Differentiation between Credit and Debit Cards is mainly a US thing (and to some extend UK).
Most European countries do not have this differentiation – and even in the US this differentiation gets blurred with daily booking credit cards which are basically like Debit.
@Malibuflyer: following the gov’ments attempt to get rid of cash and riding on the back of the pandemic whale, use and differentiation of Credit and Debit cards is now almost on the same level s in the US. There are some cash card dinosaurs still trying to preserve their off standards card business of former Germany, but I doubt they will survive in light of ApplePay and GooglePay. Plus, many Germans nowadays already use their Debit card without even noticing it is no longer a ‘Girocard’.
Here, debit cards are better for the merchant due to ~25p charge, versus 2-3% for credit cards.
SMS auth is quite new here too. Seems to happen for an unusually large purchase even though it is say only 5% of one’s credit limit. The main issue is that most countryside has no connectivity, or SMS messages take many mins or hours to arrive.
It is possible to break SMS auth but not casually. It was a big thing a few years ago; the basic procedure was: Conman who has your details phones the telco and tells them the phone has been stolen. The telco mails a new SIM either a) to a “new address; just moved house” he gives them (which is dumb) or b) a man sits by your letterbox (works better if you are on holiday) and steals the new SIM. Of course State agencies, the KGB, etc, can do it at the GSM system level… The indicator is that your phone suddenly loses connectivity while showing a strong signal (because the telco cut off the old SIM). Happened to me 2x to 3x but the conman never got very far. But if the target is old / ignorant / ill / in hospital / dead / etc then you can do it pretty well. I’d think freshly dead people would be an ideal target. Old people are always great targets for any fraud. A stolen phone, with no lock, is a better start.
They could use 2FA with a phone app but that won’t work if your phone is stolen.
I think the system is just badly broken and nobody knows how to fix it, the conmen are constantly 1 step ahead, and the banks are struggling with incompetent system designers and programmers, often in India which is always a hopeless way to do anything serious. And the bank systems don’t attempt to check who is being paid, so a transaction to Honeywell / Garmin / etc is going to get blocked even if it prob99.9 is not fraud. They just go on blind patterns, which is doomed to fail.
Another thing, not related to cards, is checking the IP. My bank will simply block the account if I access it from say Greece. That’s it. Blocked for ever – until a long phone call. So I always use a VPN to my house (with a laptop obviously; phones are useless for anything serious/detailed). Clearly they use a different policy for phone banking, but not that different because if say you are with Vodafone, and are in Kathmandu, your IP will be showing as Vodafone London (but will vary somewhat).
It is basically impossible now to do a significant (out of normal pattern) purchase while travelling, without a risk of losing that card. At least, expect a long phone call.
Google pay is a card – you set up a card of your choice on the phone, surely? So it doesn’t change anything. Just makes society more cashless. Works for trivial purchases. What I would not do is set up a Halifax card for that 
Or maybe it does work for trivia?
@MichaLSA Thanks for proving my point ;-)
When using ApplePay or GooglePay the payment towards the merchant is always handled as CreditCard-Payment even if the underlying collateral should really be a debit card. No difference at all. Same for all Visa/MasterCard/Maestro payments in EU.
The Debit-Card like systems that might have existed in some countries (exactly like the German Girocard) do lack realtime functionalities required for online payments and are therefore not really used for quite some time.
To use the German example: When Germany think they use their GiroCard as Debit card what they really do is not using the card at all but giving the merchant an authorization to (try to) deduct some money later on from the customers account. That system is much more comparable to the (still operating) US system of writing cheques than to a Debit Card system.
@Malibuflyer, in Germany and a few other countries, there are three generations of debit cards. In others, there are only two.
The first is German Girocard, Danish Dankort, etc., operating on their respective national networks. Accepted at ATMs and some domestic retail locations – essentially, only slightly more than an ATM withdrawal card.
The second is Maestro, operating on Mastercard’s network, and V-Pay/VISA Electron on VISA’s network; many of these also work as first-generation cards but some are stand-alone. Accepted at ATMs and some retail locations both in the country and abroad.
The third is VISA Debit and Mastercard Debit. Unlike the previous two, these enjoy the same wide acceptance as credit cards, including internet and telephone transactions, and follow the same numbering scheme (a 16-digit number starting with 4 for VISA and 5 for Mastercard). Nevertheless, the commission seems to be different. In particular, I remember purchasing an airline ticket with one of these and getting charged €5 extra for the use of a credit card; when I phoned the booking agency, they said they wanted a scan of the front side of the card showing the word “DEBIT”. Once I sent it to them, this extra charge was reversed.
@Ultranomad: Maestro is history (as is V-Pay) and the last remains will vanish until July 2023. Most of the Maestro attached cards were already pulled and changed into Debit cards.
@Peter I have used Nationwide since leaving university (2003) and while I occasionally used to have issues with them blocking transactions abroad I cannot recall anything in the last decade. France, Greece, the US…. the Nationwide Visa card just works.
In the UK the main reason people use a credit card rather than a debit card is because of the provisions of the Consumer Credit Act, which makes your credit card provider jointly and severely liable for all purchases over £100. So for instance if Vans Aircraft never make good on the kits I have ordered (empennage kit 4 months overdue on an original 4 month lead time) then I can walk away and Nationwide will have to cover it and cannot quibble. Note the difference – not that I can claim from them, but I can walk away and its their problem – the customer can literally tell them to go fish and the details of whatever has gone wrong is the card providers problem to solve. I buy absolutely everything on my credit card and pay the bill in full each month. Debit cards are for (very rare these days) withdrawing cash and nothing else.
Graham wrote:
In the UK the main reason people use a credit card rather than a debit card is because of the provisions of the Consumer Credit Act, which makes your credit card provider jointly and severely liable for all purchases over £100.
Correct – and similar provisions in many other countries. This puts pressure on the supplier to deliver, since most CC companies will pull the money from the supplier and make them “prove” that they did actually deliver. It’s not absolute protection, but far better than most other methods. And one of the reason that they charge for this service.
I do the same.
Unfortunately claiming money back for “undelivered services” is difficult. When this law came in, many years ago, the CC companies were paying out a lot of money, so they set up staff training schemes to make claiming difficult. I’ve had a CC dispute running for ~5 months with, guess who, Halifax 
who told me they cannot credit me unless the vendor’s (a bent Italian taxi company) bank agrees, which is ridiculous.
SMS auth is quite new here too. It is possible to break SMS auth but not casually.
Actually, it’s a very weak method and it’s easy to launch the attack against the banks that use it as authentication method.
It is a feature of e.g. accessing my retirement account online but seems a bit over the top just to buy something.
That’s the main reason that fraud exists at such extent, as I wrote previously. People simply perceive security as hassle and any kind of out-of-band authentication while shopping is too much for them.
Check this report and you’ll see how CNP (card not present) fraud is by large the leading one.
