Why the wrong PIN won't always block your card

If you forget your PIN some banks will allow you to bypass the security and make payments anyway. Here are your rights if a fraudster exploits this loophole.

Banks are increasingly waiving their own chip and PIN security requirements for certain transactions according to Telegraph Money.

It’s learned of situations where if the wrong four-digit number is entered over three times, payments are still being allowed with a signature.

While this may sound convenient, it’s a security loophole that fraudsters may exploit.  

Security workaround

Generally, if a PIN is entered incorrectly three times your card will be blocked.

But banks appear to have relaxed these rules slightly.

Now instead of aborting the transaction and freezing the card, some are allowing transactions to go through by getting the retailer to obtain a signature.

But a signature is easy to fake and so open to fraud.

Telegraph Money heard from a Barclays customer that entered the wrong PIN three times, but was allowed to sign for a transaction worth £40 at a Sainsbury’s store.

Worryingly, retailers seem to have forgotten the protocol with swipe and sign transactions, with some reportedly not even double checking the back of the card to verify that the signatures match.

The trend seems to coincide with the rise of contactless payments, which has led to more and more people forgetting their PINs as they are used less frequently.

When do banks let this happen?

There are various situations that banks and building societies will allow you to transact without a PIN.

Generally, the chip on your card needs to be set up to request a signature payment when a PIN has been incorrectly entered multiple times.

But the retailer’s card machine also needs to allow payments without a PIN, which will depend on the settings.

However, the payment still has to get authorisation from the bank. So it’s unlikely large payments will go through and you won’t be able to withdraw cash without your PIN.

The Barclays customer was able to put through a transaction worth £40 for groceries, but Barclays told the Telegraph a high-value item like an iPhone would not have been processed.

A Barclays spokesman said: "Our systems closely monitor transaction behaviour where a signature authorisation is requested, to identify and prevent fraud." 

Your rights if a fraudster cheats PIN security

Many high street banks confirmed there are situations when a transaction can take place without a PIN.

While this makes our lives more convenient, it’s a worrying loophole in the security we would expect to protect us from fraudulent transactions.

We’ve already seen a rise in contactless card fraud where a criminal with a stolen contactless card is able to make payments up to £30 without a PIN, long after it has been cancelled.

What’s worrying is this  PIN security loophole theoretically allows fraudsters to spend more than the £30 contactless limit.

However, if a fraudster manages to use your card without a PIN your bank will usually take liability for the transaction.

John Marsden, a fraud expert at credit checking agency Equifax, said: “By removing the PIN requirement, the bank takes responsibility for all non-PIN transactions. I suspect banks take the decision to allow this based on the conditions of each transaction, and in an effort to ensure the cardholder can continue with their financial transactions.”

Keep on an eye on your credit report to spot signs of fraud

More on PINs and passwords:

How to protect your PINs and passwords

Online banking security: the best and worst banks

Comments


Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.