Blog article
See all stories ยป

An article relating to this blog post on Finextra:

Court sides with Halifax in chip card clone case

A UK judge has ruled in favour of high street bank Halifax in the country's first ever phantom withdrawal lawsuit involving a chip card.


See article

Judge warns bank on record retention

The full text of the Job vs Halifax judgement makes for interesting reading. Both claimant and defendant called some well qualified witnesses, from Cambridge University and APACS.

The bank produced a transaction log that it says indicated Job's disputed transactions were handled according to the Chip and PIN process, and did not default to a magnetic strip transaction (which was still possible at the time and obviously much less secure.) And in the absence of any evidence pointing to some of the other scenarios that could have indicated fraud (e.g. error in the personalisation and card issuing process leading to a duplicate card, or a compromise in the authentication server) the judge found in favour of Halifax.

But the judge did have a warning for the bank, and this is something that other banks might want to consider. Halifax was criticised for deleting the Authorisation Request Cryptogram (ARQC) records, which could have unequivocally proven the transaction was correctly authorised Chip and PIN transaction. (Job's team argued that the transaction log was inadequate for this). It is normal practice to delete these after 180 days, but Halifax did so even after the transaction was disputed.

5717

Comments: (0)

Elton Cane

Elton Cane

Digital product delivery

News Corp Australia

Member since

16 Feb 2007

Location

Brisbane

Blog posts

116

Comments

54

More from Elton

This post is from a series of posts in the group:

Transaction Fraud Systems and Analysis

A community for discussion of Transaction Fraud systems and anlaytical techniques for bank card and financial services organisations.


See all