nick at ccl4.org
Fri Oct 2 11:26:33 BST 2009
On Fri, Oct 02, 2009 at 10:49:04AM +0100, Tom Hukins wrote:
> On Fri, Oct 02, 2009 at 10:26:06AM +0100, Nicholas Clark wrote:
> > However, one can't take payments from Maestro unless one has 3D insecure.
> > (And it seems that even easyJet are no longer large enough to wiggle out
> > of that one)
> Nor are Google:
Then again, Maestro screwed up and is screwed.
Switch was "if you see a Switch logo, you can use your Switch card"
Maestro is, well, printed A4 sheets in shop windows with
"Austrian Maestro Only"
It's one logo applied to 15 or so different debit card schemes, without
guaranteeing any sort of interoperability. Which destroys any sort of brand
value it might have had. There's a technical term for this, but apparently
I'm not supposed to use it in front of small children*.
Maestro is being replaced by Mastercard Debit, which is not tainted with this
In the UK, at least HSBC and RBS are replacing Maestro. With *Visa* Debit.
Oh yes, and Switch was screwed because not all Switch cards pass the Luhn
check. Card length limit is 19 digits, and HSBC used to issue Switch cards
that were $BIN . $sort_code . $account_number, which used up all 19 digits,
so they had no ability to make the card meet the spec about the checksum.
Various *merchant acquirers* seem not to know this, as they reject them
rather than trying to auth.
Then again, a certain large UK bank not owned by the government will happily
auth *anything*, then refuse to settle it, and then complain that one is
sending it bogus data. *You* bloody *authed* it. "Oh well, if we can't get
through to the issuing bank in time, we just auth it anyway"
And nearly all of them have test auth systems that differ from their live
systems. Some of which you can DOS by accident, some with data files that
meet the specs.
* even if she throws up on me.
More information about the london.pm