Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Get back to us when there's a major practical breach of a chip-and-PIN system and consumers aren't compensated.


"It's okay that the protections we are used to being afforded aren't afforded to us anymore, because this system hasn't been hacked yet."


No. Because when this system is hacked, protections will be afforded to us.

Can you even imagine the media storm in the EU or some other similarly consumer-friendly location if the evil American corporations don't compensate consumers for fraud of no fault of their own like they used to? Millions of people would mail in their cards. This is simply not going to happen.

I'm in Canada and a colleague had her wallet stolen from a locked car, PIN changed over the phone (that's a whole another subject) and purchases made. Faced with a police report confirming the story and possibility of bad press, you think the processor, the issuer, and the merchant won't budge? They budged.


>They budged

See, with the current system, there's no need for "budging". Several times I've had unauthorized charges show up (both Visa and Amex). A quick call, and it's sorted out.

If you've got to invoke the possibility of bad press, that sounds absolutely worse for the consumer.


I was giving an example of a more difficult situation to dispute, with card present and the person's personal information available for PIN reset. Electronic charges with card not present are easy to dispute anytime.

You have as many protections as your issuer decides is good business to give you. You can dispute a transaction but they can rule against your claim.

Try disputing a card present transaction in a Rite-Aid on a card with a $1000 limit and get back to us about consumer protections.


I've disputed a $6000 "card present" transaction at a physical store about 20 miles away from me. AmEx determined the card must have been cloned and sent a new one out immediately. There was no hassle involved: "Nope I haven't been to that town." And done.


You have no idea why I gave the example I did, do you?


Then, if they are going to afford the protections anyway -- they should afford them in writing and contractually.

This way, they could only partially refund and say that we're lucky to get anything at all.


There have probably been small-scale compromised of chip-and-PIN in the UK already due to a design flaw allowing purchases to be made without knowing the PIN. (We don't know for sure since the banks involved erased the logs that would confirm it.) The customers wound up liable for the transactions.


Interesting; I've tried searching but all I'm finding are technological faults, not articles about consumers liable. Can you link or give names to search? Closest I've found is http://www.theguardian.com/money/2012/may/04/banks-pin-card-... and it looks like the card-resend story that would only have been worse with a swipe-and-sign.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: