Thread: Swipe 'n' PIN
View Single Post
  #1  
Old February 1st 10, 12:32 PM posted to uk.finance
Clifford Frisby
external usenet poster
  
Posts: 109
Default Swipe 'n' PIN

Just to add another thread on credit card security, I wondered what thoughts
there might be about this.

I went to PC World (yeah, I know) to pick up an item I'd reserved on their
website.

There was a chip'n'pin keypad there, but when I tried to stick the card in
the assistant wanted to take the card from me with with the intention of
swiping it through a separate device which was also sitting on the counter.

I said that if they put the entire magstripe through that or any device,
then I wouldn't be prepared to input the PIN and they'd have to take a
signature. This offer was refused. I explained about the risk (from my
P.O.V.) of card cloning, but this was met with bemused indifference.

Interestingly, he said that all the chip readers in the keypads had been
disabled and replaced by these additional devices, throughout all PC
World stores, at head office behest, and that this was due to instances of
fraud, which I presume must have involved the keypads.

A supervisor (or manager) was called, and I explained the problem again,
perhaps not very well, as they seemed to think I would be reassured by the
prospect that I *would* have to enter my PIN (on the keypad device into
which I wasn't allowed to insert my card), and that the swipe device also
had a chip reader in it (which I did not really doubt, but it wasn't the
point).

They did let me stick the chip into the keypad, and it had no effect on the
LCD display, so I have little doubt the chip reader had been disabled.

They tried to allay my concerns about fraud by saying that that would
require someone working in the store to be complicit. I said that, whether
or not that was true, it didn't cut any ice because they had already
explained that the whole reason for disabling the chip reader in the keypads
was due to fraud -- why wouldn't the same argument apply?

Anyway, they refused to take a signature in lieu of PIN, and I refused to
let them take the card for swiping.

So, was I being churlish in not letting them swipe the card?

I'd like to get Barclaycard's opinion, but it's an 0844 number to call, and
the 'secure message' facility on the website simply doesn't work. (Perhaps
the latter is something to do with the former!)
Ads