Thread: Do banks think we are stupid?

This topic is mostly so share some of my frustration

I just got an offer from my bank account in order to pay something like 16$ to have a security for identity theft with the argument of "what if somebody steals your credit card or now days they just have to memorize your code to buy things online". I am laughing inside but I see that my wife is considering it. Obviously banks know that these can of services work, since they were "a lot of people buy this".

At the same time I am working for a company that creates secure chips that are used in banking. I know by fact that in order to put a chip on a card (if they don't already have it) it costs something like a couple of dollars. Practically nothing for a credit card. The question is why don't they use secure credit cards rather than selling a service?

I mean, you can buy things by entering a code online. That is the security system they have chose. From all possible security methods they choose to be able just to enter a code. And then the banks are advertising counter measurements. Really?

The only reasonable answer on why they don't use a serious security is that they don't really care at the moment, so please don't try to sell me some stupid security package.

Not sure about the US, but over here, unless you were demonstrably negligent leading to your cards data being stolen, you are not liable for fraudulent usage except for a small fixed amount (usually £50 but even this is rarely enforced).

So when my bank tries to sell me such cover I tend to feel a mix between amusement and anger.

Same with payment protection on loans - the interest they charge is adjusted to factor in the risk that I default (as are most commercial interest rates). Then they want me to take out payment protection to cover them again?

Seems like many problems the banks find these days can be repackaged as a product to sell back to us!

I think in the US it is the same, their stupid services are more like an enhanced service of what is already provided.

In the US, when I came here from Europe, the whole think with credit cards and such seemed to be a big deal. Like there is a "great risks nowdays so be careful" kind of thing. My biggest problem is that the media don't really inform the people about the lack of security being the bank's choice, the bank's don't admit it or say "its ok, what do you worry we already cover you for free?", but they want to sell more security implying that that is the best they can do. The people are clearly misleaded.

For the last few years my credit card has been getting disabled about every 6-9 months, and when they ask me to verify the last 5-10 transactions, they're all places that I go to on a regular basis!! Unfortunately they can't just re-enable my card, I have to wait a week for them to send me a new one...

As for those security chips; I don't see how that can make a credit card any more secure? Unless I'm mistaken, you can still swipe it on a card reader that doesn't use the chip, and you can still buy stuff online with it, so can't someone just record your card # and buy stuff online?

Originally Posted by C_ntua

Do banks think we are stupid?

Yes

Nobody steals my stuff because it is common knowledge that I'm a hit man.

Originally Posted by cpjust

For the last few years my credit card has been getting disabled about every 6-9 months, and when they ask me to verify the last 5-10 transactions, they're all places that I go to on a regular basis!! Unfortunately they can't just re-enable my card, I have to wait a week for them to send me a new one...

As for those security chips; I don't see how that can make a credit card any more secure? Unless I'm mistaken, you can still swipe it on a card reader that doesn't use the chip, and you can still buy stuff online with it, so can't someone just record your card # and buy stuff online?

If the bank doesn't support it no, they wouldn't be able to.
But even now they could offer some options at least. I ask them "can you disable online withdrawals from my bank account" so people can only put money electronically and in order to withdraw/transfer them you have to swipe a debit card or physically go to the bank. I just want people to be able to sent me money on one bank account.
The answer is "no, that is not possible". You restrict access to your personal computer but not on your own bank account...

Banks don't actually think we are stupid. The only thing they want to make sure, is that we are powerless. And they've become better and better at it through the centuries.

My card has also been disabled two or three times in the last 2 years. The bank doesn't give out information as to which merchant compromised it. They say they don't want me to avoid any store just because one employee there is a crook. I don't agree. The public ought to know at which specific store the credit card got compromised, and should be assured that the employee is in jail before I am going back to purchase there again.

But the bank would rather do nothing and absorb the loss. As long as they back out the purchases that are not mine. So far they have been helpful and have taken the fraudulent purchases off. However, I still don't like the way banks protect criminals by not telling me what really went on. I would like the right to boycott, even if it's irrational. If I am unable to do that then I feel helpless.

The chip is useless in preventing fraud. I've read about stores being broken into and their cash register hard-drives stolen. It seems they sometimes contain unencrypted PIN numbers from customers.

Again, would it make sense for the public to boycott such a store when it had its hard-drives stolen? YES, because that would put the pressure on point-of-sales terminals to make them 100% secure.

Originally Posted by nonoob

However, I still don't like the way banks protect criminals by not telling me what really went on.

Every time I ask them, they say they don't know what store it is because the police don't give them that information.

Since the bank has to pay for any fraudulent charges, I guess they have the right to cancel the card and send a new one, just to be safe (even though there were no fraudulent charges on my card); it's just really inconvenient since I have to wait for the new card, then change my info with any companies that do pre-authorized charges...

Originally Posted by nonoob

The chip is useless in preventing fraud. I've read about stores being broken into and their cash register hard-drives stolen. It seems they sometimes contain unencrypted PIN numbers from customers.

A serious security system does not decrypt information except at the end-points. That is the point. But to encrypt the information you need a processing unit that can perform an encryption algorithm. Which should be in the chip, not anywhere else. If the card inserts in clear information to a middle media, like a PC for example, and that media encrypts the information and sends it then you have to protect both the card and the media, twice the work, which is pointless.
So concluding, the cash register should not be ABLE to have codes unencrypted.