I have seen articles where merchants were upset that the fees/percentages on some cards were much higher due to the rewards programs. I’m not aware how the merchant knows which cards charge what fees at the time of sale. Is there an indicator during the transaction?
I remember decades ago (about 1985?) I took a ski trip, the bus operator said they took Visa, Mastercard, but not Amex. I asked why, he said it takes 2 or 3 months before they got their money. That’s another thing card issuers make money on, is interest on the float time between cardholder payment and forwarding to the merchant.
The Bank Identification Number (BIN) - the first 6 characters of the credit card number - identifies the issuing organization and card type. You can look it up on sites like this:
For example, I have a MasterCard World Elite and a Visa Infinite from two separate banks. Visa uses Infinite/Infinite Privilege and MasterCard uses World Elite for premium card names.
Don’t get too excited about the brand: it’s just that. The payments move on the same rails for at least part of the way; my assumption is that the processor Costco Canada uses doesn’t route through Visa, but American Costco does. Perhaps Costco US has its own gateway, and Costco Canada does not. Lots of possibilities.
As for CVV and fraud: a few hundred credit card numbers stolen isn’t worth anyone’s trouble as a business venture. You can buy “fullz” (full card info) in the dark web for like $8.
Setting up a merchant account, buying a terminal, etc. is going to get you into that territory. So no, nobody sane is going to do that.
The brands and issuers use lots of AI to look for fraudulent patterns, and they’re VERY good at it. There are commercial products like Falcon that do this for them, and many have developed their own as well.
This area is a deep well of fascination…careful before you get sucked into the vortex!
All of those are good points, and also the fact that the CVV can’t easily be read by a skimming device. The skimmer now needs to read 2 sides, and one of those sides needs to be optically scanned in addition to magnetic. That’s going to be more hassle than most skimmers are going to want to undertake.
CVV are good and helpful! Maybe reflect on Chesterton’s Fence before dumping on them (not you, I mean others).
The point is - to steal the CVV the card needs to be physically inspected. there are a limited number of opportunities this can be done; ie. restaurants, but nowadays they use portable debit units and the waiter does not have a good opportunity to copy the card info. Also, it helps isolate where such theft is happening.
The point is not that CVV is totally foolproof, but that it introduces a serious obstacle to some types of fraud, just as a PIN does and a less predictable expiry date does, and especially a chip does.
I ran across a few chip-based ATMs in the Middle East a few years ago, while many rejected attempts to use a magstripe from overseas. As technology improves, it will be harder to simply write a magstripe and use a furtively obtained PIN, since at this point chips are pretty much impossible to duplicate. (…at this point)
there’s a lot of credit cards that are putting all the card numbers on the back of the card now (i know this because between my aunt and cousin they had 21 cards until recently )
Actually you don’t. It would be trivial to code a fake storefront website that takes in a credit card number and appears to be making an authorization call on the card number but is actually doing no such thing.
True, but then you have to fake a product that people want to buy. And attract customers, etc. Still not trivial and people are going to start looking for their purchase - most sites will provide the tracking number for an established shipping company within a few days; etc. etc.
Of course, any trick can be done, the question is - can you create enough volume to make it worthwhile? Can you get a site certificate without making yourself traceable so wary consumers see they are dealing with an HTTPS site?
Having gotten the numbers, the next trick is to convert that information to cash without triggering fraud detection systems, without being caught.
Again, CVV is not foolproof but it takes more effort to collect this information than simply hacking an existing merchant.
You’re not interested in wary customers. You’re interested in fools and rubes. You offer boner pills or gold futures or international lottery tickets or something, and whoever happens by happens by.
As an aside, what an odd case. As much regulation that businesses are under it seems astonishing that New York can’t tell businesses that an item must be posted “$10.30 with a 30 cent discount for cash” instead of “$10.00 with a 30 cent surcharge for credit.” Yes, it regulates speech, but damn, that isn’t applied generally.
And indeed scammers do all these things, and then some some of them manage to work around the controls on merchant processing, and payment, and fraud detection algorithms, and so on and so forth.
But there are enough such hurdles in place with a high enough catch rate that fraud rates are down to the point where card companies and merchant acquirers and retailers and consumers generally don’t have problems.
I personally find it interesting that people get so hung up about the imagined risks of card fraud in the modern day when for literally decades the standard transaction mode of cards in the US was “hand over card, take back card and piece of paper, return paper, walk out with goods”, no signature check or verification of any kind whatsoever.
Whereas the other day my wife had a momentary mental blank and got her PIN wrong at her regular grocery store, as she got in the car to go home she got a text message along from the card company the lines of “Looks like you got your PIN wrong but we approved the transaction for you anyhow, let us know ASAP if that wasn’t you. Also, you can log into our App to check or change your PIN!”.
The systems are now good enough and fraud low enough that they are putting significant effort into eliminating false negatives.
“[n]o seller in any sales transaction may impose a surcharge on a holder who elects to use a credit card in lieu of payment by cash, check, or similar means.”
It boggles the mind to consider what business interests lobbied in what way to get the NY State legislature to impose a law to support the bank’s side of the merchant agreement - in 2017, no less. The court decision was legal hair-splitting to make a point:
The Court argued that, because §518 does not regulate the price that may be received by a business, as per usual price control, but rather the communication of prices, "§ 518 regulates speech
After all, it did not impose a price like price controls usually do - it simply forbade credit card surcharges, which effectively also forbade signage explaining the price. The sign was not necessarily “discount for cash” it would have been “discount for cash, debit, cheque, or barter or anything except credit card.”
After all, if there were a law forbidding a surcharge for service to people not wearing shirts and shoes, the law would not be a law regulating prices so much as a law regulating what attire a business could demand.
I understand what you are saying, but that seems like such an odd hill to die on for “free speech” and if applied generally would be fairly revolutionary and not in line with the thousands of other ways that a business’ “speech” is regulated. Consumer protection laws of all sort tell businesses how they can advertise, what they can say in advertising, and even forbidden words in advertising because it tends to mislead the public.
For example, warning labels on cigarettes. The government isn’t demanding that cigarettes be made safe or safer, it is merely demanding that the company communicate (speech) that the cigarettes are unsafe. Or the prohibition on the long used term “Lights” to describe certain brands. The company is compelled not to use terms which may confuse the public. Or to post calorie content on the menu. The government isn’t demanding fewer calories, but requiring the compelled speech to communicate calories.
Further, when a government enacts a regulatory regime, like mandatory masks, or no smoking in the building, or age restrictions on products, it frequently requires compliance with government approved signage.
I don’t see how this is any different. The state of NY has realized that most people do not carry cash or very little, and make purchases with cards. If I see a sign that says $10 and then they say, “Oh, but there is a surcharge for a card” then they have mislead me as that is, in today’s world, the common method of consumer transactions. If the sign says $10.30 but they pleasantly surprise me by saying that it is only $10 if I have cash, then that is just a benefit to the consumer. I went in ready to pay $10.30 and they didn’t upcharge me.
That seems like an extremely modest regulation to protect consumers.