PIN fraud: what do you need to know?
CHIP and PIN turned 10 last year and even though some areas of card related fraud are down, it seems consumers need to remain as vigilant as ever.
While the UK Cards Association has credited chip and PIN for helping to reduce fraud carried out on counterfeit cards, the biggest financial fraud losses still come from debit and credit card transactions, according to Financial Fraud Action UK's data.
What's even more worrying though, is that over the past few years widespread reports have revealed that banks are making it very difficult for consumers to seek financial compensation for card fraud even in cases where they weren't to blame.
With this in mind we take a look at the various risks involved with chip and PIN, how consumers can protect themselves and what banks should be doing to help.
We'll also briefly consider the risks posed by chip and PIN's spin off technology, contactless card payments.
PIN fraud: the risks
In the event of fraud, if the cardholder is deemed to have acted with gross negligence with their PIN, it will result in their being liable for the full amount of any unauthorised transaction.
If, on the other hand, the card has been lost or stolen and fraud is committed before the customer informs their provider or someone else who knows the PIN uses the card, the customer will be liable for up to £50 of the fraud.
86% of those questioned in a Which? survey said that they would always expect to get their money fully refunded if they were a victim of card fraud: that's not true.
What counts as gross negligence?
Banks and card providers are not obliged to refund money to card holders if they can prove that the holder had not kept their PIN secure.
The PIN is not secure if:
- it's written on or near the card
- you say it on the phone and someone overhears
- it's an easy to guess number such as your date of birth
Santander also specify that customers must use a separate PIN number for each of their bank cards.
"Too many consumers are putting their finances in jeopardy by not taking simple precautions," Martyn Saville of Which? has said, as the consumer site revealed that one in ten cardholders are putting themselves at risk of fraud by sharing their PIN number.
While another survey by MyVoucherCodes.co.uk also found a fairly high proportion of card users writing down their PIN number and then leaving it alongside their cards.
"Writing down your PIN is like leaving your door open when you leave the house."
Even so, however, it is up to the bank to prove that their customer did leave the door open. See 'asking for proof' below.
How card providers should protect consumers
The way that cardholders should protect themselves is pretty simple, then.
But card providers also need to take some responsibility for PIN security.
The Lending Code sets out three precautions that subscribers should take with customer's PIN numbers. They should:
- Issue the customer's PIN separately from the card
- Allow customers to change their PIN easily
- Offer guidance on keeping the card and PIN safe
Asking for proof
In addition to being entitled to these precautions, consumers should be aware that the burden of proof in such cases falls on the card provider.
That is, card providers must prove gross negligence in order to hold the cardholder liable and ask for up to £50 of the amount fraudulently obtained.
Card providers often ask consumers to help with their investigation into PIN fraud and typically question the customer about his or her movements around the time of the disputed withdrawal or purchase, as well as their typical spending behaviour.
But it is not up to the cardholder to prove that they didn't commit fraud.
According to Financial Conduct Authority (FCA) research, 10% of consumers are wrongly held liable when they lose money as a result of fraud and should have been refunded by their bank instead.
In cases where, after an investigation of at least eight weeks, the provider alleges fraud, which the cardholder disputes, the consumer has the right to take the decision to the Financial Ombudsman Service (FOS).
The FOS is an independent adjudicator which can consider the case again using all of the evidence from both parties and taking into consideration the card terms and conditions and any relevant sections of the Consumer Credit Act 1974 (where the withdrawal was made from a credit or overdraft facility).
Each case is considered on its merits but the FOS has said in the past that it takes a hard line with providers in such cases.
"We view gross negligence as being more than carelessness - and bordering on recklessness," the FOS guidance says.
More problematic than liability, for some, is the timescale over which disputes are resolved.
Neither the Lending Code nor the Consumer Credit Act is specific about the period of time during which complaints must be resolved in full.
More on card fraud
Contactless card fraud
Fraud losses on UK cards totalled £618 million in 2016, an increase of 9% from 2015 according to Financial Fraud Action UK.
Although the introduction of chip and PIN did initially help to reduce the level of card fraud, it looks like it's on the rise again. Perhaps as a result of the increase in contactless cards and payments. The amount of money stolen via these cards soared from £2.8 million to £7 million between 2015 and 2016.
Yet this doesn't necessarily mean that contactless cards are to blame for the increase in card fraud more generally. In fact, card fraud is just as rife in countries that haven't rolled out contactless cards, such as the US.
Or that more traditional card technology is any safer, the FICO told us that where signatures are used to verify transactions it can be much easier for criminals that find a card to use it without the cardholder's knowledge.
Fighting electronic pickpockets
Although the current £30 limit for contactless payments goes some way to reducing the damage thieves can inflict with contactless cards, consumers are still advised to take all necessary precautions to keep such cards safe.
But be warned the craftiest of scammers can extract cash from your account whilst your card is still tucked safely in your pocket or bag, courtesy of easily available card readers and custom software.
It may sound drastic but in light of such methods many people are now fortifying their wallets and purses to block the use of such technology. Simply lining your wallet with foil or purchasing a special card holder, can block contactless signals and shield your cards from electronic pickpockets.