Why the wrong PIN won't always block your card
If you forget your PIN some banks will allow you to bypass the security and make payments anyway. Here are your rights if a fraudster exploits this loophole.
Banks are increasingly waiving their own chip and PIN security requirements for certain transactions according to Telegraph Money.
It’s learned of situations where if the wrong four-digit number is entered over three times, payments are still being allowed with a signature.
While this may sound convenient, it’s a security loophole that fraudsters may exploit.
Security workaround
Generally, if a PIN is entered incorrectly three times your card will be blocked.
But banks appear to have relaxed these rules slightly.
Now instead of aborting the transaction and freezing the card, some are allowing transactions to go through by getting the retailer to obtain a signature.
But a signature is easy to fake and so open to fraud.
Telegraph Money heard from a Barclays customer that entered the wrong PIN three times, but was allowed to sign for a transaction worth £40 at a Sainsbury’s store.
Worryingly, retailers seem to have forgotten the protocol with swipe and sign transactions, with some reportedly not even double checking the back of the card to verify that the signatures match.
The trend seems to coincide with the rise of contactless payments, which has led to more and more people forgetting their PINs as they are used less frequently.
When do banks let this happen?
There are various situations that banks and building societies will allow you to transact without a PIN.
Generally, the chip on your card needs to be set up to request a signature payment when a PIN has been incorrectly entered multiple times.
But the retailer’s card machine also needs to allow payments without a PIN, which will depend on the settings.
However, the payment still has to get authorisation from the bank. So it’s unlikely large payments will go through and you won’t be able to withdraw cash without your PIN.
The Barclays customer was able to put through a transaction worth £40 for groceries, but Barclays told the Telegraph a high-value item like an iPhone would not have been processed.
A Barclays spokesman said: "Our systems closely monitor transaction behaviour where a signature authorisation is requested, to identify and prevent fraud."
Your rights if a fraudster cheats PIN security
Many high street banks confirmed there are situations when a transaction can take place without a PIN.
While this makes our lives more convenient, it’s a worrying loophole in the security we would expect to protect us from fraudulent transactions.
We’ve already seen a rise in contactless card fraud where a criminal with a stolen contactless card is able to make payments up to £30 without a PIN, long after it has been cancelled.
What’s worrying is this PIN security loophole theoretically allows fraudsters to spend more than the £30 contactless limit.
However, if a fraudster manages to use your card without a PIN your bank will usually take liability for the transaction.
John Marsden, a fraud expert at credit checking agency Equifax, said: “By removing the PIN requirement, the bank takes responsibility for all non-PIN transactions. I suspect banks take the decision to allow this based on the conditions of each transaction, and in an effort to ensure the cardholder can continue with their financial transactions.”
Keep on an eye on your credit report to spot signs of fraud
More on PINs and passwords:
Comments
Be the first to comment
Do you want to comment on this article? You need to be signed in for this feature