Credit Card Chips Have Failed to Halt Fraud (So Far) (fortune.com) 229
An anonymous reader quotes Fortune:
New chip-enabled credit cards, which were rolled out to U.S. consumers starting in 2015, were supposed to put an end to rampant credit card fraud. So much for that. A new report from the research firm Gemini Advisory has found that, of more than 60 million cases of credit card theft in the last 12 months, a whopping 93% of the stolen cards had the new chip technology...
In theory, EMV should reduce fraud because every card transaction requires an encrypted connection between the chip card and the merchant's point-of-sale terminal... But while the EMV standard is supposed to ensure the card data cannot be captured, many merchants are failing to properly configure their systems, according to a Gemini Advisory executive who spoke with Fortune... The upshot is that criminals have been able to insert themselves into the transaction data steam, either by hacking into merchant networks or installing skimmer devices in order to capture card information... The report concludes by noting that big merchants have begun to tighten up their implementation of the EMV system, which will make them less of a target. Instead, criminals are likely to begin focusing on smaller businesses.
The report estimates that in just the last twelve months, 41.6 million records have been stolen from chip-enabled cards.
In theory, EMV should reduce fraud because every card transaction requires an encrypted connection between the chip card and the merchant's point-of-sale terminal... But while the EMV standard is supposed to ensure the card data cannot be captured, many merchants are failing to properly configure their systems, according to a Gemini Advisory executive who spoke with Fortune... The upshot is that criminals have been able to insert themselves into the transaction data steam, either by hacking into merchant networks or installing skimmer devices in order to capture card information... The report concludes by noting that big merchants have begun to tighten up their implementation of the EMV system, which will make them less of a target. Instead, criminals are likely to begin focusing on smaller businesses.
The report estimates that in just the last twelve months, 41.6 million records have been stolen from chip-enabled cards.
Chip & PIN (Score:4, Interesting)
Without a PIN, and without a chip reader for online purchases the whole exercise has been a waste of time.
Still no use for PIN (Score:4, Insightful)
Re:Still no use for PIN (Score:5, Interesting)
Re:Still no use for PIN (Score:5, Interesting)
I can also confirm that a lot of people in Nigeria have several cards, and they have to use PINs there, and one side effect has been to massively reduce fraud committed by the banks themselves. I assume the reluctance of American banks to force use of the PIN is because a large part of the fraud is committed by the banks themselves.
Yes its true: American banks are noticeably less trustworthy than Nigerian banks. (cf Wells Fargo)
Re:Still no use for PIN (Score:5, Informative)
(And if you're one of those people who've been duped into thinking the high interest rates pay for fraud, no they don't. They pay for cardholders who are delinquent on payments.)
Re: (Score:3, Informative)
As a merchant it is even worse. After you have lost your merchandise and the payment is reversed we also need to pay a fine to the credit card company.
Re: (Score:3)
The little independent merchants do unfortunately suffer, as they're not the ones with the clout to improve the situation or the market share to have their honest customers cover the cost.
Re: (Score:2)
Companies don't aim for a specific amount of profit and set their prices to achieve that. They aim for maximum profit regardless. If increasing the price of an item would increase profits, they'd have already increased it regardless of fraud.
Where fraud raises prices is where competition has already driven the price as low as it can profitably go. In such a case, a competitor with less fraud would potentially be able to undercut the others. In every other situation, the fraud eats into profits instead.
Signature not required (Score:2)
It appears that none of the major cards are requiring signatures any more:
https://www.creditcards.com/cr... [creditcards.com]
So instead of Chip+Signature, it's just Chip vs. Chip+PIN.
Re: (Score:3)
Re: (Score:3)
Signature has not been required for card-present transactions in the US by American Express since April 13, 2018. This is actually a global policy change for Amex.
Merchant can, if they wish, require a signature, and some industries tend to. And there may be applicable laws in the US that require a signature for a variety of reasons, though I don't know them well enough to quote or reference here.
I see many chip (EMV) transactions processed without even a PIN, in the US, a process that uses both fraud analy
Re: (Score:2)
Re: (Score:2)
I see little useful difference.
You are seriously telling us that you see little difference between requiring a pin when using a CC for purchasing goods, vs. not requiring one, even if "only" for IRL shopping? If that is the case, then you are a moron with an IQ below 80.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
WAAAAYYY - less secure. You have moved secret handling (the PIN) from a special purpose devices with limited network interaction, that runs software that is not easily modified or updated by unauthorized parties; and moved it to a general purpose device.
A device that is on network all the time, a device where users are likely to add all kinds of software. A device where published security issues in the platform might not get patched at all... The potential for an attacker to either obtain the secrets for
Re: Still no use for PIN (Score:5, Insightful)
I got this same explanation from a waitress, that they didn't use pin because of tipping... But that's utterly ridiculous, in the rest of the world they bring a wireless payment device to your table and it asks if you'd like to leave a tip, you enter the amount to tip and it calculates the total and then authorises the total using your pin. The payment device then prints out a receipt which shows how much you paid in total.
Re: Still no use for PIN (Score:5, Insightful)
While we're talking about obsolete practices, could we please abolish tipping, too?
Re: (Score:3)
Tipping in cash is always preferred by servers.
Tipping is a two way street. If you tip at the end of the transaction, the server benefits. If you tip at the start of the transaction, such as tipping a bartender when you order your first drink, he/she will treat you well for the rest of the evening. Both sides benefit.
Of course, if you're a regular and get a reputation for tipping well, you'll be treated well every time you visit the place.
What became of the legislation that was proposed to allow the rest
Re: Still no use for PIN (Score:5, Insightful)
Tipping in cash is always preferred by servers.
Very true. I've had a waiter (in Canada) thank me for paying in cash, because he now had enough cash in the register to take his tips with him at the end of the day, instead of waiting to get the amount prepared for him at the start of his next shift (which could be in a couple of days). As I understood, it wasn't specifically about tipping in cash, but enough people paying in cash during the day (some of those people could leave $0 tip - the point was there to be cash available).
Tipping is a two way street. If you tip at the end of the transaction, the server benefits. If you tip at the start of the transaction, such as tipping a bartender when you order your first drink, he/she will treat you well for the rest of the evening. Both sides benefit.
Of course, if you're a regular and get a reputation for tipping well, you'll be treated well every time you visit the place.
What became of the legislation that was proposed to allow the restaurant owners to decide how much of the tips go to the servers? IRIC that was proposed as a means to relieve restaurant and bar owners of the burden of having to pay a higher minimum wage...
Tipping, as implemented in North America (Canada & the US), is pure bullshit. Hospitality workers are basically forced to rely on tips in order to make a livable wage, in many jurisdictions they specifically get shafted (the law specifies a lower minimum wage for restaurant workers than everyone else). As a result, you are culturally "forced" to tip large amounts even just for average/expected service (15%, or whatever is the local custom), because otherwise the people serving you are underpaid. Basically, this means that the prices in the menu are artificially deflated. You are expected to fork over an extra 15% (or whatever), so that's not a "tip" - it's an integral part of the cost you incur.
Tipping should be an optional activity and a reward for exceptional service, not mercy money that allows workers to eat. Workers should be paid for their work by their employer. Salaries should be in line with employer expectations. If employees go above and beyond that, customers can reward them (if they want) with tips. Tips should not be the employees' financial lifeblood.
There's plenty of places where it works like this. There's plenty of places where tipping is just rounding up (so on a large bill, something like 1-2% and nowhere hear 15%). There are places like Japan where there is no tip (in fact, I was told that tipping is insulting and that the waiter will angrily give you back your money). Guess what, the service is just fine (especially in Japan, where it's excellent).
Re: (Score:2)
Tipping is the capitalist way of doing it - a good waiter doing 10 turnovers an hour (which is relatively common) can make $50-150/h - work 30h a week, you make $1000-3000/week - $4000-12,000/month - untaxed on top of your minimum wage.
Sure it's hard work and nobody actually wants to do it but it's a decent wage.
Re: Still no use for PIN (Score:4, Insightful)
Tipping is the capitalist way of doing it
Tipping is the capitalist way of employers screwing their employees, the way it's done in North America.
If you're paid decently by your employer, and tipping is just icing on the cake, turning a minimum-wage job into a higher-wage job, and that makes you work harder to be extra nice to the customers to earn tips - that's fine. No problem with that.
If you get a lower minimum wage than everybody else because you get tips, well that's simply being screwed and exploited. Also, if tips are basically mandatory, the restaurant owner is lying to his customers about the price of the food and drinks.
Re: (Score:3)
There's a lot of BS in the US. We give tax breaks to big corporations (and rich people) and the public schools and other basic infrastructure suffers. The same corporations don't pay their workers enough to live, so the government gives them food stamps and free medical care. The execs at those corps say they can't find well-educated talent in the US so they want H1B slaves that they can underpay. The US is giving all the money to corporate execs and other rich folks while dumbing down the population to
Re: (Score:2)
Because of tipping US can't lock a payment down. Chip&pin is final - transactions can't be changed, which means / bring the terminal to the table so I can put whatever tip I want and then secure it with pin. But no - now in US you can authorize a 1.99 payment and have Joe Schmoe add 1000 tip on it, just fine.
Canada has the exact same tipping culture (when it comes to restaurants and bars...not really when it comes to everything else, like bus drivers, etc.) as the US. For years, PIN cards are the norm and people leave tips just fine. You get the terminal, and you select the amount of tip to leave (10%, 15%, 20%, custom % or custom exact dollar amount). It works just fine. In fact, it simplifies people's lives since they don't have to calculate how much is 15% of their bill, the terminal does it automatically.
Wi
Re: (Score:2)
Because of tipping US can't lock a payment down. Chip&pin is final - transactions can't be changed, which means / bring the terminal to the table so I can put whatever tip I want and then secure it with pin. But no - now in US you can authorize a 1.99 payment and have Joe Schmoe add 1000 tip on it, just fine.
Chip and no pin leaves the chip unencrypted, so it is no better than mag stripe
Absolutely untrue. whether a system simply authorizes or authorizes and finalizes a transaction has nothing to do with the card but with the systems programing. Pin or sig or none is decided by the provider according to its contract. Usually all are available but different rates are charged. The chip is always encrypted and always secure. Anyone can clone the magstripe and it usually just holds the information from the front of the card. Cloning the chip is basically impossible due to the level of tech that
A couple points: (Score:2, Interesting)
1. The chip does nothing to crooks from using the card number, type, expiration date and 3 digit code on the back.
2. Many retailers I use my chip card at don't even use the chip reader functionality in their terminals, taping it off and indicating that the card needs to be swiped instead.
3. Most retailers never check my sig (even if indicated on the card).
4. I can run my card as 'credit' and can bypass the pin entry, totally rendering that useless.
Well duh (Score:3)
exactly (Score:2)
all you have to do is exactly what they did in europe and make the retailer liable for the fraud if they swipe
Re: (Score:2)
The amount of fraud in dollars is less than the vig the credit card companies are taking. The credit companies are getting several percent of every transaction made with one of their credit cards. Full stop. This is the credit card companies problem and they would love to have their cake and eat it too. Dont help them. Please stop.
Re: (Score:2)
Re: (Score:2)
They are... That is how it works.
Re:Well duh (Score:4, Interesting)
Re: (Score:3)
That's the theory. Unfortunately, one of the flaws in the EMV protocol is that the authentication is unidirectional. The card must authenticate itself to the bank, but the bank doesn't have to authenticate itself to the card.
That's untrue. The path for the transaction payload is Chip->terminal->merchant->bank->issuer and the payload returns along the same path.
The chip's payload is encrypted with a key held only by the issuer, and the response is encrypted with the same key. The entities in between (the terminal, the merchant and the bank) have no way of decrypting the chip's payload, nor of encrypting a payload that the chip can decrypt.
So unless the issuer is compromised there is no MITM attack going on.
Re: (Score:3)
Few things (Score:2)
First, make the trader liable for problems at their end.
Second, the U.S. is over a decade behind Europe on this technology, meaning hackers have had ten years to figure out problems. It's the equivalent of running Windows XP or an unpatched Windows 7 on a modern network.
Third, why the hell is anyone expecting a trader to understand network security? These systems should be proof against even ingenious idiots. Plug it all in and it works, autoconfiguring. No default passwords, no default security holes, just
Re: (Score:2)
Re: (Score:2)
is people being stolen really a big problem where you live?
Re: Few things (Score:5, Informative)
Only a decade?
The uk had chip and pin in 2006 when i lived there. Not sure when they rolled it out out.
And in 2014 australia stopped accepting signatures at all.
Now though im pretty much 100% contactless and done mainly via my phone.
Re: (Score:2)
Only a decade?
The uk had chip and pin in 2006 when i lived there. Not sure when they rolled it out out.
And in 2014 australia stopped accepting signatures at all.
Now though im pretty much 100% contactless and done mainly via my phone.
I got my first chip and pin in 1997 when I turned 18, it had been around for years before then.
Re: (Score:2)
Magstripe and pin was what I grew up with as a kid in the 80s. We also always had the option of choosing the account at the terminal, CHQ/SAV/CRD are the three options. 3 accounts on 1 card.
Duh ... (Score:4, Informative)
If the majority of the cards have a chip, then the majority of fraud cases will be cards with chip. The point of moving from a magnetic strip to a chip, is that others cannot gain access to your card simply by swiping it. After chip conversion, that vector of attack is mostly gone, and criminals move on to other methods. For which cards with chip are just as good/bad as any other card.
Re: (Score:2)
The point of moving from a magnetic strip to a chip, is that others cannot gain access to your card simply by swiping it.
This is something that works well with chip+pin, not so well if you don't actually have any "something you know" method of securing the transaction.
If US credit card companies ran IT... (Score:2)
Let's apply the same design to securing out IT:
- Secure Boot enabled, locked down and unable to be changed.
- Fully encrypted HDDs with decryption tied to user authentication.
- Tamper proof case, encryption keys destroy themselves if the computer is opened.
- No password.
I was mocking the USA when they decided to 40 years late adopt Chip+Pin, a technology which caused credit card fraud to plummet in the rest of the world... and then they only adopted half of the technology.
EMV & 'contactloos betalen' (Score:2)
Anybody who can share their insights here?
Thank God they still demand my "signature" (Score:2)
on purchases at most stores! I'd hate to think that my financial security was entrusted solely to a chip in a credit card.
Chip cards aren't meant to prevent breaches (Score:5, Interesting)
There's a lot of misinformation here.
Chip cards aren't meant to prevent card breaches. For card-present transactions (in person at the store), the exact same encryption and cardholder data protection requirements are in place from the reader to the bank whether its EMV or old mag-stripe. For card-not-present transactions (online and e-commerce) EMV makes no difference at all.
Chip cards do one thing. They make it harder to make a fraudulent physical card. With mag-stripe it is trivial to take another credit card or even a subway gift card and recode its mag-stripe to use a stolen card number, so I can walk into a merchant and use that card.
The author appears to be confusing EMV standards with the PCI P2PE (point to point encryption) standard, which is meant to prevent breaches by doing many of the things the author describes.
Re: (Score:2)
For card-not-present transactions (online and e-commerce) EMV makes no difference at all.
Not quite. If I try to pay anything online with one of my UK cards, after passing my card details to the merchant, a token is used to forward me to my bank, where I have to confirm 3 letters of my pin & 4 letters of my online banking password. I then get returned to the merchant once the payment's been authorised.
Fine, that system's completely independent of my card, however it's only possible because the bank's been able to force me to set two separate passwords for authentication.
Re: Chip cards aren't meant to prevent breaches (Score:2)
I thought the only 'one thing' that chip was meant to do, is provide a smokescreen justification for the credit companies to change their default assumption of blame from "the fraud wasn't your fault" to "the fraud was your fault".
The industry knew it would take time (Score:2)
This is really no different then when EMV rolled out elsewhere, except hackers have more access to the interconnectedness off things.
EMV in EU also rolled out with loose rules to start - merchants want cards to work - so fall back to mag stripe was allowed, and the bad guys figured out they could smash the chip on a stolen or cloned card. When fallback was removed, fraud went away.
The USA is also a different beast. Besides having to upgrade older infrastructure, the problem of customers with multiple cards
Re: (Score:3)
Chips are a joke (Score:2)
Re: (Score:2)
Have had chips in the cards for about 10 years here in Canada and haven't ever had a chip fail. Granted cards are usually only good for 3 to 5 years and then they are re-issued with a new expiry date. But certainly I know of very few chip failures among.
But you make a good point. There's little incentive for card holders to want chips in their cards. Especially when a lot of commerce is done online and the chip and pin doesn't even enter into it.
US could have chip-and-PIN like everybody else (Score:2)
When I visited New Zealand I marveled at how easily the metric system had pervaded everyday life. Although the UK formally switched to metric in 1965, it is still in the process of slowly seeping through popular culture. The general public still travels in miles, quotes Fahrenheit temperatures, and weighs people not even in imperial but in the Neolithic unit that preceded it. In the US, the public attitude is that if some little snowflake somewhere would be offended by switching over, we can't even contempl
Re: (Score:2)
Yet across the world credit card fraud has been increasing, not decreasing, pretty much at the same rate.
Re: (Score:2)
Although the UK formally switched to metric in 1965, it is still in the process of slowly seeping through popular culture. The general public still travels in miles, quotes Fahrenheit temperatures, and weighs people not even in imperial but in the Neolithic unit that preceded it.
That's not even half true. Sure, it's still a messy mix, however there are very few things we still use imperial for, and it's mostly the baby boomer generation. Our schools started the transition as far back as 1968, however it wasn't until 1988 that the National Curriculum forced all schools to conform.
For those over 60, Centigrade is the only Metric (SI) measurement they use - not even my grandparents use Fahrenheit. For human weight, they also use Stones (14lbs).
For everyone under 60, it's mostly SI Met
Re: (Score:2)
My last visit was 2014, in Cumbria and Yorkshire. Okay, these counties may be the UK equivalent of Oregon and Tennessee, but despite official metrication the popular culture still seemed to be stuck on imperial.
Re: (Score:2)
I remember when I was in grade school (in the 1970's), there was a government plan to switch to metric. It was taught in our schools, but companies were not behind it. The whole "snowflakes being offended" craze is something that has grown in popularity in the last 20 years, so that's not the reason.
The reason is MONEY.
How many speed limit signs would need to be changed to kilometers/hour? How many bridge height signs need to be changed to meters? How many truck weigh statio
Re: (Score:2)
Finishing the job on metrication (we did get started, remember, leaving some industries metric and the rest imperial) wouldn't be that difficult. Because the beverage industry was one of the switchers, everyone is now intuitive about volumes in liters, and can think about how easier life would be without the dumpster fire that is imperial volume measure.
For road signs, have the prisoners start making metric stickers to go on existing signs next to - not over - the imperial units, acquainting people with met
Re: (Score:2)
America uses metric. I'm drinking a 500ml bottle of soda right now in America. I'd be hard pressed to find anything in my kitchen that doesn't have metric units on it.
Granted, some of the containers have a decimal in the metric measurement. Is that the definition of "not using metric" if the thing is marked with both an integer number of imperial units and a decimal number of metric units?
We do use 20 feet and 40 feet as the standard lengths of our intermodal shipping containers and 8x4 feet as the standard
The chip-based cards have not failed... (Score:2)
...many merchants are failing to properly configure their systems
Those humans who tried unsuccessfully to implement the chip-based cards have failed. Human error, who would have ever thought that to be a cause of failure?
Slow but getting there (Score:2)
My first CC to incorporate a chip was compromised in less than a week. The wait staff ( my best guess due to it's limited use based on the length of time I had it ) simply copied the name, CC numbers and security code and voila, they have everything they need to make an online purchase or provide to a third party who is paying them to collect such things due to their access to so many.
I was somewhat puzzled when the transaction alert hit the phone that I had just paid for dinner for four to go about 1600 m
An Anecdote (Score:2)
I had a credit card get punched back in the late 1980's. Someone was trying to buy airline tickets in London and it got blocked.
After that I never had a problem with the card which was re-issued. Was using the same card up until 2014 when I was forced to get a "New" more protected chip card. Shortly after the very first use of the chip card I got a all that someone was trying to buy a computer.
Now 4 years later the same thing happened again.
27 years of no problems without the chip... now 2 problems in 4 yea
Which is why I don't.. (Score:2)
Several years ago a breach of a payment system hit locations I used to use plastic at. Prior to that I had my eye on the news, week after week, of escalating rates of breaches of payment and data systems. Luckily for me none of my accounts or identity information was affected by the payment system breach at places I then frequented, but it was clear that no merchant or payment system provider was capable of saf
Re: Of course (Score:5, Informative)
The US opted for chip+signature, rather than chip+PIN like the rest of the world. Since no one ever checks signatures properly, stolen cards can easily be used for fraud in the US, without needing to shoulder surf for a PIN first.
Re: Of course (Score:3, Interesting)
And for those of us in the rest of the world, the US is also the cause of fraud on our credit cards. For backward compatibility, our cards still have a magstripe, but the bank's won't authorise payment in local country. So we get our cards cloned, and then used in the US!
Re: Of course (Score:5, Interesting)
And for those of us in the rest of the world, the US is also the cause of fraud on our credit cards. For backward compatibility, our cards still have a magstripe, but the bank's won't authorise payment in local country. So we get our cards cloned, and then used in the US!
Here in Norway they've fixed this quite easily because around 2010 most the banks introduced regional blocks, the defaults vary a little but my bank's card by default only works in Norway. To expand the coverage you must log in to the online bank and enable it. You can permanently enable it for our neighboring countries in Scandinavia, but for the other regions (rest of Europe, North America, South America, Africa, Asia) you can only enable it for three months at a time. That has pretty much stopped international scams dead in their tracks, even if it is enabled the crooks don't know until they try and while the occasional tourist will forget and enabled it after being declined it will stand out as a sore thumb.
Combined with 2FA using the cell phone/one time codes for online purchases fraud here is extremely low. I found a page that said total credit/debit card fraud in Norway is around 150 MNOK/year, that's $17 million. Divided by 2.4 million households that's about $7, the average household income is about $51k so 0.013% is lost to fraud. Basically that's noise level, people lose more money on grocery prices due to shoplifting than that. I don't think these numbers include robbery where you're forced to enter/hand over the PIN though, just shoulder surfing and such.
Re: (Score:3)
A lot of fraud comes from Poland too.
Citation needed.
Here in Poland we have EMV and 99% of cards issued by banks operating in Poland have magstripe and chip, and all transactions are authorized by a PIN. The only popular scam I've heard of here was to record the magstripe & PIN using a rigged ATM (with skimmer and camera over the pinpad), send the magstripe & PIN data to some other country (ie. in South America), and then try to grab cash using a cloned card there. The only time I have ever had to sign my card payment was when using my
Re: (Score:2)
A lot is an article or set of articles for sale at an auction. Both sausage and stolen credit card numbers are often sold via online auctions.
Re: Of course (Score:4, Informative)
Checking signatures is worthless anyway, real peoples signatures never look exactly the same whereas a criminal can easily copy what he sees on the back of the card, or in the case of cloning the cards he can just sign the cloned card himself and thats what the merchant will compare against.
At least with a pin, the pin is either correct or not, and not displayed on the card itself.
Re: (Score:2)
Re: (Score:2)
Believe it or not, yesterday.
I'm not saying that's the norm, though.
Re: (Score:2)
Assuming you're in the US, when was the last time anyone actually even pretended to look at the back of your credit card to compare signatures?
In most cases, it would be worthless to compare anyway. The signature made with a real pen on the back of a card rarely looks anything like a signature made with a bulky stylus on a slippery touch screen.
(Even worse are some delivery services where you "sign" the guy's tablet with nothing but your finger. That usually comes out as little more than a straight line.)
Re: (Score:2)
They rarely do exactly because it's useless.
Re: Of course (Score:4, Informative)
Strictly speaking - not defending this practice, just explaining it - merchants should decline to take your card if you've done this, per their agreement with the card issuers. The signature is there as a promise to pay, not as a means of identification. Yes, this is stupid. A better practice is the banks that allow you to put your picture on the card.
Re: (Score:2)
Re: (Score:2, Insightful)
The summary talks about merchant system misconfiguration.
That would imply that the chip simply isn't used.
Well, who would have thought that a purely decorative chip that is never used actually has no effect!
Obviously we all expected the gold shininess to make fraudsters run away...
Re: (Score:3)
The summary talks about merchant system misconfiguration.
That would imply that the chip simply isn't used.
Well, who would have thought that a purely decorative chip that is never used actually has no effect!
Obviously we all expected the gold shininess to make fraudsters run away...
In the US, most shop merchants (the kind without IT departments) get their payment terminals from banks or payment processors who offer zero configuration options. All misconfiguration is by the banks.
What is going in on a scam called PCI-DSS where they demand that you use PCI certified hardware that is so fragile that leaving them on an open network will get them pwned - so they will require you to pay them to 'scan' your website to check it's ok, even if that makes no sense, like you are serving a web sit
Re: (Score:2)
Since I got my chipped card, not once have I been asked to insert a PIN. In fact, I almost never even have to sign on the reader display.
People still think I'm crazy for carrying cash!
Re: (Score:2)
well since you apparently never buy anything more than $10 I don't think it matters. The only time i don't have to enter a pin is when buying a $5 meal at a fast food joint or at places that don't support chip transactions yet. Those are disappearing as that makes them liable for fraud.
Re: Of course (Score:4, Informative)
The US opted for chip+signature, rather than chip+PIN like the rest of the world. Since no one ever checks signatures properly, stolen cards can easily be used for fraud in the US, without needing to shoulder surf for a PIN first.
You can't clone the cards and use them in online transactions. They are skimming the cards and using them for online transactions, most likely. Though the chip does generate a new CVV when used with the chip. If you run the magnetic stripe through, you get the real CVV which can be used online. Also there are tons of restaurants, fast food joints, gas stations, and banks that still use the magnetic stripe instead of the chip.
Re: (Score:3)
Chip+PIN is not invincible either. In the Netherlands there are gangs operating right now that can skim the information from Chip+PIN and the banks aren't willing or at least giving a really hard time to reimburse the fraud because "fraud is impossible". Moreover chip implementations in the EU are rampantly being abused especially across public transportation where people are cloning chips to get onto trains and busses.
The truth about EMV (and I've seen and implemented EMV systems across both US and EU) is
Re: (Score:3)
Since no one ever checks signatures properly, stolen cards can easily be used for fraud in the US, without needing to shoulder surf for a PIN first.
Some notes on this... Merchant agreements PROHIBIT merchants from asking for ID and DO NOT REQUIRE that merchants check signatures. In fact Visa et al actually essentially PUNISH vendors who do. Famously, Wal-Mart used to have a policy to check signatures and VISA successfully argued that they should not be on the hook to cover fraudulent purchases that Wal-Mart
Re: (Score:2)
Also, PIN would get in the way of their big campaign for just tapping your card to pay.
The US is in favor of people, not bank (Score:2)
Re: (Score:2)
The EMV chip has nothing to do with the mag stripe, this is just people doing the usual and skimming the mag stripes.
Re: (Score:2)
proof by induction
Re: Pay cash where you can (Score:2)
Nope, thief kills you for your cash, no witness no identification
Re: (Score:2)
Where do you live that an attempted robbery ends up in murder ?
Yeah, so, a robber ask you politely, do you have any valuable with you ?
You say no... and magically he just goes away
You say, here, take this and he kills you
Always happen
Re: (Score:2)
Chicago
cooperation irrelevant. people shot or stabbed for money, for car, after rape, etc.
nice civil world you have there, between your ears
Re:Pay cash where you can (Score:5, Insightful)
Having some cash with you can also save your life if robbed, a thief will just run away happy with your cash
If a thief knows you have cash he is more likely to rob you, cards are less useful to a thief, especially less organized ones. A thief will also be happy with your phone or jewellery, and will probably take your wallet and run rather than open it and inspect it in your presence.
It is safe (no risk of card skimming)
You instead have the risks of it being lost, stolen or damaged, not to mention forged cash.
you are noot feeding the bank (2% transaction fee)
Yes you are, businesses pay a lot to banks for the ability to accept cash payments, often more than the transaction fees associated with cards.
Banks charge businesses fees for processing their cash deposits, which have to be counted by both the bank and the retailer, the cash has to be transported to the bank and will usually require protection while in transit, banks charge retailers for providing large bags of small change, your insurance liability goes up if you have cash on the premises as it's an attractive theft target or could be destroyed in the event of fire or flood etc.
For the customer, the cost is the same wether paying by cash or card but many cards also offer benefits to the cardholder which they wouldn't get if using cash.
it is private (big brother does not knowwhat you buy)
It's private if your careful, and also don't have explicit surveillance being carried out against you.
Re: (Score:2)
If a thief knows you have cash he is more likely to rob you, cards are less useful to a thief, especially less organized ones. A thief will also be happy with your phone or jewellery, and will probably take your wallet and run rather than open it and inspect it in your presence.
What are you immagining, that people go around with cash hanging out of the jaket ?
Yes, a thief, will check the wallet in your presence and take whatever that is of value.
If there is nothing to take... he/she may get angry. Happens
You instead have the risks of it being lost, stolen or damaged, not to mention forged cash.
You are confused, you use cash to pay, you get it from the bank, it is not forged.
you are noot feeding the bank (2% transaction fee)
Yes you are, businesses pay a lot to banks for the ability to accept cash payments, often more than the transaction fees associated with cards.
Banks charge businesses fees for processing their cash deposits, which have to be counted by both the bank and the retailer, the cash has to be transported to the bank and will usually require protection while in transit, banks charge retailers for providing large bags of small change, your insurance liability goes up if you have cash on the premises as it's an attractive theft target or could be destroyed in the event of fire or flood etc.
For the customer, the cost is the same wether paying by cash or card but many cards also offer benefits to the cardholder which they wouldn't get if using cash.
You are even more confused, you probably are a shill, paid by the banks.
All plastic transactions pay to the bank and you will pay even more whan cash will be "premium"
It's private if your careful, and also don't have explicit surveillance being carried out against you.
ok, got it, you are just a paid
Re: (Score:2)
You are even more confused, you probably are a shill, paid by the banks.
What he said is absolutely true. I once designed a cash management system for a large retailer (a chain of grocery stores), and in the process saw a lot of detail about just what all of this costs. Stores pay banks to have cash delivered to them. Stores pay banks to accept cash deposits. Stores pay employees and managers for a lot of hours that are spent doing nothing but counting and handling cash, including lots of double-checking and oversight to minimize "shrinkage" (the retail term for the rate of th
Re: (Score:2)
What are you immagining, that people go around with cash hanging out of the jaket ?
Thieves can see when you open your wallet to pay for something, they can see if you've received change from a purchase, they can see if you've just used an ATM, they can also stake out the owner of a small business who goes from his store to the bank every day carrying the days takings and coming back with change to hand out in the store.
Yes, a thief, will check the wallet in your presence and take whatever that is of value.
If there is nothing to take... he/she may get angry. Happens
Depends on the crime, many robberies are opportunistic and the thief is looking to get away as quickly as possible (eg pickpockets), they don't have time to check the loot
Re: (Score:2)
Charging extra fees is illegal in some countries, depends where the retailer is based...
Even if a business isn't taking enough cash to justify an armored car, they still have bank fees and increases risk. The actual reason some small businesses prefer cash is tax evasion, a certain percentage of cash taken by a business will usually just disappear and never make it into the accounting system, but card payments leave a trail which is easily followed by the tax authorities.
Re: (Score:2)
Having some cash with you can also save your life if robbed, a thief will just run away happy with your cash
Maybe - I'd love to see some statistics on that. Personally I never carry much cash, and I do carry a pistol. If you try to rob me one or both of us is going to the hospital or the morgue. I am alright with the status quo there.
It is safe (no risk of card skimming)
For select definitions of safe. If the attack vector is simple fraud; say the deliberately sell you broken or defective item and then just disappear you have no recourse. But alright I will grant you this one at least for the case of places with physical buildings, names they wan
Re: (Score:2)
Another thing I'd like to point out about merchant fees.
Handling cash is not 'free' from a retailers preservative either. There is much more possibility for shrink even if it does not involve fraud or theft. Bills stick together etc. If you don't close business out in time to get deposits to the banks; you can lose a days interest on those deposits. That matters for large operations. You have pay security people to safely transport cash to the depositing institution; fuel, salary, vehicle maintenance.
So
Re: (Score:2)
Handling cash is not 'free' from a retailers preservative either.
Actually business often have to pay a fee to deposit cash.
Re: (Score:2)
Having some cash with you can also save your life if robbed
Paying with cash will make you a target and get you killed if the robber panics.
Re: (Score:2)
Hypenosis! Now that's a word that ought to exist.
Re: (Score:2)
> If every merchant would support contactless payments,
It means the credit card can be used at least once without having to enter the pin.
As for the phone - it was very often a source of surprise $8000 bill because ITunes didn't authenticate each individual purchase. The child purchases something with stored credentials, and doesn't know that it has an impact until a few weeks later. It's also the reason a game for cats company had to come up with a custom authentication method to prevent animals from ac