 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Tue, 5 Apr 2011 17:38:01 +0100
Subject: Card transactions by proxy
In-Reply-To: <4D9B295C.20405@callnetuk.com>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk>
	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
	<LNUrBoWnfxmNFA$U@perry.co.uk> <4D9B295C.20405@callnetuk.com>
Message-ID: <Zr3P4IbpV0mNFAus@perry.co.uk>

In article <4D9B295C.20405 at callnetuk.com>, Peter Mitchell 
<otcbn at callnetuk.com> writes
>>  I don't buy the Clarkson story, because he would have got a letter 
>>from  the charity confirming the DD was set up.
>
>Only if the fraudster gave the charity Clarkson's real address, which 
>seems unlikely (he probably wouldn't have known it).

Good point; I wondering why it's a useful exercise, now.

>And even if he did, getting the letter wouldn't have turned back the 
>clock and put Clarkson's money back in his account.

The original idea was that you got the letter in time to cancel
the DD. He could get the money back from the DD guarantee, but that then 
looks like taking money from the charity. He can afford it (he's earning 
at least ?2m a year).
-- 
Roland Perry


From lists at internetpolicyagency.com  Tue Apr  5 17:46:50 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Tue, 5 Apr 2011 17:46:50 +0100
Subject: Card transactions by proxy
In-Reply-To: <4D9B2C08.3070509@callnetuk.com>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<ekP+7iBI4tmNFAfJ@perry.co.uk> <4D9B2C08.3070509@callnetuk.com>
Message-ID: <kajQ0dc6d0mNFAqx@perry.co.uk>

In article <4D9B2C08.3070509 at callnetuk.com>, Peter Mitchell 
<otcbn at callnetuk.com> writes
>I have a Santander credit card account. Their statements do come with 
>Giro slips attached. These slips nominate a collection account owned by 
>Santander Credit Card Services at Bank of Santander itself. As it 
>happens I also have a Bank of Santander current account (nee Abbey). 
>So, I thought, I could pay my Santander CC bill by writing a cheque on 
>my Santander current account, going to my local Santander branch and 
>handing the Santander cheque and Santander giro slip over the Santander 
>counter to a Santander teller who could then pay it into the Santander 
>Credit Card Services account at Bank of Santander.
>
>But no. That's not possible. Santander don't allow it.

I opened an Alliance and Leicester account just before they were bought 
by Santander [1]. When I went into the branch recently I was accosted by 
a member of staff and grilled about whether I was really a proper 
Santander account holder, or was it (strongly implied second class 
citizen) one of these old Alliance and Leicester ones.

[1] And ever since that they've been threatening to change the account 
number to a Santander one, their leaflet saying loudly three times page 
after page that I have absolutely nothing to do, everything will be 
swapped automagically. Except of course, buried near the end, to tell 
foreigners who want to send me bank transfers. Guess where my income's 
from!)
-- 
Roland Perry


From clive at davros.org  Tue Apr  5 19:01:34 2011
From: clive at davros.org (Clive D.W. Feather)
Date: Tue, 5 Apr 2011 19:01:34 +0100
Subject: Card transactions by proxy
In-Reply-To: <BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
References: <7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk>
	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
Message-ID: <20110405180134.GP6507@davros.org>

Matthew Pemble said:
> Or, frankly, as Jeremy Clarkson found out to his cost (and I have
> experienced with my wife being able to set up a DD on the one non-"joint and
> several" account I have), anyone can set up a DD with your account because
> there is no effective checking.

I've had one problem with DDs. One day I checked my statement to find a DD
payment to someone I'd never heard of. The bank kept telling me that I
would just get my money back under the DD Guarantee, but took ages to
understand that I couldn't invoke it because I didn't know who the payee
was and didn't have a DD with them. It got sorted in the end, but took a
while.

A friend in the USA gets his pay, just like I do, by bank transfer from the
employer. Except that a few months ago he discovered that it was actually a
sort of reverse DD: the employer had a cash flow issue and just took back
everyone's pay a couple of days after he'd paid it! Does anyone know if
that can happen here?

-- 
Clive D.W. Feather          | If you lie to the compiler,
Email: clive at davros.org     | it will get its revenge.
Web: http://www.davros.org  |   - Henry Spencer
Mobile: +44 7973 377646


From laurence at iapetus.plus.com  Tue Apr  5 22:29:32 2011
From: laurence at iapetus.plus.com (Laurence Taylor)
Date: Tue, 5 Apr 2011 21:29:32 +0000 (GMT)
Subject: Card transactions by proxy
Message-ID: <8364@iapetus.plus.com>

In message <rxfj+e+LyHmNFA4z at perry.co.uk> Roland Perry writes:

> My council closed their "cash office" for good last Friday. Although it 
> also took cheques, and Credit Cards for a ?2 fee.
> 
> Apparently, if I want to pay in person now, I have to find a PayPoint, 
> but I doubt they take cheques and certainly don't take debit or credit 
> cards.

Put your cheque (or, I suppose, card number) in an envelope, deal
it, and hand it in at the front desk.

I've done this with more than one organisation that claimed they
couldn't take payments over the counter, and it never failed. One
of them even posted me a (n unrequested) receipt!

rgds
LAurence
<><
... Ask not what you can do for your country, ask what's for lunch - Orson
... Welles
~~~ Tag-O-Matic V.13F 



From matthew at pemble.net  Wed Apr  6 08:03:53 2011
From: matthew at pemble.net (Matthew Pemble)
Date: Wed, 6 Apr 2011 08:03:53 +0100
Subject: Card transactions by proxy
In-Reply-To: <20110405180134.GP6507@davros.org>
References: <7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk>
	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
	<20110405180134.GP6507@davros.org>
Message-ID: <BANLkTimwTgB4iteOeBbz=EGdtjU=_NZXgg@mail.gmail.com>

On 5 April 2011 19:01, Clive D.W. Feather <clive at davros.org> wrote:

>
> I've had one problem with DDs. One day I checked my statement to find a DD
> payment to someone I'd never heard of. The bank kept telling me that I
> would just get my money back under the DD Guarantee, but took ages to
> understand that I couldn't invoke it because I didn't know who the payee
> was and didn't have a DD with them. It got sorted in the end, but took a
> while.
>

I though the DD Guarantee was provided by the bank, not by the payee? And
guaranteed you against errors from the bank (i.e. applying a DD against your
account which you had never authorised) as well as errors by the payee (too
much, too often etc).

If an error is made in the payment of your Direct Debit by (insert your
> organisation name) or your bank or building society you are entitled to a
> full and immediate refund of the amount paid from your bank or building
> society
>



> A friend in the USA gets his pay, just like I do, by bank transfer from the
> employer. Except that a few months ago he discovered that it was actually a
> sort of reverse DD: the employer had a cash flow issue and just took back
> everyone's pay a couple of days after he'd paid it! Does anyone know if
> that can happen here?
>
>
Electronic payments can be revoked before they have cleared - which is a
different thing to a "reverse DD", although the effect is the same. In the
UK, of course, you'd have to be quick with "Faster Payments", nowadays. Of
course, you can revoke fraudulent payments after they have cleared (as money
mules regularly find out to their cost), but then the revoker has to accept
legal liability. Alternatively, you can demand (and eventually sue) for the
return of erroneous payments.

M



-- 
Matthew Pemble
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110406/cc1c2a11/attachment.htm>

From igb at batten.eu.org  Wed Apr  6 08:34:44 2011
From: igb at batten.eu.org (Ian Batten)
Date: Wed, 6 Apr 2011 08:34:44 +0100
Subject: Card transactions by proxy
In-Reply-To: <BANLkTimwTgB4iteOeBbz=EGdtjU=_NZXgg@mail.gmail.com>
References: <7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk>
	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
	<20110405180134.GP6507@davros.org>
	<BANLkTimwTgB4iteOeBbz=EGdtjU=_NZXgg@mail.gmail.com>
Message-ID: <759DCA6F-7848-43EB-A21A-35B764E8DC43@batten.eu.org>


On 6 Apr 2011, at 08:03, Matthew Pemble wrote:

> On 5 April 2011 19:01, Clive D.W. Feather <clive at davros.org> wrote:
> 
> I've had one problem with DDs. One day I checked my statement to find a DD
> payment to someone I'd never heard of. The bank kept telling me that I
> would just get my money back under the DD Guarantee, but took ages to
> understand that I couldn't invoke it because I didn't know who the payee
> was and didn't have a DD with them. It got sorted in the end, but took a
> while.
> 
> I though the DD Guarantee was provided by the bank, not by the payee? 

It is, but bank staff get it wrong.   http://www.thesmartwaytopay.co.uk/DirectDebitExplained/FAQs/Pages/IssuesWithADirectDebit.aspx

"If any payment is made in error, you should contact your bank or building society who are responsible for giving you a full and immediate refund - even if the original error was made by the organisation collecting the payment. "

 It's one of those strange things where bad stuff happens at the bottom of the system that would horrify the seniors, and yet the junior staff think what they are doing is what the seniors want.  Students of organisational foul-ups will recognise the symptoms from dealing with BT, the NHS and other large bodies, where individual staff arrogate to themselves positions and powers that the company would immediately disown.   For some reason, customer-facing staff have a misaligned view of the organisation's priorities, and behave in a manner that is contrary to the interests both of the organisation and of the customer in front of them, because they think that they understand the company's "real" priorities better than the company itself.   There can be issues of perverse incentives, too, of course, but I doubt that applies here.

If you speak to compliance people within banks, they are absolutely clear about the DD guarantee: payments contested by the customer should be refunded first, and chased with the originator afterwards.  Firstly, that's the legal position, so they have no choice.  Secondly, the FSA are currently on the warpath over customer complaints and are waving fairly big sticks, so things that generate reportable customer complaints are to be avoided.  But thirdly, cavilling over DDs makes no sense commercially anyway.  Both the bank itself and the originating organisations as a bloc have powerful incentives to convince people to use DDs: it's cheaper, less error prone (in the large) and easier than all the alternatives.  Occasional horror stories (and no system is foolproof: as people working in security we should understand residual risk better than most) discredit the system, and cause people to resist moving to DDs.  If you could sit in a room with your friends and everyone either had never had a DD problem or it had been resolved with a single phone call, the refusers would look silly; if there are stories in which it takes an age to fix the problem, the refusers look entirely reasonable.  

So customer service staff in banks who talk nonsense about DDs (specifically, that you need to take it up with the originator) are probably allowing an emotional "defend my position at all costs" response to cloud their judgement, or just don't understand the process.    I'm afraid to say that the best thing to do is to immediately raise a formal complaint, making it clear that you are unhappy with the actions they have taken and you wish to have it referred formally as a reportable complaint.   Get your bank's complaint procedure and follow it, making sure they stick to the timescales.  That will get their attention very quickly, because aside from anything else a front-office member of staff who generates a reportable complaint about something that should have been resolved immediately and was entirely within their own control will only do it once.

ian

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110406/7245f963/attachment.htm>

From otcbn at callnetuk.com  Wed Apr  6 08:38:18 2011
From: otcbn at callnetuk.com (Peter Mitchell)
Date: Wed, 06 Apr 2011 08:38:18 +0100
Subject: Card transactions by proxy
In-Reply-To: <20110405180134.GP6507@davros.org>
References: <7Af3y+CDq5kNFAJg@perry.co.uk>
	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>	<rxfj+e+LyHmNFA4z@perry.co.uk>
	<4D98E818.3040802@callnetuk.com>	<V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>	<dN8uBSRH3wmNFAsW@perry.co.uk>	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
	<20110405180134.GP6507@davros.org>
Message-ID: <4D9C186A.2090604@callnetuk.com>

Clive D.W. Feather wrote  on 5-04-11 19:01:
> Matthew Pemble said:
>> Or, frankly, as Jeremy Clarkson found out to his cost (and I have
>> experienced with my wife being able to set up a DD on the one non-"joint and
>> several" account I have), anyone can set up a DD with your account because
>> there is no effective checking.
> 
> I've had one problem with DDs. One day I checked my statement to find a DD
> payment to someone I'd never heard of. The bank kept telling me that I
> would just get my money back under the DD Guarantee, but took ages to
> understand that I couldn't invoke it because I didn't know who the payee
> was and didn't have a DD with them. 

What we were originally promised regarding the Direct Debit 
Guarantee was that you tell the *bank* to return the money 
and they do it straightaway. However, the banks don't like 
it much, so they have all told their employees to resist 
such demands as far as possible and to tell the customer to 
"contact their supplier first".

It's one of the many examples of large organisations making 
promises to get us to accept something and then weaselling 
out on their promises later.

> It got sorted in the end, but took a
> while.
> 
> A friend in the USA gets his pay, just like I do, by bank transfer from the
> employer. Except that a few months ago he discovered that it was actually a
> sort of reverse DD: the employer had a cash flow issue and just took back
> everyone's pay a couple of days after he'd paid it! Does anyone know if
> that can happen here?

Certainly it can, the employer simply tells the bank they 
have DD authority over those accounts. The bank doesn't 
check, any more than it checked Jeremy Clarkson.


-- 
Pete Mitchell


From igb at batten.eu.org  Wed Apr  6 09:08:39 2011
From: igb at batten.eu.org (Ian Batten)
Date: Wed, 6 Apr 2011 09:08:39 +0100
Subject: Card transactions by proxy
In-Reply-To: <4D9C186A.2090604@callnetuk.com>
References: <7Af3y+CDq5kNFAJg@perry.co.uk>
	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>	<rxfj+e+LyHmNFA4z@perry.co.uk>
	<4D98E818.3040802@callnetuk.com>	<V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>	<dN8uBSRH3wmNFAsW@perry.co.uk>	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
	<20110405180134.GP6507@davros.org> <4D9C186A.2090604@callnetuk.com>
Message-ID: <6F77C44C-270E-4998-AFCB-942EDF5E7635@batten.eu.org>

> 
> What we were originally promised regarding the Direct Debit Guarantee was that you tell the *bank* to return the money and they do it straightaway. However, the banks don't like it much, so they have all told their employees to resist such demands as far as possible and to tell the customer to "contact their supplier first".

No, they really haven't.   Junior staff who don't understand the system think that their employer would want them to do this, and therefore do it.   The only thing such a policy would do, if it existed, would be to trigger expensive FSA-reportable complaints.  If you can find any evidence at all that such a policy is in operation at a bank (and I realise one of the characteristics of conspiracies is that no-one will talk, and that low-paid bank cashiers are fully sworn-in members of the conspiracy who will die before they talk) then produce it.   The FSA will (see http://www.fsa.gov.uk/pages/Library/Communication/PR/2009/146.shtml for their current regulations) will be very interested to hear it.

> If a debit is made from a customer?s credit or debit card, or indeed a direct debit, and it is more than they could reasonably have expected, the entire amount must be refunded by the bank unless they can provide evidence to justify refusing the refund.  They must do so within 10 days.   

You're claiming that there is an official policy within banks to blatantly disregard the instructions of the FSA?   Nat West recently got fined ?2.8m for weak complaints procedures (http://www.fsa.gov.uk/pubs/final/rbs_11jan11.pdf) and are baring their teeth at the rest, and that's just about sloppy procedures and general inattention.  An organised policy of direct defiance of the regulatory regime? My, they'd get some fines for that.

By the way, the latest publication on the FSA website: http://www.fscc.gov.uk/documents/final/GE-L01226.pdf --- read it, note its length, note the topic at hand, and see if you can get your jaw off the floor.

ian



From lists at internetpolicyagency.com  Wed Apr  6 09:18:58 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Wed, 6 Apr 2011 09:18:58 +0100
Subject: Card transactions by proxy
In-Reply-To: <4D9C186A.2090604@callnetuk.com>
References: <7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk>
	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
	<20110405180134.GP6507@davros.org> <4D9C186A.2090604@callnetuk.com>
Message-ID: <xnwFLhwyHCnNFADZ@perry.co.uk>

In article <4D9C186A.2090604 at callnetuk.com>, Peter Mitchell 
<otcbn at callnetuk.com> writes
>>  A friend in the USA gets his pay, just like I do, by bank transfer 
>>from the  employer. Except that a few months ago he discovered that it 
>>was actually a  sort of reverse DD: the employer had a cash flow issue 
>>and just took back  everyone's pay a couple of days after he'd paid 
>>it! Does anyone know if  that can happen here?
>
>Certainly it can, the employer simply tells the bank they have DD 
>authority over those accounts. The bank doesn't check, any more than it 
>checked Jeremy Clarkson.

Wouldn't the bank check to see if the employer was registered with them 
for doing DDs *at all*?

Some employers would have DD arrangements in place to get money from 
their [retail] customers, but its far from universal.

As a consultant, it does strangely appeal to me that I could do a DD on 
a late-paying client's bank account (and wait for them to complain). But 
somehow I don't think that's possible.
-- 
Roland Perry


From igb at batten.eu.org  Wed Apr  6 09:47:43 2011
From: igb at batten.eu.org (Ian Batten)
Date: Wed, 6 Apr 2011 09:47:43 +0100
Subject: Card transactions by proxy
In-Reply-To: <xnwFLhwyHCnNFADZ@perry.co.uk>
References: <7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk>
	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
	<20110405180134.GP6507@davros.org>
	<4D9C186A.2090604@callnetuk.com> <xnwFLhwyHCnNFADZ@perry.co.uk>
Message-ID: <FE6DE309-4357-4976-AB16-BB1F5EA77138@batten.eu.org>


On 6 Apr 2011, at 09:18, Roland Perry wrote:

> In article <4D9C186A.2090604 at callnetuk.com>, Peter Mitchell <otcbn at callnetuk.com> writes
>>> A friend in the USA gets his pay, just like I do, by bank transfer from the  employer. Except that a few months ago he discovered that it was actually a  sort of reverse DD: the employer had a cash flow issue and just took back  everyone's pay a couple of days after he'd paid it! Does anyone know if  that can happen here?
>> 
>> Certainly it can, the employer simply tells the bank they have DD authority over those accounts. The bank doesn't check, any more than it checked Jeremy Clarkson.
> 
> Wouldn't the bank check to see if the employer was registered with them for doing DDs *at all*?

Peter believes that employers are willing to breach the theft act and the fraud act, in collusion with banks, in order to do him down.  There's little arguing with that.

As a random example, why would a bank, of which I am a customer, collude with my employer, who isn't, to defraud me?  And transparently, obviously defraud me?   And that's before Roland's obvious point that most employers aren't DD originators at all, and those that are the payroll people are so organisationally removed from the accounts receivable people that it wouldn't happen, in part because any company that tried anything so stupid would lose its DD-origination rights and that would cripple them.

ian



From lists at internetpolicyagency.com  Wed Apr  6 10:09:13 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Wed, 6 Apr 2011 10:09:13 +0100
Subject: Card transactions by proxy
In-Reply-To: <8364@iapetus.plus.com>
References: <8364@iapetus.plus.com>
Message-ID: <SXCNnpx52CnNFAlI@perry.co.uk>

In article <8364 at iapetus.plus.com>, Laurence Taylor 
<laurence at iapetus.plus.com> writes
>> My council closed their "cash office" for good last Friday. Although it
>> also took cheques, and Credit Cards for a ?2 fee.
>>
>> Apparently, if I want to pay in person now, I have to find a PayPoint,
>> but I doubt they take cheques and certainly don't take debit or credit
>> cards.
>
>Put your cheque (or, I suppose, card number) in an envelope, deal
>it, and hand it in at the front desk.

I don't really call that "paying in person" as its really just the same 
as sticking the cheque in the post (which is still allowed).

>I've done this with more than one organisation that claimed they
>couldn't take payments over the counter, and it never failed.

At my council you'd have to run away immediately. If you give something 
to the front desk they open it and try to engage you in conversation. In 
this case I expect it would be to try to hand it back (on the grounds 
that they don't have a cash office any more).

The last time I tried the front desk it was delivering a letter saying I 
was moving, and needed to claim an "empty house" discount. Some councils 
won't accept this post-dated, so time is of the essence.

They said I couldn't do that by letter, and had to see someone who would 
fill in a form for me. But they didn't have the form handy and could I 
wait. As I was in a hurry I said I couldn't (the last time I waited for 
something similar, it was about half an hour all told). And I ran away. 
What happened next was that they posted me the form, presumably still in 
denial that I had given them the notice they needed, in the letter.

>One of them even posted me a (n unrequested) receipt!

It's the receipt-in-person I'm most wanting for Council tax. I've seen 
cheques applied to the wrong account before now, and that's the sort of 
muddle I'm trying to head off.
-- 
Roland Perry


From fjmd1a at gmail.com  Wed Apr  6 10:16:25 2011
From: fjmd1a at gmail.com (Francis Davey)
Date: Wed, 6 Apr 2011 10:16:25 +0100
Subject: Card transactions by proxy
In-Reply-To: <FE6DE309-4357-4976-AB16-BB1F5EA77138@batten.eu.org>
References: <7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk>
	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
	<20110405180134.GP6507@davros.org> <4D9C186A.2090604@callnetuk.com>
	<xnwFLhwyHCnNFADZ@perry.co.uk>
	<FE6DE309-4357-4976-AB16-BB1F5EA77138@batten.eu.org>
Message-ID: <BANLkTik1kN0b0dAHCsoJ9Z3dw-QTVJv4zA@mail.gmail.com>

On 6 April 2011 09:47, Ian Batten <igb at batten.eu.org> wrote:
>
> Peter believes that employers are willing to breach the theft act and the fraud act, in collusion with banks, in order to do him down. ?There's little arguing with that.
>

Well, he did say the employee was "in the US" so probably beyond the
reach of those statutes.

I doubt there's a theft act offence: no section 15A ("obtaining a
money transfer by deception") since there doesn't appear to be a
deception - and even if there was, if the employer thinks they are
acting honestly then they don't have the necessary mens rea. There's
certainly no section 1 offence because you can't "steal" a bank
balance.

-- 
Francis Davey


From otcbn at callnetuk.com  Wed Apr  6 11:07:27 2011
From: otcbn at callnetuk.com (Peter Mitchell)
Date: Wed, 06 Apr 2011 11:07:27 +0100
Subject: Card transactions by proxy
In-Reply-To: <FE6DE309-4357-4976-AB16-BB1F5EA77138@batten.eu.org>
References: <7Af3y+CDq5kNFAJg@perry.co.uk>
	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>	<rxfj+e+LyHmNFA4z@perry.co.uk>
	<4D98E818.3040802@callnetuk.com>	<V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>	<dN8uBSRH3wmNFAsW@perry.co.uk>	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>	<20110405180134.GP6507@davros.org>	<4D9C186A.2090604@callnetuk.com>
	<xnwFLhwyHCnNFADZ@perry.co.uk>
	<FE6DE309-4357-4976-AB16-BB1F5EA77138@batten.eu.org>
Message-ID: <4D9C3B5F.4050402@callnetuk.com>

Ian Batten wrote  on 6-04-11 09:47:
> On 6 Apr 2011, at 09:18, Roland Perry wrote:
> 
>> In article <4D9C186A.2090604 at callnetuk.com>, Peter
>> Mitchell <otcbn at callnetuk.com> writes
>>>> A friend in the USA gets his pay, just like I do,
>>>> by bank transfer from the  employer. Except that a
>>>> few months ago he discovered that it was actually a
>>>> sort of reverse DD: the employer had a cash flow
>>>> issue and just took back  everyone's pay a couple
>>>> of days after he'd paid it! Does anyone know if
>>>> that can happen here?
>>> Certainly it can, the employer simply tells the bank
>>> they have DD authority over those accounts. The bank
>>> doesn't check, any more than it checked Jeremy
>>> Clarkson.
>> Wouldn't the bank check to see if the employer was
>> registered with them for doing DDs *at all*?
> 
> Peter believes that employers are willing to breach the
> theft act and the fraud act, in collusion with banks, in
> order to do him down.  There's little arguing with that.

I didn't say anything about who was *willing* to do what. I 
merely answered Roland's question about what *can* happen 
under the system as it stands.

> As a random example, why would a bank, of which I am a
> customer, collude with my employer, who isn't, to defraud
> me?  And transparently, obviously defraud me? 

I doubt if it amounts to fraud by the bank. But if you're 
asking why banks would pay unauthorised direct debits, the 
answer is: I don't know exactly why, but it is completely 
and utterly certain that they regularly do exactly that.

Probably the reason is just that it's easier for them to do 
that than the alternative.

>  And
> that's before Roland's obvious point that most employers
> aren't DD originators at all, 

But many are, and they can do what Roland asked. Moreover it 
is very easy for a large organisation to become a DD 
originator.

> and those that are the
> payroll people are so organisationally removed from the
> accounts receivable people that it wouldn't happen, in
> part because any company that tried anything so stupid
> would lose its DD-origination rights and that would
> cripple them.
> 

Huge numbers of unauthorised DDs have been deducted by 
utility and other companies in the past few years and none 
of them have ever had their DD rights removed AFAIK, even 
when a consumer's complaint has been upheld.


-- 
Pete Mitchell


From otcbn at callnetuk.com  Wed Apr  6 11:15:43 2011
From: otcbn at callnetuk.com (Peter Mitchell)
Date: Wed, 06 Apr 2011 11:15:43 +0100
Subject: Card transactions by proxy
In-Reply-To: <6F77C44C-270E-4998-AFCB-942EDF5E7635@batten.eu.org>
References: <7Af3y+CDq5kNFAJg@perry.co.uk>	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>	<rxfj+e+LyHmNFA4z@perry.co.uk>	<4D98E818.3040802@callnetuk.com>	<V93s9MOqIXmNFA+L@perry.co.uk>	<4D9ACC33.3020902@callnetuk.com>	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>	<dN8uBSRH3wmNFAsW@perry.co.uk>	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>	<20110405180134.GP6507@davros.org>
	<4D9C186A.2090604@callnetuk.com>
	<6F77C44C-270E-4998-AFCB-942EDF5E7635@batten.eu.org>
Message-ID: <4D9C3D4F.9050605@callnetuk.com>

Ian Batten wrote  on 6-04-11 09:08:
> (and I realise one of the
> characteristics of conspiracies is that no-one will talk,
> and that low-paid bank cashiers are fully sworn-in
> members of the conspiracy who will die before they talk)

Ah, I didn't think it'd be long before that one came up.

Invoking the Argumentum Ad Conspiratorium routine naturally 
decides the matter in your favour immediately. At least for 
those here who believe that commercial organisations, 
especially banks, always follow the very highest ethical 
principles when dealing with their customers. I'm not sure 
any such person still exists though.

-- 
Pete Mitchell


From lists at internetpolicyagency.com  Wed Apr  6 11:31:12 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Wed, 6 Apr 2011 11:31:12 +0100
Subject: Card transactions by proxy
In-Reply-To: <4D9C3B5F.4050402@callnetuk.com>
References: <7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk>
	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
	<20110405180134.GP6507@davros.org> <4D9C186A.2090604@callnetuk.com>
	<xnwFLhwyHCnNFADZ@perry.co.uk>
	<FE6DE309-4357-4976-AB16-BB1F5EA77138@batten.eu.org>
	<4D9C3B5F.4050402@callnetuk.com>
Message-ID: <8DgGCF4wDEnNFAgg@perry.co.uk>

In article <4D9C3B5F.4050402 at callnetuk.com>, Peter Mitchell 
<otcbn at callnetuk.com> writes
>Huge numbers of unauthorised DDs have been deducted by utility and 
>other companies in the past few years and none of them have ever had 
>their DD rights removed AFAIK, even when a consumer's complaint has 
>been upheld.

I suspect that by "unauthorised" you mean "in commercial dispute with an 
existing customer" (I'll post an example shortly). Rather than amounts 
debited completely without notice, or when the individual has never been 
their customer.
-- 
Roland Perry


From chl at clerew.man.ac.uk  Wed Apr  6 12:47:27 2011
From: chl at clerew.man.ac.uk (Charles Lindsey)
Date: Wed, 06 Apr 2011 12:47:27 +0100
Subject: Card transactions by proxy
In-Reply-To: <4D9B28E1.1040600@callnetuk.com>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk>
	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
	<7784DDEC-7625-41A7-9219-7327C9BCC78B@batten.eu.org>
	<4D9B28E1.1040600@callnetuk.com>
Message-ID: <op.vtilpd1y6hl8nm@clerew.man.ac.uk>

On Tue, 05 Apr 2011 15:36:17 +0100, Peter Mitchell <otcbn at callnetuk.com>  
wrote:

> Cheques or SOs cannot be set up without your signature or a similar  
> means of authorisation. If they are, you can repudiate them relatively  
> easily, although - as with all frauds - the accountholder will suffer  
> inconvenience until it is resolved.

Yes they can because, as I was surprised to discover, the piece of paper  
with your signature is never shown to the bank. The Setter-up just informs  
the bank that they have the authority, and it happens.

This happened to my wife. They knew the bank details because they needed  
to pay dividends to her. But they also set up a DD facility (though they  
had no signed authority) even though no payments from my wife would arise.  
Two years later, they raised a DD which the Bank paid (but immediately  
unscrambled when asked). But I doubt that "they" could have produced the  
signed paper after two years, even if it had existed.

-- 
Charles?H.?Lindsey?---------At?Home,?doing?my?own?thing------------------------
Tel:?+44?161?436?6131?                      
???Web:?http://www.cs.man.ac.uk/~chl
Email:?chl at clerew.man.ac.uk??????Snail:?5?Clerewood?Ave,?CHEADLE,?SK8?3JU,?U.K.
PGP:?2C15F1A9??????Fingerprint:?73?6D?C2?51?93?A0?01?E7?65?E8?64?7E?14?A4?AB?A5


From lists at internetpolicyagency.com  Wed Apr  6 12:59:21 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Wed, 6 Apr 2011 12:59:21 +0100
Subject: Card transactions by proxy
In-Reply-To: <8DgGCF4wDEnNFAgg@perry.co.uk>
References: <7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk>
	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
	<20110405180134.GP6507@davros.org> <4D9C186A.2090604@callnetuk.com>
	<xnwFLhwyHCnNFADZ@perry.co.uk>
	<FE6DE309-4357-4976-AB16-BB1F5EA77138@batten.eu.org>
	<4D9C3B5F.4050402@callnetuk.com> <8DgGCF4wDEnNFAgg@perry.co.uk>
Message-ID: <DTaJmv+ZWFnNFAX3@perry.co.uk>

In article <8DgGCF4wDEnNFAgg at perry.co.uk>, Roland Perry 
<lists at internetpolicyagency.com> writes
>>Huge numbers of unauthorised DDs have been deducted by utility and 
>>other companies in the past few years and none of them have ever had 
>>their DD rights removed AFAIK, even when a consumer's complaint has 
>>been upheld.
>
>I suspect that by "unauthorised" you mean "in commercial dispute with 
>an existing customer" (I'll post an example shortly).

True story from about ten years ago:

Orange contract phone ?30/month, which usually covered all the calls.

Invited to go to one of their shops to get a "free upgrade" phone. 
Checked it really was free, went in, signed some papers, walked out with 
new phone.

Next bill has ?100 'upgrade charge' on it.

Contact Orange who eventually agree that it's a mistake. But "can't" 
change that month's ?130 bill. And they "can't" issue a credit note 
against that month's bill, it will be against the following month 
(ending with at -?70 to pay, of course, then -?40, -?10, and finally 
?20). "Obviously" they also "can't" send me a ?100 refund either.

What if I send a cheque for only ?30 - "you will be in default and we'll 
flag that with credit agencies". And I know that if I contact the credit 
agencies they will say that the data belongs to orange and only Orange 
can change it. Orange's position will remain that I was ?100 in default.

But at least I *could* only pay them ?30, if I wanted to, because I paid 
by cheque. (I could also sue for the return of the ?100, but that would 
probably take as long as waiting the 4 months for it to work its way 
through the system).

What if it was a Direct Debit? Simple - they'd take the ?130.

What if I invoked the DD guarantee? That'd put me in default with Orange 
(see above), even if I also sent them a cheque for ?30.

As a side issue, would the bank be able to refund me only ?100, rather 
than the whole ?130, and would they be happy that the refund was only an 
artefact of a commercial dispute, although in the circumstances it was 
genuinely describable as a "mistake"? And who pays any bank charges 
potentially incurred by the surprise extra ?100 debit?

Meanwhile, when they saw the DD being refunded (and someone has said 
that this also cancels the DD arrangement) would Orange switch my phone 
off, if their T&C (to some extent understandably) said I had to have a 
payment mechanism in place in order to be a customer.

I'd like to think they'd wait until the ?100 was used up, but that 
doesn't seem very likely.
-- 
Roland Perry


From bdm at fenrir.org.uk  Wed Apr  6 13:21:32 2011
From: bdm at fenrir.org.uk (Brian Morrison)
Date: Wed, 6 Apr 2011 13:21:32 +0100
Subject: Card transactions by proxy
In-Reply-To: <DTaJmv+ZWFnNFAX3@perry.co.uk>
References: <7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk>
	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>
	<20110405180134.GP6507@davros.org> <4D9C186A.2090604@callnetuk.com>
	<xnwFLhwyHCnNFADZ@perry.co.uk>
	<FE6DE309-4357-4976-AB16-BB1F5EA77138@batten.eu.org>
	<4D9C3B5F.4050402@callnetuk.com> <8DgGCF4wDEnNFAgg@perry.co.uk>
	<DTaJmv+ZWFnNFAX3@perry.co.uk>
Message-ID: <20110406132132.0000424a@surtees.fenrir.org.uk>

On Wed, 6 Apr 2011 12:59:21 +0100
Roland Perry <lists at internetpolicyagency.com> wrote:

> I'd like to think they'd wait until the ?100 was used up, but that 
> doesn't seem very likely.

Did you request a goodwill payment to cover your loss of interest on an
average of ?50 for 4 months? At one time Orange were quite good at
smoothing ruffled feathers in that way. I bet they don't do it now
though.

-- 

Brian Morrison


From lists at internetpolicyagency.com  Wed Apr  6 13:37:53 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Wed, 6 Apr 2011 13:37:53 +0100
Subject: Card transactions by proxy
In-Reply-To: <dN8uBSRH3wmNFAsW@perry.co.uk>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>
	<7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk>
Message-ID: <gckxFQCh6FnNFASF@perry.co.uk>

In article <dN8uBSRH3wmNFAsW at perry.co.uk>, Roland Perry 
<lists at internetpolicyagency.com> writes

>I received an estimated bill that is approximately double what it 
>should have been. And immediately sent a customer reading to the 
>supplier's website. Which they seem to have ignored. Does that qualify 
>as a "mistake", required to trigger the DD guarantee? In this case I 
>didn't bother claiming, because overpaying for energy is usually OK, 
>and prices are only going upwards.
>
>But the principle remains, that you lose control of the money and all 
>the initiative is with the customer to chase up 'errors and omissions'.

At the risk of turning this into a soap opera, the next stage happened 
today, two months later (one might have expected a three month billing 
cycle, but whatever).

They've read my meter and produced a bill, appropriately dated 1st 
April, payable by DD 14 days later (the 15th) or "within 3 days of 
15th", which I now know to mean "any day from 12th onwards". So there's 
just four working days to complain about it.

The amount of gas is correct (and quite small, because the earlier error 
in estimating consumption put me substantially ahead), but there's no 
"Direct Debit Discount" listed.

So I called them - thankfully they have an 0800 number.

They answered the phone immediately, but tried to put me off by 
suggesting that a "variable DD" didn't attract a discount [surely they 
know that's rubbish] or that I'd "changed something" [how, or why, is a 
mystery]. So I ended up on hold for the next 20 minutes while they 
looked into it.

They claimed they'd never seen a bill with an error like this before (I 
forgot to ask how long they've been working there) and eventually that 
it was a "very rare technical fault". [aka Blame the computer].

But they couldn't recalculate the bill with the discount added, 
preferring to make a flat payment of ?1.50, which they say is slightly 
more than the discount would have been (I haven't checked).

And they tried to persuade me to leave the current (excessive) bill/DD 
in place, and put up with a ?1.50 credit on my account until the next 
bill. But I insisted on a new bill and revised DD, which they say will 
take a week.

If I was paying by cheque [ignoring the contradiction that there 
couldn't then be a wrongly calculated DD discount] I could just send 
them the revised amount and let them work it through the system.

And now I have to wait and see what amount is debited on the 12th 
(sadly, I wouldn't be surprised if it was the original amount) and in 
two (or three) more months will they have corrected whatever error it 
was fouled this bill up?? Remember, they aren't fixing the error now, 
just giving me an ex-gratia payment.

ps As I explained to them, it's not the ?1.50 (my last bill was out by 
more like ?150) but they need to be able to produce accurate bills and 
not hide behind DD's with their odour of "the supplier is always right".
-- 
Roland Perry


From otcbn at callnetuk.com  Wed Apr  6 13:49:39 2011
From: otcbn at callnetuk.com (Peter Mitchell)
Date: Wed, 06 Apr 2011 13:49:39 +0100
Subject: Card transactions by proxy
In-Reply-To: <8DgGCF4wDEnNFAgg@perry.co.uk>
References: <7Af3y+CDq5kNFAJg@perry.co.uk>
	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>	<rxfj+e+LyHmNFA4z@perry.co.uk>
	<4D98E818.3040802@callnetuk.com>	<V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>	<dN8uBSRH3wmNFAsW@perry.co.uk>	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>	<20110405180134.GP6507@davros.org>
	<4D9C186A.2090604@callnetuk.com>	<xnwFLhwyHCnNFADZ@perry.co.uk>	<FE6DE309-4357-4976-AB16-BB1F5EA77138@batten.eu.org>	<4D9C3B5F.4050402@callnetuk.com>
	<8DgGCF4wDEnNFAgg@perry.co.uk>
Message-ID: <4D9C6163.3090502@callnetuk.com>

Roland Perry wrote  on 6-04-11 11:31:
> In article <4D9C3B5F.4050402 at callnetuk.com>, Peter Mitchell 
> <otcbn at callnetuk.com> writes
>> Huge numbers of unauthorised DDs have been deducted by utility and 
>> other companies in the past few years and none of them have ever had 
>> their DD rights removed AFAIK, even when a consumer's complaint has 
>> been upheld.
> 
> I suspect that by "unauthorised" you mean "in commercial dispute with an 
> existing customer" 

That is the most common kind, where the utility suddenly ups 
the amount it takes, against the consumer's wishes. I had 
one just the other month.

(I'll post an example shortly). Rather than amounts
> debited completely without notice, or when the individual has never been 
> their customer.

They happen too, for example where energy or phone customers 
suddenly get switched to another supplier without asking to.

-- 
Pete Mitchell


From otcbn at callnetuk.com  Wed Apr  6 14:01:07 2011
From: otcbn at callnetuk.com (Peter Mitchell)
Date: Wed, 06 Apr 2011 14:01:07 +0100
Subject: Card transactions by proxy
In-Reply-To: <op.vtilpd1y6hl8nm@clerew.man.ac.uk>
References: <4D933F44.15263.15DAD14@ukcrypto.airburst.co.uk>	<7Af3y+CDq5kNFAJg@perry.co.uk>
	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>	<rxfj+e+LyHmNFA4z@perry.co.uk>
	<4D98E818.3040802@callnetuk.com>	<V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>	<dN8uBSRH3wmNFAsW@perry.co.uk>	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>	<7784DDEC-7625-41A7-9219-7327C9BCC78B@batten.eu.org>	<4D9B28E1.1040600@callnetuk.com>
	<op.vtilpd1y6hl8nm@clerew.man.ac.uk>
Message-ID: <4D9C6413.3030608@callnetuk.com>

Charles Lindsey wrote  on 6-04-11 12:47:
> On Tue, 05 Apr 2011 15:36:17 +0100, Peter Mitchell <otcbn at callnetuk.com> 
> wrote:
> 
>> Cheques or SOs cannot be set up without your signature or a similar 
>> means of authorisation. If they are, you can repudiate them relatively 
>> easily, although - as with all frauds - the accountholder will suffer 
>> inconvenience until it is resolved.
> 
> Yes they can because, as I was surprised to discover, the piece of paper 
> with your signature is never shown to the bank. The Setter-up just 
> informs the bank that they have the authority, and it happens.

You mean DDs can be set up that way. Yes, that's the point I 
am making.

The supplier is much less likely to do something similar 
with cheques or SOs. Partly because they would (usually) 
first have to get hold of a physical object such as a 
chequebook or bank card belonging to the customer, and then 
impersonate him, which is difficult; and partly because that 
would be committing a serious criminal offence, whereas with 
DD they can just do it and nobody will do a damned thing, 
least of all the police.

> This happened to my wife. They knew the bank details because they needed 
> to pay dividends to her. But they also set up a DD facility (though they 
> had no signed authority) even though no payments from my wife would 
> arise. Two years later, they raised a DD which the Bank paid (but 
> immediately unscrambled when asked). But I doubt that "they" could have 
> produced the signed paper after two years, even if it had existed.
> 

Yes - that's pretty much the scenario I am complaining 
about, except that banks very often do *not* reverse the 
payment when asked. A quick google will show many examples e.g.

http://forums.moneysavingexpert.com/showthread.php?t=2747884&page=3

http://www.consumeractiongroup.co.uk/forum/showthread.php?119369-Direct-Debit-Guarantee

It may be that banks are beginning to perform a bit better 
on this front, as Ian claims. But if so - and I would like 
to see evidence - by God it's taken a long time and a lot of 
arse-kicking by consumers to get them to behave themselves. 
The regulators, of course, have been next to useless.


-- 
Pete Mitchell


From igb at batten.eu.org  Wed Apr  6 14:48:10 2011
From: igb at batten.eu.org (Ian Batten)
Date: Wed, 6 Apr 2011 14:48:10 +0100
Subject: Card transactions by proxy
In-Reply-To: <4D9C3B5F.4050402@callnetuk.com>
References: <7Af3y+CDq5kNFAJg@perry.co.uk>
	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>	<rxfj+e+LyHmNFA4z@perry.co.uk>
	<4D98E818.3040802@callnetuk.com>	<V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>	<dN8uBSRH3wmNFAsW@perry.co.uk>	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>	<20110405180134.GP6507@davros.org>	<4D9C186A.2090604@callnetuk.com>
	<xnwFLhwyHCnNFADZ@perry.co.uk>
	<FE6DE309-4357-4976-AB16-BB1F5EA77138@batten.eu.org>
	<4D9C3B5F.4050402@callnetuk.com>
Message-ID: <FDFFE0D6-5FEA-44F6-8083-7325976D51EF@batten.eu.org>

> 

> Huge numbers of unauthorised DDs have been deducted by utility and other companies in the past few years and none of them have ever had their DD rights removed AFAIK, even when a consumer's complaint has been upheld.

You're claiming that companies set up DDs with people with whom they have no commercial relationship in order to recover, for example, (purportedly) mis-paid wages, and banks are entirely happy to do this.  In huge numbers.  Name one case.

No one is denying that DDs are  a complicating factor in commercial disputes between customers and suppliers, because the customer needs to recover mis-paid money rather than argue about an unpaid invoice.  Although in Roland's saga, the consequences of not paying the invoice are unpleasant anyway: it's not as though you can refuse to pay a contested invoice and the counterparty just says "Oh, OK then".  And no one is denying that bank staff sometimes make ludicrous claims about whose responsibility it is to rectify the situation, although I would hope that any sensible bank will realise that the FSA will fine them seven figure sums if they make a habit of it.  But you are going further in claiming that:

1.  There is a regular practice of unauthorised DDs being set up by companies with whom individuals have no commercial relationship, for the purpose of fraudulently abstracting money to which they are not entitled, a practice with which banks collude and make no sanctions over; and

2.  That banks as a matter of policy lie to customers about their rights under the DD guarantee, and in order to enrich companies who are potentially not their customer (and you realise, I hope, that retail and business banking is sufficiently distant in high-street banks that they may as well be separate companies) they will collude in defrauding their own customers.

Show us an example.   You cite two links, 

> http://forums.moneysavingexpert.com/showthread.php?t=2747884&page=3
> 
> http://www.consumeractiongroup.co.uk/forum/showthread.php?119369-Direct-Debit-Guarantee

The first of these appears to be endless speculation without a concrete case, mostly consisting of complaints about how dangerous DDs are, and tinfoil hats being worn in profusion:

>  one option being looked at now is the possibility of wages being paid by the Inland Revenue (employer credit them, they credit you). That then opens up the possibility of "direct debit at source of funds" otherwise known as "attachment to earnings" which you would then have to accept in order to get e.g. utilities, and it would make it very difficult to be self-employed. 
> 

The second of these is entirely about commercial disputes between parties who have legitimate DD authorities and are contesting the amounts, and includes such convincing arguments as:

> I've never had any problems myself with getting DD's returned by the bank just popped in said "that direct debit
-------------- next part --------------
A non-text attachment was scrubbed...
Name: link3.gif
Type: image/gif
Size: 857 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110406/d9b95ac1/attachment.gif>
-------------- next part --------------
>  shouldnt have gone out" and boom it's refunded and cancelled.

and

> the council increasing the DD payment wasn't an error as their policy is to clear council tax arrears in the current financial year. The arrangement in effect was more of a concession which allows me to pay a bit off the arrears over a longer period of time and is more or less at the discretion of the person I made the arrangement with

But your claim is stronger: huge numbers of cases of DDs being set up without the customer's consent and then being used to fraudulently extract money, and the banks are siding with the unauthorised party.    Let's see a case.

ian

From rl.hird at orpheusmail.co.uk  Wed Apr  6 11:31:22 2011
From: rl.hird at orpheusmail.co.uk (Roger Hird)
Date: Wed, 06 Apr 2011 11:31:22 +0100
Subject: Card transactions by proxy
In-Reply-To: <4D9C3D4F.9050605@callnetuk.com>
References: <7Af3y+CDq5kNFAJg@perry.co.uk>	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>	<rxfj+e+LyHmNFA4z@perry.co.uk>	<4D98E818.3040802@callnetuk.com>	<V93s9MOqIXmNFA+L@perry.co.uk>	<4D9ACC33.3020902@callnetuk.com>	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>	<dN8uBSRH3wmNFAsW@perry.co.uk>	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>	<20110405180134.GP6507@davros.org>
	<4D9C186A.2090604@callnetuk.com>
	<6F77C44C-270E-4998-AFCB-942EDF5E7635@batten.eu.org>
	<4D9C3D4F.9050605@callnetuk.com>
Message-ID: <51bfa2cbd7rl.hird@orpheusmail.co.uk>

In article <4D9C3D4F.9050605 at callnetuk.com>,
   Peter Mitchell <otcbn at callnetuk.com> wrote:
> > (and I realise one of the
> > characteristics of conspiracies is that no-one will talk,
> > and that low-paid bank cashiers are fully sworn-in
> > members of the conspiracy who will die before they talk)

> Ah, I didn't think it'd be long before that one came up.

> Invoking the Argumentum Ad Conspiratorium routine naturally 
> decides the matter in your favour immediately. At least for 
> those here who believe that commercial organisations, 
> especially banks, always follow the very highest ethical 
> principles when dealing with their customers. I'm not sure 
> any such person still exists though.

Wel, we're drifting away from Crypto, but what the . . 

I'm with Ian on this one.  As he said

>> Junior staff who don't understand the system think that their
>> employer would want them to do this, and therefore do it. The
>> only thing such a policy would do, if it existed, would be to
>> trigger expensive FSA-reportable complaints.  If you can find
>> any evidence at all that such a policy is in operation at a
>> bank (PARENTHETIC REFERENCE TO CONSIPIRACIES SNIPPED) then
>> produce it.   The FSA will (see - URL SNIPPED for their
>> current regulations) will be very interested to hear it.

I think it stands up without the conspiracy reference - which I
assume was ironic.

-- 
Roger Hird
rl.hird at orpheusmail.co.uk
Website: http://roger.hird.orpheusweb.co.uk



From otcbn at callnetuk.com  Wed Apr  6 15:21:42 2011
From: otcbn at callnetuk.com (Peter Mitchell)
Date: Wed, 06 Apr 2011 15:21:42 +0100
Subject: Card transactions by proxy
In-Reply-To: <FDFFE0D6-5FEA-44F6-8083-7325976D51EF@batten.eu.org>
References: <7Af3y+CDq5kNFAJg@perry.co.uk>	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>	<rxfj+e+LyHmNFA4z@perry.co.uk>	<4D98E818.3040802@callnetuk.com>	<V93s9MOqIXmNFA+L@perry.co.uk>	<4D9ACC33.3020902@callnetuk.com>	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>	<dN8uBSRH3wmNFAsW@perry.co.uk>	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>	<20110405180134.GP6507@davros.org>	<4D9C186A.2090604@callnetuk.com>	<xnwFLhwyHCnNFADZ@perry.co.uk>	<FE6DE309-4357-4976-AB16-BB1F5EA77138@batten.eu.org>	<4D9C3B5F.4050402@callnetuk.com>
	<FDFFE0D6-5FEA-44F6-8083-7325976D51EF@batten.eu.org>
Message-ID: <4D9C76F6.4070202@callnetuk.com>

Ian Batten wrote  on 6-04-11 14:48:
> 
>> Huge numbers of unauthorised DDs have been deducted by
>> utility and other companies in the past few years and
>> none of them have ever had their DD rights removed
>> AFAIK, even when a consumer's complaint has been
>> upheld.
> 
> You're claiming that companies set up DDs with people
> with whom they have no commercial relationship in order
> to recover, for example, (purportedly) mis-paid wages,
> and banks are entirely happy to do this.  In huge
> numbers.  Name one case.

Cite the passage where I said this.

-- 
Pete Mitchell


From igb at batten.eu.org  Wed Apr  6 16:22:51 2011
From: igb at batten.eu.org (Ian Batten)
Date: Wed, 6 Apr 2011 16:22:51 +0100
Subject: Card transactions by proxy
In-Reply-To: <4D9C76F6.4070202@callnetuk.com>
References: <7Af3y+CDq5kNFAJg@perry.co.uk>	<op.vs7d50f76hl8nm@clerew.man.ac.uk>	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>	<rxfj+e+LyHmNFA4z@perry.co.uk>	<4D98E818.3040802@callnetuk.com>	<V93s9MOqIXmNFA+L@perry.co.uk>	<4D9ACC33.3020902@callnetuk.com>	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>	<dN8uBSRH3wmNFAsW@perry.co.uk>	<BANLkTim6wnw00WPbHmSdXHV=1zMqMduMQg@mail.gmail.com>	<20110405180134.GP6507@davros.org>	<4D9C186A.2090604@callnetuk.com>	<xnwFLhwyHCnNFADZ@perry.co.uk>	<FE6DE309-4357-4976-AB16-BB1F5EA77138@batten.eu.org>	<4D9C3B5F.4050402@callnetuk.com>
	<FDFFE0D6-5FEA-44F6-8083-7325976D51EF@batten.eu.org>
	<4D9C76F6.4070202@callnetuk.com>
Message-ID: <E16B6210-3807-4898-9E58-943C30200212@batten.eu.org>


On 6 Apr 2011, at 15:21, Peter Mitchell wrote:

> Ian Batten wrote  on 6-04-11 14:48:
>>> Huge numbers of unauthorised DDs have been deducted by
>>> utility and other companies in the past few years and
>>> none of them have ever had their DD rights removed
>>> AFAIK, even when a consumer's complaint has been
>>> upheld.
>> You're claiming that companies set up DDs with people
>> with whom they have no commercial relationship in order
>> to recover, for example, (purportedly) mis-paid wages,
>> and banks are entirely happy to do this.  In huge
>> numbers.  Name one case.
> 
> Cite the passage where I said this


You wrote, in reference to this scenario:

"I doubt if it amounts to fraud by the bank. But if you're asking why banks would pay unauthorised direct debits, the answer is: I don't know exactly why, but it is completely and utterly certain that they regularly do exactly that."

Sorry, you didn't say "huge numbers".  You said:

> it is completely and utterly certain that they regularly do exactly that.

in response to

>>> Certainly it can, the employer simply tells the bank
>>> they have DD authority over those accounts. The bank
>>> doesn't check, any more than it checked Jeremy
>>> Clarkson.

If it's "completely and utterly certain" they "regularly" do "exactly that", then you won't struggle to produce one case where an employer has simply told a bank that they hold DD authority and taken money.   It's "certain" it's happening "regularly", remember.  So: one case.

ian




From jon+ukcrypto at unequivocal.co.uk  Fri Apr  8 03:31:40 2011
From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens)
Date: Fri, 8 Apr 2011 03:31:40 +0100
Subject: Card transactions by proxy
In-Reply-To: <gckxFQCh6FnNFASF@perry.co.uk>
References: <7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
Message-ID: <20110408023140.GB28020@snowy.squish.net>

On Wed, Apr 06, 2011 at 01:37:53PM +0100, Roland Perry wrote:
> So I called them - thankfully they have an 0800 number.

Why is it good that they have a premium rate phone number?


From lists at internetpolicyagency.com  Fri Apr  8 08:18:07 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 8 Apr 2011 08:18:07 +0100
Subject: Card transactions by proxy
In-Reply-To: <20110408023140.GB28020@snowy.squish.net>
References: <7Af3y+CDq5kNFAJg@perry.co.uk> <op.vs7d50f76hl8nm@clerew.man.ac.uk>
	<AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
Message-ID: <jRXh2cMvarnNFAzE@perry.co.uk>

In article <20110408023140.GB28020 at snowy.squish.net>, Jon Ribbens 
<jon+ukcrypto at unequivocal.co.uk> writes

>> So I called them - thankfully they have an 0800 number.
>
>Why is it good that they have a premium rate phone number?

It's good that they have a number which I can call for free, rather than 
sorting out their problems at my expense.

ps It's not a premium rate number, as I'm sure you know.
-- 
Roland Perry


From jon+ukcrypto at unequivocal.co.uk  Fri Apr  8 10:32:12 2011
From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens)
Date: Fri, 8 Apr 2011 10:32:12 +0100
Subject: Card transactions by proxy
In-Reply-To: <jRXh2cMvarnNFAzE@perry.co.uk>
References: <AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
Message-ID: <20110408093212.GC28020@snowy.squish.net>

On Fri, Apr 08, 2011 at 08:18:07AM +0100, Roland Perry wrote:
> In article <20110408023140.GB28020 at snowy.squish.net>, Jon Ribbens  
> <jon+ukcrypto at unequivocal.co.uk> writes
>>> So I called them - thankfully they have an 0800 number.
>>
>> Why is it good that they have a premium rate phone number?
>
> It's good that they have a number which I can call for free, rather than  
> sorting out their problems at my expense.
>
> ps It's not a premium rate number, as I'm sure you know.

Well, it's not a "premium rate" number by Ofcom's definition, but it's
a "premium rate" number in that I will be charged at a "premium rate"
for calling it compared to calling ordinary 01/02/03 numbers.
Apologies for the tangent though ;-)


From lists at internetpolicyagency.com  Fri Apr  8 11:23:15 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 8 Apr 2011 11:23:15 +0100
Subject: Card transactions by proxy
In-Reply-To: <20110408093212.GC28020@snowy.squish.net>
References: <AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
Message-ID: <YQo$G7eTIunNFAlI@perry.co.uk>

In article <20110408093212.GC28020 at snowy.squish.net>, Jon Ribbens 
<jon+ukcrypto at unequivocal.co.uk> writes

>>>> So I called them - thankfully they have an 0800 number.
>>>
>>> Why is it good that they have a premium rate phone number?
>>
>> It's good that they have a number which I can call for free, rather than
>> sorting out their problems at my expense.
>>
>> ps It's not a premium rate number, as I'm sure you know.
>
>Well, it's not a "premium rate" number by Ofcom's definition, but it's
>a "premium rate" number in that I will be charged at a "premium rate"
>for calling it compared to calling ordinary 01/02/03 numbers.
>Apologies for the tangent though ;-)

I think we should be careful when using jargon which has a precise 
meaning (such as "Premium Rate"), to nurse a grudge about "high cost" 
calls, which is presumably an artefact of your chosen phone supplier.

There's enough confusion about the cost of phone calls, without 
deliberately introducing more of it into the conversation.

As it happens, Ofcom is consulting on making 0800 calls from mobiles 
genuinely free, and they are free from my landline. I hope this doesn't 
have the unintended consequence of those folks currently offering 0800 
simply moving their call centres to something with a charge.
-- 
Roland Perry


From igb at batten.eu.org  Fri Apr  8 12:39:32 2011
From: igb at batten.eu.org (Ian Batten)
Date: Fri, 8 Apr 2011 12:39:32 +0100
Subject: Card transactions by proxy
In-Reply-To: <20110408093212.GC28020@snowy.squish.net>
References: <AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
Message-ID: <70FA32FF-9A68-4C76-8B06-DEB8860BB6FC@batten.eu.org>


On 08 Apr 11, at 1032, Jon Ribbens wrote:

> On Fri, Apr 08, 2011 at 08:18:07AM +0100, Roland Perry wrote:
>> In article <20110408023140.GB28020 at snowy.squish.net>, Jon Ribbens  
>> <jon+ukcrypto at unequivocal.co.uk> writes
>>>> So I called them - thankfully they have an 0800 number.
>>> 
>>> Why is it good that they have a premium rate phone number?
>> 
>> It's good that they have a number which I can call for free, rather than  
>> sorting out their problems at my expense.
>> 
>> ps It's not a premium rate number, as I'm sure you know.
> 
> Well, it's not a "premium rate" number by Ofcom's definition, but it's
> a "premium rate" number in that I will be charged at a "premium rate"

because I have made bad choices of my telecoms provider. Or, alternatively, I have made good choices which balance out, in which case I haven't really got a complaint.

ian



From jon+ukcrypto at unequivocal.co.uk  Fri Apr  8 12:43:33 2011
From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens)
Date: Fri, 8 Apr 2011 12:43:33 +0100
Subject: Card transactions by proxy
In-Reply-To: <YQo$G7eTIunNFAlI@perry.co.uk>
References: <4D98E818.3040802@callnetuk.com> <V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
	<YQo$G7eTIunNFAlI@perry.co.uk>
Message-ID: <20110408114333.GD28020@snowy.squish.net>

On Fri, Apr 08, 2011 at 11:23:15AM +0100, Roland Perry wrote:
> In article <20110408093212.GC28020 at snowy.squish.net>, Jon Ribbens  
> <jon+ukcrypto at unequivocal.co.uk> writes
>> Well, it's not a "premium rate" number by Ofcom's definition, but it's
>> a "premium rate" number in that I will be charged at a "premium rate"
>> for calling it compared to calling ordinary 01/02/03 numbers.
>> Apologies for the tangent though ;-)
>
> I think we should be careful when using jargon which has a precise  
> meaning (such as "Premium Rate"), to nurse a grudge about "high cost"  
> calls,

They are charged at a rate higher than normal calls. The English word
for that is "premium".

> which is presumably an artefact of your chosen phone supplier.

If there is a mobile provider I can choose which does not charge a
premium for 0800 calls, I am not aware of it.

> As it happens, Ofcom is consulting on making 0800 calls from mobiles  
> genuinely free, and they are free from my landline. I hope this doesn't  
> have the unintended consequence of those folks currently offering 0800  
> simply moving their call centres to something with a charge.

It would be amusing if Ofcom lurched from being a complete failure
due to lack of regulation to being a complete failure due to
over-regulation, yes. All they need to do is say that 0800 numbers
must be charged at no more than geographic rates. That wouldn't
require anyone to give up their 0800 numbers.


From lists at internetpolicyagency.com  Fri Apr  8 13:02:37 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 8 Apr 2011 13:02:37 +0100
Subject: Card transactions by proxy
In-Reply-To: <20110408114333.GD28020@snowy.squish.net>
References: <4D98E818.3040802@callnetuk.com> <V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
	<YQo$G7eTIunNFAlI@perry.co.uk>
	<20110408114333.GD28020@snowy.squish.net>
Message-ID: <u8Ly9XrdlvnNFAQi@perry.co.uk>

In article <20110408114333.GD28020 at snowy.squish.net>, Jon Ribbens 
<jon+ukcrypto at unequivocal.co.uk> writes
>> I think we should be careful when using jargon which has a precise
>> meaning (such as "Premium Rate"), to nurse a grudge about "high cost"
>> calls,
>
>They are charged at a rate higher than normal calls. The English word
>for that is "premium".

But you have chosen to use that word vexatiously, in this context. Many 
other words would not have the same effect.

>> which is presumably an artefact of your chosen phone supplier.
>
>If there is a mobile provider I can choose which does not charge a
>premium for 0800 calls, I am not aware of it.

You've chosen to use a mobile phone. And see below for a company that 
doesn't charge a premium(sic) over geographic rates. But it's more than 
a landline user would pay.

>> As it happens, Ofcom is consulting on making 0800 calls from mobiles
>> genuinely free, and they are free from my landline. I hope this doesn't
>> have the unintended consequence of those folks currently offering 0800
>> simply moving their call centres to something with a charge.
>
>It would be amusing if Ofcom lurched from being a complete failure
>due to lack of regulation to being a complete failure due to
>over-regulation, yes.

It's a very fine balance, and the telecoms market is sufficiently fluid 
that a change like this (which is loudly demanded by the public) can 
easily have a bad consequence.

>All they need to do is say that 0800 numbers
>must be charged at no more than geographic rates. That wouldn't
>require anyone to give up their 0800 numbers.

That wouldn't work in the general case, because so many people have in 
effect "free" geographic calls (in a bundle) for their mobile, that 
there is no marginal revenue to replace whatever you are currently 
paying per minute.

Meanwhile, I'm on Virgin PAYG, and 0800 already costs the same as calls 
to geographic numbers (26p/min).
-- 
Roland Perry


From igb at batten.eu.org  Fri Apr  8 13:10:11 2011
From: igb at batten.eu.org (Ian Batten)
Date: Fri, 8 Apr 2011 13:10:11 +0100
Subject: Card transactions by proxy
In-Reply-To: <20110408114333.GD28020@snowy.squish.net>
References: <4D98E818.3040802@callnetuk.com> <V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
	<YQo$G7eTIunNFAlI@perry.co.uk>
	<20110408114333.GD28020@snowy.squish.net>
Message-ID: <7AB39621-5E60-47C7-8AFE-9B6CE288CB70@batten.eu.org>

> 
> If there is a mobile provider I can choose which does not charge a
> premium for 0800 calls, I am not aware of it.

Orange used to, but stopped it because of abuse via calling cards.

Does anyone know if http://www.numberstore.com/services/iphone is legitimate?

The charging of absurd amounts of money for non-geos is a consequence of charging very low rates for non-geos, coupled with quite high termination payments.  It's rather like the way in which bank charging swung from "free if you had a balance of ?50" (in the days when ?50 was quite a lot of money) to "free", at the expense of a complex menu of charging the moment you went outside the "free" boundaries.   There's a chase to the bottom problem, because "charge me your costs plus a margin on each billable item" deals have been submerged under artificial "this free, but you pay for that" (1) deals.  Cross-subsidy within a business results in this sort of nonsense.

ian

(1) Not quite a Neil Young lyric

From adam at doublegeek.com  Fri Apr  8 11:33:24 2011
From: adam at doublegeek.com (Adam Bradley)
Date: Fri, 8 Apr 2011 11:33:24 +0100
Subject: Card transactions by proxy
In-Reply-To: <20110408093212.GC28020@snowy.squish.net>
References: <AANLkTim_qXSiOR_SoPTy7nn+cJHSb2t5GYc7yDOg8_JQ@mail.gmail.com>
	<rxfj+e+LyHmNFA4z@perry.co.uk> <4D98E818.3040802@callnetuk.com>
	<V93s9MOqIXmNFA+L@perry.co.uk> <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
Message-ID: <BANLkTi=5VGdttFCFPoivS1j8SMVajws58g@mail.gmail.com>

On Fri, Apr 8, 2011 at 10:32 AM, Jon Ribbens <jon+ukcrypto at unequivocal.co.uk
> wrote:

> Well, it's not a "premium rate" number by Ofcom's definition, but it's
> a "premium rate" number in that I will be charged at a "premium rate"
> for calling it compared to calling ordinary 01/02/03 numbers.
>

You may find http://www.0800buster.co.uk/ useful. (Although I suspect you
might already be aware of it)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110408/fafdbf48/attachment-0001.htm>

From igb at batten.eu.org  Fri Apr  8 13:32:31 2011
From: igb at batten.eu.org (Ian Batten)
Date: Fri, 8 Apr 2011 13:32:31 +0100
Subject: Card transactions by proxy
In-Reply-To: <7AB39621-5E60-47C7-8AFE-9B6CE288CB70@batten.eu.org>
References: <4D98E818.3040802@callnetuk.com> <V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
	<YQo$G7eTIunNFAlI@perry.co.uk>
	<20110408114333.GD28020@snowy.squish.net>
	<7AB39621-5E60-47C7-8AFE-9B6CE288CB70@batten.eu.org>
Message-ID: <77125947-CF39-4F0F-B39D-8B52D75A583A@batten.eu.org>


> 
> The charging of absurd amounts of money for non-geos is a consequence of charging very low rates for _geos_, 

of course.

ian



From richard at highwayman.com  Fri Apr  8 14:15:40 2011
From: richard at highwayman.com (Richard Clayton)
Date: Fri, 8 Apr 2011 14:15:40 +0100
Subject: RIP consultation responses
Message-ID: <PUzwDrJ8pwnNFAnm@highwayman.com>


The Home Office has published the responses to the consultation on
amending the RIP Act 2000 so as to address the concerns that it was not
a faithful transposition of the EU Directive (viz: to fix the problem
that Whitehall continued to protest that the Phorm system was lawful).

Main page:

<http://www.homeoffice.gov.uk/publications/consultations/ripa-effect-
lawful-intercep/>

Responses:

<http://www.homeoffice.gov.uk/publications/consultations/ripa-effect-
lawful-intercep/ripa-lawful-intercept-responses?view=Binary>

The revised form of statutory instrument:

http://www.legislation.gov.uk/ukdsi/2011/9780111510339/contents

-- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110408/0714ed1b/attachment.pgp>

From jon+ukcrypto at unequivocal.co.uk  Fri Apr  8 14:36:09 2011
From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens)
Date: Fri, 8 Apr 2011 14:36:09 +0100
Subject: Card transactions by proxy
In-Reply-To: <u8Ly9XrdlvnNFAQi@perry.co.uk>
References: <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
	<YQo$G7eTIunNFAlI@perry.co.uk>
	<20110408114333.GD28020@snowy.squish.net>
	<u8Ly9XrdlvnNFAQi@perry.co.uk>
Message-ID: <20110408133609.GE28020@snowy.squish.net>

On Fri, Apr 08, 2011 at 01:02:37PM +0100, Roland Perry wrote:
> In article <20110408114333.GD28020 at snowy.squish.net>, Jon Ribbens  
> <jon+ukcrypto at unequivocal.co.uk> writes
>> They are charged at a rate higher than normal calls. The English word
>> for that is "premium".
>
> But you have chosen to use that word vexatiously, in this context. Many  
> other words would not have the same effect.

They wouldn't have conveyed my meaning.

>>> which is presumably an artefact of your chosen phone supplier.
>>
>> If there is a mobile provider I can choose which does not charge a
>> premium for 0800 calls, I am not aware of it.
>
> You've chosen to use a mobile phone.

You might as well say I've "chosen" to use a phone at all, I could
always conduct my entire life by post.

> And see below for a company that doesn't charge a premium(sic) over
> geographic rates.

Sorry, yes, I should have specified contract not PAYG. Interestingly,
I just checked the Virgin Mobile website and they seem to consider it
a secret what types of calls are included in their "minutes"; not even
the detailed T&Cs give any indication what "airtimes minutes" includes.

>> All they need to do is say that 0800 numbers
>> must be charged at no more than geographic rates. That wouldn't
>> require anyone to give up their 0800 numbers.
>
> That wouldn't work in the general case, because so many people have in  
> effect "free" geographic calls (in a bundle) for their mobile, that  
> there is no marginal revenue to replace whatever you are currently  
> paying per minute.

If I call a geographic number from my mobile, my mobile operator must
pay the geographic landline operator money to terminate the call. If
I call an 0800 number instead, the 0800 operator must pay my mobile
operator money to receive the call. If they can afford to give me
"600 minutes" or whatever to geographic numbers, they can afford to
give *at least that* to 0800 numbers. Unless I'm somehow mistaken?


From Andrew.Cormack at ja.net  Fri Apr  8 14:43:53 2011
From: Andrew.Cormack at ja.net (Andrew Cormack)
Date: Fri, 8 Apr 2011 13:43:53 +0000
Subject: RIP consultation responses
In-Reply-To: <PUzwDrJ8pwnNFAnm@highwayman.com>
References: <PUzwDrJ8pwnNFAnm@highwayman.com>
Message-ID: <61E52F3A5532BE43B0211254F13883AE061F45@EXC001>

Richard
Thanks for pointing this out. Unfortunately it seems they haven't addressed the many problems that were pointed out in the responses with defining "unintentional interception" in a way that doesn't capture lots of legitimate activities :(

Can anyone explain why I'm *not* going to be in line for a monetary penalty next time I turn on my wifi laptop in a populated area (given the nature of radio I'll undoubtedly receive communications that aren't intended for me), or the owner of an iPad when it fails to stop using the IP address when the DHCP lease runs out?

Andrew

--
Andrew Cormack, Chief Regulatory Adviser, JANET(UK)
Lumen House, Library Avenue, Harwell, Didcot. OX11 0SG UK
Phone: +44 (0) 1235 822302
Blog: http://webmedia.company.ja.net/edlabblogs/regulatory-developments/

JANET, the UK's education and research network

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG


> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Richard Clayton
> Sent: 08 April 2011 14:16
> To: UKcrypto at chiark.greenend.org.uk
> Subject: RIP consultation responses
> 
> 
> The Home Office has published the responses to the consultation on
> amending the RIP Act 2000 so as to address the concerns that it was not
> a faithful transposition of the EU Directive (viz: to fix the problem
> that Whitehall continued to protest that the Phorm system was lawful).
> 
> Main page:
> 
> <http://www.homeoffice.gov.uk/publications/consultations/ripa-effect-
> lawful-intercep/>
> 
> Responses:
> 
> <http://www.homeoffice.gov.uk/publications/consultations/ripa-effect-
> lawful-intercep/ripa-lawful-intercept-responses?view=Binary>
> 
> The revised form of statutory instrument:
> 
> http://www.legislation.gov.uk/ukdsi/2011/9780111510339/contents
> 
> --
> richard                                                   Richard
> Clayton
> 
> Those who would give up essential Liberty, to purchase a little
> temporary
> Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov
> 1755



From igb at batten.eu.org  Fri Apr  8 14:53:00 2011
From: igb at batten.eu.org (Ian Batten)
Date: Fri, 8 Apr 2011 14:53:00 +0100
Subject: RIP consultation responses
In-Reply-To: <61E52F3A5532BE43B0211254F13883AE061F45@EXC001>
References: <PUzwDrJ8pwnNFAnm@highwayman.com>
	<61E52F3A5532BE43B0211254F13883AE061F45@EXC001>
Message-ID: <38E86A7E-50FE-45E4-842E-E369D514F36C@batten.eu.org>

> 
> Can anyone explain why I'm *not* going to be in line for a monetary penalty next time I turn on my wifi laptop in a populated area (given the nature of radio I'll undoubtedly receive communications that aren't intended for me), or the owner of an iPad when it fails to stop using the IP address when the DHCP lease runs out?

Well, it says "any communication in the course of its transmission by means of a public telecommunication system".   Is Wifi "a public telecommunications system"?  And does this clause apply if you intercept communication which is at some point is going to pass over a public telecommunications system, or does it have to be on a pts at the time you intercept it? 

ian



From igb at batten.eu.org  Fri Apr  8 15:08:24 2011
From: igb at batten.eu.org (Ian Batten)
Date: Fri, 8 Apr 2011 15:08:24 +0100
Subject: RIP consultation responses
In-Reply-To: <PUzwDrJ8pwnNFAnm@highwayman.com>
References: <PUzwDrJ8pwnNFAnm@highwayman.com>
Message-ID: <683AA043-CEE3-45AF-AF15-67669F105D61@batten.eu.org>


On 08 Apr 11, at 1415, Richard Clayton wrote:

> 
> The Home Office has published the responses to the consultation on
> amending the RIP Act 2000 so as to address the concerns that it was not
> a faithful transposition of the EU Directive (viz: to fix the problem
> that Whitehall continued to protest that the Phorm system was lawful).


What an _amazing_ coincidence this should come out the same day that it's announced that Phorm and BT are not to be prosecuted.

http://blog.cps.gov.uk/2011/04/no-prosecution-of-bt-and-phorm-for-alleged-interception-of-browsing-data.html

ian

From lists at internetpolicyagency.com  Fri Apr  8 15:18:34 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 8 Apr 2011 15:18:34 +0100
Subject: Card transactions by proxy
In-Reply-To: <20110408133609.GE28020@snowy.squish.net>
References: <4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
	<YQo$G7eTIunNFAlI@perry.co.uk>
	<20110408114333.GD28020@snowy.squish.net>
	<u8Ly9XrdlvnNFAQi@perry.co.uk>
	<20110408133609.GE28020@snowy.squish.net>
Message-ID: <0Vikn526kxnNFAQQ@perry.co.uk>

In article <20110408133609.GE28020 at snowy.squish.net>, Jon Ribbens
<jon+ukcrypto at unequivocal.co.uk> writes

>>> They are charged at a rate higher than normal calls. The English word
>>> for that is "premium".
>>
>> But you have chosen to use that word vexatiously, in this context. Many
>> other words would not have the same effect.
>
>They wouldn't have conveyed my meaning.

Your meaning needed to be unpicked from an assumption that you were
expressing a personal grudge. That's not a helpful way to communicate,
on what's supposed to be a vaguely technical list.

>>>> which is presumably an artefact of your chosen phone supplier.
>>>
>>> If there is a mobile provider I can choose which does not charge a
>>> premium for 0800 calls, I am not aware of it.
>>
>> You've chosen to use a mobile phone.
>
>You might as well say I've "chosen" to use a phone at all, I could
>always conduct my entire life by post.

Of course. I could have written to my errant utility provider too. One
letter would have taken a lot less than the 20 minutes I was hanging on,
but I have a feeling would not have produced the desired effect.

>> And see below for a company that doesn't charge a premium(sic) over
>> geographic rates.
>
>Sorry, yes, I should have specified contract not PAYG. Interestingly,
>I just checked the Virgin Mobile website and they seem to consider it
>a secret what types of calls are included in their "minutes"; not even
>the detailed T&Cs give any indication what "airtimes minutes" includes.

I didn't have any trouble finding it.

eg "Calls to landlines" means:

        "This refers to numbers beginning with 01,02 or 03 and landline
        calls to Guernsey, Jersey and the Isle of Man."

>>> All they need to do is say that 0800 numbers
>>> must be charged at no more than geographic rates. That wouldn't
>>> require anyone to give up their 0800 numbers.
>>
>> That wouldn't work in the general case, because so many people have in
>> effect "free" geographic calls (in a bundle) for their mobile, that
>> there is no marginal revenue to replace whatever you are currently
>> paying per minute.
>
>If I call a geographic number from my mobile, my mobile operator must
>pay the geographic landline operator money to terminate the call. If
>I call an 0800 number instead, the 0800 operator must pay my mobile
>operator money to receive the call. If they can afford to give me
>"600 minutes" or whatever to geographic numbers, they can afford to
>give *at least that* to 0800 numbers. Unless I'm somehow mistaken?

You need to look at the *overall* flow of money from you to the mobile
operator. All those 20p's per minute currently charged for 0800 calls is
revenue lost to the "telco ecosystem", and has to be made up somehow.

To address the specific issue, the money flowing at the moment from 0800
callcentre operators backwards to your mobile provider is much less than
the 20p/min you are currently paying forwards.
-- 
Roland Perry


From Andrew.Cormack at ja.net  Fri Apr  8 15:22:58 2011
From: Andrew.Cormack at ja.net (Andrew Cormack)
Date: Fri, 8 Apr 2011 14:22:58 +0000
Subject: RIP consultation responses
In-Reply-To: <38E86A7E-50FE-45E4-842E-E369D514F36C@batten.eu.org>
References: <PUzwDrJ8pwnNFAnm@highwayman.com>
	<61E52F3A5532BE43B0211254F13883AE061F45@EXC001>
	<38E86A7E-50FE-45E4-842E-E369D514F36C@batten.eu.org>
Message-ID: <61E52F3A5532BE43B0211254F13883AE061F99@EXC001>

> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Ian Batten
> Sent: 08 April 2011 14:53
> To: UK Cryptography Policy Discussion Group
> Subject: Re: RIP consultation responses
> 
> >
> > Can anyone explain why I'm *not* going to be in line for a monetary
> penalty next time I turn on my wifi laptop in a populated area (given
> the nature of radio I'll undoubtedly receive communications that aren't
> intended for me), or the owner of an iPad when it fails to stop using
> the IP address when the DHCP lease runs out?
> 
> Well, it says "any communication in the course of its transmission by
> means of a public telecommunication system".   Is Wifi "a public
> telecommunications system"?  And does this clause apply if you
> intercept communication which is at some point is going to pass over a
> public telecommunications system, or does it have to be on a pts at the
> time you intercept it?

Hmmm:
RIPA s2: "telecommunication system" means any system (including the apparatus comprised in it) which exists (whether wholly or partly in the United Kingdom or elsewhere) for the purpose of facilitating the transmission of communications by any means involving the use of electrical or electro-magnetic energy.

Does "system", which is not defined in the Act as far as I can see, limit it to physical objects (though I'd have thought the wording implied that there was more than just "apparatus" involved)?

Device continuing to listen to Ethernet using an expired IP address (or device listening to old response packets on a newly issued address) is covered anyway :(

Andrew
 
> ian
> 



From igb at batten.eu.org  Fri Apr  8 15:33:51 2011
From: igb at batten.eu.org (Ian Batten)
Date: Fri, 8 Apr 2011 15:33:51 +0100
Subject: RIP consultation responses
In-Reply-To: <683AA043-CEE3-45AF-AF15-67669F105D61@batten.eu.org>
References: <PUzwDrJ8pwnNFAnm@highwayman.com>
	<683AA043-CEE3-45AF-AF15-67669F105D61@batten.eu.org>
Message-ID: <F3CC99A6-7992-4BA0-95E1-30004960C8EA@batten.eu.org>


On 08 Apr 11, at 1508, Ian Batten wrote:

> 
> On 08 Apr 11, at 1415, Richard Clayton wrote:
> 
>> 
>> The Home Office has published the responses to the consultation on
>> amending the RIP Act 2000 so as to address the concerns that it was not
>> a faithful transposition of the EU Directive (viz: to fix the problem
>> that Whitehall continued to protest that the Phorm system was lawful).
> 
> 
> What an _amazing_ coincidence this should come out the same day that it's announced that Phorm and BT are not to be prosecuted.
> 
> http://blog.cps.gov.uk/2011/04/no-prosecution-of-bt-and-phorm-for-alleged-interception-of-browsing-data.html

And the day on which NI admit to the NoW interceptions, too.

http://www.bbc.co.uk/news/uk-13014161

ian



From james2 at jfirth.net  Fri Apr  8 15:38:54 2011
From: james2 at jfirth.net (James Firth)
Date: Fri, 8 Apr 2011 15:38:54 +0100
Subject: RIP consultation responses
In-Reply-To: <PUzwDrJ8pwnNFAnm@highwayman.com>
References: <PUzwDrJ8pwnNFAnm@highwayman.com>
Message-ID: <00ff01cbf5fa$afca9730$0f5fc590$@net>

What a coincidence.

This draft legislation appears at the halfway stage in the legislative
sausage machine on the very same day the CPS announces it's (much delayed)
decision not to prosecute Phorm/BT over the trials:

http://www.telegraph.co.uk/technology/news/8437978/BT-and-Phorm-escape-prose
cution-for-secret-wiretaps.html

James Firth

> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Richard Clayton
> Sent: 08 April 2011 14:16
> To: UKcrypto at chiark.greenend.org.uk
> Subject: RIP consultation responses
> 
> 
> The Home Office has published the responses to the consultation on
> amending the RIP Act 2000 so as to address the concerns that it was not
> a faithful transposition of the EU Directive (viz: to fix the problem
> that Whitehall continued to protest that the Phorm system was lawful).
> 
> Main page:
> 
> <http://www.homeoffice.gov.uk/publications/consultations/ripa-effect-
> lawful-intercep/>
> 
> Responses:
> 
> <http://www.homeoffice.gov.uk/publications/consultations/ripa-effect-
> lawful-intercep/ripa-lawful-intercept-responses?view=Binary>
> 
> The revised form of statutory instrument:
> 
> http://www.legislation.gov.uk/ukdsi/2011/9780111510339/contents
> 
> --
> richard                                                   Richard
> Clayton
> 
> Those who would give up essential Liberty, to purchase a little
> temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin
> 11 Nov 1755



From igb at batten.eu.org  Fri Apr  8 15:39:27 2011
From: igb at batten.eu.org (Ian Batten)
Date: Fri, 8 Apr 2011 15:39:27 +0100
Subject: RIP consultation responses
In-Reply-To: <61E52F3A5532BE43B0211254F13883AE061F99@EXC001>
References: <PUzwDrJ8pwnNFAnm@highwayman.com>
	<61E52F3A5532BE43B0211254F13883AE061F45@EXC001>
	<38E86A7E-50FE-45E4-842E-E369D514F36C@batten.eu.org>
	<61E52F3A5532BE43B0211254F13883AE061F99@EXC001>
Message-ID: <E7EBA69A-2289-425C-8D25-5A28B469CCDC@batten.eu.org>

>> 
>> Well, it says "any communication in the course of its transmission by
>> means of a public telecommunication system".   Is Wifi "a public
>> telecommunications system"?  And does this clause apply if you
>> intercept communication which is at some point is going to pass over a
>> public telecommunications system, or does it have to be on a pts at the
>> time you intercept it?
> 
> Hmmm:
> RIPA s2: "telecommunication system" means any system (including the apparatus comprised in it) which exists (whether wholly or partly in the United Kingdom or elsewhere) for the purpose of facilitating the transmission of communications by any means involving the use of electrical or electro-magnetic energy.

Yes, but you're missing the "public" part.  For which the same section says:

> 	? ?public telecommunications service? means any telecommunications service which is offered or provided to, or to a substantial section of, the public in any one or more parts of the United Kingdom;
> 	? ?public telecommunication system? means any such parts of a telecommunication system by means of which any public telecommunications service is provided as are located in the United Kingdom;

Clearly, the wifi in an individual's house isn't offered or provided to a substantial section of the public, so it isn't a public telecommunications service in and of itself.   It is however the means by which that individual accesses a public service, hence my question.   The fun would start when you consider public WiFi services, and whether a service offered in Costa constitutes a pts.

ian



From james2 at jfirth.net  Fri Apr  8 15:40:06 2011
From: james2 at jfirth.net (James Firth)
Date: Fri, 8 Apr 2011 15:40:06 +0100
Subject: RIP consultation responses
In-Reply-To: <00ff01cbf5fa$afca9730$0f5fc590$@net>
References: <PUzwDrJ8pwnNFAnm@highwayman.com>
	<00ff01cbf5fa$afca9730$0f5fc590$@net>
Message-ID: <011401cbf5fa$db035950$910a0bf0$@net>

Apologies for not reading up-list before replying

> 
> This draft legislation appears at the halfway stage in the legislative
> sausage machine on the very same day the CPS announces it's (much
> delayed)
> decision not to prosecute Phorm/BT over the trials:
> 
> http://www.telegraph.co.uk/technology/news/8437978/BT-and-Phorm-escape-
> prose
> cution-for-secret-wiretaps.html
> 
> James Firth
> 
> > -----Original Message-----
> > From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> > bounces at chiark.greenend.org.uk] On Behalf Of Richard Clayton
> > Sent: 08 April 2011 14:16
> > To: UKcrypto at chiark.greenend.org.uk
> > Subject: RIP consultation responses
> >
> >
> > The Home Office has published the responses to the consultation on
> > amending the RIP Act 2000 so as to address the concerns that it was
> not
> > a faithful transposition of the EU Directive (viz: to fix the problem
> > that Whitehall continued to protest that the Phorm system was
> lawful).
> >
> > Main page:
> >
> > <http://www.homeoffice.gov.uk/publications/consultations/ripa-effect-
> > lawful-intercep/>
> >
> > Responses:
> >
> > <http://www.homeoffice.gov.uk/publications/consultations/ripa-effect-
> > lawful-intercep/ripa-lawful-intercept-responses?view=Binary>
> >
> > The revised form of statutory instrument:
> >
> > http://www.legislation.gov.uk/ukdsi/2011/9780111510339/contents
> >
> > --
> > richard                                                   Richard
> > Clayton
> >
> > Those who would give up essential Liberty, to purchase a little
> > temporary Safety, deserve neither Liberty nor Safety. Benjamin
> Franklin
> > 11 Nov 1755




From lists at internetpolicyagency.com  Fri Apr  8 17:17:23 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 8 Apr 2011 17:17:23 +0100
Subject: RIP consultation responses
In-Reply-To: <E7EBA69A-2289-425C-8D25-5A28B469CCDC@batten.eu.org>
References: <PUzwDrJ8pwnNFAnm@highwayman.com>
	<61E52F3A5532BE43B0211254F13883AE061F45@EXC001>
	<38E86A7E-50FE-45E4-842E-E369D514F36C@batten.eu.org>
	<61E52F3A5532BE43B0211254F13883AE061F99@EXC001>
	<E7EBA69A-2289-425C-8D25-5A28B469CCDC@batten.eu.org>
Message-ID: <2EI0Dz5TUznNFAw3@perry.co.uk>

In article <E7EBA69A-2289-425C-8D25-5A28B469CCDC at batten.eu.org>, Ian 
Batten <igb at batten.eu.org> writes
>The fun would start when you consider public WiFi services, and whether
> a service offered in Costa constitutes a pts.

My understanding of "public" in this context has always been "all you 
need as a qualification is money". So as long as you have the price of a 
cup of coffee in your pocket... (or maybe even nothing, if they fail to 
link the use of the wifi with a purchase).

Contrast with Andrew's users, who are not on a public network because 
you generally have to be staff or registered as a student to qualify to 
use them.
-- 
Roland Perry


From ukcrypto at absent-minded.com  Fri Apr  8 17:58:12 2011
From: ukcrypto at absent-minded.com (Mark Lomas)
Date: Fri, 8 Apr 2011 17:58:12 +0100
Subject: Card transactions by proxy
In-Reply-To: <7AB39621-5E60-47C7-8AFE-9B6CE288CB70@batten.eu.org>
References: <4D98E818.3040802@callnetuk.com> <V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
	<YQo$G7eTIunNFAlI@perry.co.uk>
	<20110408114333.GD28020@snowy.squish.net>
	<7AB39621-5E60-47C7-8AFE-9B6CE288CB70@batten.eu.org>
Message-ID: <BANLkTingQU7Se49Zjn5R7KtSS8XxniTnjg@mail.gmail.com>

On 8 April 2011 13:10, Ian Batten <igb at batten.eu.org> wrote:

> >
> > If there is a mobile provider I can choose which does not charge a
> > premium for 0800 calls, I am not aware of it.
>
> Orange used to, but stopped it because of abuse via calling cards.
>

Why do you think that calling cards might be an abuse?

Please note that 0800 numbers aren't really free, not even from a landline.
The recipient is charged for such calls. It is similar in principle to a
reverse charges call.

If you use a calling card then the service provider is reimbursed at
whatever rate they have negotiated for interchange fees, which strikes me as
a good market solution to abuse by the service provider. Indeed, it ought to
be a license condition that service providers may neither block any 0800
number nor make any charges to the caller.

Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110408/73a11696/attachment.htm>

From igb at batten.eu.org  Fri Apr  8 18:02:38 2011
From: igb at batten.eu.org (Ian Batten)
Date: Fri, 8 Apr 2011 18:02:38 +0100
Subject: Card transactions by proxy
In-Reply-To: <BANLkTingQU7Se49Zjn5R7KtSS8XxniTnjg@mail.gmail.com>
References: <4D98E818.3040802@callnetuk.com> <V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
	<YQo$G7eTIunNFAlI@perry.co.uk>
	<20110408114333.GD28020@snowy.squish.net>
	<7AB39621-5E60-47C7-8AFE-9B6CE288CB70@batten.eu.org>
	<BANLkTingQU7Se49Zjn5R7KtSS8XxniTnjg@mail.gmail.com>
Message-ID: <4B5C8E29-A968-4122-982E-CBAE5C4BADD0@batten.eu.org>


On 8 Apr 2011, at 17:58, Mark Lomas wrote:

>
>
> On 8 April 2011 13:10, Ian Batten <igb at batten.eu.org> wrote:
> >
> > If there is a mobile provider I can choose which does not charge a
> > premium for 0800 calls, I am not aware of it.
>
> Orange used to, but stopped it because of abuse via calling cards.
>
> Why do you think that calling cards might be an abuse?

Because they lost revenue on international calls, for which they  
charged a premium.  Try taking your own booze to a restaurant that has  
a flashy winelist and see how far (in general) you get.
>
> If you use a calling card then the service provider is reimbursed at  
> whatever rate they have negotiated for interchange fees, which  
> strikes me as a good market solution to abuse by the service provider.

Except for the loss of revenue for tunnelled calls.

ian



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110408/1f8bf59b/attachment-0001.htm>

From jon+ukcrypto at unequivocal.co.uk  Fri Apr  8 19:27:14 2011
From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens)
Date: Fri, 8 Apr 2011 19:27:14 +0100
Subject: Card transactions by proxy
In-Reply-To: <0Vikn526kxnNFAQQ@perry.co.uk>
References: <dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
	<YQo$G7eTIunNFAlI@perry.co.uk>
	<20110408114333.GD28020@snowy.squish.net>
	<u8Ly9XrdlvnNFAQi@perry.co.uk>
	<20110408133609.GE28020@snowy.squish.net>
	<0Vikn526kxnNFAQQ@perry.co.uk>
Message-ID: <20110408182714.GF28020@snowy.squish.net>

On Fri, Apr 08, 2011 at 03:18:34PM +0100, Roland Perry wrote:
> Your meaning needed to be unpicked from an assumption that you were
> expressing a personal grudge.

That's your assumption.

> >Sorry, yes, I should have specified contract not PAYG. Interestingly,
> >I just checked the Virgin Mobile website and they seem to consider it
> >a secret what types of calls are included in their "minutes"; not even
> >the detailed T&Cs give any indication what "airtimes minutes" includes.
> 
> I didn't have any trouble finding it.
> 
> eg "Calls to landlines" means:

That doesn't answer the question I asked, which was "what's included
in the airtime minutes" and not "what's a landline".

> You need to look at the *overall* flow of money from you to the mobile
> operator. All those 20p's per minute currently charged for 0800 calls is
> revenue lost to the "telco ecosystem", and has to be made up somehow.

Why does it have to be "made up somehow"? Companies don't have a
god-given right to vast profits.

> To address the specific issue, the money flowing at the moment from 0800
> callcentre operators backwards to your mobile provider is much less than
> the 20p/min you are currently paying forwards.

Yes, because the mobile operators are currently gouging their
customers due to their knowledge that many customers feel they are
forced to call these numbers regardless of the cost, and Ofcom's lack
of regulation.


From lists at internetpolicyagency.com  Fri Apr  8 19:45:07 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 8 Apr 2011 19:45:07 +0100
Subject: Card transactions by proxy
In-Reply-To: <20110408182714.GF28020@snowy.squish.net>
References: <dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
	<YQo$G7eTIunNFAlI@perry.co.uk>
	<20110408114333.GD28020@snowy.squish.net>
	<u8Ly9XrdlvnNFAQi@perry.co.uk>
	<20110408133609.GE28020@snowy.squish.net>
	<0Vikn526kxnNFAQQ@perry.co.uk>
	<20110408182714.GF28020@snowy.squish.net>
Message-ID: <gOgRBBIze1nNFAT5@perry.co.uk>

In article <20110408182714.GF28020 at snowy.squish.net>, Jon Ribbens
<jon+ukcrypto at unequivocal.co.uk> writes
>> Your meaning needed to be unpicked from an assumption that you were
>> expressing a personal grudge.
>
>That's your assumption.

Confirmed by your later postings.

>> >Sorry, yes, I should have specified contract not PAYG. Interestingly,
>> >I just checked the Virgin Mobile website and they seem to consider it
>> >a secret what types of calls are included in their "minutes"; not even
>> >the detailed T&Cs give any indication what "airtimes minutes" includes.
>>
>> I didn't have any trouble finding it.
>>
>> eg "Calls to landlines" means:
>
>That doesn't answer the question I asked, which was "what's included
>in the airtime minutes" and not "what's a landline".

        "Included in your tariff (subject to the allowance specified):
        UK calls to UK landlines (beginning 01, 02, 03) & UK mobile
        networks"

So all you are left with is the easy-to-find definition of "UK mobile
networks".

>> You need to look at the *overall* flow of money from you to the mobile
>> operator. All those 20p's per minute currently charged for 0800 calls is
>> revenue lost to the "telco ecosystem", and has to be made up somehow.
>
>Why does it have to be "made up somehow"? Companies don't have a
>god-given right to vast profits.

Their shareholders (including your pension fund) demand it.

>> To address the specific issue, the money flowing at the moment from 0800
>> callcentre operators backwards to your mobile provider is much less than
>> the 20p/min you are currently paying forwards.
>
>Yes, because the mobile operators are currently gouging their
>customers due to their knowledge that many customers feel they are
>forced to call these numbers regardless of the cost, and Ofcom's lack
>of regulation.

Ofcom is likely to start regulating them. We've been round this loop.
-- 
Roland Perry


From ukcrypto at absent-minded.com  Fri Apr  8 20:37:45 2011
From: ukcrypto at absent-minded.com (Mark Lomas)
Date: Fri, 8 Apr 2011 20:37:45 +0100
Subject: Card transactions by proxy
In-Reply-To: <4B5C8E29-A968-4122-982E-CBAE5C4BADD0@batten.eu.org>
References: <4D98E818.3040802@callnetuk.com> <V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
	<YQo$G7eTIunNFAlI@perry.co.uk>
	<20110408114333.GD28020@snowy.squish.net>
	<7AB39621-5E60-47C7-8AFE-9B6CE288CB70@batten.eu.org>
	<BANLkTingQU7Se49Zjn5R7KtSS8XxniTnjg@mail.gmail.com>
	<4B5C8E29-A968-4122-982E-CBAE5C4BADD0@batten.eu.org>
Message-ID: <BANLkTino9ya+sPG3O2kRsOS0=hn-2F+Mvw@mail.gmail.com>

On 8 April 2011 18:02, Ian Batten <igb at batten.eu.org> wrote:

>
> On 8 Apr 2011, at 17:58, Mark Lomas wrote:
>
>
>
> On 8 April 2011 13:10, Ian Batten <igb at batten.eu.org> wrote:
>
>> >
>> > If there is a mobile provider I can choose which does not charge a
>> > premium for 0800 calls, I am not aware of it.
>>
>> Orange used to, but stopped it because of abuse via calling cards.
>>
>
> Why do you think that calling cards might be an abuse?
>
>
> Because they lost revenue on international calls, for which they charged a
> premium.  Try taking your own booze to a restaurant that has a flashy
> winelist and see how far (in general) you get.
>
>
> If you use a calling card then the service provider is reimbursed at
> whatever rate they have negotiated for interchange fees, which strikes me as
> a good market solution to abuse by the service provider.
>
>
> Except for the loss of revenue for tunnelled calls.
>

You have made my point. There is no inherent right to profits on
international calls. A free market should allow me to choose my
international service provider.

Indeed, retail price maintenance is usually illegal.

Mark

>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110408/b8047331/attachment.htm>

From lists at internetpolicyagency.com  Fri Apr  8 20:50:53 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 8 Apr 2011 20:50:53 +0100
Subject: Card transactions by proxy
In-Reply-To: <BANLkTino9ya+sPG3O2kRsOS0=hn-2F+Mvw@mail.gmail.com>
References: <4D98E818.3040802@callnetuk.com> <V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
	<YQo$G7eTIunNFAlI@perry.co.uk>
	<20110408114333.GD28020@snowy.squish.net>
	<7AB39621-5E60-47C7-8AFE-9B6CE288CB70@batten.eu.org>
	<BANLkTingQU7Se49Zjn5R7KtSS8XxniTnjg@mail.gmail.com>
	<4B5C8E29-A968-4122-982E-CBAE5C4BADD0@batten.eu.org>
	<BANLkTino9ya+sPG3O2kRsOS0=hn-2F+Mvw@mail.gmail.com>
Message-ID: <Tsb95HPdc2nNFAmg@perry.co.uk>

In article <BANLkTino9ya+sPG3O2kRsOS0=hn-2F+Mvw at mail.gmail.com>, Mark 
Lomas <ukcrypto at absent-minded.com> writes

> There is no inherent right to profits on international calls. A free 
>market should allow me to choose my international service provider.

But the "local loop" operator is also entitled to a return on his 
investment. Finding wormholes in the charging structure is great fun, 
but we should also look at the bigger picture.
-- 
Roland Perry


From roger at hayter.org  Fri Apr  8 22:41:23 2011
From: roger at hayter.org (Roger Hayter)
Date: Fri, 8 Apr 2011 22:41:23 +0100
Subject: Card transactions by proxy
In-Reply-To: <20110408114333.GD28020@snowy.squish.net>
References: <4D98E818.3040802@callnetuk.com> <V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
	<YQo$G7eTIunNFAlI@perry.co.uk>
	<20110408114333.GD28020@snowy.squish.net>
Message-ID: <73PYhtBDE4nNFACV@kalahari.uninhabited.net>

In message <20110408114333.GD28020 at snowy.squish.net>, Jon Ribbens 
<jon+ukcrypto at unequivocal.co.uk> writes
>On Fri, Apr 08, 2011 at 11:23:15AM +0100, Roland Perry wrote:
>> In article <20110408093212.GC28020 at snowy.squish.net>, Jon Ribbens
>> <jon+ukcrypto at unequivocal.co.uk> writes
>>> Well, it's not a "premium rate" number by Ofcom's definition, but it's
>>> a "premium rate" number in that I will be charged at a "premium rate"
>>> for calling it compared to calling ordinary 01/02/03 numbers.
>>> Apologies for the tangent though ;-)
>>
>> I think we should be careful when using jargon which has a precise
>> meaning (such as "Premium Rate"), to nurse a grudge about "high cost"
>> calls,
>
>They are charged at a rate higher than normal calls. The English word
>for that is "premium".
>
>> which is presumably an artefact of your chosen phone supplier.
>
>If there is a mobile provider I can choose which does not charge a
>premium for 0800 calls, I am not aware of it.

It is possible (at least for 02 users) for the recipient to publish a 
number which is free (or rather recipient-paid-for) to call.  The AA , 
for instance, allocate a number the same as their 0800 number with the 
initial '0' removed which is free to call from my mobile.  Presumably 
other organisations with 0800 numbers could do the same, at a price.
-- 

Roger Hayter


From igb at batten.eu.org  Sat Apr  9 09:47:55 2011
From: igb at batten.eu.org (Ian Batten)
Date: Sat, 9 Apr 2011 09:47:55 +0100
Subject: Card transactions by proxy
In-Reply-To: <73PYhtBDE4nNFACV@kalahari.uninhabited.net>
References: <4D98E818.3040802@callnetuk.com> <V93s9MOqIXmNFA+L@perry.co.uk>
	<4D9ACC33.3020902@callnetuk.com>
	<183534E5-99E3-4810-96C9-32E0B9D53FA6@batten.eu.org>
	<dN8uBSRH3wmNFAsW@perry.co.uk> <gckxFQCh6FnNFASF@perry.co.uk>
	<20110408023140.GB28020@snowy.squish.net>
	<jRXh2cMvarnNFAzE@perry.co.uk>
	<20110408093212.GC28020@snowy.squish.net>
	<YQo$G7eTIunNFAlI@perry.co.uk>
	<20110408114333.GD28020@snowy.squish.net>
	<73PYhtBDE4nNFACV@kalahari.uninhabited.net>
Message-ID: <936AF072-0F1E-4B9D-91DD-43E6BED722B6@batten.eu.org>

>
> It is possible (at least for 02 users) for the recipient to publish  
> a number which is free (or rather recipient-paid-for) to call.  The  
> AA , for instance, allocate a number the same as their 0800 number  
> with the initial '0' removed which is free to call from my mobile.   
> Presumably other organisations with 0800 numbers could do the same,  
> at a price.

Not even at a price.  They can publish the number of the trunk the  
0800 number is delivered over, and all it costs is the ink.  They may  
need to do this anyway, if they want to be sure of being contactable  
from overseas and (as you say) from mobiles.  My bank publishes geos  
for all the important numbers, and prints them on the back of bank  
cards.  The only downside is that using a geo number isn't as  
portable, so if the operation is moved more than a few miles the geo  
number would cost quite a lot of money to retain.  And geos don't have  
the call distribution facilities you get from non-geos, of course.

ian


From amidgley at gmail.com  Sat Apr  9 22:41:29 2011
From: amidgley at gmail.com (Adrian Midgley)
Date: Sat, 9 Apr 2011 22:41:29 +0100
Subject: Card transactions by proxy
In-Reply-To: <8364@iapetus.plus.com>
References: <8364@iapetus.plus.com>
Message-ID: <BANLkTi=3XvLjQXYsEPJK-B4aqS0Q-x4T1g@mail.gmail.com>

On 5 April 2011 22:29, Laurence Taylor <laurence at iapetus.plus.com> wrote:
> In message <rxfj+e+LyHmNFA4z at perry.co.uk> Roland Perry writes:
>
>> My council closed their "cash office" for good last Friday. Although it
>> also took cheques, and Credit Cards for a ?2 fee.

American (US) currency has printed on it something to the effect that
this is usable for settling all public and private debts.

I see ours doesn't.




-- 
Adrian Midgley?? http://www.defoam.net/


From igb at batten.eu.org  Sun Apr 10 08:09:43 2011
From: igb at batten.eu.org (Ian Batten)
Date: Sun, 10 Apr 2011 08:09:43 +0100
Subject: Card transactions by proxy
In-Reply-To: <BANLkTi=3XvLjQXYsEPJK-B4aqS0Q-x4T1g@mail.gmail.com>
References: <8364@iapetus.plus.com>
	<BANLkTi=3XvLjQXYsEPJK-B4aqS0Q-x4T1g@mail.gmail.com>
Message-ID: <BF52FB65-C77A-4B24-BC0E-F3FAEBC28E7E@batten.eu.org>


On 9 Apr 2011, at 22:41, Adrian Midgley wrote:

> On 5 April 2011 22:29, Laurence Taylor <laurence at iapetus.plus.com> wrote:
>> In message <rxfj+e+LyHmNFA4z at perry.co.uk> Roland Perry writes:
>> 
>>> My council closed their "cash office" for good last Friday. Although it
>>> also took cheques, and Credit Cards for a ?2 fee.
> 
> American (US) currency has printed on it something to the effect that
> this is usable for settling all public and private debts.
> 
> I see ours doesn't.

http://www.royalmint.com/corporate/policies/legal_tender_guidelines.aspx

ian




From igb at batten.eu.org  Sun Apr 10 12:07:01 2011
From: igb at batten.eu.org (Ian Batten)
Date: Sun, 10 Apr 2011 12:07:01 +0100
Subject: BBC News - Ceop website form 'could have put children at risk'
Message-ID: <40C0F250-5576-4DA2-A496-0C93B3513748@batten.eu.org>


http://www.bbc.co.uk/news/uk-13025228

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110410/885acdfd/attachment.htm>

From lists at internetpolicyagency.com  Sun Apr 10 13:24:53 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Sun, 10 Apr 2011 13:24:53 +0100
Subject: BBC News - Ceop website form 'could have put children at risk'
In-Reply-To: <40C0F250-5576-4DA2-A496-0C93B3513748@batten.eu.org>
References: <40C0F250-5576-4DA2-A496-0C93B3513748@batten.eu.org>
Message-ID: <NJ2qgUrVGaoNFAez@perry.co.uk>

In article <40C0F250-5576-4DA2-A496-0C93B3513748 at batten.eu.org>, Ian 
Batten <igb at batten.eu.org> writes

>http://www.bbc.co.uk/news/uk-13025228

Sounds like they had http and https versions of the reporting form, and 
some external links pointed at the http version (which didn't then 
automatically redirect).

Given that there's no money to be made intercepting reports of child 
abuse, I wonder what the practical risk is from third parties. If 
there's an abuser in the same household with access to (and checking up 
on) the child's PC, then being able to see the browser history will be 
enough to ring their alarm bells, without actually having to go to the 
bother of intercepting all the traffic.
-- 
Roland Perry


From igb at batten.eu.org  Sun Apr 10 15:14:04 2011
From: igb at batten.eu.org (Ian Batten)
Date: Sun, 10 Apr 2011 15:14:04 +0100
Subject: BBC News - Ceop website form 'could have put children at risk'
In-Reply-To: <NJ2qgUrVGaoNFAez@perry.co.uk>
References: <40C0F250-5576-4DA2-A496-0C93B3513748@batten.eu.org>
	<NJ2qgUrVGaoNFAez@perry.co.uk>
Message-ID: <363A81F0-451F-4432-89F1-D0027E2AE34A@batten.eu.org>

>
> Given that there's no money to be made intercepting reports of child  
> abuse, I wonder what the practical risk is from third parties. If  
> there's an abuser in the same household with access to (and checking  
> up on) the child's PC, then being able to see the browser history  
> will be enough to ring their alarm bells, without actually having to  
> go to the bother of intercepting all the traffic.
> -- 

Well, a sophisticated abuser could play with the DNS, routing or a  
trap proxy within their household to redirect traffic to a fake  
website which notified them of the report and then discarded.  But it  
seems a bit far fetched, and the only advantage of http over https to  
such an adversary is that the attack wouldn't throw a certificate  
warning; given the poor standards of certificate hygiene both on  
servers and amongst users (especially children), the same attack on  
https would be almost certain to work anyway.

ian


From igb at batten.eu.org  Sun Apr 10 22:06:08 2011
From: igb at batten.eu.org (Ian Batten)
Date: Sun, 10 Apr 2011 22:06:08 +0100
Subject: Silent Password Length Failures
Message-ID: <EBC41023-8D8A-4186-A1AD-364520179573@batten.eu.org>

I've had problems with performing some transactions through my bank's online interface of late: which resulted in opening an ISA over the phone on April 4, which was an entertainment.  I've tracked down what the issue is.  There's an n character limit on your password, but it turns out that the password I use is n+1 characters.  It lets you use n+1 characters when changing your password, and type n+1 characters when logging in.  But when you have to re-authenticate for things like transfers to new recipients, or opening new accounts, clearly a different piece of code gets used which rather than truncating your password to n characters before processing instead fails it for being the wrong password.  Whether this is correct behaviour (because it warns people that they are lulling themselves into a false sense of security with a longer password than is actually processed) or not, it's certainly not right to do it inconsistently...

ian



From laurence at iapetus.plus.com  Mon Apr 11 22:36:43 2011
From: laurence at iapetus.plus.com (Laurence Taylor)
Date: Mon, 11 Apr 2011 21:36:43 +0000 (GMT)
Subject: Card transactions by proxy
Message-ID: <8374@iapetus.plus.com>

In message <BANLkTingQU7Se49Zjn5R7KtSS8XxniTnjg at mail.gmail.com>
   Mark Lomas writes:

> If you use a calling card then the service provider is reimbursed at
> whatever rate they have negotiated for interchange fees, which strikes me as
> a good market solution to abuse by the service provider. Indeed, it ought to
> be a license condition that service providers may neither block any 0800
> number nor make any charges to the caller.

I remember there was a company (now defunct) that tried start up a
payphone service in competition to BT, and from which 0800 calls
were barred - along with any number that had more than 10 digits
(the dial stopped working at that point) so calling anywhere with
an automated menu system was out.

rgds
LAurence
<><
... Wife- "Wire you insulate?".. Hubby- "I'm keeping two ohms going!"..
~~~ Tag-O-Matic V.13F 



From laurence at iapetus.plus.com  Mon Apr 11 21:36:13 2011
From: laurence at iapetus.plus.com (Laurence Taylor)
Date: Mon, 11 Apr 2011 20:36:13 +0000 (GMT)
Subject: Card transactions by proxy
Message-ID: <8373@iapetus.plus.com>

In message <dN8uBSRH3wmNFAsW at perry.co.uk> Roland Perry writes:

> For example, I received an estimated bill that is approximately double 
> what it should have been. And immediately sent a customer reading to the 
> supplier's website. Which they seem to have ignored.

I was told by EDF that readings entered on their web site are only
used for regular bills, any other entries are just used to feed
the estimating system. If you want them to actually use your
figures, you have to phone them.

rgds
LAurence
<><
... There's nothing you can know that isn't known
~~~ Tag-O-Matic V.13F 



From maxsec at gmail.com  Sun Apr 24 21:17:57 2011
From: maxsec at gmail.com (Martin Hepworth)
Date: Sun, 24 Apr 2011 21:17:57 +0100
Subject: [Dorset] Cabinet Office Survey on Open Standards in the Public
	Sector
In-Reply-To: <201104242024.05491.d-lug@hadrian-way.co.uk>
References: <201104242024.05491.d-lug@hadrian-way.co.uk>
Message-ID: <BANLkTik1mPgwaKuJvXO2PrdsindJrySMtQ@mail.gmail.com>

Thought may be of interest to members of this group

Martin
On Sunday, 24 April 2011, Terry Coles <d-lug at hadrian-way.co.uk> wrote:
> All,
>
> The Government has set up a Public Survey entitled 'Open Standards in the
> Public Sector', see http://www.surveymonkey.com/s/UKGovOpenStandards.
>
> This survey covers quite a wide range and some elements of it are unlikely to
> be relevant to LUG member's interests. ?However, it includes all the IT
> Standards for web, email, etc and also document formats.
>
> It takes a bit of dedication to fill it in (there are 120 questions
> altogether), but whole sections can be skipped if they aren't relevant and it
> is permissible to leave questions unanswered. ?I found that I simply didn't
> know enough about some aspects covered, but I knew enough to answer a fair
> proportion of the survey.
>
> Can I suggest that we make it a LUG Project to visit the Survey and fill it
> in? ?Between us we probably know more about these technologies and Standards
> than most groups(certainly groups outside of software/web development), so we
> owe it to the Country to deliver some of that expertise on behalf of those
> ordinary folk who will be saddled with unsuitable Standards if the vested
> interests get a look-in.
>
> Having said that they may already have got a look-in because the questions
> about document formats in Section 11 state that ISO/IEC 29500:2008 (Office
> Open XML (or MSXML to the rest of us)) is called Open Office XML, which is
> easily confused with OpenOffice.org. ?Maybe it's a genuine mistake or maybe
> the fix is in.
>
> Anyway, like voting, if we don't participate we can't complain about the
> outcome.
>
> --
>  ? ? ? ? ? ? ? ?Terry Coles
>  ? ? ? ? ? ? ? ?64 bit computing with Kubuntu Linux
>
>
> --
> Next meeting: ?Blandford Forum, Wednesday 2011-05-04 20:00
> Meets, Mailing list, IRC, LinkedIn, ... ?http://dorset.lug.org.uk/
> How to Report Bugs Effectively: ?http://goo.gl/4Xue
>

-- 
-- 
Martin Hepworth
Oxford, UK


From otcbn at callnetuk.com  Mon Apr 25 11:40:48 2011
From: otcbn at callnetuk.com (Peter Mitchell)
Date: Mon, 25 Apr 2011 11:40:48 +0100
Subject: [Dorset] Cabinet Office Survey on Open Standards in the Public
	Sector
In-Reply-To: <BANLkTik1mPgwaKuJvXO2PrdsindJrySMtQ@mail.gmail.com>
References: <201104242024.05491.d-lug@hadrian-way.co.uk>
	<BANLkTik1mPgwaKuJvXO2PrdsindJrySMtQ@mail.gmail.com>
Message-ID: <4DB54FB0.3070806@callnetuk.com>

Martin Hepworth wrote  on 24-04-11 21:17:
> Thought may be of interest to members of this group
> 
> Martin
> On Sunday, 24 April 2011, Terry Coles <d-lug at hadrian-way.co.uk> wrote:
>> All,
>>
>> The Government has set up a Public Survey entitled 'Open Standards in the
>> Public Sector', see http://www.surveymonkey.com/s/UKGovOpenStandards.
>>
snip
>>
>> Anyway, like voting, if we don't participate we can't complain about the
>> outcome.

"Javascript is required for this site to function, please enable."

So people who don't think the government should be using Javascript can't participate in the survey :)

-- 
Pete Mitchell


From amidgley at gmail.com  Mon Apr 25 18:09:53 2011
From: amidgley at gmail.com (Adrian Midgley)
Date: Mon, 25 Apr 2011 18:09:53 +0100
Subject: [Dorset] Cabinet Office Survey on Open Standards in the Public
	Sector
In-Reply-To: <4DB54FB0.3070806@callnetuk.com>
References: <201104242024.05491.d-lug@hadrian-way.co.uk>
	<BANLkTik1mPgwaKuJvXO2PrdsindJrySMtQ@mail.gmail.com>
	<4DB54FB0.3070806@callnetuk.com>
Message-ID: <BANLkTikzNt_3oZ5-08O_ocUKazPjwFKSyA@mail.gmail.com>

On 25 April 2011 11:40, Peter Mitchell <otcbn at callnetuk.com> wrote:

> So people who don't think the government should be using Javascript can't
> participate in the survey :)

Strictly, that would only be people who are convinced that they
themselves should never use Javascript can't participate.

No?


-- 
Adrian Midgley?? http://www.defoam.net/


From lists at internetpolicyagency.com  Tue Apr 26 09:20:25 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Tue, 26 Apr 2011 09:20:25 +0100
Subject: [Dorset] Cabinet Office Survey on Open Standards in the
	Public	Sector
In-Reply-To: <BANLkTikzNt_3oZ5-08O_ocUKazPjwFKSyA@mail.gmail.com>
References: <201104242024.05491.d-lug@hadrian-way.co.uk>
	<BANLkTik1mPgwaKuJvXO2PrdsindJrySMtQ@mail.gmail.com>
	<4DB54FB0.3070806@callnetuk.com>
	<BANLkTikzNt_3oZ5-08O_ocUKazPjwFKSyA@mail.gmail.com>
Message-ID: <8xkmOMAJBotNFAzm@perry.co.uk>

In article <BANLkTikzNt_3oZ5-08O_ocUKazPjwFKSyA at mail.gmail.com>, Adrian 
Midgley <amidgley at gmail.com> writes

>> So people who don't think the government should be using Javascript can't
>> participate in the survey :)
>
>Strictly, that would only be people who are convinced that they
>themselves should never use Javascript can't participate.

That's right. A person could be convinced that the government shouldn't 
allow its employees to travel by First Class train, but that doesn't 
stop you from travelling First Class, even to a meeting to protest about 
Government travel policy.
-- 
Roland Perry


From zenadsl6186 at zen.co.uk  Thu Apr 28 01:49:43 2011
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Thu, 28 Apr 2011 01:49:43 +0100
Subject: TomTom giving customer driving data to cops
Message-ID: <4DB8B9A7.6030701@zen.co.uk>

El Reg:
http://www.theregister.co.uk/2011/04/27/tomtom_customer_data_flap/

TomTom have been selling "anonymised" driving data to the Dutch cops.

What I want to know is, how do TomTom get the data? There is no need for 
a satnav to have a transmission capability.


-- Peter Fairbrother




From tony.naggs at googlemail.com  Thu Apr 28 02:51:36 2011
From: tony.naggs at googlemail.com (Tony Naggs)
Date: Thu, 28 Apr 2011 02:51:36 +0100
Subject: TomTom giving customer driving data to cops
In-Reply-To: <BANLkTi=NdEvJ68fLtjHrW__Vph0XLbQ=Ew@mail.gmail.com>
References: <4DB8B9A7.6030701@zen.co.uk>
	<BANLkTik7uXJLuVVhnR0Sq0u6Vw3dJkD+7Q@mail.gmail.com>
	<BANLkTi=YnpD3EbSkOhxrLPtqmHFZP9vMSQ@mail.gmail.com>
	<BANLkTinkbJ+4Os3rwWnXr=Lyaxfys9z7yw@mail.gmail.com>
	<BANLkTimJtL9utJFOCEZH84Fgh5i2PkWOVA@mail.gmail.com>
	<BANLkTi=NdEvJ68fLtjHrW__Vph0XLbQ=Ew@mail.gmail.com>
Message-ID: <BANLkTimAOJ345kr2Bte7=c5QcwMDHDTHQQ@mail.gmail.com>

Hi Peter, all

Check out Tom Tom's Live Traffic product description - apparently this uses
feedback from 80 million mobile phones and 1.6 million Tom-tom devices with
their own mobile phone subsystem. Average speed trends on segments of road
indicate whether the road is clear or congested.

Presumably the Dutch police were buying an additional service, that told
them the actual average speeds. It seems like a good idea for the police to
have detailed information so that they can issue warnings when a motorway is
snarled up, or a traffic to/from a sporting event is causing disruption.

The Register article says the police identified roads with chronic speeding
problems from the data, and targeted those roads with radar speed checks.
On 28 Apr 2011 01:50, "Peter Fairbrother" <zenadsl6186 at zen.co.uk> wrote:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110428/4218b82c/attachment.htm>

From lists at internetpolicyagency.com  Thu Apr 28 07:51:29 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Thu, 28 Apr 2011 07:51:29 +0100
Subject: TomTom giving customer driving data to cops
In-Reply-To: <BANLkTimAOJ345kr2Bte7=c5QcwMDHDTHQQ@mail.gmail.com>
References: <4DB8B9A7.6030701@zen.co.uk>
	<BANLkTik7uXJLuVVhnR0Sq0u6Vw3dJkD+7Q@mail.gmail.com>
	<BANLkTi=YnpD3EbSkOhxrLPtqmHFZP9vMSQ@mail.gmail.com>
	<BANLkTinkbJ+4Os3rwWnXr=Lyaxfys9z7yw@mail.gmail.com>
	<BANLkTimJtL9utJFOCEZH84Fgh5i2PkWOVA@mail.gmail.com>
	<BANLkTi=NdEvJ68fLtjHrW__Vph0XLbQ=Ew@mail.gmail.com>
	<BANLkTimAOJ345kr2Bte7=c5QcwMDHDTHQQ@mail.gmail.com>
Message-ID: <FH5ITL4x5QuNFAvI@perry.co.uk>

In article <BANLkTimAOJ345kr2Bte7=c5QcwMDHDTHQQ at mail.gmail.com>, Tony 
Naggs <tony.naggs at googlemail.com> writes
>
>Hi Peter, all
>
>Check out Tom Tom's Live Traffic product description - apparently this
>uses feedback from 80 million mobile phones and 1.6 million Tom-tom
>devices with their own mobile phone subsystem. Average speed trends on
>segments of road indicate whether the road is clear or congested.
>
>Presumably the Dutch police were buying an additional service, that
>told them the actual average speeds. It seems like a good idea for the
>police to have detailed information so that they can issue warnings
>when a motorway is snarled up, or a traffic to/from a sporting event is
>causing disruption.
>
>The Register article says the police identified roads with chronic
>speeding problems from the data, and targeted those roads with radar
>speed checks.

And wouldn't this same information be available in the UK from all those 
Trafficmaster cameras?

I'm prepared to believe that the TomTom data doesn't overtly identify 
individual cars, they could be sending the police tracking data based on 
a token for each car, although you could still build up a picture like 
those iPhone maps we saw last week, and know where the car was parked at 
night.
-- 
Roland Perry


From lists at andros.org.uk  Thu Apr 28 10:33:09 2011
From: lists at andros.org.uk (Andrew McLean)
Date: Thu, 28 Apr 2011 10:33:09 +0100
Subject: TomTom giving customer driving data to cops
In-Reply-To: <FH5ITL4x5QuNFAvI@perry.co.uk>
References: <4DB8B9A7.6030701@zen.co.uk>	<BANLkTik7uXJLuVVhnR0Sq0u6Vw3dJkD+7Q@mail.gmail.com>	<BANLkTi=YnpD3EbSkOhxrLPtqmHFZP9vMSQ@mail.gmail.com>	<BANLkTinkbJ+4Os3rwWnXr=Lyaxfys9z7yw@mail.gmail.com>	<BANLkTimJtL9utJFOCEZH84Fgh5i2PkWOVA@mail.gmail.com>	<BANLkTi=NdEvJ68fLtjHrW__Vph0XLbQ=Ew@mail.gmail.com>	<BANLkTimAOJ345kr2Bte7=c5QcwMDHDTHQQ@mail.gmail.com>
	<FH5ITL4x5QuNFAvI@perry.co.uk>
Message-ID: <4DB93455.9060308@andros.org.uk>

On 28/04/2011 07:51, Roland Perry wrote:
> I'm prepared to believe that the TomTom data doesn't overtly identify 
> individual cars, they could be sending the police tracking data based 
> on a token for each car, although you could still build up a picture 
> like those iPhone maps we saw last week, and know where the car was 
> parked at night.
I suppose the police could be getting anonomised data at the individual 
car level. But that would require them to do a lot of processing to 
identify "speeding hotspots".

I think its a bit more likely that they would be getting statistical 
data along the lines of: "The number of cars per hour on this stretch of 
road travelling at an average speed between "90 km/h and 100 km/h is 
..., the number travelling between 100km/h and 110 km/h is ..., etc".

Andrew



From lists at internetpolicyagency.com  Thu Apr 28 14:47:21 2011
From: lists at internetpolicyagency.com (Roland Perry)
Date: Thu, 28 Apr 2011 14:47:21 +0100
Subject: TomTom giving customer driving data to cops
In-Reply-To: <4DB93455.9060308@andros.org.uk>
References: <4DB8B9A7.6030701@zen.co.uk>
	<BANLkTik7uXJLuVVhnR0Sq0u6Vw3dJkD+7Q@mail.gmail.com>
	<BANLkTi=YnpD3EbSkOhxrLPtqmHFZP9vMSQ@mail.gmail.com>
	<BANLkTinkbJ+4Os3rwWnXr=Lyaxfys9z7yw@mail.gmail.com>
	<BANLkTimJtL9utJFOCEZH84Fgh5i2PkWOVA@mail.gmail.com>
	<BANLkTi=NdEvJ68fLtjHrW__Vph0XLbQ=Ew@mail.gmail.com>
	<BANLkTimAOJ345kr2Bte7=c5QcwMDHDTHQQ@mail.gmail.com>
	<FH5ITL4x5QuNFAvI@perry.co.uk> <4DB93455.9060308@andros.org.uk>
Message-ID: <AMv5xGMp$WuNFAPO@perry.co.uk>

In article <4DB93455.9060308 at andros.org.uk>, Andrew McLean 
<lists at andros.org.uk> writes
>> I'm prepared to believe that the TomTom data doesn't overtly identify 
>>individual cars, they could be sending the police tracking data based 
>>on a token for each car, although you could still build up a picture 
>>like those iPhone maps we saw last week, and know where the car was 
>>parked at night.
>I suppose the police could be getting anonomised data at the individual 
>car level. But that would require them to do a lot of processing to 
>identify "speeding hotspots".
>
>I think its a bit more likely that they would be getting statistical 
>data along the lines of: "The number of cars per hour on this stretch 
>of road travelling at an average speed between "90 km/h and 100 km/h is 
>..., the number travelling between 100km/h and 110 km/h is ..., etc".

If they wanted the results presented like that, I expect they'd ask the 
supplier for their conclusions. The conspiracy theory is that they are 
getting the raw data too, but perhaps it's just a cock-up.
-- 
Roland Perry