I hear that merchants are having a problem with people forgetting their cards and walking off with the card still in the reader.
I’ve done that here in the UK and we’ve had the things for years. :smack: I suppose it would be quite useful if the machines, after the “enter pin” and “now remove your card, you fool” messages, emitted a warning beep or something. Then again, any more warning beeps in the world could drive us all mad.
Visa sent me a chip card over the summer. The only place I’ve encountered thus far where the card reader would not let me swipe and I had to use the chip was Target. I’ve seen similar readers but that was the only location where the swipe was rejected. The cashier seemed to have been dealing with plenty of confused people because pretty much the instant I paused too long, he started giving instructions on how to use it.
Amex sent the new card today, which is impressive in its absolute last minute precision. The spot for the signature is about half the size it used to be and I had to write microscopically. I haven’t done anything but activate it yet.
I thought it was supposed to be a chip and PIN system, but only Visa has sent me a PIN, and I haven’t yet had to actually type it in for a transaction to be approved.
To make things even more confuzled, the ATM’s at Chase Bank (and I have no idea what other banks as well) work just the opposite way: You stick your card into the slot, and . . .
. . . nothing happens.
Eventually, when you start to wonder what’s wrong, you pull the card out. THEN your banking transaction begins. Nowhere that I’ve noticed, on the placards on the machine nor on the screen, does it give you any prompt message telling you to insert the card then promptly pull it back out to start your transaction.
This contrasts with all the old-style ATM’s, where you stick your card in and it sucks the card all the way into the machine, then you conduct the transaction, and then it spits the card back out at you (or sometimes it doesn’t) at the end of the transaction.
I don’t do business at Chase ATM’s very often, as it happens, so it’s taking me a long time to remember how they work every time.
There is a lot of machinery out there, some of it quite new, that has yet to be updated. Parking meters, soda machines, etc.
Slowly but surely the businesses around here are upgrading their hardware, and I try Apple Pay at each one.
McD’s has always worked.
Acme has always worked.
ShopRite just started working (yay!)
Staples works.
Rite Aid and Walgreens work.
CVS has blocked contactless payment.
Jersey Mike’s, Best Buy, work, but then decline the transaction (still being set up I think)
And so it goes…
A few weeks back I tried it at a random Greek gyro place and it worked perfectly. The owner was stoked, he had just upgraded his hardware. So this means that it’s not just chains that will support Apple Pay.
There is something cool about tapping the button on my watch and holding it near the terminal to pay.
Most banks switched to this style of ATM a long time ago. I’m pretty sure Chase was one of the last to make the switch.
My experience is that card readers show applicable prompts on the display screen. “Insert card” “Enter PIN” “DO NOT REMOVE CARD” “Approved - Remove card”, with the last providing a beep or tone and also appearing as a prompt on the cashiers POS screen. (Your POS software may differ, user satisfaction may not match real world results.)
The interesting part of the switch over for me is that the phone readers are all still swipe style. My distillery has two card readers that we got for free when we started up with paypal but now to accept the chip we have to pay $100 bucks for a terminal that can read the cards. Square doesn’t have the chip readers at all right now. Seeing how usefull the zero cost upfront readers are to small business I’m curiius to see how their models change to keep up with the latest requirements and how that will effect my company
My card can be waved over for small transactions ( Britain ) or used in a slot with a PIN.
Concerning which:
“US bank executives said they are choosing the signature version so customers won’t be burdened at the checkout line to remember a new four-digit code,” the Wall Street Journal reported in January.
Ars Technica
I will assume that American bankers have the lowest opinion of their clients’ intelligence to an insulting extent.
Anyway, many decades ago one had to put a card in a little flat-bed thing, have tracing papers laid over which took an impression, then sign those papers. That was weird.
20 minutes later at the checkout, a bemused look on the dumbbell’s face: 6 3 2 ? — 6 2 3 ? — 2 3 6 8 ? — 6 8 3… ?
I don’t have a problem with the PIN, it’s my name I can’t remember half the time.
According to NPR the other day, it’s not that banks think that their customers are too stupid to remember another four digit number, but that they think (probably correctly) that their customers are lazy, and a sort of prisoners’ dilemma arises as a result. Most people have more than one card in their wallet and will use the one that is fastest and easiest for them. If every bank required a PIN then the system works and is more secure and everyone benefits. But if one bank decides to eat the cost of a few fraudulent charges and allow customers to use their card without a PIN then lazy and time-conscious customers will use that card preferentially (and why not of the bank is eating any fraudulent charges that result?) and the other banks’ cards don’t get used. So in a very fast race to the bottom, every bank and card issuing company has decided not to require PINs in the US. And it turns out that the type of fraud that requiring PINs prevents is pretty minuscule anyway, so it really does benefit both the banks and the customers to just consider an occasional stolen card as part of the cost of doing business.
Given all that, I’m not sure exactly the chip is actually doing to prevent fraud at all. It’s encrypted, which I suppose means that it’s harder for someone to use a fake reader to skim numbers now, but how big a problem was that? Will it make creating fake cards with data obtained from hacking harder to do? Even if so, experts seem to be saying that it will just move CC fraud even more online, where you don’t need a physical card at all.
Unfortunately, the way EMV is implemented today, the account number and expiration date are NOT encrypted. If any encryption is to be done, it needs to be done by the payment terminal after the card is read.
Instead, the terminal presents the card with an “unpredictable number.” The chip has a key buried in its memory that cannot be read short of disassembling the chip and using some sophisticated techniques. After the terminal presents its request to the chip, the chip creates a digital signature using the account data, the unpredictable number, and the key in the card. The card number, expiration date, and the digital signature are then returned to the terminal. The approving authority (the issuer or their surrogate) then checks to make sure the digital signature is correct before approving the transaction.
The purpose of the chip is solely to confirm the authenticity of the card. It does not help in any situations (such as online purchases) where the card is not used.
Yes, you could build a skimmer to get the account number and expiration date. However, this information would not allow you to build a new card. You still need the key inside the card to duplicate the chip or to duplicate the function of the chip. This data will not allow you to create a fake magnetic stripe card because it does not contain the CVV value that is on the magnetic stripe.
The chip is not a panacea for all credit card fraud. It is just a scheme to prevent people from making an unauthorized duplicate of a card.
By another miracle of modern tech, one can change one’s PIN to whatever one desires, easiest at an ATM after inputting one’s current PIN.
Therefore one can have One PIN To Rule Them All — something that unlike relying on the same password, has no downside since it is illegal to reveal one’s PINs anyway.
Is anything expected to change for online purchases? I guess we will continue entering the cc number, expiration date and security code?
Nothing will change for online purchases.
Thanks for that awesome explanation! I think that answered all my questions!
Illegal to reveal my PIN? Says who?
The Bank for one.
You might want to read that letter that comes with your new card.
Mine is 2376. I await my arrest. Besides, the bank can’t make something illegal.