John Levine wrote:

But to return to the original point of this exercise, to get free
train travel, buy a $20 Visa gift card for cash at the supermarket,
and use it on the train. (Do they even have gift cards in the UK? If
so, make it a 20 quid gift card.)

Until you've bought $20 worth of tickets, it works normally, and the
ticket price is deducted from your balance when the transaction
clears. After that, the bank rejects the transaction, but if the
guard's ticket machine doesn't validate in real time, by the time that
happens you're long gone, and since the card is a bearer instrument,
they have no way to know who to go after. Repeat indefinitely until
the expiration date on the card.

Knowing the BIN ranges of debit cards and gift cards doesn't help
here, since many of them are entirely valid and the train company
will get paid.

Stephen raised the spectre of gift cards to dispute the point I made
that card types were known by number ranges, so you just need the list
of known closed accounts when using a hand-held point of sale device
carried by the conductor, given that authorization won't be convenient
or possible when using these devices. Even you agree that yes, these
are issued in known number ranges. If the transaction with a gift card
cannot be authorized in certain circumstances, then don't accept it
in those circumstances. Similarly, they're not going to accept cards
issued by merchants to give credit to their own customers for purchases
at their own store, like gasoline credit cards. The accounts are issued
in different ranges.

This Web page discusses payment methods that also apply to paying
on train: http://www.nationalrail.co.uk/times_...t_methods.html

Credit/Debit/Charge Cards

All National Rail train companies accept the major cards
such as Visa, Visa Delta, MasterCard, Maestro and Amex.
Some train companies also accept Diners Club International,
Solo and Electron.

Nothing on this page says that gift cards are accepted. Gosh. They
must know the card number ranges!

So many followups later, Stephen's point was a non-issue, but I won't
likely live long enough till he withdraws it.

Credit/Debit/Charge Cards

All National Rail train companies accept the major cards
such as Visa, Visa Delta, MasterCard, Maestro and Amex.
Some train companies also accept Diners Club International,
Solo and Electron.

Nothing on this page says that gift cards are accepted. Gosh. They
must know the card number ranges!

The gift cards at my supermarket are AmEx and Visa branded. More
likely there aren't enough prepaid cards in the UK for National
Rail to have noticed.

Maybe I'll send one to Roland and he can see if he can buy a train
ticket with it.

R's,
John

--
Regards,
John Levine, , Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly

In message , at 16:07:17 on Fri, 2 Mar
2012, John Levine remarked:
The gift cards at my supermarket are AmEx and Visa branded. More
likely there aren't enough prepaid cards in the UK for National
Rail to have noticed.

Maybe I'll send one to Roland and he can see if he can buy a train
ticket with it.

Note to casual observers: John and I have met in our day jobs, so this
may not be an idle threat.
--
Roland Perry

On 02-Mar-12 09:19, Adam H. Kerman wrote:
John Levine wrote:
But to return to the original point of this exercise, to get free
train travel, buy a $20 Visa gift card for cash at the supermarket,
and use it on the train. (Do they even have gift cards in the UK? If
so, make it a 20 quid gift card.)

Until you've bought $20 worth of tickets, it works normally, and the
ticket price is deducted from your balance when the transaction
clears. After that, the bank rejects the transaction, but if the
guard's ticket machine doesn't validate in real time, by the time that
happens you're long gone, and since the card is a bearer instrument,
they have no way to know who to go after. Repeat indefinitely until
the expiration date on the card.

Knowing the BIN ranges of debit cards and gift cards doesn't help
here, since many of them are entirely valid and the train company
will get paid.

Stephen raised the spectre of gift cards to dispute the point I made
that card types were known by number ranges,

I only raised the "spectre" of cards with insufficient funds to accept a
transaction but which were not "closed" or "invalid". Gift cards are
merely a trivial example of that, and banning gift cards (or debit
cards) from trains does not solve the problem, if it were even possible.

so you just need the list
of known closed accounts when using a hand-held point of sale device
carried by the conductor, given that authorization won't be convenient
or possible when using these devices.

There are hundreds, if not thousands, of millions of closed accounts,
and more every second. It is not feasible to store that list in credit
card terminals, and it would be out of date before it even finished
downloading! Given the rate card numbers are invalidated, it's possible
that you could _never_ finish downloading, like the old story about the
Chinese walking single-file into the sea.

Even you agree that yes, these are issued in known number ranges. If
the transaction with a gift card cannot be authorized in certain
circumstances, then don't accept it in those circumstances.

Why restrict that to gift cards, though, rather than _all_ cards?

Similarly, they're not going to accept cards issued by merchants to
give credit to their own customers for purchases at their own store,
like gasoline credit cards. The accounts are issued in different
ranges.

They should be in the 6 range, and the merchant limitation is enforced
by the issuing bank, not the merchants. The merchant just swipes the
card you present and waits a few seconds to see if it worked.


This Web page discusses payment methods that also apply to paying
on train: http://www.nationalrail.co.uk/times_...t_methods.html

Credit/Debit/Charge Cards

All National Rail train companies accept the major cards
such as Visa, Visa Delta, MasterCard, Maestro and Amex.
Some train companies also accept Diners Club International,
Solo and Electron.

Nothing on this page says that gift cards are accepted. Gosh. They
must know the card number ranges!

Why would they care if it's a gift card? A card is a card; as long as
the transaction is authorized, that's all that matters.

So many followups later, Stephen's point was a non-issue, but I won't
likely live long enough till he withdraws it.

I have no need to withdraw something that I never said; as usual, _you_
are arguing with a strawman.

S

--
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking

In message , at 15:27:42 on Fri, 2 Mar 2012,
Stephen Sprunk remarked:
This Web page discusses payment methods that also apply to paying
on train: http://www.nationalrail.co.uk/times_...t_methods.html

Credit/Debit/Charge Cards

All National Rail train companies accept the major cards
such as Visa, Visa Delta, MasterCard, Maestro and Amex.
Some train companies also accept Diners Club International,
Solo and Electron.

Nothing on this page says that gift cards are accepted. Gosh. They
must know the card number ranges!

Why would they care if it's a gift card? A card is a card; as long as
the transaction is authorized, that's all that matters.

That's the big "if". There are many ticket vending machines, and
portable machines, which are simply not "online", so they can't
authorise at all.
--
Roland Perry

Roland Perry wrote:
at 15:27:42 on Fri, 2 Mar 2012, Stephen Sprunk remarked:

This Web page discusses payment methods that also apply to paying
on train: http://www.nationalrail.co.uk/times_...t_methods.html

Credit/Debit/Charge Cards

All National Rail train companies accept the major cards
such as Visa, Visa Delta, MasterCard, Maestro and Amex.
Some train companies also accept Diners Club International,
Solo and Electron.

Nothing on this page says that gift cards are accepted. Gosh. They
must know the card number ranges!

Why would they care if it's a gift card? A card is a card; as long as
the transaction is authorized, that's all that matters.

That's the big "if". There are many ticket vending machines, and
portable machines, which are simply not "online", so they can't
authorise at all.

That was Stephen's point to begin with, when he raised the spectre of
use of gift cards that cannot be authorized in such circumstances, that
cannot be debited to pay the fare.

Suddenly, he's changing his position.

On 03-Mar-12 02:46, Roland Perry wrote:
In message , at 15:27:42 on Fri, 2 Mar 2012,
Stephen Sprunk remarked:
This Web page discusses payment methods that also apply to paying
on train: http://www.nationalrail.co.uk/times_...t_methods.html

Credit/Debit/Charge Cards

All National Rail train companies accept the major cards
such as Visa, Visa Delta, MasterCard, Maestro and Amex.
Some train companies also accept Diners Club International,
Solo and Electron.

Nothing on this page says that gift cards are accepted. Gosh. They
must know the card number ranges!

Why would they care if it's a gift card? A card is a card; as long as
the transaction is authorized, that's all that matters.

That's the big "if". There are many ticket vending machines, and
portable machines, which are simply not "online", so they can't
authorise at all.

Then the merchant is taking a risk on each transaction, regardless of
the card type.

Given the cheap and ubiquitous mobile data networks, there is no excuse
for not being able to do online authorization. (If the rail network has
spotty signal coverage, this will help motivate them to fix that, which
also results in better service for customers and therefore the ability
to increase fares.)

S

--
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking

In message , at 14:49:32 on Sat, 3 Mar 2012,
Stephen Sprunk remarked:
Why would they care if it's a gift card? A card is a card; as long as
the transaction is authorized, that's all that matters.

That's the big "if". There are many ticket vending machines, and
portable machines, which are simply not "online", so they can't
authorise at all.

Then the merchant is taking a risk on each transaction, regardless of
the card type.

There's always a small risk, and sometimes the ticket vendor will make a
[mobile] phone call if a particular cardholder raises suspicions. But as
we don't have these faux-credit-card gift cards here, and people with
credit cards and bank accounts that allow overdrafts usually do pay
these off, the only class where there's a serious worry is the
no-overdraft debit card holders.

Given the cheap and ubiquitous mobile data networks, there is no excuse
for not being able to do online authorization.

They aren't cheap and ubiquitous enough. In particular, the equipment
would need replacing (not just simple upgrading). I don't believe data
networks are ubiquitous in the USA either, if the very spotty mobile
phone coverage more than a few miles from major cities and highways is
anything to go by.
--
Roland Perry

On 04-Mar-12 02:56, Roland Perry wrote:
In message , at 14:49:32 on Sat, 3 Mar 2012,
Stephen Sprunk remarked:
Why would they care if it's a gift card? A card is a card; as long as
the transaction is authorized, that's all that matters.

That's the big "if". There are many ticket vending machines, and
portable machines, which are simply not "online", so they can't
authorise at all.

Then the merchant is taking a risk on each transaction, regardless of
the card type.

There's always a small risk, and sometimes the ticket vendor will make a
[mobile] phone call if a particular cardholder raises suspicions.

If mobile service is available, why not just authorize every card and
avoid the risk of being sued for discrimination--which will cost far,
far more (even if you win) than losing the occasional fare?

Oh right, you have a functional legal system, unlike the US...

But as we don't have these faux-credit-card gift cards here,

Gift cards are simply the most obvious example of the problem; it goes
much deeper than that.

and people with credit cards and bank accounts that allow overdrafts
usually do pay these off, the only class where there's a serious worry
is the no-overdraft debit card holders.

Some of our debit cards allow overdraft, while others don't; that is an
option by the account holder. There is no way to know by looking at the
card number whether it does.

Also, many Americans have maxed out their credit cards as well, so
there's no guarantee _those_ charges will go through either.

Unless you authorize the card, you simply don't know. That is, after
all, the entire purpose of authorization.

Given the cheap and ubiquitous mobile data networks, there is no excuse
for not being able to do online authorization.

They aren't cheap and ubiquitous enough. In particular, the equipment
would need replacing (not just simple upgrading).

It gets replaced every few years anyway, and the cost of adding mobile
data to them should be trivial.

I don't believe data
networks are ubiquitous in the USA either, if the very spotty mobile
phone coverage more than a few miles from major cities and highways is
anything to go by.

The main problem in the US is multiple incompatible networks, and it
should be better overseas where everyone uses GSM. Still, US mobile
coverage is pretty good; even a decade ago 96% of the US population was
covered, and nearly all Interstate highways are. Rural areas and lesser
highways are being covered rapidly, as would rail lines if a non-trivial
amount of passenger traffic existed.

S

--
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking

In message , at 16:49:52 on Sun, 4 Mar 2012,
Stephen Sprunk remarked:
There's always a small risk, and sometimes the ticket vendor will make a
[mobile] phone call if a particular cardholder raises suspicions.

If mobile service is available, why not just authorize every card and
avoid the risk of being sued for discrimination--which will cost far,
far more (even if you win) than losing the occasional fare?

Because authorising transactions with a voice call is time consuming,
and may not even be possible as a routine thing.

and people with credit cards and bank accounts that allow overdrafts
usually do pay these off, the only class where there's a serious worry
is the no-overdraft debit card holders.

Some of our debit cards allow overdraft, while others don't; that is an
option by the account holder.

In the UK an overdraft is a property of the account, not the card. In
the US, can you have a bank account that allows an overdraft if you
write a check, but a card that won't allow that same account to go
overdrawn (I could see some uses for such an arrangement).

There is no way to know by looking at the card number whether it does.

That's what we *could* do in the UK, by recognising a card as "Solo" or
"Electron". Now that they are branded as "VISA debit", it's probably not
possible to tell, although the cards are still incapable (in theory) of
pushing the bank account into overdraft. What we haven't established in
this conversation yet is how the banks achieve that Indian Rope Trick if
people buy something from (eg) a vending machine that isn't online.

Given the cheap and ubiquitous mobile data networks, there is no excuse
for not being able to do online authorization.

They aren't cheap and ubiquitous enough. In particular, the equipment
would need replacing (not just simple upgrading).

It gets replaced every few years anyway, and the cost of adding mobile
data to them should be trivial.

It doesn't seem to work like that. The current machines are relatively
new, dating from 2006. The previous generation of machine lasted almost
20 years in service (1986-2006).

I don't believe data
networks are ubiquitous in the USA either, if the very spotty mobile
phone coverage more than a few miles from major cities and highways is
anything to go by.

The main problem in the US is multiple incompatible networks, and it
should be better overseas where everyone uses GSM. Still, US mobile
coverage is pretty good; even a decade ago 96% of the US population was
covered, and nearly all Interstate highways are. Rural areas and lesser
highways are being covered rapidly, as would rail lines if a non-trivial
amount of passenger traffic existed.

That's not our experience in the UK, where people are famous for making
calls "on the train". Coverage is often very bad, despite percentage
rates appearing high because areas of high population are flooded, and
places where people don't live (highways and railways lines) get
neglected especially if the geography is against them (tunnels,
cuttings, valleys etc).
--
Roland Perry