Change to authentification of online payments in the UK and EU

Started by Buzzard, February 04, 2019, 12:43:10 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

PaulCheffus

Quote from: njee20 on February 08, 2019, 02:37:34 PM
I've seen enough people put PINs into their phones to know that I've never seen anyone type 1234. Why would you? It's literally no less effort.

But you know it's a "personal identification number", not private or individual! ;)

Hi

Its easy to remember  :)

Cheers

Paul
Procrastination - The Thief of Time.

Workbench thread
https://www.ngaugeforum.co.uk/SMFN/index.php?topic=54708.msg724969#msg724969

red_death

So having initially poo-poo'ed the idea of Apple Pay, I now use it almost exclusively instead of cards or cash. 

It tokenises my card number to a unique ID that IIRC only I can access (because it uses card number plus my phone PIN). No £30 limit on transactions.  Requires my PIN/face to use, except for my watch* but I could enable a PIN on that IIRC.

The two cards that I have can be locked almost instantly on an app/online.

So apart from convenience (yes I'm too lazy to even get a contactless card out of my wallet!) it is also more secure than carrying around cash or waving cards around.  If I lose my phone (easy to lock / remotely wipe) then I've still got alternatives through cards or cash in wallet - assuming I've not left the damn thing at home!

Horses for courses and I firmly believe in people having choices, but the UK stats are clear about the decline of cash!

* the watch is pretty secure as it locks as soon as I take it off (based on a heartbeat) so if mugged it isn't much use.



njee20

Yes I must admit I'd forgotten there's not the £30 limit on Apple Pay, that would tempt me back to using it more!

joe cassidy

It is true that in the UK the market share of cashless payments is greater than that of cash.

However, paradoxically, the number of banknotes in circulation is increasing.

I predict that plastic cards will disappear before banknotes do.

Jon898

Quote from: daffy on February 08, 2019, 02:34:28 PM
Quote from njee20:

Quote.....if your PIN isn't 1234 (and I don't know anyone's whose is)

Er, so how many PIN codes of other people do you know? :hmmm:  Aren't they supposed to be private and individual? :D

Apparently over 10% use 1234 :  https://lifehacker.com/the-most-and-least-common-pin-numbers-and-numeric-pas-5944567

It's similar to those dummy's who use "password" for their password...yes we're talking about you Podesta.

Jon

daffy

... and from lifehacker we also see the problem goes beyond 4 digits...

QuoteExpanding the analysis to all-numeric passwords (not just four-digit ones), guess which are the most popular? Yup, 12345 for 5 digits, 123456 for 6 digits, and so on.
Mike

Sufferin' succotash!

Fardap

Can confirm my pin is 1111 much easier to remember
password is SleepyDopeyDocGrumpyHappyBashfulSneezy1234 complying with our corporate policy of 7 characters and a number...

njee20

But I still don't understand the argument.

Even if your PIN is 1234, and you lose your phone, what do people do with that? You can block a phone instantly, and even if someone unlocks it they can't spend money (AFAIK) without your fingerprint or face, I don't think (but very happy to be wrong) you can buy using ApplePay or AndroidPay simply by having your phone unlocked, there's a secondary authentication needed at point of purchase.

How is that worse than dropping cash? What protection mechanisms are in place if you drop £100 in cash? What do your bank do if you phone them and say "I dropped £1,000 in cash, and it was spent fraudulently"?

It reminds me a bit of the opposition to PINs; "but someone can just watch you put it in, then they know it". yes, of course, but they didn't used to even need to do that!

Fardap

Quote from: njee20 on February 08, 2019, 03:29:21 PM
What protection mechanisms are in place if you drop £100 in cash? What do your bank do if you phone them and say "I dropped £1,000 in cash, and it was spent fraudulently"?


Inflation in the comment is as bad a Venezuela...  :D

njee20


Train Waiting

Quote from: Jon898 on February 08, 2019, 03:11:19 PM
Quote from: daffy on February 08, 2019, 02:34:28 PM
Quote from njee20:

Quote.....if your PIN isn't 1234 (and I don't know anyone's whose is)

Er, so how many PIN codes of other people do you know? :hmmm:  Aren't they supposed to be private and individual? :D

Apparently over 10% use 1234 :  https://lifehacker.com/the-most-and-least-common-pin-numbers-and-numeric-pas-5944567

It's similar to those dummy's who use "password" for their password...yes we're talking about you Podesta.

Jon

That was a very interesting link; thank you.

I noted that 4444 was the eighth most popular PIN.  I wonder if that's due to the LMS '4F' enthusiasts...  Certainly, if Union Mills ever make a '4F', I'd hope for No. 4444.  Or even, 44444 if I fancied a BR locomotive!

Please visit us at www.poppingham.com

'Why does the Disney Castle work so well?  Because it borrows from reality without ever slipping into it.'

(Acknowledgement: John Goodall Esq, Architectural Editor, 'Country Life'.)

The Table-Top Railway is an attempt to create, in British 'N' gauge,  a 'semi-scenic' railway in the old-fashioned style, reminiscent of the layouts of the 1930s to the 1950s.

For the made-up background to the railway and list of characters, please see here: https://www.ngaugeforum.co.uk/SMFN/index.php?topic=38281.msg607991#msg607991

chrism

Quote from: Train Waiting on February 08, 2019, 06:33:40 PM

I noted that 4444 was the eighth most popular PIN.  I wonder if that's due to the LMS '4F' enthusiasts... 
[/quote]

Funny you should say that. My very first PIN was the number of a GWR mogul - albeit a  non-existent one, coz they didn't build enough to reach the number.

For a while my work passwords were S15 designer and numbers - the LSWR/Southern number for the short password, the BR one for the systems which required a couple more characters.


The Q

Quote from: Jon898 on February 08, 2019, 01:37:18 PM
Two thoughts:


2.  I went to log onto my online bank this morning and they wanted to have me change the security questions and answers.  The drop-down menu of questions for the three challenges consisted of 10 possible questions each, 9 of 10 of which were things that are public record and/or obtainable online (paternal grandfather's middle name, city of birth, city of marriage, etc.)...how secure is that?


Jon

You don't have to answer truthfully,  so we've had numerous pets over the years,  and I've used some of their names for questions  like mothers maiden name...
For place of birth I've used somewhere I've never lived..

swisstrains

"Verified by Visa" was mentioned in an earlier post. Is this system still in use?
I assume "Mastercard Securecode" is/was a similar system although for some reason I haven't been asked to use it for years.

PLD

Quote from: swisstrains on February 09, 2019, 09:30:02 AM
"Verified by Visa" was mentioned in an earlier post. Is this system still in use?
I assume "Mastercard Securecode" is/was a similar system although for some reason I haven't been asked to use it for years.
Yes and Yes...

I was prompted for a VbV authentication a couple of months ago, which was the first time for quite a while. It was when using a hotel booking website HQ'd in another EU country. I think it was the first time I'd used that site since a new Debit card was issued, hence 'whitelisting' expired with the previous card.

Please Support Us!
March Goal: £100.00
Due Date: Mar 31
Total Receipts: £77.34
Below Goal: £22.66
Site Currency: GBP
77% 
March Donations