Most People don't Think about Security

[Graham Toal]

: Have a look at Ross Anderson's paper ``Why Cryptosystems Fail'' from
: the Fairfax conference.  He points out that one reason U.S. banks use
: better security for their ATM cards than do U.K. banks is a difference
: in the law:  in the U.S., the banks are (generally) liable for disputed
: charges.  Again -- if you pay for failures, you worry about the security.

I dunno where you got that idea.  We don't have better security at all,
we have banks that are better at covering up ATM abuse with the help of
our enlightened Government and the courts.  They've never once admitted
that ATM fraud can occur without the card owner voluntarily disclosing
his pin.  The last guy to try to take them to court on it got arrested
himself and found guilty of trying to defraud the bank for the return
of his lost money!

Theoretically UK banks may be liable - I've never heard that - but I
know that in practice for certain they do *not* pay out in cases of
ATM fraud.  They have a consistent policy of blaming it on the
customer.  And they get away with it.

G
PS What UK *does* do that the US is abysmal at is checking the 
signatures on VISA cards et al.  I'm staggered by how lax US shopkeepers
are about looking at the signature.  No wonder fraud is rampant.
Over here they not only *always* without exception check the
signature, they often query it online and occassionally *sniff*
the cards to see if an old signature has been removed with lighter
fluid...