I crashed the car park machine with a card that most definitely had not had incorrect PIN attempts.
Verifone push firmware updates to their terminals fairly regularly. How merchants are notified after the fix remains to be seen 
That’s correct, the issue occurs when the terminal tries to revert to pin/swipe after a failed contactless transaction.
There are still issues with crashing ticket machines etc. I think this is due to our BIN not being accepted by these machines, causing our cards to be declined, which then causes the crash. That’s just my theory though!
Can you let me know the operator and location of the machine, please?
1 Like
I’m sorry, maybe I’m a bit dense in what that means. Can I clarify:
- The PIN try counter is at zero
- The card is then tapped (EMV contactless)
- Monzo responds to the authorisation request as they deem appropriate (it sounds like declines the transaction due to the PIN try counter state)
- The terminal reacts to this poorly and this causes a crash
Is that correct? The other possiblity I saw was:
- The PIN try counter is at zero
- The card is then inserted (contact EMV)
- Both offline PIN modes fail due to the PIN try counter
- Signature is selected as the transaction CVM
- An authorisation for signature is sent to Monzo (who again, reacts as they deem appropriate which is likely a decline)
- The terminal reacts poorly and crashes somewhere between step 3 and step 5, inclusive, of this process.
Thanks for the clarification on which mode (contact or contactless) it is that crashes it. Other nerdy details are also interesting! I love how open Monzo is!
P.S. to clarify, MasterCard forbids CVM fallback for domestic transactions so it should always decline. It’s Visa that allows it (I know at least one major bank will approve signature transactions domestically if the PIN try counter is tripped)
I can’t believe Verifone is lazy enough to not test this scenario. This can be caught by even the most basic unit tests… but I guess nobody there even knows what “unit tests” means…
It’s really sad to see that the fun side-projects people do on Github are of better quality than what’s supposed to be state of the art equipment costing a lot of money and being “EMV-certified”… this also shows how meaningless this “certification” is.
I wouldn’t be surprised if the reason behind this is because only shitty companies with low-quality software but lots of money to burn make those terminals - they’re the only one capable to pony up enough money for the EMV certification… which smaller companies can’t afford even though they would’ve made way better software.
5 Likes
I once (back when I lived in the US) had an American Express card that could reliably crash Verifone terminals at Walmart (most Walmarts use Ingenico, but a few had Verifone - I think they’re all gone now) the moment it was inserted 
It was a programming issue, as a clone of the card made for me (common in the US, replacement cards for damage - not loss - are usually identical clones) had the same issue, they had to change the card PAN to fix it. I had an hour long phone call with a very senior manager at Amex testing various scenarios and also sent my cards back to Amex’s headquarters for them to test and report to Verifone the issue.
Swindon British Rail car park - APCOA
*GitHub
(I’m a GitHub Campus Expert so it’s obligatory 
)
2 Likes
I don’t need the caps when I type in the address bar of my browser 
1 Like
Just plant your flag squarely in that Github Camp yo!
GiThUb
There, ruined it for you! 
3 Likes
When were disputing with a Merchant about them not accepting Monzo, is there something we can quote on the BACS/MasterCard websites about what they should be doing.
I’ve read about we should report them to BACS and MasterCard which is fair enough but I can’t see anywhere where the supposed rules about updating every month, etc are.
Currently trying to get Tesco Bank to accept the Monzo Current Account card but it’s like talking to a brick wall! But if I could cite something that says to should/must accept it, that’s more of the basis of a formal complaint other than just that I want them to accept it!
Cheers!
Just get in touch with BACS directly - from what I saw they’ve been pretty good at getting companies to follow their rules.
2 Likes
Thanks, but this particular issue was paying by the MasterCard Debit card
Tesco home insurance (part of tesco bank) just accepted my CA debit card over the phone just fine.
1 Like
rule 7 for BACS from their website - which all users sign up to
https://www.bacs.co.uk/SUGR/Pages/TheEssentialsOfUsingBacs.aspx
4 Likes
That’s strange, looks like the Credit Cards are using different processing. They said it wasn’t accepted to me earlier.
Thanks @anon95680666!
2 Likes
Tesco Bank credit cards are provided by HSBC I believe. I’ve had issues with them when I held both a current account and credit card through Tesco that the two teams were completely segregated.
Not yet, but a possible solution is to keep the card in its own wallet (like an Oyster card holder) and just tap it on the reader before they have a chance to refuse.
1 Like