cbn42

Can you show me an example of a court that has accepted this?

garyschmitt

The link I have is down, but it's covered in wikipedia.

emma69

You can still use a keyed number in chip and pin machines (if the chip has been damaged for example), and I imagine you will always be able to do that, until they invent cards where the chip / strip cannot be damaged.

cbn42

The wikipedia article clearly states that this was a problem with British law (which has now been fixed).

Essentially British regulators failed to update the liability policies when chip-and-pin came out.

It has nothing to do with any inherent legal principles.

It also has nothing to do with the US, or any other country.

garyschmitt

It's already been explained to you that there is no US case law on this. When you later asked for an example of "a court" decision, this means any court, so I gave you what you asked for. Apparently it's not what you meant to re-ask for. If you insist on getting case law, the most relevant (in fact only) case law you'll find is from a foreign court with similar legal principles and similar statutes with respect to the case.

So far you've just been an energy drain in this thread. You've brought ideas that are inconsistent with US legal principles, and you've shown no basis for this; and shown nothing that even attempts to convince. Yet you've demanded evidence to the contrary, trying burden others to do your research. If I'm going to spend copious time to digging through case law, it's not going to be used to gather esoteric and obvious data that I already have confidence on. Do your own research, and come back to us when you have something compelling.

First of all, of course it has to do with the UK, because that where the law changed. The UK is where consumers were burned before law (that was 15-20 years past due) was implemented.

You've been told the US-specific data on this is in the statutes. And specifically, you've been told that the US statutes are as favorable to the consumer as the pre-2009 British ones, which do not include a higher standard of evidence to prove legitimacy of PIN authentication. Regulation E does not add the missing PIN forgery protections.

Proving a negative is 10-100 times the effort of proving a positive. Since you're convinced of the positive (that US law covers the PIN forgery protection I'm claiming is absent), do some research, and cite a specific legal reference for the statute showing this protection, which can be leveraged with Regulation E.

cbn42

This thread is entitled "US credit cards...". So it is presumed that we are talking about the US.

The legal principles may be similar, but the statutes are completely different.

Such comments are not necessary.

You have done no legal research whatsoever. You have given us two links: one to a news article that no longer exists, and another to a wiki article anyone can edit. And you are criticizing me for not providing evidence and research?

US law simply lays out the rules for liability. All relevant regulations (including EFTA, aka Regulation E) say ABSOLUTELY NOTHING about the verification method. The transaction could have been done with a PIN, with a signature, over the phone, or with a manual imprinter. The law doesn't care. Regulation E was intentionally written in such a way that it applies no matter what verification method is used, so that it can be adapted to new technology.

Here is the text so that you can confirm this for yourself.

http://www.fdic.gov/regulations/laws...6500-3100.html

kebosabi

IMO, signature verification these days is a vestigial remnant from the early days when credit cards were first issued back in the 1950s where graphology was actually considered "solid science."

No one hardly ever checks signature these days especially when credit/debit cards has become so common that everyone from the uber-rich to the low-income food stamp recipient has one (what, poor people can't open bank accounts and have VISA debit cards? ).

If credit/debit cards have becomes so common, no minimum wage cashier is going to spend extra time actually checking the signature on the card anyway; they're more worried about getting through to the next Joe in line behind you. Just look at the Costco "awards" on how many customers per hour a cashier could process.

The signature verification is outdated and isn't in line with actually detecting fraud these days. Any would-be crook can skim a card, copy the mag-stripe data over to a blank card, and sign for an item with any signature. No one checks anyway.

Sure, in theory merchants have to check signatures as verification. Reality is, the low end minimum wage earning cashiers don't give a hoot.

garyschmitt

This is a false dichotomy fallacy. Talking about the US does not necessarily entail neglecting other countries. If I talk about the UK, it doesn't mean the discussion cannot bring up the US, or vice versa. I might even use both countries in the same sentence if just one of them is under discussion, despite the subject line. As previously pointed out to you already, you received your US-specific answer to the same question already, you asked again amidst a discussion that transgressed into other states (and rightly so), and you got what you asked for.

If you didn't ask for what you wanted, then ask for what you want -- but please don't repeat answered questions, it wastes everyones time.

Different in what sense? The statutes are the same where it counts. In regards to the code that matters, both statutes (UK pre-2009 and US today) are missing PIN forgery protection.

Then show us something. Stop expecting others to do your research for you. Instead of stating position, then restating position, then restating position, try backing up your claims with something convincing.

Of course I have. You have not, and your the one making a positive claim here.

There isn't much one can do to prove that something does not exist. I pointed out regulation E. (Does that not count because I didn't post a link to it?) I described what was missing from regulation E. Would it help if I had given you a link to some highlighted whitespace in regulation E?

Precisely the problem. This is the point I've tried to get across.

Sure, and perhaps rightly so, but it needs to be supplemented. This only means you're looking in the wrong place, which is why you've failed to show anything meaningful. Regulation E is only triggered if you actually have a fraudulent transaction to begin with (which must be judged as such).

Is this an attempt at getting credit for doing research? You're just going to post the first google hit on the section of code that I've described here? I've of course read regulation E (note that I previously described its limitations). This only supports my point. You're focused on the bit of statute that fails to support your claims because it's orthogonal to what you've said.

You're claiming protection from PIN forgery exists -- now show us where. Which statute do you believe guides the court to find that a matching pin is insufficient for determining that a transaction is not fraudulent?

cbn42

As I said earlier, the statute is completely general and does not specify any particular verification method. Therefore, it applies equally to all methods. It does not need to explicitly state that a matching PIN is insufficient for determining that a transaction is not fraudulent. Is there a statute that says that a matching signature is insufficient for determining that a transaction is not fraudulent? Of course there isn't, and yet you are protected when you use a signature. If there doesn't need to be a specific statute for signatures, why do you expect one for PINs?

(I'm not going to bother replying to all the other lines in your post, because we are just going around in circles with those points and not getting anywhere.)

garyschmitt

I was the first to say it, and indeed this is the problem. Why you are still talking about the wrong statute at this point is beyond me.

This is a false cause fallacy. The liability is the same once it's been established that you have a fraudulent transaction.

Again, because you're looking at the wrong code. Reg E only sets out liability once it's been established that you have a fraudulent transaction.

This proves my point. The fact that matching sigs confirms authorization gives banks a means to prove the legitimacy of a charge. The Uniform Commercial Code requires the bank to obtain authorization, and the hand-written signature gives them a means to both grant the authorization and also prove it. Have a look at UCC § 3-401 and UCC § 3-403. There is no corresponding section for PINs, and all you have is the same blunt law for both hand-written signatures and "signatures made by device or machine".

As stated previously, showing proof of customer authorization is a sufficient burden when signatures are hand-written (obviously they must first pass the judgment of the untrained eye, and then if there's any resemblance at all the cost of the professional analyst adds to the burden of proving that authorization was obtained). Showing the same when the instrument is simply authorized by PIN entry is obviously profoundly trivial under the same standard of evidence -- and indeed we are using the same standard of evidence for both, as you've finally acknowledged by conceding that the law is the same for both.

It's not really a circle if you neglect what I said and instead recycle a refuted claim. It's a circle with a gap because you have not addressed my points.

cbn42

The Uniform Commercial Code is applicable only to negotiable instruments. By definition, a credit card is not a negotiable instrument, as explicitly stated in UCC § 4-104 (a)(9). The Uniform Commercial Code is completely irrelevant to credit and debit cards.

Next time make sure the law you are reading is relevant to the matter at hand before you start picking out random clauses and applying them to whatever situation you want.

garyschmitt

And?

This is merely an ignoratio elenchi fallacy. Regardless of the applicability of UCC § 3-401, you still have the same standard of evidence for signature authorization as for pin authorization. You've failed again to show otherwise. I could say "dogs have blue hair", but if you can prove otherwise it doesn't matter because doing so does not support your thesis.

cbn42

Gary, I'm not even sure what to say to you any more. While you seem well versed in the various types of logical fallacies, you don't seem to know too much about the American legal system (this is just an observation based on this thread, I don't mean it to be offensive in any way).

Here is the New York Times' take on the issue, in which they quote a Visa spokesperson and an analyst explicitly stating that there will be no change in liability: http://bucks.blogs.nytimes.com/2011/...mer-liability/

I am done with this discussion.

garyschmitt

That's an interesting article because if you strip it down to the bare facts, Ann Carrns gets the facts correct (at least the few of them that surface). But then when you look at her thesis - the opinionated spin she places on it, the opinion does not follow from the facts. The thesis is largely driven by a journalist who (like kebosabe) embraces technological advancement blindly without understanding the legal ramifications. It's "old" and therefore "insufficient" (this is a reverse of the fallacious conventional wisdom logic -- but also fallacious IMO.. just because it's newer does not mean it's improved in every way). So the journelist has a blind eye to the fact that they're talking about hybrid cards composed of the union of vulnerabilities of both technologies (therefore more vulnerable), and little grasp of the legal liabilities as well. She may or may not be aware of regulation E, but that's the extent of it either way.

Ann Carrns makes the same error in judgment you do, and figures that regulation E somehow levels the liability. Ann Carrns, like you, obviously missed the fact that the standard of evidence is equal between signature authorization and pin authorization -- which is obviously unfavorable consumers (whose pin is much easier replicated to the same quality standard accepted by courts).

kebosabi

This past weekend, I had my first experience in Canada where my ol’ mag-stripe card wasn’t accepted: a gas station in Victoria, BC. It seems the pay-at-the-pump terminals were recently upgraded to one that solely took Chip-and-PIN and there was a notice stating that cardholders with mag-stripes should go inside to have the gas station attendant swipe it there.

I asked why they were doing this and apparently they had problems with fraudsters putting skimming devices onto the pay-at-the-pump machines so they weren’t taking any chances. Luckily, unlike Italy, gas stations in Canada are usually manned 24/7 so it's only a minor inconvenience to actually walk inside the gas station. But American drivers should beware if you’re driving in Canada; they’re slowly phasing in new terminals that only accept chips at the pumps.