Random Rants LXXII - What is wrong with us?

[Valka D'Ur]

In the US a lot of places will give the option to use your debit card as a debit card or as a credit card. If you choose credit, then the machine usually won't ask you for a PIN.

So when you use credit cards, how do you prove the card is yours and not stolen?

 

[CKS]

You don't. You hope that either you or the credit card company notices that you didn't make that charge if someone uses your stolen card or number. Fraud protection with a credit card is pretty good, but nobody is checking at the cash register at all.

 

[rah]

My bank issues a debit card for use in their ATMs. That's all I will ever use it for, since as previously mentioned, it's less secure.

For truth in advertising, our phone rang the other day and we have the caller ID feature on our cable so the it popped up on the screen "internet scam" as the caller.
My wife and I had a good laugh.

 

[Valka D'Ur]

You don't. You hope that either you or the credit card company notices that you didn't make that charge if someone uses your stolen card or number. Fraud protection with a credit card is pretty good, but nobody is checking at the cash register at all.

That's crazy. The reason I don't use my credit card while shopping around town is because I can't remember the PIN number. No PIN, no purchase. And some stores will only take a driver's license as photo ID, and I don't have one. So I have to write down whatever it is that I want to buy, and do it at home, where I don't need to know the PIN.

 

[cardgame]

Your credit cards have PIN numbers?

 

[Synobun]

Yours don't?

 

[cardgame]

Not that I remember, no.

 

[hobbsyoyo]

Your credit cards have PIN numbers?

Yours don't?

This is a major problem with US retailers. The chip and PIN system has only been rolled out half-assedly by US banks and retailers. The whole point of the system was to have the PIN as your second layer of authentication as the chip itself can't stop someone from using a stolen card without it.

As shown up thread, even debit cards here retain the vulnerability of half-assed implementation of the chip and PIN standard because you can change the card type in the terminal at point of use and credit cards still don't have mandatory PINs themselves here.

Very frustrating

 

[rah]

Hope they never ask me because I don't know the pin on any of them. Only on my debit card since I use it at atms

 

[JohannaK]

Every machine invariably asks for the PIN here. I have a debit card and cant remember the last time I didnt need the PIN for a physical store purchase.

 

[Kyriakos]

Pins seem generally useless as security. Aren't they always 4 numbers? 10^4 different combinations, ie 10000. Assuming the thief isn't of the basic brainless thug type, they can (i suppose?) use electronics to steal the pin anyway. Afaik the actual ATM will lock and take your card away if you insert a wrong pin combo a few times.

 

[The_J]

Yeah, that's why the 4 digit code is not a problem, because you cannot try it endlessly. If you could...insecure af.

EDIT: Minor rant:
I've been working on a pretty useless publication for some time. Useless, because we didn't find anything interesting. Still want to publish it, because...we spent money and time on the data analysis.
So nearly everything was in the meantime prepared, more or less, for a rather useless journal too.
Now we saw the notification that from the end of the month on, that journal will not anymore do this type of publications.
Oh great, so I had to work further on Saturday evening on that for a few hours, and now we'll need to see if we can get it fast enough to the co-authors and get their agreement too.
Brilliant .

 

[JohannaK]

10^4 is 10000 possible combinations, not 1000. But yeah, not the most safe without redundancies.

 

[Kyriakos]

10^4 is 10000 possible combinations, not 1000. But yeah, not the most safe without redundancies.

Of course. I am not some lowly engineer so basic and meaningless arithmetic errors are part of the course.

Yeah, that's why the 4 digit code is not a problem, because you cannot try it endlessly. If you could...insecure af.

Is there no way to break it using not (obviously) typing it up to 10000 times, but with help of some other electronic gadget? It doesn't seem like sci-fi tech to me.

 

[rah]

A lot of systems will only let you try 3-4 times in a short span before it locks out the account. (unlike what they sometimes lead you to believe in the movies)

 

[Synobun]

Brute-forcing individual PINs would be an insane waste of hours. Better off just investing in an ATM skimmer. Smart crime is good crime!

 

[Takhisis]

And that's a problem because...?

You have an issue with Irish warblers?

It means that she now has a reason to try and fight over control of the radio.

 

[Commodore]

So when you use credit cards, how do you prove the card is yours and not stolen?

Technically, merchants are supposed to ask for your ID when you use a credit card to verify you are an authorized user of the card, but none of them ever do.

 

[Valka D'Ur]

Technically, merchants are supposed to ask for your ID when you use a credit card to verify you are an authorized user of the card, but none of them ever do.

Why?

 

[Commodore]

Why?

Why don't they do it? Laziness and apathy. You really think some cashier making minimum wage and hates their job is really going to care about whether or not someone is using a stolen credit card?