Chris <ithinkiam@gmail.com> wrote:
> Frank Slootweg <this@ddress.is.invalid> wrote:
> > Chris <ithinkiam@gmail.com> wrote:
> >> R.Wieser <address@is.invalid> wrote:
> >>> Chris,

[...]

> >>>>> Lol ? So anyone who finds a lost card can just pay with it ?
> >>>>> Fantastic. :-(
> >>>>
> >>>> That's always been true.
> >>>
> >>> Nope. At least not here.
> >>
> >> Of course it has. In the old days ppl would forge signatures from the back
> >> of cards, or used them over the phone (just like you gave an example) and
> >> now you can just tap to pay up to £100.
> >>
> >>> And you could have known that, as I just
> >>> described that we have a (four digit) "password" here that we are not
> >>> supposed to share with anyone. You even quoted i.
> >>>
> >>>> Nowadays it's easy to block a lost card.
> >>>
> >>> Do read up on which part of the loss due to losing a card wil be absorbed by
> >>> the bank, and which part of it will be yours. You might be surprised to
> >>> find that any money that went gone before you called the bank is your
> >>> problem. So, keep checking that you stil have that card on you, otherwise
> >>> you could be in for a sad surprise.
> >>
> >> Unlikely.
> >>
> >>>>> No, the "bank code" here is something that isn't on the card and is
> >>>>> regarded the users "password", to be guearded with its life.
> >>>>
> >>>> No idea what that is.
> >>>
> >>> You have no idea what a password is or what its used for ? How quaint
> >>> ....
> >>
> >> The "bank code". Cards don't have passwords.
> >>
> >>> The bottom line is that here you can find someones bank card, but without
> >>> its password its useless to you.
> >
> > You're obviously talking about credit cards, but, without saying so,
> > he's talking about debit cards. Debit cards - at least 'here' (NL) - do
> > have a (4-digit) PIN code. His use of "password" (with and without
> > quotes) and "bank code" (in quotes) is just confusing things, because
> > everybody knows what a PIN code is, so he should just have used the
> > correct term and there wouldn't have been any - or at least less -
> > confusion.
> >
> > Without the PIN code, the debit card is useless, so therefor he
> > implied - with another illconceived 'joke' - someone who finds a lost
> > debit card (or steals a debit card) cannot do anything with it. (Unless
> > it's set up for contactless payments, in which case there normally is a
> > low - 50 Euro or so - maximum risk. When the limit is reached, the PIN
> > code is again required.)
>
> Credit/debit card doesn't matter. To the merchant they work the same so are
> prone to the same risks.
>
> They both have CVVs which are never stored and have contactless
> capabilities that can be used to pay for things without the owner's
> knowledge if stolen.

Perhaps I'm not using the correct term, but our debit cards - cards
directly associated with one's bank account - do not have a CVC and are
much, much less risky - basically riskless - compared to a credit card.
If you find/steal a credit card, you can do quite a lot with it (until
it's blocked).

Probably it's clear what I mean, by describing the logo on the card.
Our debit cards carry a Maestro ('meastro') logo, not a Mastercard or
Visa logo.

This Wikipedia seems to indicate that you don't have such cards in the
UK. If so, that may explain the confusion.

'Maestro (debit card)'
<https://en.wikipedia.org/wiki/Maestro_(debit_card)>

Frank Slootweg <this@ddress.is.invalid> wrote:
> Chris <ithinkiam@gmail.com> wrote:
>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>> Chris <ithinkiam@gmail.com> wrote:
>>>> R.Wieser <address@is.invalid> wrote:
>>>>> Chris,
>
> [...]
>
>>>>>>> Lol ? So anyone who finds a lost card can just pay with it ?
>>>>>>> Fantastic. :-(
>>>>>>
>>>>>> That's always been true.
>>>>>
>>>>> Nope. At least not here.
>>>>
>>>> Of course it has. In the old days ppl would forge signatures from the back
>>>> of cards, or used them over the phone (just like you gave an example) and
>>>> now you can just tap to pay up to £100.
>>>>
>>>>> And you could have known that, as I just
>>>>> described that we have a (four digit) "password" here that we are not
>>>>> supposed to share with anyone. You even quoted i.
>>>>>
>>>>>> Nowadays it's easy to block a lost card.
>>>>>
>>>>> Do read up on which part of the loss due to losing a card wil be absorbed by
>>>>> the bank, and which part of it will be yours. You might be surprised to
>>>>> find that any money that went gone before you called the bank is your
>>>>> problem. So, keep checking that you stil have that card on you, otherwise
>>>>> you could be in for a sad surprise.
>>>>
>>>> Unlikely.
>>>>
>>>>>>> No, the "bank code" here is something that isn't on the card and is
>>>>>>> regarded the users "password", to be guearded with its life.
>>>>>>
>>>>>> No idea what that is.
>>>>>
>>>>> You have no idea what a password is or what its used for ? How quaint
>>>>> ....
>>>>
>>>> The "bank code". Cards don't have passwords.
>>>>
>>>>> The bottom line is that here you can find someones bank card, but without
>>>>> its password its useless to you.
>>>
>>> You're obviously talking about credit cards, but, without saying so,
>>> he's talking about debit cards. Debit cards - at least 'here' (NL) - do
>>> have a (4-digit) PIN code. His use of "password" (with and without
>>> quotes) and "bank code" (in quotes) is just confusing things, because
>>> everybody knows what a PIN code is, so he should just have used the
>>> correct term and there wouldn't have been any - or at least less -
>>> confusion.
>>>
>>> Without the PIN code, the debit card is useless, so therefor he
>>> implied - with another illconceived 'joke' - someone who finds a lost
>>> debit card (or steals a debit card) cannot do anything with it. (Unless
>>> it's set up for contactless payments, in which case there normally is a
>>> low - 50 Euro or so - maximum risk. When the limit is reached, the PIN
>>> code is again required.)
>>
>> Credit/debit card doesn't matter. To the merchant they work the same so are
>> prone to the same risks.
>>
>> They both have CVVs which are never stored and have contactless
>> capabilities that can be used to pay for things without the owner's
>> knowledge if stolen.
>
> Perhaps I'm not using the correct term, but our debit cards - cards
> directly associated with one's bank account

That's the same here.

> - do not have a CVC

If there's no CVV how do you use your debit cards for online/phone
transactions?

> and are
> much, much less risky - basically riskless - compared to a credit card.

Credit cards are less risky because no money leaves your bank account. If a
there's a fraudulent transaction it's easy to cancel.

> If you find/steal a credit card, you can do quite a lot with it (until
> it's blocked).

No more than a debit card, but it's far easier to get transactions
reversed.

> Probably it's clear what I mean, by describing the logo on the card.
> Our debit cards carry a Maestro ('meastro') logo,

We used to have those too. They were phased out here a few years ago.
Maestro is owned by Mastercard.

> not a Mastercard or
> Visa logo.

Visa/Mastercard both do debit cards also.

> This Wikipedia seems to indicate that you don't have such cards in the
> UK. If so, that may explain the confusion.
>
> 'Maestro (debit card)'
> <https://en.wikipedia.org/wiki/Maestro_(debit_card)>

The article says Maestro was phased out this summer. If you still have
Maestro they will be replaced soon.

Chris <ithinkiam@gmail.com> wrote:
> Frank Slootweg <this@ddress.is.invalid> wrote:
> > Chris <ithinkiam@gmail.com> wrote:
> >> Frank Slootweg <this@ddress.is.invalid> wrote:
> >>> Chris <ithinkiam@gmail.com> wrote:
> >>>> R.Wieser <address@is.invalid> wrote:
> >>>>> Chris,
> >
> > [...]
> >
> >>>>>>> Lol ? So anyone who finds a lost card can just pay with it ?
> >>>>>>> Fantastic. :-(
> >>>>>>
> >>>>>> That's always been true.
> >>>>>
> >>>>> Nope. At least not here.
> >>>>
> >>>> Of course it has. In the old days ppl would forge signatures from
> >>>> the back of cards, or used them over the phone (just like you
> >>>> gave an example) and now you can just tap to pay up to £100.
> >>>>
> >>>>> And you could have known that, as I just
> >>>>> described that we have a (four digit) "password" here that we are not
> >>>>> supposed to share with anyone. You even quoted i.
> >>>>>
> >>>>>> Nowadays it's easy to block a lost card.
> >>>>>
> >>>>> Do read up on which part of the loss due to losing a card wil be
> >>>>> absorbed by the bank, and which part of it will be yours. You
> >>>>> might be surprised to find that any money that went gone before
> >>>>> you called the bank is your problem. So, keep checking that
> >>>>> you stil have that card on you, otherwise you could be in for a
> >>>>> sad surprise.
> >>>>
> >>>> Unlikely.
> >>>>
> >>>>>>> No, the "bank code" here is something that isn't on the card and is
> >>>>>>> regarded the users "password", to be guearded with its life.
> >>>>>>
> >>>>>> No idea what that is.
> >>>>>
> >>>>> You have no idea what a password is or what its used for ? How quaint
> >>>>> ....
> >>>>
> >>>> The "bank code". Cards don't have passwords.
> >>>>
> >>>>> The bottom line is that here you can find someones bank card,
> >>>>> but without its password its useless to you.
> >>>
> >>> You're obviously talking about credit cards, but, without saying so,
> >>> he's talking about debit cards. Debit cards - at least 'here' (NL) - do
> >>> have a (4-digit) PIN code. His use of "password" (with and without
> >>> quotes) and "bank code" (in quotes) is just confusing things, because
> >>> everybody knows what a PIN code is, so he should just have used the
> >>> correct term and there wouldn't have been any - or at least less -
> >>> confusion.
> >>>
> >>> Without the PIN code, the debit card is useless, so therefor he
> >>> implied - with another illconceived 'joke' - someone who finds a lost
> >>> debit card (or steals a debit card) cannot do anything with it. (Unless
> >>> it's set up for contactless payments, in which case there normally is a
> >>> low - 50 Euro or so - maximum risk. When the limit is reached, the PIN
> >>> code is again required.)
> >>
> >> Credit/debit card doesn't matter. To the merchant they work the same so are
> >> prone to the same risks.
> >>
> >> They both have CVVs which are never stored and have contactless
> >> capabilities that can be used to pay for things without the owner's
> >> knowledge if stolen.
> >
> > Perhaps I'm not using the correct term, but our debit cards - cards
> > directly associated with one's bank account
>
> That's the same here.
>
> > - do not have a CVC
>
> If there's no CVV how do you use your debit cards for online/phone
> transactions?

You can 'only' use them for online transactions with websites which
accept the payment system, which is all companies which do business
here. The (online) payment system is called 'iDEAL':

'iDEAL'
<https://en.wikipedia.org/wiki/IDEAL>

Apparently the system is quite unique and planned to be a European
standard. From 'References' 2. of the Wikipedia article:

'Dutch payment processor iDeal to become European standard'
(25 April 2023)
<https://nltimes.nl/2023/04/25/dutch-payment-processor-ideal-become-european-standard>

BTW, the debit card is the same card as used to pay in shops,
restaurants, etc., etc., get money from an ATM, etc..

> > and are
> > much, much less risky - basically riskless - compared to a credit card.
>
> Credit cards are less risky because no money leaves your bank account. If a
> there's a fraudulent transaction it's easy to cancel.

Yes, but you have to 'prove' that the transaction is fraudulent. With
our debit card there can't be a transaction without the PIN.

But of course both credit cards and (our) debit cards have advantages
and disadvantages.

In our country, if (our) debit card can be used, it's often the
preferred option, lower fees (for the merchant (and hence for the
customer)) and less risk.

Credit cards are much less used, except by 'posh' people or/and in
'posh' shops. Of course you can use a credit card in most - if not all -
places, but you don't have to.

Unless I go to another country, I leave my credit card at home and
only use it for things like booking accomodation in non-EU countries,
etc.. Months go by without any charges on our credit cards. Different
strokes for different folks.

> > If you find/steal a credit card, you can do quite a lot with it (until
> > it's blocked).
>
> No more than a debit card, but it's far easier to get transactions
> reversed.

See above, not for *our* debit cards.

> > Probably it's clear what I mean, by describing the logo on the card.
> > Our debit cards carry a Maestro ('meastro') logo,
>
> We used to have those too. They were phased out here a few years ago.
> Maestro is owned by Mastercard.
>
> > not a Mastercard or
> > Visa logo.
>
> Visa/Mastercard both do debit cards also.
>
> > This Wikipedia seems to indicate that you don't have such cards in the
> > UK. If so, that may explain the confusion.
> >
> > 'Maestro (debit card)'
> > <https://en.wikipedia.org/wiki/Maestro_(debit_card)>
>
> The article says Maestro was phased out this summer. If you still have
> Maestro they will be replaced soon.

Interesting! Thanks! I haven't heard about this before. We'll see when
they will be replaced (could be up to 4 years for my wife's). I wonder
if it'll carry a CVC on the card, because that would make our current
security/safety go down the drain.

The referenced Mastercard article says/implies that the new/
replacement cards will only have "a lot more capabilities to make your
shopping and travel experience seamless". We'll see.

'Blog from Valerie Nowak: Why this Maestro is retiring after 30 years'
<https://www.mastercard.com/news/europe/en/perspectives/en/2021/blog-from-valerie-nowak-why-this-maestro-is-retiring-after-30-years/>

Frank Slootweg <this@ddress.is.invalid> wrote:
> Chris <ithinkiam@gmail.com> wrote:
>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>> Chris <ithinkiam@gmail.com> wrote:
>>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>>> R.Wieser <address@is.invalid> wrote:
>>>>>>> Chris,
>>>
>>> [...]
>>>
>>>>>>>>> Lol ? So anyone who finds a lost card can just pay with it ?
>>>>>>>>> Fantastic. :-(
>>>>>>>>
>>>>>>>> That's always been true.
>>>>>>>
>>>>>>> Nope. At least not here.
>>>>>>
>>>>>> Of course it has. In the old days ppl would forge signatures from
>>>>>> the back of cards, or used them over the phone (just like you
>>>>>> gave an example) and now you can just tap to pay up to £100.
>>>>>>
>>>>>>> And you could have known that, as I just
>>>>>>> described that we have a (four digit) "password" here that we are not
>>>>>>> supposed to share with anyone. You even quoted i.
>>>>>>>
>>>>>>>> Nowadays it's easy to block a lost card.
>>>>>>>
>>>>>>> Do read up on which part of the loss due to losing a card wil be
>>>>>>> absorbed by the bank, and which part of it will be yours. You
>>>>>>> might be surprised to find that any money that went gone before
>>>>>>> you called the bank is your problem. So, keep checking that
>>>>>>> you stil have that card on you, otherwise you could be in for a
>>>>>>> sad surprise.
>>>>>>
>>>>>> Unlikely.
>>>>>>
>>>>>>>>> No, the "bank code" here is something that isn't on the card and is
>>>>>>>>> regarded the users "password", to be guearded with its life.
>>>>>>>>
>>>>>>>> No idea what that is.
>>>>>>>
>>>>>>> You have no idea what a password is or what its used for ? How quaint
>>>>>>> ....
>>>>>>
>>>>>> The "bank code". Cards don't have passwords.
>>>>>>
>>>>>>> The bottom line is that here you can find someones bank card,
>>>>>>> but without its password its useless to you.
>>>>>
>>>>> You're obviously talking about credit cards, but, without saying so,
>>>>> he's talking about debit cards. Debit cards - at least 'here' (NL) - do
>>>>> have a (4-digit) PIN code. His use of "password" (with and without
>>>>> quotes) and "bank code" (in quotes) is just confusing things, because
>>>>> everybody knows what a PIN code is, so he should just have used the
>>>>> correct term and there wouldn't have been any - or at least less -
>>>>> confusion.
>>>>>
>>>>> Without the PIN code, the debit card is useless, so therefor he
>>>>> implied - with another illconceived 'joke' - someone who finds a lost
>>>>> debit card (or steals a debit card) cannot do anything with it. (Unless
>>>>> it's set up for contactless payments, in which case there normally is a
>>>>> low - 50 Euro or so - maximum risk. When the limit is reached, the PIN
>>>>> code is again required.)
>>>>
>>>> Credit/debit card doesn't matter. To the merchant they work the same so are
>>>> prone to the same risks.
>>>>
>>>> They both have CVVs which are never stored and have contactless
>>>> capabilities that can be used to pay for things without the owner's
>>>> knowledge if stolen.
>>>
>>> Perhaps I'm not using the correct term, but our debit cards - cards
>>> directly associated with one's bank account
>>
>> That's the same here.
>>
>>> - do not have a CVC
>>
>> If there's no CVV how do you use your debit cards for online/phone
>> transactions?
>
> You can 'only' use them for online transactions with websites which
> accept the payment system, which is all companies which do business
> here. The (online) payment system is called 'iDEAL':
>
> 'iDEAL'
> <https://en.wikipedia.org/wiki/IDEAL>
>
> Apparently the system is quite unique and planned to be a European
> standard.

Nice. The person to person functionality is the one thing that's currently
missing. I wonder if it'll come to the UK?

> From 'References' 2. of the Wikipedia article:
>
> 'Dutch payment processor iDeal to become European standard'
> (25 April 2023)
> <https://nltimes.nl/2023/04/25/dutch-payment-processor-ideal-become-european-standard>
>
> BTW, the debit card is the same card as used to pay in shops,
> restaurants, etc., etc., get money from an ATM, etc..

Yep. Same.

>>> and are
>>> much, much less risky - basically riskless - compared to a credit card.
>>
>> Credit cards are less risky because no money leaves your bank account. If a
>> there's a fraudulent transaction it's easy to cancel.
>
> Yes, but you have to 'prove' that the transaction is fraudulent.

Not really. You ring them up challenge the transaction and they remove it.
It's only happened once to me, but it was that easy.

> With
> our debit card there can't be a transaction without the PIN.

Don't your credit cards have PINs?

> But of course both credit cards and (our) debit cards have advantages
> and disadvantages.
>
> In our country, if (our) debit card can be used, it's often the
> preferred option, lower fees (for the merchant (and hence for the
> customer)) and less risk.
>
> Credit cards are much less used, except by 'posh' people or/and in
> 'posh' shops. Of course you can use a credit card in most - if not all -
> places, but you don't have to.

Credit/debit cards are functionally identical here. The advantage of credit
cards is that you can get a small percentage as cashback and there's
additional consumer protections when buying things over £100. Downside is
not everyone can get them.

[snip]
>>
>> The article says Maestro was phased out this summer. If you still have
>> Maestro they will be replaced soon.
>
> Interesting! Thanks! I haven't heard about this before. We'll see when
> they will be replaced (could be up to 4 years for my wife's).

Might be sooner if they're unsupported.

> I wonder
> if it'll carry a CVC on the card, because that would make our current
> security/safety go down the drain.

Why? CVV adds security.

> The referenced Mastercard article says/implies that the new/
> replacement cards will only have "a lot more capabilities to make your
> shopping and travel experience seamless". We'll see.
>
> 'Blog from Valerie Nowak: Why this Maestro is retiring after 30 years'
> <https://www.mastercard.com/news/europe/en/perspectives/en/2021/blog-from-valerie-nowak-why-this-maestro-is-retiring-after-30-years/>
>

Chris <ithinkiam@gmail.com> wrote:
> Frank Slootweg <this@ddress.is.invalid> wrote:
> > Chris <ithinkiam@gmail.com> wrote:
> >> Frank Slootweg <this@ddress.is.invalid> wrote:
> >>> Chris <ithinkiam@gmail.com> wrote:
> >>>> Frank Slootweg <this@ddress.is.invalid> wrote:
> >>>>> Chris <ithinkiam@gmail.com> wrote:
> >>>>>> R.Wieser <address@is.invalid> wrote:
> >>>>>>> Chris,
> >>>
> >>> [...]
[...]
> >>>>> You're obviously talking about credit cards, but, without saying so,
> >>>>> he's talking about debit cards. Debit cards - at least 'here' (NL) - do
> >>>>> have a (4-digit) PIN code. His use of "password" (with and without
> >>>>> quotes) and "bank code" (in quotes) is just confusing things, because
> >>>>> everybody knows what a PIN code is, so he should just have used the
> >>>>> correct term and there wouldn't have been any - or at least less -
> >>>>> confusion.
> >>>>>
> >>>>> Without the PIN code, the debit card is useless, so therefor he
> >>>>> implied - with another illconceived 'joke' - someone who finds a lost
> >>>>> debit card (or steals a debit card) cannot do anything with it. (Unless
> >>>>> it's set up for contactless payments, in which case there normally is a
> >>>>> low - 50 Euro or so - maximum risk. When the limit is reached, the PIN
> >>>>> code is again required.)
> >>>>
> >>>> Credit/debit card doesn't matter. To the merchant they work the
> >>>> same so are prone to the same risks.
> >>>>
> >>>> They both have CVVs which are never stored and have contactless
> >>>> capabilities that can be used to pay for things without the owner's
> >>>> knowledge if stolen.
> >>>
> >>> Perhaps I'm not using the correct term, but our debit cards - cards
> >>> directly associated with one's bank account
> >>
> >> That's the same here.
> >>
> >>> - do not have a CVC
> >>
> >> If there's no CVV how do you use your debit cards for online/phone
> >> transactions?
> >
> > You can 'only' use them for online transactions with websites which
> > accept the payment system, which is all companies which do business
> > here. The (online) payment system is called 'iDEAL':
> >
> > 'iDEAL'
> > <https://en.wikipedia.org/wiki/IDEAL>
> >
> > Apparently the system is quite unique and planned to be a European
> > standard.
>
> Nice. The person to person functionality is the one thing that's currently
> missing. I wonder if it'll come to the UK?
>
> > From 'References' 2. of the Wikipedia article:
> >
> > 'Dutch payment processor iDeal to become European standard'
> > (25 April 2023)
> > <https://nltimes.nl/2023/04/25/dutch-payment-processor-ideal-become-european-standard>
> >
> > BTW, the debit card is the same card as used to pay in shops,
> > restaurants, etc., etc., get money from an ATM, etc..
>
> Yep. Same.
>
> >>> and are
> >>> much, much less risky - basically riskless - compared to a credit card.
> >>
> >> Credit cards are less risky because no money leaves your bank account. If a
> >> there's a fraudulent transaction it's easy to cancel.
> >
> > Yes, but you have to 'prove' that the transaction is fraudulent.
>
> Not really. You ring them up challenge the transaction and they remove it.
> It's only happened once to me, but it was that easy.
>
> > With
> > our debit card there can't be a transaction without the PIN.
>
> Don't your credit cards have PINs?

Yes, they do, but the point is that a bad actor - someone who has
stolen/found the card - can use the credit card for many purposes,
including online transactions, *without* having/knowing the PIN code. In
many situations, the PIN code is not needed.

With our debit card, the PIN code is always required (except for the
mentioned contactless payments upto a total of 50 Euro).

So a stolen/found credit card can be abused. Our debit card can not be
abused if stolen/found.

> > But of course both credit cards and (our) debit cards have advantages
> > and disadvantages.
> >
> > In our country, if (our) debit card can be used, it's often the
> > preferred option, lower fees (for the merchant (and hence for the
> > customer)) and less risk.
> >
> > Credit cards are much less used, except by 'posh' people or/and in
> > 'posh' shops. Of course you can use a credit card in most - if not all -
> > places, but you don't have to.
>
> Credit/debit cards are functionally identical here. The advantage of credit
> cards is that you can get a small percentage as cashback and there's
> additional consumer protections when buying things over £100. Downside is
> not everyone can get them.
>
> [snip]
> >>
> >> The article says Maestro was phased out this summer. If you still have
> >> Maestro they will be replaced soon.
> >
> > Interesting! Thanks! I haven't heard about this before. We'll see when
> > they will be replaced (could be up to 4 years for my wife's).
>
> Might be sooner if they're unsupported.

I did a search on the site of one of our banks. No information (to be
found)! Strange, but we'll see. We always have our credit cards as a
backup! :-)

> > I wonder
> > if it'll carry a CVC on the card, because that would make our current
> > security/safety go down the drain.
>
> Why? CVV adds security.

No, as I described, a credit card can be abused if lost/found. If
there's a CVC printed *on* the card, which is the case for our credit
cards, it's *less* safe, because then it can also be abused in cases
where the CVC code is required.

For a debit cards it would be even worse, because - as you say - for a
credit card a fraudulent transaction can relatively easily be reversed,
but not for 'your type' of debit card.

Let me turn the situation around: Does your type of debit cards have a
CVC printed *on* the card? If so, what's preventing someone who
stole/found the card to pay with that card? And if (s)he can pay with
the card, how can you reverse the transaction?

> > The referenced Mastercard article says/implies that the new/
> > replacement cards will only have "a lot more capabilities to make your
> > shopping and travel experience seamless". We'll see.
> >
> > 'Blog from Valerie Nowak: Why this Maestro is retiring after 30 years'
> > <https://www.mastercard.com/news/europe/en/perspectives/en/2021/blog-from-valerie-nowak-why-this-maestro-is-retiring-after-30-years/>

Frank Slootweg <this@ddress.is.invalid> wrote:
> Chris <ithinkiam@gmail.com> wrote:
>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>> Chris <ithinkiam@gmail.com> wrote:
>>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>>>>> R.Wieser <address@is.invalid> wrote:
>>>>>>>>> Chris,
>>>>>
>>>>> [...]
> [...]
>>>>>>> You're obviously talking about credit cards, but, without saying so,
>>>>>>> he's talking about debit cards. Debit cards - at least 'here' (NL) - do
>>>>>>> have a (4-digit) PIN code. His use of "password" (with and without
>>>>>>> quotes) and "bank code" (in quotes) is just confusing things, because
>>>>>>> everybody knows what a PIN code is, so he should just have used the
>>>>>>> correct term and there wouldn't have been any - or at least less -
>>>>>>> confusion.
>>>>>>>
>>>>>>> Without the PIN code, the debit card is useless, so therefor he
>>>>>>> implied - with another illconceived 'joke' - someone who finds a lost
>>>>>>> debit card (or steals a debit card) cannot do anything with it. (Unless
>>>>>>> it's set up for contactless payments, in which case there normally is a
>>>>>>> low - 50 Euro or so - maximum risk. When the limit is reached, the PIN
>>>>>>> code is again required.)
>>>>>>
>>>>>> Credit/debit card doesn't matter. To the merchant they work the
>>>>>> same so are prone to the same risks.
>>>>>>
>>>>>> They both have CVVs which are never stored and have contactless
>>>>>> capabilities that can be used to pay for things without the owner's
>>>>>> knowledge if stolen.
>>>>>
>>>>> Perhaps I'm not using the correct term, but our debit cards - cards
>>>>> directly associated with one's bank account
>>>>
>>>> That's the same here.
>>>>
>>>>> - do not have a CVC
>>>>
>>>> If there's no CVV how do you use your debit cards for online/phone
>>>> transactions?
>>>
>>> You can 'only' use them for online transactions with websites which
>>> accept the payment system, which is all companies which do business
>>> here. The (online) payment system is called 'iDEAL':
>>>
>>> 'iDEAL'
>>> <https://en.wikipedia.org/wiki/IDEAL>
>>>
>>> Apparently the system is quite unique and planned to be a European
>>> standard.
>>
>> Nice. The person to person functionality is the one thing that's currently
>> missing. I wonder if it'll come to the UK?
>>
>>> From 'References' 2. of the Wikipedia article:
>>>
>>> 'Dutch payment processor iDeal to become European standard'
>>> (25 April 2023)
>>> <https://nltimes.nl/2023/04/25/dutch-payment-processor-ideal-become-european-standard>
>>>
>>> BTW, the debit card is the same card as used to pay in shops,
>>> restaurants, etc., etc., get money from an ATM, etc..
>>
>> Yep. Same.
>>
>>>>> and are
>>>>> much, much less risky - basically riskless - compared to a credit card.
>>>>
>>>> Credit cards are less risky because no money leaves your bank account. If a
>>>> there's a fraudulent transaction it's easy to cancel.
>>>
>>> Yes, but you have to 'prove' that the transaction is fraudulent.
>>
>> Not really. You ring them up challenge the transaction and they remove it.
>> It's only happened once to me, but it was that easy.
>>
>>> With
>>> our debit card there can't be a transaction without the PIN.
>>
>> Don't your credit cards have PINs?
>
> Yes, they do, but the point is that a bad actor - someone who has
> stolen/found the card - can use the credit card for many purposes,
> including online transactions, *without* having/knowing the PIN code. In
> many situations, the PIN code is not needed.

Not sure what you mean by many purposes? All online transactions also
require the cardholder's address and for larger/random transactions 2FA.

> With our debit card, the PIN code is always required (except for the
> mentioned contactless payments upto a total of 50 Euro).
>
> So a stolen/found credit card can be abused. Our debit card can not be
> abused if stolen/found.

Several 50€ transactions can be annoying, although I get your point that a
NL debit card only be used in-person which limits the scope for fraud.

>>> But of course both credit cards and (our) debit cards have advantages
>>> and disadvantages.
>>>
>>> In our country, if (our) debit card can be used, it's often the
>>> preferred option, lower fees (for the merchant (and hence for the
>>> customer)) and less risk.
>>>
>>> Credit cards are much less used, except by 'posh' people or/and in
>>> 'posh' shops. Of course you can use a credit card in most - if not all -
>>> places, but you don't have to.
>>
>> Credit/debit cards are functionally identical here. The advantage of credit
>> cards is that you can get a small percentage as cashback and there's
>> additional consumer protections when buying things over £100. Downside is
>> not everyone can get them.
>>
>> [snip]
>>>>
>>>> The article says Maestro was phased out this summer. If you still have
>>>> Maestro they will be replaced soon.
>>>
>>> Interesting! Thanks! I haven't heard about this before. We'll see when
>>> they will be replaced (could be up to 4 years for my wife's).
>>
>> Might be sooner if they're unsupported.
>
> I did a search on the site of one of our banks. No information (to be
> found)! Strange, but we'll see. We always have our credit cards as a
> backup! :-)
>
>>> I wonder
>>> if it'll carry a CVC on the card, because that would make our current
>>> security/safety go down the drain.
>>
>> Why? CVV adds security.
>
> No, as I described, a credit card can be abused if lost/found. If
> there's a CVC printed *on* the card, which is the case for our credit
> cards, it's *less* safe, because then it can also be abused in cases
> where the CVC code is required.
>
> For a debit cards it would be even worse, because - as you say - for a
> credit card a fraudulent transaction can relatively easily be reversed,
> but not for 'your type' of debit card.
>
> Let me turn the situation around: Does your type of debit cards have a
> CVC printed *on* the card?

Yes.

> If so, what's preventing someone who
> stole/found the card to pay with that card?

Online; same controls as for a credit card transaction.

Offline; no different to normal.

> And if (s)he can pay with
> the card, how can you reverse the transaction?

Ring the bank. They will refund you. They may need to investigate if it's a
large amount or if happens frequently.

Chris <ithinkiam@gmail.com> wrote:
> Frank Slootweg <this@ddress.is.invalid> wrote:
> > Chris <ithinkiam@gmail.com> wrote:
> >> Frank Slootweg <this@ddress.is.invalid> wrote:
> >>> Chris <ithinkiam@gmail.com> wrote:
> >>>> Frank Slootweg <this@ddress.is.invalid> wrote:
> >>>>> Chris <ithinkiam@gmail.com> wrote:
> >>>>>> Frank Slootweg <this@ddress.is.invalid> wrote:
> >>>>>>> Chris <ithinkiam@gmail.com> wrote:
> >>>>>>>> R.Wieser <address@is.invalid> wrote:
> >>>>>>>>> Chris,
> >>>>>
> >>>>> [...]
> > [...]
[...]
> >>>> Credit cards are less risky because no money leaves your bank
> >>>> account. If a there's a fraudulent transaction it's easy to
> >>>> cancel.
> >>>
> >>> Yes, but you have to 'prove' that the transaction is fraudulent.
> >>
> >> Not really. You ring them up challenge the transaction and they remove it.
> >> It's only happened once to me, but it was that easy.
> >>
> >>> With
> >>> our debit card there can't be a transaction without the PIN.
> >>
> >> Don't your credit cards have PINs?
> >
> > Yes, they do, but the point is that a bad actor - someone who has
> > stolen/found the card - can use the credit card for many purposes,
> > including online transactions, *without* having/knowing the PIN code. In
> > many situations, the PIN code is not needed.
>
> Not sure what you mean by many purposes? All online transactions also
> require the cardholder's address and for larger/random transactions 2FA.

Hmm!? Not sure about the requirement for the cardholder's address, but
I don't have data to dispute your argument.

As for 2FA for larger transactions: I could book our multi-thousand
Euro plane tickets with Singapore Airlines with just the information on
the credit card (card number, full/correct name, expiry month/year and CVC). No
PIN code or any other form of 2SV/2FA. But indeed, they have my
residential address on file.

Summary for this point: I'll need to pay attention to the requirement
for a residential address. Not that that is particularly hard to get,
but it *is* extra protection.

> > With our debit card, the PIN code is always required (except for the
> > mentioned contactless payments upto a total of 50 Euro).
> >
> > So a stolen/found credit card can be abused. Our debit card can not be
> > abused if stolen/found.
>
> Several 50? transactions can be annoying, although I get your point that a
> NL debit card only be used in-person which limits the scope for fraud.

[...]

> >>> I wonder
> >>> if it'll carry a CVC on the card, because that would make our current
> >>> security/safety go down the drain.
> >>
> >> Why? CVV adds security.
> >
> > No, as I described, a credit card can be abused if lost/found. If
> > there's a CVC printed *on* the card, which is the case for our credit
> > cards, it's *less* safe, because then it can also be abused in cases
> > where the CVC code is required.
> >
> > For a debit cards it would be even worse, because - as you say - for a
> > credit card a fraudulent transaction can relatively easily be reversed,
> > but not for 'your type' of debit card.
> >
> > Let me turn the situation around: Does your type of debit cards have a
> > CVC printed *on* the card?
>
> Yes.
>
> > If so, what's preventing someone who
> > stole/found the card to pay with that card?
>
> Online; same controls as for a credit card transaction.
>
> Offline; no different to normal.
>
> > And if (s)he can pay with
> > the card, how can you reverse the transaction?
>
> Ring the bank. They will refund you. They may need to investigate if it's a
> large amount or if happens frequently.

Thanks.

I think we've covered everything including all loose ends.

Thanks for the pleasant and informative exchange.

Frank Slootweg wrote:

> for larger transactions: I could book our multi-thousand
> Euro plane tickets with Singapore Airlines with just the information on
> the credit card (card number, full/correct name, expiry month/year and CVC). No
> PIN code or any other form of 2SV/2FA.

Don't you get a "VerifiedByVisa" interstitial page between checkout page
and confirmation screen?

On 2023-11-21 14:11, Andy Burns wrote:
> Frank Slootweg wrote:
>
>> for larger transactions: I could book our multi-thousand
>> Euro plane tickets with Singapore Airlines with just the information on
>> the credit card (card number, full/correct name, expiry month/year and
>> CVC). No
>> PIN code or any other form  of 2SV/2FA.
>
> Don't you get a "VerifiedByVisa" interstitial page between checkout page
> and confirmation screen?

I get that, usually from the bank, when paying with debit card. I have
to enter then some one time code sent to the phone "somehow". In some
case, a second purchase a the same commerce doesn't get this
intermediary page.

I don't know if it happens the same with credit cards the same.

There is a seal of "safety".

<https://portal.cajasur.es/cs/Satellite/cajasur/es/particulares-0/seguridad-1/comercio-seguro/generico>

Also "CES":

<https://www.openbank.es/open-news/comercio-electronico-seguro/>

which can be activated by the customer, telling the bank that you want a
second auth.

From what I read, you get a 4 digit one time code by SMS to confirm the
purchase, to which you add your own secret code, combining into an 8
digit code which you have to type to validate the online purchase.

«The secure e-commerce programme is part of the P2D2 or European Payment
Services Directive 2015/2366 and only applies to certain online
purchases. If you have a smartphone that supports fingerprint or facial
recognition, you can register it as a 'trusted device' from the Openbank
App, so you don't have to enter the CES password. The purpose of the CES
system is to ensure that you are the one making the purchase.»

<https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=celex%3A32015L2366>

--
Cheers,
Carlos E.R.

Frank Slootweg <this@ddress.is.invalid> wrote:
> Chris <ithinkiam@gmail.com> wrote:
>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>> Chris <ithinkiam@gmail.com> wrote:
>>>
>>> Yes, they do, but the point is that a bad actor - someone who has
>>> stolen/found the card - can use the credit card for many purposes,
>>> including online transactions, *without* having/knowing the PIN code. In
>>> many situations, the PIN code is not needed.
>>
>> Not sure what you mean by many purposes? All online transactions also
>> require the cardholder's address and for larger/random transactions 2FA.
>
> Hmm!? Not sure about the requirement for the cardholder's address, but
> I don't have data to dispute your argument.

Admittedly from memory, that's been my experience.

> As for 2FA for larger transactions: I could book our multi-thousand
> Euro plane tickets with Singapore Airlines with just the information on
> the credit card (card number, full/correct name, expiry month/year and CVC). No
> PIN code or any other form of 2SV/2FA. But indeed, they have my
> residential address on file.

Yes you'll already have an account with the airline or booking agent so is
a more trustworthy transaction in the first place.

>>
>>> And if (s)he can pay with
>>> the card, how can you reverse the transaction?
>>
>> Ring the bank. They will refund you. They may need to investigate if it's a
>> large amount or if happens frequently.
>
> Thanks.
>
> I think we've covered everything including all loose ends.
>
> Thanks for the pleasant and informative exchange.

Pleasure. Makes a nice change for around here.

On 2023-11-22 09:30, Chris wrote:
> Frank Slootweg <this@ddress.is.invalid> wrote:
>> Chris <ithinkiam@gmail.com> wrote:
>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>
>>>> Yes, they do, but the point is that a bad actor - someone who has
>>>> stolen/found the card - can use the credit card for many purposes,
>>>> including online transactions, *without* having/knowing the PIN code. In
>>>> many situations, the PIN code is not needed.
>>>
>>> Not sure what you mean by many purposes? All online transactions also
>>> require the cardholder's address and for larger/random transactions 2FA.
>>
>> Hmm!? Not sure about the requirement for the cardholder's address, but
>> I don't have data to dispute your argument.
>
> Admittedly from memory, that's been my experience.

I don't remember any merchant requiring my address when paying online.

Of course, some of them do, for deliveries. But others don't, like a
cinema. A request for the address could be contested under data
protection laws.

--
Cheers,
Carlos E.R.

Andy Burns <usenet@andyburns.uk> wrote:
> Frank Slootweg wrote:
>
> > for larger transactions: I could book our multi-thousand Euro plane
> > tickets with Singapore Airlines with just the information on the
> > credit card (card number, full/correct name, expiry month/year and
> > CVC). No PIN code or any other form of 2SV/2FA.
>
> Don't you get a "VerifiedByVisa" interstitial page between checkout page
> and confirmation screen?

No, I didn't get it for this quite large transaction.

I know what you mean, because I sometimes [1] got such a page (our
cards are Mastercard cards), but - for us - it's the exception instead
of the rule.

Strange! Another point to pay (more) attention to and perhaps takes
notes, so I know which kind of transactions/sites use an extra 'verified
by ...' step.

[1] If it happened, it was often cause for slight panic - "What the heck
is *that* PIN code again!?" - but after a few occurences, we managed to
(safely) remember it. :-)

In message <ks6666Fc3tjU1@mid.individual.net>, Carlos E. R.
<robin_listas@es.invalid> writes
>On 2023-11-22 09:30, Chris wrote:
>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>> Chris <ithinkiam@gmail.com> wrote:
>>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>>
>>>>> Yes, they do, but the point is that a bad actor - someone who has
>>>>> stolen/found the card - can use the credit card for many purposes,
>>>>> including online transactions, *without* having/knowing the PIN code. In
>>>>> many situations, the PIN code is not needed.
>>>>
>>>> Not sure what you mean by many purposes? All online transactions also
>>>> require the cardholder's address and for larger/random transactions 2FA.
>>>
>>> Hmm!? Not sure about the requirement for the cardholder's address, but
>>> I don't have data to dispute your argument.
>> Admittedly from memory, that's been my experience.
>
>I don't remember any merchant requiring my address when paying online.
>
>Of course, some of them do, for deliveries. But others don't, like a
>cinema. A request for the address could be contested under data
>protection laws.
>

It's normal - possibly universal - to ask for the billing address (ie
the address of the cardholder) here in the UK, which is a welcome
safeguard, as it prevents someone who has stolen your card from using it
online if they don't know your address. (I'm assuming that if you enter
the wrong address then the attempt to use the card will be rejected by
the verification process, though I can't say for sure as I've never done
that.) You also have to specify the delivery address if different from
the billing address.
--
John Hall
"Acting is merely the art of keeping a large group of people
from coughing."
Sir Ralph Richardson (1902-83)

Carlos E. R. <robin_listas@es.invalid> wrote:
> On 2023-11-22 09:30, Chris wrote:
>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>> Chris <ithinkiam@gmail.com> wrote:
>>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>>
>>>>> Yes, they do, but the point is that a bad actor - someone who has
>>>>> stolen/found the card - can use the credit card for many purposes,
>>>>> including online transactions, *without* having/knowing the PIN code. In
>>>>> many situations, the PIN code is not needed.
>>>>
>>>> Not sure what you mean by many purposes? All online transactions also
>>>> require the cardholder's address and for larger/random transactions 2FA.
>>>
>>> Hmm!? Not sure about the requirement for the cardholder's address, but
>>> I don't have data to dispute your argument.
>>
>> Admittedly from memory, that's been my experience.
>
> I don't remember any merchant requiring my address when paying online.
>
> Of course, some of them do, for deliveries. But others don't, like a
> cinema. A request for the address could be contested under data
> protection laws.

How? Asking for additional personal information is common for verification
purposes.

On 2023-11-22 17:37, John Hall wrote:
> In message <ks6666Fc3tjU1@mid.individual.net>, Carlos E. R.
> <robin_listas@es.invalid> writes
>> On 2023-11-22 09:30, Chris wrote:
>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>>>
>>>>>> Yes, they do, but the point is that a bad actor - someone who has
>>>>>> stolen/found the card - can use the credit card for many purposes,
>>>>>> including online transactions, *without* having/knowing the PIN
>>>>>> code. In
>>>>>> many situations, the PIN code is not needed.
>>>>>
>>>>> Not sure what you mean by many purposes? All online transactions also
>>>>> require the cardholder's address and for larger/random transactions
>>>>> 2FA.
>>>>
>>>>    Hmm!? Not sure about the requirement for the cardholder's
>>>> address, but
>>>> I don't have data to dispute your argument.
>>>  Admittedly from memory, that's been my experience.
>>
>> I don't remember any merchant requiring my address when paying online.
>>
>> Of course, some of them do, for deliveries. But others don't, like a
>> cinema. A request for the address could be contested under data
>> protection laws.
>>
>
> It's normal - possibly universal - to ask for the billing address (ie
> the address of the cardholder) here in the UK, which is a welcome
> safeguard, as it prevents someone who has stolen your card from using it
> online if they don't know your address. (I'm assuming that if you enter
> the wrong address then the attempt to use the card will be rejected by
> the verification process, though I can't say for sure as I've never done
> that.) You also have to specify the delivery address if different from
> the billing address.

I am asked for the billing address when registering with a merchant,
yes. But not when paying, which can be on a different day. I am asked
whether I want a different delivery address.

If they want confirmation that it is me, the proper way is to trigger
the bank to ask for a second confirmation code when doing the payment.
Some merchants can do this directly, sending some code by SMS to the
mobile phone (Amazon does this sometimes).

--
Cheers,
Carlos E.R.

On 2023-11-22 19:32, Chris wrote:
> Carlos E. R. <robin_listas@es.invalid> wrote:
>> On 2023-11-22 09:30, Chris wrote:
>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>>>
>>>>>> Yes, they do, but the point is that a bad actor - someone who has
>>>>>> stolen/found the card - can use the credit card for many purposes,
>>>>>> including online transactions, *without* having/knowing the PIN code. In
>>>>>> many situations, the PIN code is not needed.
>>>>>
>>>>> Not sure what you mean by many purposes? All online transactions also
>>>>> require the cardholder's address and for larger/random transactions 2FA.
>>>>
>>>> Hmm!? Not sure about the requirement for the cardholder's address, but
>>>> I don't have data to dispute your argument.
>>>
>>> Admittedly from memory, that's been my experience.
>>
>> I don't remember any merchant requiring my address when paying online.
>>
>> Of course, some of them do, for deliveries. But others don't, like a
>> cinema. A request for the address could be contested under data
>> protection laws.
>
> How? Asking for additional personal information is common for verification
> purposes.
>

If justified. And they have to prove that they keep that information secure.

Merchants are fined here for asking for too much information, that's a fact.

--
Cheers,
Carlos E.R.

On 11/22/2023 11:37 AM, John Hall wrote:
> In message <ks6666Fc3tjU1@mid.individual.net>, Carlos E. R. <robin_listas@es.invalid> writes
>> On 2023-11-22 09:30, Chris wrote:
>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>>>
>>>>>> Yes, they do, but the point is that a bad actor - someone who has
>>>>>> stolen/found the card - can use the credit card for many purposes,
>>>>>> including online transactions, *without* having/knowing the PIN code. In
>>>>>> many situations, the PIN code is not needed.
>>>>>
>>>>> Not sure what you mean by many purposes? All online transactions also
>>>>> require the cardholder's address and for larger/random transactions 2FA.
>>>>
>>>>    Hmm!? Not sure about the requirement for the cardholder's address, but
>>>> I don't have data to dispute your argument.
>>>  Admittedly from memory, that's been my experience.
>>
>> I don't remember any merchant requiring my address when paying online.
>>
>> Of course, some of them do, for deliveries. But others don't, like a cinema. A request for the address could be contested under data protection laws.
>>
>
> It's normal - possibly universal - to ask for the billing address (ie the address of the cardholder) here in the UK, which is a welcome safeguard, as it prevents someone who has stolen your card from using it online if they don't know your address. (I'm assuming that if you enter the wrong address then the attempt to use the card will be rejected by the verification process, though I can't say for sure as I've never done that.) You also have to specify the delivery address if different from the billing address.

We're asked for a billing address and a shipping address here.

And of course, if the two don't match exactly, "it ain't going".
They don't accept orders where the two addresses are different.

Everyone appreciates a little humor.

I ordered something this afternoon, and they pulled a little
2FA ceremony on me. A robot phoned the number I gave them, and
had me "enter a code" into the computer screen. Well, my phone number
is VOIP and completely useless for proving anything about my
physical location. But if it makes them feel better, why not.

Paul

In message <ujme24$1ireo$1@dont-email.me>, Paul <nospam@needed.invalid>
writes
<snip>
>We're asked for a billing address and a shipping address here.
>
>And of course, if the two don't match exactly, "it ain't going". They
>don't accept orders where the two addresses are different.

I live in the UK, but have a friend in the US to whom I like to send a
Christmas present. Fortunately, I can use my UK credit card with a US
merchant to buy something for her and have them deliver it to her. It
would be very annoying if I couldn't do that.
--
John Hall
"Acting is merely the art of keeping a large group of people
from coughing."
Sir Ralph Richardson (1902-83)

Paul wrote:

> John Hall wrote:
>
>> It's normal - possibly universal - to ask for the billing address (ie the address of the cardholder) here in the UK, which is a welcome safeguard, as it prevents someone who has stolen your card from using it online if they don't know your address. (I'm assuming that if you enter the wrong address then the attempt to use the card will be rejected by the verification process, though I can't say for sure as I've never done that.) You also have to specify the delivery address if different from the billing address.
>
> We're asked for a billing address and a shipping address here.
> And of course, if the two don't match exactly, "it ain't going".
> They don't accept orders where the two addresses are different.

Here (UK) the billing addr must match what the cr/dr card says, but
delivery addr can be elsewhere.

some vendors might be more strict than e.g. amazon, but I've had "high
value" orders via amazon which said you need to provide this code or the
driver won't leave the item, I'd memorised the code, got the delivery
and had to say to the driver "don't you need this code?" as he
disappeared back to his truck ...

John Hall <john_nospam@jhall.co.uk> wrote:
> In message <ks6666Fc3tjU1@mid.individual.net>, Carlos E. R.
> <robin_listas@es.invalid> writes
> >On 2023-11-22 09:30, Chris wrote:
> >> Frank Slootweg <this@ddress.is.invalid> wrote:
> >>> Chris <ithinkiam@gmail.com> wrote:
> >>>> Frank Slootweg <this@ddress.is.invalid> wrote:
> >>>>> Chris <ithinkiam@gmail.com> wrote:
> >>>>>
> >>>>> Yes, they do, but the point is that a bad actor - someone who has
> >>>>> stolen/found the card - can use the credit card for many purposes,
> >>>>> including online transactions, *without* having/knowing the PIN code. In
> >>>>> many situations, the PIN code is not needed.
> >>>>
> >>>> Not sure what you mean by many purposes? All online transactions also
> >>>> require the cardholder's address and for larger/random transactions 2FA.
> >>>
> >>> Hmm!? Not sure about the requirement for the cardholder's address, but
> >>> I don't have data to dispute your argument.
> >> Admittedly from memory, that's been my experience.
> >
> >I don't remember any merchant requiring my address when paying online.
> >
> >Of course, some of them do, for deliveries. But others don't, like a
> >cinema. A request for the address could be contested under data
> >protection laws.
> >
>
> It's normal - possibly universal - to ask for the billing address (ie
> the address of the cardholder) here in the UK, which is a welcome
> safeguard, as it prevents someone who has stolen your card from using it
> online if they don't know your address. (I'm assuming that if you enter
> the wrong address then the attempt to use the card will be rejected by
> the verification process, though I can't say for sure as I've never done
> that.) You also have to specify the delivery address if different from
> the billing address.

After Chris had mentioned this address aspect, I thought about it some
more and I think here (in The Netherlands) and elsewhere, the address is
not used/required much, if at all.

For example, both the city/town I live in and the street can and are
spelled in several different ways (at least four for the city/town) and
it's unlikely that the credit card company has a record of all these
different ways. (Yes, I might spell my address in different ways,
depending on the situation/audience.)

Also, as Carlos also mentioned, we've used our credit cards for online
reservations - in our case mostly accomodation - where we did not have
to specify a residential address and the webite couldn't possibly know
our address.

So I think it's maybe that some sites might ask for the address and
try to verify it, but probably won't fail if the address can't be
fully verified, but at least contains some elements which do match.

So, do we have a resident Mastercard/Visa employee who can set us
straight!? :-)

In message <ks8liaF2fo9U1@mid.individual.net>, Andy Burns
<usenet@andyburns.uk> writes
>some vendors might be more strict than e.g. amazon, but I've had "high
>value" orders via amazon which said you need to provide this code or
>the driver won't leave the item, I'd memorised the code, got the
>delivery and had to say to the driver "don't you need this code?" as he
>disappeared back to his truck ...

In my experience, those delivery firms that allow the customer to
specify on their website instructions regarding their delivery are
wasting their time, as the delivery drivers never seem to take the
slightest notice. They usually just dump the item on the front doorstep,
knock on the door and then rapidly depart. Given the number of
deliveries they are supposed to make during the day, I suspect that if
they did anything else they wouldn't finish their round till about 10
PM.
--
John Hall
"Acting is merely the art of keeping a large group of people
from coughing."
Sir Ralph Richardson (1902-83)

John Hall wrote:

> Andy Burns writes
>
>> I've had "high value" orders via amazon which said you need to
>> provide this code or the driver won't leave the item, I'd memorised
>> the code, got the delivery and had to say to the driver "don't you
>> need this code?" as he disappeared back to his truck ...
>
> In my experience, those delivery firms

This was Amazon's own van fleet, the "delivery code" was included in
the tracking email from amazon.

> that allow the customer to specify on their website instructions
> regarding their delivery are wasting their time, as the delivery
> drivers never seem to take the slightest notice. They usually just
> dump the item on the front doorstep, knock on the door and then
> rapidly depart. Given the number of deliveries they are supposed to
> make during the day, I suspect that if they did anything else they
> wouldn't finish their round till about 10 PM.

Carlos E. R. <robin_listas@es.invalid> wrote:
> On 2023-11-22 19:32, Chris wrote:
>> Carlos E. R. <robin_listas@es.invalid> wrote:
>>> On 2023-11-22 09:30, Chris wrote:
>>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>>>>
>>>>>>> Yes, they do, but the point is that a bad actor - someone who has
>>>>>>> stolen/found the card - can use the credit card for many purposes,
>>>>>>> including online transactions, *without* having/knowing the PIN code. In
>>>>>>> many situations, the PIN code is not needed.
>>>>>>
>>>>>> Not sure what you mean by many purposes? All online transactions also
>>>>>> require the cardholder's address and for larger/random transactions 2FA.
>>>>>
>>>>> Hmm!? Not sure about the requirement for the cardholder's address, but
>>>>> I don't have data to dispute your argument.
>>>>
>>>> Admittedly from memory, that's been my experience.
>>>
>>> I don't remember any merchant requiring my address when paying online.
>>>
>>> Of course, some of them do, for deliveries. But others don't, like a
>>> cinema. A request for the address could be contested under data
>>> protection laws.
>>
>> How? Asking for additional personal information is common for verification
>> purposes.
>>
>
> If justified.

Verifying your identity is justifying.

> And they have to prove that they keep that information secure.

Well yeah. That's basic GDPR.

> Merchants are fined here for asking for too much information, that's a fact.

How much is too much, for example?

On 2023-11-23 03:40, Paul wrote:
> On 11/22/2023 11:37 AM, John Hall wrote:
>> In message <ks6666Fc3tjU1@mid.individual.net>, Carlos E. R. <robin_listas@es.invalid> writes
>>> On 2023-11-22 09:30, Chris wrote:
>>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>>>>
>>>>>>> Yes, they do, but the point is that a bad actor - someone who has
>>>>>>> stolen/found the card - can use the credit card for many purposes,
>>>>>>> including online transactions, *without* having/knowing the PIN code. In
>>>>>>> many situations, the PIN code is not needed.
>>>>>>
>>>>>> Not sure what you mean by many purposes? All online transactions also
>>>>>> require the cardholder's address and for larger/random transactions 2FA.
>>>>>
>>>>>    Hmm!? Not sure about the requirement for the cardholder's address, but
>>>>> I don't have data to dispute your argument.
>>>>  Admittedly from memory, that's been my experience.
>>>
>>> I don't remember any merchant requiring my address when paying online.
>>>
>>> Of course, some of them do, for deliveries. But others don't, like a cinema. A request for the address could be contested under data protection laws.
>>>
>>
>> It's normal - possibly universal - to ask for the billing address (ie the address of the cardholder) here in the UK, which is a welcome safeguard, as it prevents someone who has stolen your card from using it online if they don't know your address. (I'm assuming that if you enter the wrong address then the attempt to use the card will be rejected by the verification process, though I can't say for sure as I've never done that.) You also have to specify the delivery address if different from the billing address.
>
> We're asked for a billing address and a shipping address here.
>
> And of course, if the two don't match exactly, "it ain't going".
> They don't accept orders where the two addresses are different.

Right now, they don't match for me, yet Amazon delivers, no problem. I
had Amazon do deliveries for me on three different cities, not a problem.

I didn't try to use it during my stay in Canada, I should have, for
kicks. :-)

>
> Everyone appreciates a little humor.
>
> I ordered something this afternoon, and they pulled a little
> 2FA ceremony on me. A robot phoned the number I gave them, and
> had me "enter a code" into the computer screen. Well, my phone number
> is VOIP and completely useless for proving anything about my
> physical location. But if it makes them feel better, why not.

{chuckle}

--
Cheers,
Carlos E.R.

On 2023-11-23 19:45, Chris wrote:
> Carlos E. R. <robin_listas@es.invalid> wrote:
>> On 2023-11-22 19:32, Chris wrote:
>>> Carlos E. R. <robin_listas@es.invalid> wrote:
>>>> On 2023-11-22 09:30, Chris wrote:
>>>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>>>> Frank Slootweg <this@ddress.is.invalid> wrote:
>>>>>>>> Chris <ithinkiam@gmail.com> wrote:
>>>>>>>>
>>>>>>>> Yes, they do, but the point is that a bad actor - someone who has
>>>>>>>> stolen/found the card - can use the credit card for many purposes,
>>>>>>>> including online transactions, *without* having/knowing the PIN code. In
>>>>>>>> many situations, the PIN code is not needed.
>>>>>>>
>>>>>>> Not sure what you mean by many purposes? All online transactions also
>>>>>>> require the cardholder's address and for larger/random transactions 2FA.
>>>>>>
>>>>>> Hmm!? Not sure about the requirement for the cardholder's address, but
>>>>>> I don't have data to dispute your argument.
>>>>>
>>>>> Admittedly from memory, that's been my experience.
>>>>
>>>> I don't remember any merchant requiring my address when paying online.
>>>>
>>>> Of course, some of them do, for deliveries. But others don't, like a
>>>> cinema. A request for the address could be contested under data
>>>> protection laws.
>>>
>>> How? Asking for additional personal information is common for verification
>>> purposes.
>>>
>>
>> If justified.
>
> Verifying your identity is justifying.
>
>> And they have to prove that they keep that information secure.
>
> Well yeah. That's basic GDPR.
>
>> Merchants are fined here for asking for too much information, that's a fact.
>
> How much is too much, for example?

Making a photo of the ID card.

--
Cheers,
Carlos E.R.