don't forget to ask permission...

May. 23rd, 2006 12:12 pm
[identity profile] glowroper.livejournal.com posting in [community profile] davis_square
...to spend your own money, if you bank at Wainwright and use an ATM card to access your hoard. (Disclaimer: I otherwise love Wainwright Bank, as they are not only progressive in policy, but in action.)

My partner and I were in yesterday, because they now need to be alerted IN WRITING that you wish to leave town and use your ATM/debit card. Otherwise they will interpret purchases as attempts at fraud, and deny the transaction. (Yes, this has happened to me. Most embarrassing.)

They say this is to prevent possible theft; I say it is a theft of my privacy. They will be getting a[nother] nasty note from me when I return from the trip I leave on (in about half an hour). I say "another" because the written notification I gave them was so...vivid...that the Davis Square customer service person was going to fax it over to the main office, probably so they could use advanced graphological analysis to see how infuriated I am.

If I wanted to inform the authorities of my whereabouts, and ask permission to spend my own money, I would face the satellite cameras and vote Republican.
Tags:
Flat | Top-Level Comments Only

Date: 2006-05-23 07:34 pm (UTC)
siderea: (Default)
From: [personal profile] siderea
Are you kidding? Most large retailers use card swipes, and allow debit cards.

The reason it was possible for those PINs to be stolen was because of a programmer error. PINs are, of course, not supposed to be stored by the retailer, but apparently they were being erronious cached.

That's exactly the sort of error which gives me the willies because I don't expect programmers to know (or be reliably informed) about the niceties of bank transactions such as "it's OK to cache the CC number, but not the PIN." It is a non-bug error, and as such it's exactly the sort of error I expect, therefore, is both common and undetected until the horses are out of the barn.

So it looks like the use of a PIN doesn't make the card more secure, and may make it harder to convince the bank to give you back your money if someone steals it. I believe that via a credit card company, you're protected by all those nice credit card fraud laws which make you responsible up to $50, but if your bank account gets cleaned out via PIN theft, there is no law protecting you, and (as it was explained to me by a friend whose life savings was stolen through ATM#+PIN theft) it's at the bank's discretion whether they replace the money.

Date: 2006-05-23 07:40 pm (UTC)
From: [personal profile] ron_newman
Seriously, this would never have occurred to me. Did your friend eventually get her money back?

I still worry a lot more about losing my ATM card and having someone using it fraudulently with a fake signature, than about this kind of freak thing.

Date: 2006-05-24 02:31 am (UTC)
From: [identity profile] skate97.livejournal.com
i think, though, that if that happens, you have a better chance of getting your money back. my brother was mugged at roxbury crossing T station a few years ago. they held him at knife point and demanded his pin number, and he had a friend who was mugged in the same way, and they told him that one guy would hold him while another guy checked to make sure it wasn't a phony pin, and if it was fake, they told him they'd kill him. so my brother started to give his real #, noticed a train was coming, and decided to make one up. they followed him onto the train, but he luckily lost them at a crowded stop and took off and found a cop. when he called home, my mom cancelled his bank card right away, and then checked the online banking and found out they had already used the card as a credit card--she called the cops and told them the store they had used it at, and they caught the kids.

Date: 2006-05-24 03:29 pm (UTC)
siderea: (Default)
From: [personal profile] siderea
Yeah, she did.

Date: 2006-05-23 07:53 pm (UTC)
From: [identity profile] androidqueen.livejournal.com
It is a non-bug error,

as a programmer, i can say without a doubt that that *is* a bug. it might be a bug in the specifications, but it is certainly a bug. programmers who work on secure transactions are paid to think about what it means for those transactions to be secure. if they thought it was a good idea to cache PINs, they clearly didn't design the system well.

Date: 2006-05-23 07:59 pm (UTC)
siderea: (Default)
From: [personal profile] siderea
Thank you, I am a programmer as well. And I am using the usage which I am sure you are familiar with of "bug" meaning a program doing something it was not intended to do or failing to do something it was intended to do. My point, which I'm sure you grasp if you actually spend any time working on secure systems, is that there is a difference between an error which is intended behavior and an error which is not, because the first is one which is much less likely to be detected.

Allow me to recommend the ACM's [livejournal.com profile] risks_digest to you.

Date: 2006-05-23 08:10 pm (UTC)
From: [identity profile] androidqueen.livejournal.com
sorry -- i'm just so accustomed to using "bug" to mean behavior which is not correct. :)

but yes, this sort of error is much harder to detect. thanks for the link!
Flat | Top-Level Comments Only

Profile

davis_square: (Default)
The Davis Square Community

January 2026

S M T W T F S
    123
456 78 910
11121314151617
181920212223 24
25262728293031

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Jan. 26th, 2026 12:30 pm
Powered by Dreamwidth Studios