dutch debit card fraud - SNS bank - in the uk you are covered by the uk banking code from debt card fraud so that if you are observed using a debt card and then subsequently the card is stolen your losses are covered. http://www.bankingcode.org.uk/pdfdocs/BANKING CODE.pdf in the netherlands you are NOT! despite the dutch code stating "De bank vergoedt de schade Slagen criminelen er dan toch in fraude te plegen, dan worden de feiten en omstandigheden bij elk geval beoordeeld. En in algemene zin wordt de gedupeerde, aan wie niets te verwijten valt, schadeloos gesteld." "The bank pays the damages Criminals are still succeed in committing fraud, then the facts and circumstances of each case reviewed. And generally, the victim, who is nothing to blame, compensated." The bank compensates the damages If criminals still manage to commit fraud, then the facts and circumstances are evaluated in each case. And generally the victim who is without blame is recompensed. --NexxoTranslate Parser v1.1 The result of the movement to chip and pin in the Netherlands has simply reduced the banks and merchants liability to fraud whilst increasing the losses to consumers (as a shop observed pin can be used in a wall) this means that if your pin in observed and card stolen then you are liable for losses of 5k+ within 30 mins. I was wondering what reg's there were in other countries, whether people acepted this transfer of liability and generally what others thought. My thinking is that pin's should be 6 digits with 4 digits randomly requested. I note this also with reference to any IT contractors working in NL where large sums may pass though their current account. Over 20% of payments are made with debt cards in NL and there are surcharges for cash payments at train stations.
I remember similar stories in the UK, when chip & pin was first introduced - banks claimed that the system was fool-proof and so anyone whose card was used fraudulently must have given away their pin. I don't know what's happened since then but I imagine banks have realised that there can be problems such as you describe, where a pin is seen and the card is subsequently stolen. I agree that pins should be longer and that random digits should be requested. When I sign on to my bank account online, I'm asked for three digits at random from a 10 digit number I'm supposed to have memorized. This seems to work well enough for online so why not at ATMs?
With Barclays I can't do anything with my account (not even look at it) unless I put my card into a card reader and type my PIN in, it'll then give me an 8 didgit code that I have to put into the site, code's different each time. As for what the policy is? I think if it's obvious that you haven't spent it, they'll sort it out. If it's £5k within 30 mins? I think after the first couple of £££ were spent there would be a lock on your card. Has happened to me before!
Bio-metric ATMs with iris readers & thumb-print scanners will be the only way to stop fraud of that nature, but then you'll have Wesley Snipes style criminals who will stop at nothing ( 10 points if you get the reference ) to get your money. If you have a thumb-print reader and iris reader at home then that would take care of the internet side of illegal transactions, just aint exactly a cheap option currently, but in the future...
" If it's £5k within 30 mins? I think after the first couple of £££ were spent there would be a lock on your card." Sadly in the netherlands you can get 1k from ATM's and something like 3k from shops... the latter also includes casino chip machines which are automated... further western union has branches at trainstations in the netherlands and they'll pop out 2k over those limits without ID. In the UK there is coverage but certainly SNS bank provides no coverage for this type of scam. In the UK it was my understanding that if a card was used by another person and the signature was forged then the liability was with the merchant... hence one reason they couldn't just move the liability to the consumer. Does anyone know what the deal is in other countries? In croatia you are often required to sign the recept as well as enter the pin and in spain you are often required to show ID or passport due to the amount of fraud.
Demolition Man.... Yeah the only real way to stop this kind of thing is bio-metric's like you say, but to be honest... that's going to be to costly to install, can you imagine the costs to consumers if this kinda thing was installed? The bank's would never accept the bill for more security to us surely? As for locking your card, my mom had £2,500 charged to her credit card after a trip to Turkey (D'oh...) and Barclays didn't lock the card for SEVEN DAYS, despite the fact they'd contacted her and visa versa! I'd like to see an ever changing pin-number, how about an authorised little second card your debitcard/creditcard needs to sync with first, once sync'd the card could be put into the atm and the only way to access the money is to input an eight digit pincode? Might take 20 seconds longer per ATM transaction, but how much money would be saved?
Biometrics can be worked around too, though - As suggested in Demolition Man - And thumb/finger prints aren't always impossible to fake Harder, yes, but not impossible.
I don't know many fraudsters who'd have the nuts to stab someone and take off their finger/thumb/eye to get £250 from a bank account over and over to be honest. Seems like a bumdeal.
@Nexxo "On what evidence do you base your statement that the consumer is not covered in the Netherlands?" An email from a 'lovely' SNS employee and the experience of a number of people I know. I'm trying to see if any banks have a differing attitude but getting them to respond officially is proving 'difficult' At present this relates to SNS bank in the netherlands... but no other bank has said they will cover. With the move to Chip cards the previously favoured form of fraud (skimming) is no longer possible and as such criminals will move to card present fraud... the advantage of an extended pin is that a card blocks after 3 tries, with a random selection of 4 numbers of an 6 digit pin the chances of such fraud would be reduced to next to nothing. I did find this on the transfer of liability - sadly the 'negociation' seems to have resulted in passing liability to the consumer... keeping both merchants and banks happy. http://www.dnb.nl/en/binaries/From stripe to chip - EMV_tcm47-145653.pdf Liability shift An additional financial incentive for banks to introduce EMV is the lifting of their liability for magnetic card fraud which, under regulations issued by MasterCard and Visa in Europe, shifts on 1 January 2005 to the party that has not migrated to EMV. One consequence of this liability shift is that in the event of fraud with an EMV card on a non-EMV terminal (relying on the magnetic stripe), liability will rest with the contract party (bank or credit card company) of the merchant of Maestro, MasterCard and Visa cards. It has also not been ruled out that the liability shift will have financial consequences for some merchants once the infrastructure has been adapted for EMV. This will depend upon the outcome of commercial negotiations between merchants and individual providers. The liability shift only applies for MasterCard, Maestro and Visa and not for PIN and Chipknip thread is no1 on google index! search debt card fraud netherlands SNS
Sorry, but anecdotal stories do not count. We all have a "friend of a friend who...". Cough up the e-mail or show us a link.
I can publish a section of the response.... (google translated) Here the blame has been shifted to the user because the group were able to see the PIN number. In the UK and the US such fraud is covered. If however for instance the user had not used the card prior to the transactions there have been cases of banks refusing to pay up on the basis the user must have written it down or otherwise made it available. It should be noted that in the Netherlands the use of PIN is very high, you have to pay a surcharge for the use of a card in train stations for instance. Further the machines are often not shielded and are placed high in a line on a counter. "You as a consumer (customer), a private duty of care when using a bank card with PIN. You are responsible for the use and requires careful with the pass and the code to go. The PIN code is strictly personal, not transferable and must be kept secret. These agreements are in the Private Account Rules Chapter 3 "protective measures". The present Regulations can be found at www.snsbank.nl It is not clear that the bank acted carefully. The disputed transactions with the bank card are all at once successful. Possibly the PIN has been known to unauthorized users. Prior to the disputed transactions, it uses the PIN. SNS Bank eight possible that an unauthorized person when entering the PIN can view."
Feel free to post the Durch text as I am Dutch myself. If you want to make a point To the rest of the forum you'll actually have to translate it in English yourself (or at least proofread the Google translate as it is gibberish. How hard can that be?). I still don't get your point. So far I've seen nothing that is different from the UK rules. I gather that you have some personal beef going on, but unless you can say, specifically this is what the bank said/did to me while that is what it says in the rules (and these are the UK rules and those are the Dutch rules that pertain to the same situation, but are different) then basicallythis thread is going nowhere. You are just having a rant. And we don't even know what your problem is.
"I still don't get your point. So far I've seen nothing that is different from the UK rules. " if you read the british banking code that I linked in the initial post then you would clearly note the difference. here is the notably vague dutch equivalent http://www.nvb.nl/index.php?p=17970 here is a story from the BBC outlining the different approaches taken dependant on the availability on the pin http://news.bbc.co.uk/2/hi/8287783.stm "Natwest refunded the £100 Mr Elphick lost on his credit card, saying that as he had used the card that day it was credible his Pin might have been observed." this perfectly describes the case of an observed pin and the reasoning the bank took in making the refund. similarly in the US these are the regulations http://en.wikipedia.org/wiki/Debit_card Federally Imposed Maximum Liability for Unauthorized Card Use (United States) Reported Maximum Card Holder Liability Credit Card Debit Card Before Use $0 $0 Within 2 business days $50 $50 After 2 but before 60 business days $50 $500 After 60 business days Unlimited Unlimited These are applicable in the stated case. I have stated clearly the name of the bank but as this is clearly a case that will be taken forward it would be inappropriate to offer the names of the affected parties directly. I will however ask SNS for comment if you would like. Regarding whether this is a 'rant' I felt it was pertinent and use full information to the community. I am an IT contractor and work all over Europe as I'm sure a number of the readers of this forum are. As such it is often required that we open a bank account in the local country through which we are paid. In my case this has tended to be a debit account as these are the simplest and enable me to pay out my local hotel and travel costs without incurring currency transfer fee's. Having this fraud come to my attention and the variation in the consumer rights relating to this type of fraud it would seem that such information might for instance alter peoples decisions as to which country or account or payment method they should choose. For instance Citibank in the UK run a free Euro debit account for uk residents - UK contractors should seriously consider using that account rather than the local dutch services as their coverage for fraud is significantly better due to the UK banking code. I work in the Banking field (often for dutch banks) and I'm shocked that though the banks are willing to cover skimming of cards they are unwilling to cover the theft of cards. It is notable that the move to chip cards was taken after the rise in skimming became almost endemic at dutch train stations. Please also note the posts relating to liability shift. Further I would be interested in other users knowlage of other banking codes in other countries. Sorry for not altering the google translate - I didn't wish to be accused of twisting the meaning. here is the dutch U heeft als consument (klant) een eigen zorgplicht bij het gebruik van een bankpas met pincode. U bent verantwoordelijk voor het gebruik en verplicht zorgvuldig met de pas en de code om te gaan. De pincode is strikt persoonlijk, niet overdraagbaar en moet geheim worden gehouden. Deze afspraken staan in het Reglement Privérekening Hoofdstuk 3 “Beschermende maatregelen”. Dit regelement kunt u terugvinden op www.snsbank.nl Het is voor de bank onvoldoende duidelijk dat xxxxx zorgvuldig heeft gehandeld. De betwiste transacties met de bankpas zijn allemaal in een keer geslaagd. Mogelijk is de pincode bekend geweest bij de onbevoegde gebruiker. Voorafgaand aan de betwiste transacties heeft zij de pincode gebruikt. SNS Bank acht niet uitgesloten dat een onbevoegde bij het intoetsen van de pincode heeft kunnen meekijken.
Thanks for that. It makes much clearer why you posted in the first place and what your issue is. I still disagree with your objection though. The UK rules state: 12.11 If you act fraudulently, you will be responsible for all losses on your account. If you act without reasonable care, and this causes losses, you may be responsible for them. (This may apply if you do not follow section 12.5 or you do not keep to your account’s terms and conditions.) 12.12 Unless we can show that you have acted fraudulently or without reasonable care, your liability for the misuse of your card will be limited as follows. • If someone else uses your card, before you tell us it has been lost or stolen or that someone else knows your PIN, the most you will have to pay is £50. • If someone else uses your card details without your permission, and your card has not been lost or stolen, you will not have to pay anything. • If someone else uses your card details without your permission for a transaction where the cardholder does not need to be present, you will not have to pay anything. • If your card is used before you have received it, you will not have to pay anything. This sounds good, until you home in on that sentence: "If you act without reasonable care, and this causes losses, you may be responsible for them." The UK banks put the onus for showing that someone acted without reasonable care on themselves, but they also give a list of things (12.5) that you have to do to 'take reasonable care'. If the bank thinks that you have not, the liability is yours. And of course, as your BBC article shows, the bank may still argue the toss --and in this particular case Natwest may have a valid point. My guess: the gentleman changed his credit card PIN to be the same as his debit card PIN for reasons of convenience, but now he is too embarrassed to own up. In any case I can appreciate that you do not want to go into specifics of cases that are still being taken forward. But unless we know the charges, we cannot judge the accused. Perhaps you should leave this thread until the matter is settled and you can actually talk about it. As for the general rules, I fail to see your point. The UK rules are framed more concretely but do not accept any more liability. The Dutch letter that you show pretty much makes the same case as NAtwest does in the BBC article. It is reasonable for a bank to assume less liability for a system that is technically less susceptible to fraud.
The BBC case was chosen to highlight the fact that in the UK observation does not denote a lack of care. unreasonable care in the UK refers to writing the pin number down and storing it with the card or telling someone else your PIN. here is a quote from APACS "As long as you use your card in a reasonable way you will not be held responsible," says Simon Bennett, a spokesman for Apacs. "Writing your pin number down or giving your card and number to somebody else, even a close family member, are the two things most likely to leave you responsible, but putting a card behind the bar in a pub will not, because you are clearly not giving the barman consent to skim your card." I personally think that it is quite possible to cover the salient facts relating to the relative coverage for card fraud between countries. The significant difference here is that Dutch banks seem to consider observation during normal use removes their responsibility to the customer. In the UK the banks must take the alternate view. This is an important distinction as we move away from the magnetic strip and towards chip or contact free cards as this process will have moved the liability which once remained with the merchant, them moved to the banks who are now working to reduce their risk via skimming through technical advancement and doing nothing to advance the consumer risk though the observation of PIN numbers.
@ Nexxo Why the hostility? You seem to be getting your knickers in a twist. All you seem to be doing is ranting and neither have you said anything useful or helpful. I was hoping to get some valuable information from this forum having seen it in google. I think memeroot has made some interesting points and has confirmed my own experiences in the Netherlands. Someone saw my pin in a shop then stole my card from my bag( unfortunately they won't release the cctv so I can post it on the forum). They then went only to spend thousands in a very short period of time. I am getting no where with the bank after two appeals. They reiterate that it was my responsibility for allowing them to see my pin and then be pick pocketed. It is interesting to know some one is struggling with the same problem. i am really hoping to hear something positive by following this thread. I have had my card blocked on 3 occasions by UK banks.This was due to what they regarded as unusual activity. I have never heard of such things occurring in the Netherlands. Possibly because they have transfered all their responsibilities?
Where does any of that say that writing your pin number down or telling it to someone are the only things that count as unreasonable care? Or indeed that being observed using your pin cannot amount to lack of care and therefore hold you liable for any fraud?
Neither does it in the Netherlands, as a judge decided in 2004. More generally, another judgement from 2007 also firmly puts the ball of proof of neglect in the bank's court. And here the general point: Translated: "Many victims of bank fraud did not give in and submitted their case to the judge of the small claims court. It appears that the claims of customers who sue generally are upheld. Only in exceptional cases can the bank prove that the customer was grossly neglectful." It is, but your first posts on the matter were very unclear. You cannot refer to cases that you then don't want to discuss. In the Netherlands it appears that the small claims court upholds the view that observation during normal use it not grossly negligent. Fair point, but one you could have made clearer earlier. In any case it looks like they are not getting away with it in a court of law. This will motivate them to look for more secure methods that cannot be easily messed up by user error.
