Thread Options
|
#214623 - 07/22/04 10:49 PM
Re: Phishing
|
Platinum Poster
Joined: Feb 2002
Posts: 582
USA
|
Up at the top of the page it says something like click to read a reg. Do that and then select Reg. E. I haven't read it lately but I believe stupidity is covered. I know you're stuck if the customer writes the PIN on the card. I'm just not sure about fraud cases. If it were check fraud, instead of electronic, who would take the loss?
|
Return to Top
|
|
|
|
#214624 - 07/23/04 12:05 AM
Re: Phishing
|
10K Club
Joined: Oct 2000
Posts: 27,750
On the Net
|
The customer didn't provide her information for the purpose of authorizing any withdrawal. This is not unlike writing your PIN on the card and leaving it on the table. Yes, likely it is a valid claim. The customer's liability as defined in the Reg. can apply. If this was a V/MC branded card and it followed those rules, you may have complete liability.
Searching here on Reg. E will yield many threads on this topic.
_________________________
AndyZ CRCM My opinions are not necessarily my employers. R+R-R=R+R Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell
|
Return to Top
|
|
|
|
#214625 - 07/23/04 01:26 AM
Re: Phishing
|
10K Club
Joined: Oct 2000
Posts: 10,180
Toano, VA
|
Sad stories like this make you wonder if debit cards should work more like driver's licenses: you don't get one until you pass a test and it's revoked if you exhibit reckless behavior. If customer's valued the priviledge more, maybe they would look twice before handing the keys to the bank to criminals.
_________________________
...gone fishing.
|
Return to Top
|
|
|
|
#214626 - 07/23/04 03:05 PM
Re: Phishing
|
10K Club
Joined: Oct 2000
Posts: 27,750
On the Net
|
So DUI would be "Debiting Under the Influence" and you could lose your card for that?
_________________________
AndyZ CRCM My opinions are not necessarily my employers. R+R-R=R+R Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell
|
Return to Top
|
|
|
|
#214627 - 07/23/04 04:38 PM
Re: Phishing
|
10K Club
Joined: Oct 2000
Posts: 10,180
Toano, VA
|
Maybe a warning. "Debiting at Dubious Destinations" would be a much more serious offense, however. This would get you an automatic suspension for long enoug to see how many Reg E losses the bank has to eat. If no fraud losses materialize, you would get your card back and be put on payment probation.
_________________________
...gone fishing.
|
Return to Top
|
|
|
|
#214629 - 07/26/04 11:08 PM
Re: Phishing
|
Anonymous
Unregistered
|
What types of transactions are we talking about? Do you issue MC/Visa branded debit cards so you and your customer would be protected by chargebacks? Even with the pin number given over the internet, the crooks should not be able to create a valid mag stripe to be able to use the pin number for any transactions, unless you do not use security checks with your magstripes. The transactions should be keyed.
|
Return to Top
|
|
|
|
#214631 - 07/27/04 04:17 PM
Re: Phishing
|
Anonymous
Unregistered
|
I do not know how to link a previous post or I would. We had a customer do the exact same thing. I posted my original question on 06/02/04. If you search for "Reg E Need Help" you should find it addressed. You will not like the answer, but it is there.
|
Return to Top
|
|
|
|
#214632 - 11/09/04 03:55 PM
Re: Phishing
|
Anonymous
Unregistered
|
our bank had a customer who's debit card number and PIN were used at an ATM in Romania. Debit cards can be made.
|
Return to Top
|
|
|
|
#214633 - 11/10/04 01:08 AM
Re: Phishing
|
Power Poster
Joined: Mar 2001
Posts: 5,063
Pennsylvania
|
Quote:
What types of transactions are we talking about? Do you issue MC/Visa branded debit cards so you and your customer would be protected by chargebacks? Even with the pin number given over the internet, the crooks should not be able to create a valid mag stripe to be able to use the pin number for any transactions, unless you do not use security checks with your magstripes. The transactions should be keyed.
Crooks can not make a valid mag stripe for Visa or Mastercard purchase transactions, there is a code that the customer can not disclose that prevents this. HOWEVER, they can complete debit card or PIN based transactions with a duplicate card. The code on the mag stripe is not verified on ATM type transactions, so it is possible to create a counterfeit card with the card number and PIN. You can also see fraudulent Visa/MC purchases if the customer disclosed the security code on the back - they would be card not present transactions. We dispute the point of sale purchases, but the ATM transactions are write offs. We have seen these types of transactions in Ireland, Romania, Germany, Canada, and California.
_________________________
Knowledge is knowing what to say. Wisdom is knowing when to say it.
|
Return to Top
|
|
|
|
#214635 - 11/11/04 08:23 PM
Re: Phishing
|
Anonymous
Unregistered
|
Is there truly nothing banks can do once the customer has given out the information? I really do feel for the customer but I also don't think the bank should bear the loss for the customer's actions. Not only do we have to refund the money for the amounts debited but I'm assuming that we must return the overdraft charges assessed. . .plus there is the value of the time that our employees put in researching and correcting the matter. I can't believe that the customer has virtually no liability! Granted, he/she is in a bad situation, but we're a small community bank that has been hit by three of these situations in the past two days and we can't afford it either! Does anyone have any suggestions of steps we can take? There's usually a loophole somewhere. . .
|
Return to Top
|
|
|
|
#214636 - 11/11/04 09:19 PM
Re: Phishing
|
Platinum Poster
Joined: May 2004
Posts: 833
Michigan
|
Welcome to the club. I search all debit card transactions every morning for anything with a foreign (overseas) code. When I get a hit I have the branch try to track them down. If they're not overseas we hot card them and get them a new card - and some instructions on keeping it safe. It's not foolproof but it's better than nothing.
So far we've been successful at limiting the crooks to one transaction per card - but even that gets expensive.
I feel your pain!
_________________________
If you approach life with pure logic you can avoid almost all of the fun.
|
Return to Top
|
|
|
|
#214637 - 11/12/04 11:42 PM
Re: Phishing
|
Anonymous
Unregistered
|
The non-branded debit card community should learn from what the credit card community has done for years and place an additional security verification code on the mag stripe, such as Card Validation Code (CVC/MC) or Card Validation Value (CVV/VISA) - a simple 3 digit code on the mag stripe matched to the account through a logrythim. Anything to help in validating the magstripe is authentic. Debit and Credit cards are used at the same terminals so nothing has to be updated on the merchant side to include this information in the authorization. Yes, the CVV/CVC and pin numbers can still be compromised by ATM skimming schemes, but the volume of these are much lower.
|
Return to Top
|
|
|
|
|
|