Undercharged

njs030

BoatMad wrote: »

I regularly take EFT machines at restaurants and elsewhere and complete the transaction myself, in many cases handing the merchant his credit card copy

The card number is NOT shown in full in any machine I have ever seen, The transaction number is all merchant needs to extract all the information

Furthermore, you cannot process a credit card in modern systems with out the CCS number ( for a cardholder not present , i.e. you dont have the physical card) and to attempt to do is credit card fraud

You can actually. I won't explain how as it's the internet and telling people how to commit fraud seems a little stupid.

To your first point please read my above post on which a global security firm explains that yes it is true.

BoatMad

notjustsweet wrote: »

You can actually. I won't explain how as it's the internet and telling people how to commit fraud seems a little stupid.

To your first point please read my above post on which a global security firm explains that yes it is true.

sorry , I meant to say that you cannot legally perform a credit card CNP without a CCS number , I am aware that in certain cases it can be done, but its actually credit card fraud and the store has committed a crime of far greater magnitude then the 90 euros

The OP has serious grounds for concern and in my view should immediately contact his card company and say that a transaction was processed without his knowledge and consent and that in his opinion was done fraudulently

The CC company will block the payment to the retailer instantly

BoatMad

To your first point please read my above post on which a global security firm explains that yes it is true.

I see no evidence that modern PCI compliant systems provide the retailer with the complete card number. I have handed dozens of EFT merchants recipes to merchants and only the last 4 digits are revealed

Nor would there be ANY requirement for a merchant that have that data in the first place where a card was present. ( as it was in this transaction )

NOTE: This is different to CNP transactions ( and this is where I think people are getting confused )

njs030

BoatMad wrote: »

I see no evidence that modern PCI compliant systems provide the retailer with the complete card number. I have handed dozens of EFT merchants recipes to merchants and only the last 4 digits are revealed

Nor would there be ANY requirement for a merchant that have that data in the first place where a card was present. ( as it was in this transaction )

NOTE: This is different to CNP transactions ( and this is where I think people are getting confused )

In the very first paragraph it explains that the merchant receipt holds the card number.

Honestly why this has to keep being explained when multiple people have said its true I just don't know.

Books4you

Yes i work in a shop and just double checked our Visa receipts and it's only the last 4 digits displayed. Although the last crowd we were with were Elavon and we definitely had the full number displayed on that. We never set them up thinking about this issue, it's just the way the came in programmed tbh!

I really think though if we undercharged someone we would not do a second transaction, even if we could. It could easily happen that you could type in the wrong amount in the terminal although never has thank god. I would like to think that most people would come back and say i was undercharged but that's probably too naive of me, but i think they would. Rural area so that's probably why i think that.

Op seems to be hoping to pay 90c for the €90 headphones. Lovely customer.

runawaybishop

Conservative wrote: »

Re: pilly. On app and cannot quote?

I am looking at a merchant copy from a Spar store which my family run. It is for a chip and pin transaction and processed through Elavon. It contains the start and expiry date but only last 4 digits from the card number. It would be INSANE to have everything bar the cvv number for many thousands of customers that large retailers deal with.

The shop staff tell me that if they have an issue with a transaction they have a contact number to call, a merchant id and use the authorisation code that is printed on the merchant copy.

They must be retained by the retailer in case a dispute in a transaction arises.

I doubt large electrical retailers are giving their staff access to that kind of information either.

That sounds nuts in 2017!

As of a few years ago a lot of retailers in ireland (spar, mace, musgraves etc) used one companys tills and office software. The full CC details were stored on the office pc designated to batch off the auth, in plaintext.

BoatMad

runawaybishop wrote: »

As of a few years ago a lot of retailers in ireland (spar, mace, musgraves etc) used one companys tills and office software. The full CC details were stored on the office pc designated to batch off the auth, in plaintext.

then that was an (potentially ) illegal and non compliant system ( I'm very familiar with the original musgraves MUMPS system !)

the situation today with both data protection and PCI compliance is that without specific customer agreement , you cannot store credit card details nor can the retailer access such details

I should add that PCI compliance is not a legal issue . There are many systems that store credit card details in a unsecured manner and there is no rules to force a change at present

runawaybishop

BoatMad wrote: »

then that was an (potentially ) illegal and non compliant system

Yeah, it was very unsecure. Wouldn't be surprised if smaller retailers still have it in operation.

BoatMad

runawaybishop wrote: »

Yeah, it was very unsecure. Wouldn't be surprised if smaller retailers still have it in operation.

Its unfortunately not uncommon, and in recent years actually more prevalent in the back office systems of web sites that store your card details many of which are not PCI compliant and in some cases are truly appalling

however the card holder is totally protected in CNP transactions unlike in chip and pin ones

Collie D

What about in restaurants where you can add a tip to your card bill after it's processed? How does that work?

pilly

BoatMad wrote: »

I regularly take EFT machines at restaurants and elsewhere and complete the transaction myself, in many cases handing the merchant his credit card copy

The card number is NOT shown in full in any machine I have ever seen, The transaction number is all merchant needs to extract all the information

Furthermore, you cannot process a credit card in modern systems with out the CCS number ( for a cardholder not present , i.e. you dont have the physical card) and to attempt to do is credit card fraud ( and the retailer must be enabled for CNP transactions )

The OP can quite legitimately ask the card company to refund that transaction, the issue over the real cost of the item , is an issue that has nothing to do with the CC company

You're absolutely determined not to believe something that numerous posters are telling you is true. Why?

I would post copies of receipts with the full details on but of course that's against data protection rules.

You will just have to take mine and others word for it.

njs030

pilly wrote: »

You're absolutely determined not to believe something that numerous posters are telling you is true. Why?

I would post copies of receipts with the full details on but of course that's against data protection rules.

You will just have to take mine and others word for it.

When he won't accept the word of sysnet I gave up.

BoatMad

pilly wrote: »

You're absolutely determined not to believe something that numerous posters are telling you is true. Why?

I would post copies of receipts with the full details on but of course that's against data protection rules.

You will just have to take mine and others word for it.

I will not go into the finer points of PCI compliance

but the overriding principle is

"A: PCI DSS requirement 3.3 states “Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed)."

source :https://www.pcicomplianceguide.org/pci-faqs-2/


Any system that can direct connection to a banking terminal must be PCI compliant

Thats not to say that there are not legacy systems out there that are problematic , no bank supplied card machine , should print the full numbers in the case where the card is presented ( it further goes on where otherwise required to by law etc )

anyone that is doing so is also potentially in breach of the data protection act

Note this is different where credit cards are scanned into store system first . its a sad fact that far too many of these are not fully PCI compliant, because they get around it by transferring the data to a compliant EFT terminal

in any respect, reapplying a cardholder present transaction as a CNP transaction is fraud

I am not disputing there are not PCI compliant systems out there. certainly to my knowledge all the major banks have fully PCI compliant EFT machines

Noet PCI is not law

pilly

BoatMad wrote: »

I will not go into the finer points of PCI compliance

but the overriding principle is

"A: PCI DSS requirement 3.3 states “Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed)."

source :https://www.pcicomplianceguide.org/pci-faqs-2/


Any system that can direct connection to a banking terminal must be PCI compliant

Thats not to say that there are not legacy systems out there that are problematic , no bank supplied card machine , should print the full numbers in the case where the card is presented ( it further goes on where otherwise required to by law etc )

anyone that is doing so is also potentially in breach of the data protection act

Note this is different where credit cards are scanned into store system first . its a sad fact that far too many of these are not fully PCI compliant, because they get around it by transferring the data to a compliant EFT terminal

in any respect, reapplying a cardholder present transaction as a CNP transaction is fraud

Agreed. We've already said that. And also said what's happening on the ground. Didn't need the PCI lecture thanks.