For Finextra's free daily newsletter, breaking news and flashes and weekly job board.
An article relating to this blog post on Finextra:
A UK judge has ruled in favour of high street bank Halifax in the country's first ever phantom withdrawal lawsuit involving a chip card.
04 Jun 2009
The full text of the Job vs Halifax judgement makes for interesting reading. Both claimant and defendant called some well qualified witnesses, from Cambridge University and APACS.
The bank produced a transaction log that it says indicated Job's disputed transactions were handled according to the Chip and PIN process, and did not default to a magnetic strip transaction (which was still possible at the time and obviously much less secure.)
And in the absence of any evidence pointing to some of the other scenarios that could have indicated fraud (e.g. error in the personalisation and card issuing process leading to a duplicate card, or a compromise in the authentication server) the judge found
in favour of Halifax.
But the judge did have a warning for the bank, and this is something that other banks might want to consider. Halifax was criticised for deleting the Authorisation Request Cryptogram (ARQC) records, which could have unequivocally proven the transaction was
correctly authorised Chip and PIN transaction. (Job's team argued that the transaction log was inadequate for this). It is normal practice to delete these after 180 days, but Halifax did so even after the transaction was disputed.
Digital product delivery
News Corp Australia
16 Feb 2007
This post is from a series of posts in the group:
A community for discussion of Transaction Fraud systems and anlaytical techniques for bank card and financial services organisations.