[TriLUG] OT: lack of security at BofA

[Heath Roberts]

On Mon, Dec 22, 2014 at 9:46 AM, Joseph Mack NA3T <jmack at austintek.com>
wrote:

Just wait till chip and pin is introduced and the costs will be pushed onto
> the customers.
>

So, just to be pedantic, customers already pay the costs of fraud, it's
just rolled into merchandise prices and bank fees....

That said, what have you seen that suggests there's a change coming with
chip-and-PIN?

My understanding of the forthcoming change is that if a merchant doesn't
upgrade to chip-and-PIN-capable payment terminals, the merchant will be
forced to accept more of the cost of fraudulent transactions, but if they
do upgrade, the card issuer holds most of the liability (as today, albeit
with the real-world implications that Wes has suggested). I think (U.S.)
consumers are protected under (U.S.) law (I'm always a little amused when
my bank tells me it's doing something 'for my protection').

One of the shortcomings, in my opinion, of the switch to cards with chips
is that most US issuers won't be doing chip-and-PIN, but rather
chip-and-signature.

I think the total value of fraud goes way down when non-chip transactions
are eliminated (the card has a chip and the merchant has a chip reader),
but there's a transitional period when no-chip (mag stripe or number-only)
transactions are allowed for compatibility's sake and the fraud is merely
transferred to places that haven't adopted the chip readers (i.e. the U.S.)

Someone mentioned shoveling goods into shopping carts as quickly as
possible to get the most value out of a stolen number before it's disabled:
they're probably buying gift cards, not merchandise.

-- 
Heath Roberts
htroberts at gmail.com