A few months ago, Australia was introduced to the new ‘paypass’ technology. No longer do we need to enter a PIN when making payments using our bank cards (cash cards etc) – simply wave your card in front of the ‘machine’, your transaction is processed and approved.
The thought of not having to ‘authenticate’ the use of my card, leaves me cold – who’s to say that my card hasn’t been appropriated by someone and is being used fraudulently? To me, the minimum security required is “something you have” (the card) and “something you know” (the pin / password)…. Why would you ask for anything less? The protection offered to myself and the trader is well worth the few extra minutes it takes to enter a PIN and wait for it to be authenticated.
My concerns were raised further when I read an article on Forbes: Hacker’s Demo Shows How Easily Credit Cards Can Be Read Through Clothes And Wallets
Today, I was stunned when I went through the checkout at my local Coles; put my credit card into the machine and was not prompted for a PIN! When I questioned it, I was told “oh, we don’t require a PIN for transactions under $35”! Well, I do!
I rang my bank, NAB, and raised my concerns about the liability that such a decision has left me open to. The NAB client service representative told me:
The merchant dictates whether a PIN is required or not
Excuse Me? The merchant dictates and the Financial Institution allows it?
Credit Card Fraud is on the rise: According to the Australian Bureau of Statistics Personal Fraud Survey for 2010-11, 3.7% (662,300) of Australians were victims of credit card fraud (in the year prior to June 2011), a 50% increase from the 2.4% in 2007.
Yet, our Banks are allowing merchants to dictate that PIN’s or other authenticating factors are not required…. What does this say about the state of our banking system?
I, as the card holder who has accepted the liability for its use, can’t insist that the basic protections that I was offered when I entered into an agreement with the bank are enforced. I am at the mercy of the merchant!
To rub salt in the wound, I was told that “everyone is doing it”! As my Mum and Dad used to say to me:
If your friend jumped off the roof of the building, would you?
Just because “everyone is doing it”, doesn’t make it the right thing to do. Sometimes, we just aren’t aware of the repercussions of our actions and sometimes the impact of those actions doesn’t become obvious for a while (tobacco for instance) but when it does, a big hue and cry ensues.
Certainly, the banks won’t hold the card holder responsible for any fraudulent transactions on their card – if you can prove it’s a fraudulent transaction. However, what gets forgotten in all of this is the time required to investigate the potential fraud and the sheer inconvenience of having to cancel a card and have it reissued.
It appears this is a national thing – certain merchants and all banks are complicit in this decision to expose Credit Card holders to this level of liability.
If you are as concerned as I about this lack of security – tell your bank or financial institution. Make a noise about it and don’t just settle because “everyone is doing it”….
What are your thoughts?
It’s not just the customers who suffer but the merchants too. I had a situation last year when someone was processing stolen credit cards (many of them) on my shopping cart and I had no way of knowing that was the case, till I got chargeback requests several weeks later through the NAB. I was not happy and it seems that the banks do nothing to protect the customer or the merchant. They’re basically just in it for themselves. Not happy Jan…
That was my other thought Kathie — were’s the equality for the merchants? I know how many hoops I had to jump through to get my merchant facility and take payments online — and I’m pretty certain that I wouldn’t be able to say “no PIN”…. There is something sadly lacking in the whole process.