This type of setup is a real goldmine for any potential pickpocket or mugger, as obtaining a payment card together with the pin number is a free license to withdraw hard money from cash machines and to spend freely in shops in the short term. The flipside is this is all very bad news for the victim, in such instances where payment cards are stolen together with the knowledge of the pin number, most card issuers and banks assume their customer is at fault, and must have written their pin number down and left it in their purse or wallet, and so are liable for any fraud losses. It can be very difficult to obtain refunds against fraudulent transactions losses in this type of scenario, not to mention the trauma of potentially being mugged for your card, remember the card has an instant high cash value if the pin is known, so the thief simply views the card as a wade of £50 notes
I am not saying shops should not screw down Chip & Pin devices to their shop counters. Fixing these devices to counters is actually a security necessity to prevent them from being “swapped out” by credit card fraudsters. Card fraudsters have been known to swap Chip & Pin machines when out of the sight of the cashier, then introduce a new identical looking and perfectly working device in it’s place. However the introduced device has been electronically modified by the card fraudsters to record each customer card details together with their pin number. After a few hours or even days, the criminals return and swap out their device and download all credit card details together with the pin numbers, and you know the rest.
So it is important for card security to attach payment entry devices to shops counters, and this is my main point with this post, merchants need to understand these payment devices are meant for their customer usage, not their own staff usage, so must present the pin entry devices on the customer side of the counter, so allowing the customer to put in their own card and enter their pin number without being overlooked by anyone.
Further there is really no excuse to not have pin protectors installed, especially as they don’t cost much. Merchants choosing to accept card payments do have a duty of care to protect their customers from card fraud, there is even an official security standards which they must follow called PCI-DSS.
Chip & Pin (PED) with Pin Protector
While on this subject, I was at a popular catalogue shop outlet in Chorley a few months back, they too had fixed their Chip and Pin devices to the counter, but this time they had a CCTV camera aimed at the shop counter and their payment devices from a high angle. In their wisdom they had positioned a screen to display the CCTV images, so allowing everyone in the store to view people’s pin numbers as they typed them in. So it is important for high street merchants to position CCTV correctly within their card payment environments, and consider whether it is really a good idea to show the CCTV output to general public.
What can we do as consumers? Always keep possesion of your card at all times, avoid handing it over, even to cashiers and especially waiters. Always shield your pin number entry with your spare hand as you type as in the above picture.