Sagely Response: Target Data Breach
It’s without question that our Western credit card “swipe” vs the European “Chip and Pin” practice is an inferior method to offset credit and identity theft.
And while we all advocate for higher credit and identity security, it is my hope that legislation is set to protect individuals more so than to protect financial institutions. As of now, victims of theft hold few liabilities against fraudulent transactions. A victim is hurt in the form of headaches while reclaiming their financial good standing but is reimbursed for unauthorized transactions.
You see, the Chip and Pin implementation was designed to reduce the liability of banks in cases of claimed card fraud by requiring the customer to prove that they had acted “with reasonable care” to protect their PIN and card, rather than on the bank having to prove that the signature matched.
Before Chip and Pin, if a customer’s signature was forged, the banks were legally liable and had to reimburse the customer.
That was until November of 2009 when such laws protecting consumers from fraudulent use of their Chip and Pin transactions; with banks now using the voluntary Banking Code as guidance on how to settle a dispute. While the Banking Code states that the burden of proof is on the bank to prove negligence or fraud rather than the cardholder having to prove innocence, there has been an increase of banks refusing to reimburse victims of fraudulent card use – claiming that their systems could not fail under the circumstances reported; despite several documented successful large-scale attacks.