Are you sure? I happened to make a purchase in a small town in Western Washington last week using my Canadian “chip and pin” card (which also had a magnetic stripe) and the machine would not process the transaction until I had entered the pin. This surprised me since it was a US$ credit card issued by a Canadian bank and had never been used in such a reader before and I wan’t sure it even had a pin. It did and was my usual pin.
Nearly all Canadian CCs are chip and pin (I have one that isn’t–I don’t know why) and have been for years. One big plus is that the merchant never gets to even see the card. Even at restaurants, the waiter comes around with a hand-held device and you stick your card in, enter the pin and you are done. It seems to me that it ought to be possible to hack the machine so that you actually do record both the number and the pin, but I have never heard of this happening, so there must be some control against it.
You can have a PIN under the new system, and use it in terminals which allow PIN transactions, but you don’t have to have one. The system will still be set up primarily for signatures. It actually might be more secure than chip-and-PIN overall.
I use Square for card processing, and they will be shipping the new readers in the fall, which use a wireless connection a smartphone. Merchants with qualifying sales volume get it for free, others pay $49, with a rebate of up to $49 of service charges in the first 90 days.
The card itself is encoded to say “make the customer enter a PIN” or “don’t ask for a PIN, just use a signature.”
Cards issued by banks in foreign lands like Canada say “make the customer enter a PIN.” Almost all cards issued by US banks say “don’t ask for a PIN, just use a signature.”
The EMV terminals being installed are capable of supporting either type of card. When a Canadian card is inserted it will say “please enter a PIN to complete transaction.” When a typical American card is inserted it will say “please sign here.” And, yes, the terminal can be programmed to make an exception to the signature rule for small purchases.
With magnetic stripes, the data on the stripe is static. If you have the card reader retain the data it read from the stripe, it can be used to create a magnetic stripe on another card that is indistinguishable from the original.
The data that the card reader gets from chip (EMV) cards is dynamic. The chip sends a different string of numbers each time it is read. If the card reader retained the data it got from the chip, it would not be useful in duplicating the card.
I read that link and I don’t understand it. Are they saying that you can use a CC in a cash machine? That appeared to be the only way the chip and pin might be less secure. I don’t think I can use my CC in a cash machine; I need a bank card or debit card for that and that certainly requires a pin. There is no way a card without a pin can be safer than one with a pin. Forget signatures; they are so much bullshit. What that link came down to was the Americans are too dumb to ask to use a pin. They will have to learn to insert instead of swipe and enter a pin and you can’t ask an American to learn two things.