Card transactions by proxy
Roland Perry
lists at internetpolicyagency.com
Thu Mar 31 13:01:59 BST 2011
In article <op.vs7d50f76hl8nm at clerew.man.ac.uk>, Charles Lindsey
<chl at clerew.man.ac.uk> writes
>> At the most fundamental level what's happening here is that a
>>"Cardholder not Present" transaction is being conducted with the
>>cardholder present. That's against the rules.
>
>But is sometimes necessary. At a merchant I use from time to time, his
>terminal routinely does not like my card. So he (with my agreement)
>gets around it by performing a "cardholder not present" transaction.
That's not the correct way to handle the situation. The fallback is a
signature transaction.
>The only real difference is that he needs to see and use the security
>code on the back of the card.
Noooo!
>But any merchant who takes your card and inserts it into his normal
>"cardholder present" terminal can easily glance at the back of the
>card and memorize it.
>
>I think in the case under discussion, the agent should say "we cannot
>proces your card directly here, but we have a PC
which might well have a keylogger, either intended or unintended.
>that you can use yourself to make a 'not present' transaction".
Run away!!
--
Roland Perry
More information about the ukcrypto
mailing list