[TriLUG] OT: lack of security at BofA

[Joseph Mack NA3T]

On Mon, 22 Dec 2014, Wes Garrison wrote:

> I will take Aaron's position one step farther and say that ALL of the costs
> are pushed back on the merchant

Until yesterday and on talking with Tim at Intrex, I had not thought about the 
vendor's role in this. I had assumed the vendor's only costs were the processing 
fees ( which I thought were about 2% of the transaction).

As far as the transaction is concerned, the credit card part is an agreement 
between the customer and the credit card bank. The vendor's only role is to 
declare the amount of the transaction. It would seem that the methods used by 
the banks to authenticate the customer are hopelessly inadequate from the start 
and are decades behind the fraudsters. When authentication fails and fail it 
must, the banks being bullies, push the cost on the vendor, who is only a 
witness to the transaction and has no power to prevent fraud.

Bank of America yesterday showed no understanding of authentication in their 
interaction with me. I'm not surprised they can't authenticate customers at the 
PoS.

Yesterday I wondered how banks could make money with the costs of fraud (which I 
estimated were 1% of the transactions). Now I see that fraud doesn't cost them 
anything. They push the costs on to the vendors.

Just wait till chip and pin is introduced and the costs will be pushed onto the 
customers.

Joe
-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) austintek (dot) com - azimuthal equidistant
map generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!