Jump to content

Recommended Posts

Posted
11 hours ago, Suradit69 said:

I've occasionally used US issue cards at Bangkok Hospital Pattaya, Big C Extra, Friendship, Fascino and Index, all without the need for a pin.

Isn't that the point - they're US issued cards? Chip-and-PIN is not widely used in the US

Posted
15 hours ago, The manic said:

The whole point of pin numbers is to use them.  A signature can be copied as it is on the back of the card.   Therefore if I mislaid my card and somebody found it they could clear my whole account out.  That equals a complete lack of security. 

I guess you can load up a debit card and then suffer a big loss if it's stolen.  But the idea is that it's NOT linked to any account (except the card itself, if you want to call that an "account") and any loss is limited to what's been loaded onto the card by you.  Keep that amount small, and THAT'S the built-in security of a debit card.  PINs are a nice enhancement if used, but I wouldn't make that a reason to defeat the main security feature of the card which is your ability to control and minimize the amount loaded onto it.  ('Don't think signatures accomplish much - they're hardly ever, if ever, actually checked - and what a person scrawls on one of the POS gizmos usually looks nothing like a real signature).  With a credit card, your risk amounts to whatever your credit limit is, much more than most people would want loaded onto a debit card, so PINs or OTPs are much more important. Some debit cards, like gift and rewards cards, may not provide for a PIN.

 

I'm not sure, but I think  the difference between a cash card and debit card is that the cash card can only  be used for cash withdrawals from ATMs, not for purchases.

 

My credit union also provides a "check card" which IS linked to my checking account (has a PIN of course).  I can use it in overseas ATMs without any foreign transaction fees and ATM fees if any are refunded, which is a handy emergency cash source to have available, but I don't like carrying it around. 

Posted
13 minutes ago, hawker9000 said:

I guess you can load up a debit card and then suffer a big loss if it's stolen.  But the idea is that it's NOT linked to any account (except the card itself, if you want to call that an "account") and any loss is limited to what's been loaded onto the card by you.

That would be a prepaid debit card. The debit cards being issued by Thai banks are all linked to a current account, so the only security apart from chip and PIN is the daily limit on cash withdrawals. They are not prepaid cards

Posted
I guess you can load up a debit card and then suffer a big loss if it's stolen.  But the idea is that it's NOT linked to any account (except the card itself, if you want to call that an "account") and any loss is limited to what's been loaded onto the card by you.  Keep that amount small, and THAT'S the built-in security of a debit card.  PINs are a nice enhancement if used, but I wouldn't make that a reason to defeat the main security feature of the card which is your ability to control and minimize the amount loaded onto it.  ('Don't think signatures accomplish much - they're hardly ever, if ever, actually checked - and what a person scrawls on one of the POS gizmos usually looks nothing like a real signature).  With a credit card, your risk amounts to whatever your credit limit is, much more than most people would want loaded onto a debit card, so PINs or OTPs are much more important. Some debit cards, like gift and rewards cards, may not provide for a PIN.
 
I'm not sure, but I think  the difference between a cash card and debit card is that the cash card can only  be used for cash withdrawals from ATMs, not for purchases.
 
My credit union also provides a "check card" which IS linked to my checking account (has a PIN of course).  I can use it in overseas ATMs without any foreign transaction fees and ATM fees if any are refunded, which is a handy emergency cash source to have available, but I don't like carrying it around. 

Wrong. debit cards are always linked to an account. Cards that can be loaded are either pre-paid credit cards, cash cards or store cards.

For all security questions, I recommend all of you to stop talking complete rubbish and read the above post from Pin. He is 100% right and complete, I can confirm this with my 20 years of payment cards work experience.

Sent from my HTC 10 using Thaivisa Connect mobile app

Posted
4 hours ago, SaintLouisBlues said:

That would be a prepaid debit card. The debit cards being issued by Thai banks are all linked to a current account, so the only security apart from chip and PIN is the daily limit on cash withdrawals. They are not prepaid cards

Just some minor clarification, most people in Thailand open a "savings" account with debit card; they don't open a current (a.k.a., checking) account with debit card unless maybe they are a business and need to write checks also, need the additional features of a a current/checking account.

 

While in western banks the accounts that most people use daily are current/checking accounts with debit cards, in Thailand savings accounts with debit cards rule.  Savings accounts in Thailand don't have many of the transactional limits like western savings accounts.  Just different banking regulations in Thailand.   But regardless, of a current or savings accounts associated with the card, daily transactions limits do apply.

Posted

 

Where we have been talking about Chip & PIN and Chip & Signature modes, technically this is called "Cardholder Verification Methods (CVM)" under the "Europay, Mastercard, and Visa (EMV)" standard.  Like below partial quote from a documents where it says Signature Verification that is Chip & Signature.   Online PIN would be Chip & PIN.  Etc...etc...etc.  

 

Note below where it says a card can be personalized with one or more CVMs...that is, the card-issuing bank/company encodes the card to work in one or more modes such as Chip & Signature, Chip & PIN, etc.  

 

And for folks who feel a PIN should always be used for best security, well, you are probably right, but many merchants and even the card networks first priority is to "make a sale/the transaction" so profits and/or fees can be earned.   Since many people can have issues in remembering their PIN and upgrading POS checkout machines and ATMs to fully comply with the EMV standard takes time and money, reaching the higher level of security through the use of online PINs still takes a backseat to "making the sale/accomplishing the transaction" so profits and/or fees can be earned.

 

So, for folks who don't like making a purchase transactions without using a PIN, well, your only choices are to simply to not make the purchase with your card,  find merchants who only accomplish Chip & PIN mode transactions (that's going to be extremely hard in many parts of the world), and/or try to find a bank/company that will issue a card encoded to operate in Chip & PIN mode only.  Also plan to carry a lot of cash while trying to live in a Chip & PIN world only at this point in time of fully transitioning to the higher security levels of the EMV standard.  No doubt the world will reach that point in the future, but it has a ways to go.
 

 

http://www.smartcardalliance.org/resources/pdf/Payments_Roadmap_in_the_US_020111.pdf

Quote

 

2.1.2 Cardholder Verification Methods Cardholder verification authenticates the cardholder. Use of a personal identification number (PIN) is a common cardholder verification method (CVM) that authenticates the cardholder and protects against the use of a lost or stolen card.

 

EMV supports four CVMs:

• Offline PIN

• Online PIN

• Signature verification

• No CVM

 

Depending on payment brand rules and issuer preference, chip cards are personalized with one or more CVMs in order to be accepted in as wide a variety of locations as possible. Different terminal types support different CVMs. For example, attended POS devices, in addition to supporting signature, may support online or offline PINs (or both), while some unattended card-activated terminals may support "no CVM."

 

Offline PIN is the only method of cardholder verification supported by EMV that is not available with magnetic stripe cards. The offline PIN is stored securely on the card. When the cardholder enters a PIN during a transaction, the POS terminal sends the PIN to the EMV card for verification. The card compares the entered PIN to the stored PIN and sends the result of the comparison back to the POS terminal, which can then either approve the transaction offline or send the transaction and PIN verification result to an issuer host for authorization. The offline PIN is never sent to the issuer host—only the result of the comparison is passed.

 

Online PIN is not stored on the card because the PIN is being sent online for the issuer to validate. Online PIN is currently supported on magnetic stripe cards and widely available at POS terminals and ATMs in the U.S. today. The cardholder enters the PIN at the POS terminal, the PIN is encrypted by the PIN pad and sent online to the host for validation. The security of the online PIN is based on Triple Data Encryption Standard (TDES) and standardized across the globe. For an ATM, online PIN is required and is the only valid CVM. As a result, any implementation of offline PIN will still require online PIN if ATM access is needed.

 

If a card supports both online and offline PIN CVMs, the issuer must ensure that the two PINs are synchronized. Synchronization is important, because when cardholders are asked to enter a PIN, they do not know whether they should enter their offline PIN or online PIN.

 

Signature verification requires a written signature at the POS, as is currently required with magnetic stripe cards. Validation occurs when the signature on the receipt is compared to and matches the signature on the back of the card.

 

EMV also supports transactions that require "no CVM." No CVM is typically used for low value transactions or for transactions at unattended POS locations.

 

In general, online PIN or offline PIN CVMs directly protect against fraud resulting from lost, stolen, and never-received cards.


 

 

Posted

And just to show a flip side of where a major U.S. merchant only wants to use Chip & PIN mode for card transactions (i.e., credit cards, debit card in credit mode, debit card in debit mode), it all comes down to "profit/fees".....and which side of the fence generates the most profits/fees for your  business can make all the difference as to your viewpoint.  

 

Partial quote below....read whole article at below link.

 

http://twocents.lifehacker.com/why-walmart-is-suing-visa-and-what-it-means-for-your-c-1776087900

Quote

 

Why Walmart Is Suing

We’ve told you about this new chip, or EMV (“Europay, MasterCard, and Visa”) technology. It’s meant to be more secure, and while it will incorporate PINs in the future, for now, chip-enabled credit and debit cards will work just fine with a signature.

 

 

Posted (edited)

The evolution of payment cards goes something like this (Europe):

 

  1. Initially account number etc. was embossed onto the card and an imprint of the card was made for each transaction, the buyer had to sign the receipt and the merchant would deposit these to some central clearing house (basically a safer alternative to checks because debit card had photo so the merchant could verify owner).
  2. Magnetic stripe was added, which made the imprint superficial, but signature still needed on receipt. This required electronic reader, so smaller vendors would keep making imprints of your card.
  3. PIN code was introduced, this required the merchant to have an active phone line for verification, so smaller vendors would keep using signature (and some even staying with the imprint). I think shortly after, banks stopped putting photos on the debit cards, this was in the nineties.
  4. Chip was introduced as a way to avoid card sniffing, required upgrading terminals and new cards, so slow rollout.
  5. Contactless payment introduced, again requiring upgrading terminals and new cards, so again, slow rollout.

Only recently did Thai banks start to issue cards with chips, but for backwards compatibility, these will still operate in “legacy mode”, and most Thai vendors (who accept debit cards) seems to be stuck at step 2. They probably see little fraud, so they have little motivation to upgrade their infrastructure.

 

My European cards are still embossed and ~10 years ago I actually did have an imprint made of my card for payment. This was after I had forgotten my PIN in a supermarket, so they called the manager, and he allowed me to pay using method #1 from above. Amazing that they still had the apparatus for making an imprint of my card.

Edited by lkn
Add info about photo on initial cards
Posted

It's not normal to use your pin code when you buy something here .  The pin code on the debit card is only for ATM use.  I receive SMS messages for every transaction I make with my Kasikorn debit card so I can check my balance every time.  Of course if I lose my card or it gets stolen I need to report it asap or someone else could be faking my signature, they could buy goods up to the daily limit of 20000 baht . But that's your responsibility really  to make sure you do not lose it. 

 

 

 

Posted

The simple answer to the OP is that most of Thailand does not yet have "Chip and Pin" technology, so even though your card may have an embodied "chip", (most Thai banks are starting to issue them now), even the big stores like Tesco Lotus, Big C etc. do not have the capability to read a "chipped" Debit Card. Until they do you will just have to sign the slip.

Posted
My bank recently cancelled my cash card and replaced it with a debit card. However, the first time I used it I was not asked for any kind of security and the transaction was completed without even entering my pin code.  The krungsri bank assured me no transaction could be done without the pin code but this is not true.  Any thoughts?

It has been that way for years. You can set up your account at my bank so each transaction sends a Sms to a mobile number. If one mislays card or get suspicious charge call Bank immediately to suspend account.

My main account has no internet access and no ATM card. Must go to Bank to use. I think this is safest way.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...