Allen wrote:
I don't know what the policy is in Ireland, but here in the USA there
is no stop loss on debit cards so the banks are not obligated to make
good on fraudulent withdrawals. I believe that most have out of fear
of bad PR, but you have to fight for it if it is just a few that it
happens to. If this happens too much then people might stop using
debit cards. I have advised my mother, 87, to not use them as she is
getting a little slow on the uptake and might miss something like this
if it happened to her.
Now to show how screwy the system is, I was shopping the other day and
the power went off in the grocery store I was at. They had backup
power so they were able to check out people; however, they couldn't
use debit cards, except.... Well, the screwy thing was if you entered
the charge at terminal as a credit card, even when it was only a debit
card, it would accept it. I checked my bank, and sure enough the
charge showed as a POS charge!
I think the logic is a little screwy and might be able to be exploited
though I'm not sure how at the moment.
in theory "signature" debit (i.e. debit transaction w/o PIN) and credit
could both work ... since they both go thru the same way.
pin-debit goes thru in real time and the merchant has assurance that the
transaction has been approved (and pin authenticated). as a result, the
interchange fee is much lower ... because the related risk/fraud is
presumed to be much lower.
signature debit and credit basically go thru the network the very same
way. the machine (either the actual POS terminal or a store controller)
remembers all the transactions and there is periodic batch "settlement"
(end of shift, or end of day). Settled transaction may or may not have a
separate, associated "real time authorization" transaction.
The merchant pays extra charge for each "real time authorization"
transaction (which tend to be credit card specific regarding whether the
account is active and the new transaction is within the card's credit
limit or "open to buy").
the associated "interchange fee" is lower on transactions with "real
time authorizations" (presumably transactions with "real time
authorizations" tend to have lower risk/fraud). However, transactions
may also be settled w/o an associated "real time authorization" (which
will have a higher interchange fee since there is presumption of higher
risk/fraud). there are some old merchant "small fraud" stories ... where
the merchant claimed in the settlement transaction to have a separate
"real time authorization" ... when there wasn't one (they got both the
lower interchange fee w/o actually having to pay for a real-time
authorization transaction ... this was before some financial
institutions had the ability to reconcile the information).
All have associated risk/fraud ... one of the tricks is for the
financial institution to appropriately adjust the interchange fee to
cover the financial institutions associated risk.
There has been recent congressional hearings, EU anti-trust actions and
merchant complaints that the financial institutions have adjusted the
interchange fees way over what is needed to cover the associated risk.
There were snide articles that financial institutions are making
significant profits off of the risk adjusted interchange fees. 2-3 yrs
ago supposedly something like 40percent of US financial institution
bottom line was coming from these (risk adjusted) interchange fees ...
and for many retailers it represented their single largest expense.
this is been highlighted in the significant expense going into TV spots
to promote "signature debit" .... since the "interchange fee" and
especially the profit is significantly higher (vis-a-vis pin-debit).
some of this was discussed in the "bank fraud blame game" thread that
went on in this mailing list
last june, july ... my posts archived here.
http://www.garlic.com/~lynn/aadsm27.htm#31 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#32 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#33 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#34 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#35 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#37 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#38 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#39 a fraud is a sale, Re: The
bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#40 a fraud is a sale, Re: The
bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#41 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#42 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#43 a fraud is a sale, Re: The
bank fraud blame game
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
