An article relating to this blog post on Finextra:
Court sides with Halifax in chip card clone case
A UK judge has ruled in favour of high street bank Halifax in the country's first ever phantom withdrawal lawsuit involving a chip card.
The full text of the Job vs Halifax judgement makes for interesting reading. Both claimant and defendant called some well qualified witnesses, from Cambridge University and APACS.
The bank produced a transaction log that it says indicated Job's disputed transactions were handled according to the Chip and PIN process, and did not default to a magnetic strip transaction (which was still possible at the time and obviously much less secure.)
And in the absence of any evidence pointing to some of the other scenarios that could have indicated fraud (e.g. error in the personalisation and card issuing process leading to a duplicate card, or a compromise in the authentication server) the judge found
in favour of Halifax.
But the judge did have a warning for the bank, and this is something that other banks might want to consider. Halifax was criticised for deleting the Authorisation Request Cryptogram (ARQC) records, which could have unequivocally proven the transaction was
correctly authorised Chip and PIN transaction. (Job's team argued that the transaction log was inadequate for this). It is normal practice to delete these after 180 days, but Halifax did so even after the transaction was disputed.