The Return of Popular Electronics Magazine

game onto the customer and *not* a

announced it in the UK) I reported it to

to fake and impossible to verify its origin.

authentication system and has been

Anderson et Al.

In Australia, it isn't the merchants pushing it. It is the banks. As a merchant, I have no choice in the matter. I have to do what the bank wants, or take my business elsewhere.

The only problem I have found is that customers shy away from it as they think it may be a phishing attack as they aren't familiar with the procedure, or can't be bothered registering the password.

This is where my form ends up:

Of course if you try the URL, it will give errors because the transaction details are not provided on entry, but Mastercard's secure Australian gateway is the path for all of my credit card payments, no matter what brand.

If you click on the security key in your browser, you will see that the secure certificate is owned by Mastercard Worldwide.

The CC data is entered on the Mastercard site, and not on my site.

Cheers Don...

==================

--
Don McKenzie

Site Map:            http://www.dontronics.com/sitemap
E-Mail Contact Page: http://www.dontronics.com/email
Web Camera Page:     http://www.dontronics.com/webcam
No More Damn Spam:   http://www.dontronics.com/spam

These products will reduce in price by 5% every month:
http://www.dontronics-shop.com/minus-5-every-month.html
http://www.dontronics-shop.com/ics.html

Bare Proto PCB for PIC or AVR projects?
"I'd buy that for a Dollar!".

Interesting one in the UK where petrol stations had their payment machines tampered with by rogue engineer(s). Here is a quick precis on the Register which for obvious reasons doesn't disclose too many details.

I always use my credit card on sites that I do not trust or have had no previous dealings with. It is a lot easier to reverse if they don't deliver the goods than either a cheque or a Western Union transfer.

Regards, Martin Brown

Unfortunately that isn't true as the Cambridge researchers have demonstrated some of the data paths inside the terminal are not encrypted and are open to skimming if you can get inside.

You would never get any groceries in the UK then. Chip & PIN is it now.

Only offline retro places use the old paper trail stuff these days.

Regards, Martin Brown

If philthy ever manages to supply honest genuine commentary not stilted by his perverse personality I expect we will all swoon in disbelief

--
X-No-Archive: Yes

Phil's blow up sheep have turned up, in England:

--
You can't fix stupid. You can't even put a band-aid on it, because it's
Teflon coated.

But the bank will insist that you divulged the PIN number to someone so you are to blame.

I always use cash for groceries - certainly wouldn't use a credit card

- plus they are sooooo slow to process! It really gets me pee'd off when people buying a few dollars worth of stuff and using a card. OK if it's the whole weeks shopping though.

-- Sell your surplus electronic components at

Search or browse for that IC, capacitor, crystal or other component you need. Or find new components at

Yes. I agree the banks want to be able to blame their customers and avoid paying out on certain types of customer not present frauds.

I don't blame them. The whole architecture is flawed.

At least in the UK you have already agreed an amount, input your name, a credit card number and check digits before the VbV pop-up verification dialogue shows and it gives you no proof that it really is genuine and knows who you are.

Interesting over here the register during a transaction dialoge is owned by some random named corporate group whose name escapes me (not Barclaycard) which was how I ended up reporting it as a phishing scam. My next B'card statement announced this wondrous "improvement" to their service to me. As far as I can see it only benefits them!

That certainly varies. A lot of bigger companies take the basic data and then jump off to the VbV website in a pop-up dialogue.

Regards, Martin Brown

[snip]

In what backwoods location do you live? Around here any kind of card is faster than cash.

Yep. ...Jim Thompson

--
| James E.Thompson, CTO                            |    mens     |
| Analog Innovations, Inc.                         |     et      |
| Analog/Mixed-Signal ASIC's and Discrete Systems  |    manus    |
| Phoenix, Arizona  85048    Skype: Contacts Only  |             |
| Voice:(480)460-2350  Fax: Available upon request |  Brass Rat  |
| E-mail Icon at http://www.analog-innovations.com |    1962     |
             
I love to cook with wine.     Sometimes I even put it in the food.

jump off to the VbV website in a pop-up

We definitely land on the mastercard secure page before proceeding with the VbV stuff.

thanks for detailing that Martin, the systems certainly vary with what they have set up in Australia, and I would assume the US, as it uses the same US site certificate.

Cheers Don...

===============

--
Don McKenzie

Site Map:            http://www.dontronics.com/sitemap
E-Mail Contact Page: http://www.dontronics.com/email
Web Camera Page:     http://www.dontronics.com/webcam
No More Damn Spam:   http://www.dontronics.com/spam

These products will reduce in price by 5% every month:
http://www.dontronics-shop.com/minus-5-every-month.html
http://www.dontronics-shop.com/ics.html

Bare Proto PCB for PIC or AVR projects?
"I'd buy that for a Dollar!".

** Fuck off back to whatever rat infested sewer you swim in - asshole.

You have absolutely nothing to say to anyone.

.... Phil

You must live with DimBulb.

You must *BE* DimBulb.

Western Australia - we're two hours and twenty years behind the rest of Australia!

-- Sell your surplus electronic components at

Search or browse for that IC, capacitor, crystal or other component you need. Or find new components at

Indeed! ...Jim Thompson

--
| James E.Thompson, CTO                            |    mens     |
| Analog Innovations, Inc.                         |     et      |
| Analog/Mixed-Signal ASIC's and Discrete Systems  |    manus    |
| Phoenix, Arizona  85048    Skype: Contacts Only  |             |
| Voice:(480)460-2350  Fax: Available upon request |  Brass Rat  |
| E-mail Icon at http://www.analog-innovations.com |    1962     |
             
I love to cook with wine.     Sometimes I even put it in the food.

Are you? I'm not saying that credit card providers might not try to charge you and, of course, it is prudent of them to give the impression that you may be liable for unauthorized charges. However, has anybody reading this actually had to pay their credit card provider for a fraudulent charge?

I have assumed that, after a long wait on hold, a brief, determined phone call will result in any fraudulent charge being suspended and then reversed. Am I wrong?

KRW > Yep, it's the DimBulb twins, Dim and Dimmer.

Twins separated at birth?

I believe that most banks have a policy of writing off the $50 that they could (by law) hold you responsible for. It's probably not worth their time to do the required investigation, and it's probably good PR for them to say that their credit cards have a "no risk if stolen or the number is misused" policy.

That's the bank's prerogative, though, not the law. To be certain of preserving your rights, you should always report the fraudulent charge(s) to the bank in writing as soon as you notice them. The bank could (if they chose) hold you responsible if you don't do so... making a phone call is not legally sufficient.

Matters are likely different if the fraudulent charge comes from a merchant with whom you have a history of doing business (i.e. previous legitimate charges). In this case, the bank would probably treat it as a dispute over a purchase (i.e. quality or non-delivery of goods) rather than a pure-and-simple theft, and they may require you to jump through the hoops involved in attempting to resolve the dispute by working in good faith with the merchant. (Or, they may just say "OK" and issue a charge-back against the merchant... I've heard business owners complain that banks will often do this at the drop of a hat, without ever speaking with the merchant to find out what their side of the story is).

--
Dave Platt                                    AE6EO
Friends of Jade Warrior home page:  http://www.radagast.org/jade-warrior
  I do _not_ wish to receive unsolicited commercial email, and I will
     boycott any company which has the gall to send me such ads!

The "worst" that happened to me was that the card company discovered their database had been compromised, and they immediately canceled all the affected cards and then notified the customers. Not one customer lost a penny out of the fiasco, and i think the card company did not suffer much loss from fraudulent transactions. They were really on the ball; heard of cases where it was a true disaster like an avalanche.

...

Yup! The charge will go through, you have to fill in a form and wait weeks for resolution. Even if you cancel your card on the spot, that fraudulent charge will go through, and you have to wait weeks for resolution via the claim form.

This is the info I got from my bank when I tried to hold/stop a suspected fraudulent web site charge from going through.

The banks attitude is that any charge on your card will be paid, and your only option is to register a complaint about that charge -- they refused to stop a charge from going through.

I was lucky in that email to the site concerned resulted in a refund made by the site, and they amended their confirmation email text that triggered my "I've been had" response to the bank.

Trust me, I have had all too many brief and long determined phone calls to my bank, and am awaiting the outcome of an FOS claim. But the ombudsman is run by the banks, for the banks, I don't see any resolution there either.

Banks are on the nose -- they invent new charges all the time and are creaming off way too much for their services. Apparently with the Govts blessing :( The banks cover themselves for CC fraud with the high interest rate -- they don't care about the individual in potential short term disaster.

Grant.

It's up to the merchant to prove their side of the story when confronted by a charge-back. Trouble for merchants may be lack of signature for Internet orders, I've been asked to provide extra info by a couple computer companies -- the guy I spoke with when he phoned had been taken for too much, needed the info.

Another company simply cancelled the order when I queried the terms of their credit card extra info requirement. They seem to feel better off losing a sale than arguing the point. Seems stupid to me, but I dunno how bad it is for the merchant, to favour losing sales over risking bad transaction. I think one could fake their extra ID requirements if one wanted to do the dirty -- but they obviously survive with a policy of no new customers wanted.

Grant.