Thursday, September 16, 2004

It's the Channel, Not the Code.

Yesterday British newspaper The Guardian reported that:
"The introduction of new technology designed to make credit cards safer is fuelling a mini boom in card fraud caused by the banks sending out millions of chip and pin replacements - thousands of which are going missing.
New technology? The chip/pin debitcard has been around in Holland as far as I can remember, which isn't that long, but still. It has been very populair, and brings a relatively low level of fraud. Specially compared to the current scheme in England, where you sign a receipt when paying for goods.

The article reports on a security hole in the chip/pin system, which I recently kind of experienced myself: not in the technology itself -though there is- but in the not-so-secure delivery of both the debitcard and its chip/pin key. Banks deliver them by ordinary mail, leaving ample room for interception and subsequent fraud (the article speaks of £43.4m "mail non-receipt fraud" in 2003).

Yesterday I picked up my renewed creditcard and its activation code (2 seperate envelopes) and a new pin debitcard (1 envelope) at my former addresss. They where both sent there because my bank did not recognise my signature on the moving notice I sent them. I've been using this signature for years, and now I receive a letter, at my old address, saying that it wasn't validated and my address can't be changed. They want me to put my signature on some kind of special security form, presumably so they can establish that it's still the same "wrong" signature, and reject it for a second time. And a third time, a fourth, a fifth...

In the meantime my credit card and debitcard have been laying up for grabs at my old adress. (Especially great, since my former room mate is a nutter with a lust for money.) This is not even fraud through interception in a non-secure channel, but non-arrival through ineffective verification methods. Isn't that why a pin code scheme was introduced in the first place? Well no, but maybe it's time. And maybe I'm just being punished for signing some of my money orders with Donald Fuck in a far far, childish past. They came through, but technology has "improved" since then, I guess.
Any suggestions what to sign on that security form?
- - -
Thru The Register


Post a Comment

<< Home