Card transactions by proxy

Roland Perry lists at
Thu Mar 31 13:01:59 BST 2011

In article <op.vs7d50f76hl8nm at>, Charles Lindsey 
<chl at> writes
>> At the most fundamental level what's happening here is that a 
>>"Cardholder not Present" transaction is being conducted with the 
>>cardholder present. That's against the rules.
>But is sometimes necessary. At a merchant I use from time to time, his 
>terminal routinely does not like my card. So he (with my agreement) 
>gets  around it by performing a "cardholder not present" transaction.

That's not the correct way to handle the situation. The fallback is a 
signature transaction.

>The only  real difference is that he needs to see and use the security 
>code on the  back of the card.


>But any merchant who takes your card and inserts it into  his normal 
>"cardholder present" terminal can easily glance at the back of  the 
>card and memorize it.
>I think in the case under discussion, the agent should say "we cannot 
>proces your card directly here, but we have a PC

which might well have a keylogger, either intended or unintended.

>that you can use yourself  to make a 'not present' transaction".

Run away!!
Roland Perry

More information about the ukcrypto mailing list