My bank sent me a credit card, and then separately sent me a chip, that is supposed to be used for contactless payments. But it doesn’t require a PIN.
Moreover, the instructions tell me I have to put the chip on my smart phone. Why the hell is that? I haven’t used it, because I just can’t figure out why it has to work this way.
ETA-- Is this what Hail Ants mentioned above?
Not really, some smart phones have something called Near Field Communications (NFC) built into them. For example, I can send a link for a website or a picture to another phone just by holding the two of them back to back.
Hail Ants was suggesting that before Chip and PIN catches on there’s a better chance of just using NFC to transmit the data from your phone to a Credit Card terminal. In theory, it’s already in your phone so the POS terminal could skip the Chip/PIN step and go right to NFC.
But I don’t know if NFC is set up to transmit information that needs to be encrypted.
Right–I use the NFC to activate my Bluetooth headset. I assume that the chip which the bank sent me is supposed to use the NFC, but I just can’t figure out what for. They haven’t told me to put a corresponding app on the phone, or anything like that.
You’re probably not too far off. And if so, that amounts to a one-time cost of about $3 per American to kill 30-40% of the credit card fraud.
Any time we’re dealing with doing anything to a whole country it adds up to a big number. The correct way to think about big aggregate numbers though is not to compare them to the income or assets of any one of us.
Yep, I just wave either my debit or credit card over the keypad and I’m done.
Not sure what the limit is before some kind of security measure kicks in.
I visit the US often and laugh every time I get caught in the time warp of the cashier swiping my card over and over, polishing it, swiping it again, wrapping it in a paper receipt, swiping again, wrapping it in a piece of cellophane, swiping it again… then trying another card… then repeat, etc…
No. I first encountered it in England four or five years ago. It makes so much sense, but it’s contrary to US expectations about courtesy and service, I think.
Europe has tended to get improved technology ahead of the US for the simple reason that the US rushes for each new solution, and Europe tends to wait for each good solution.
What most people don’t realize is that the US has had historically low fraud rates compared to places like the UK (UK=0.11, US=0.05 in 2004), so the motivation was not as strong.
Chip and Pin brought UK fraud rates down to US levels after a few years and now it is somewhat lower (UK=0.06, US=0.08 as of 2010).
Well, that will be a bonanza for thieves/scammers. Now all they have to do is brush up against you in a crowd to get your credit card info – no need to actually get the card out of your wallet ans swipe it thru their counterfeit duplicator at all.
That’s not how EMV works. It isn’t a passive system where a reader can simply copy all the data.
There are genuine security concerns, so let’s stick to the real ones.
Target is the first large retailer I’ve seen that’s converting to a chip reader. Obviously getting burned last winter pushed them to roll it out pretty rapidly. I don’t think I’ve seen the equipment installed at any other retailer in my area.
Unless I can select my PINs, it’ll be a pain in the butt unless it’s chip and signature. I’ve got four credit cards and four debit cards and remembering all the debit card PINs (especially for the ones I don’t use very often) is hard enough. I’m not the only person who would hate to have to remember eight or ten different PINs.
When I use NFC to send something to a friend’s phone, we have to have our phones back to back (NFC turned on on both phones), then a screen pops up on mine and I have OK what gets sent over. IOW, I have to ‘push’ the info. It’s not like an RFID chip on your credit card where someone actually can walk around and grab info from your pocket without you knowing it.
They also may have got some pressure to convert because they expanded into Canada a couple of years ago, and so had to have the technology here to be competitive.
I remember now that this issue came up when Wal-Mart expanded into Canada about 15 years ago.
On our first shopping trip to Wal-mart, Mrs Piper and I chose a shopping cart worth of goods and went to the check-out. I pulled out my debit card (still just a swiper, at that point), and the cashier said they only took cash, cheque or credit card. We were astonished, and said we only had a debit card with us. She said she couldn’t take payment by debit, so we walked away, leaving a cart full of unbought goods, and went to old faithful, Canadian Tire, which had been accepting debit cards for years.
I imagine that scenario of lost sales because of antique payment systems at Wal-Mart played out a lot, because Wal-mart in Canada quickly acquired debit technology.
In Canada, it’s your standard PIN for your credit card that you choose when you get the card. It doesn’t change from store to store.
Unless it’s different in Canada, you should be able to swipe/sign it like a credit card but it’ll still get deducted from your account like a debit card.
No, our debit cards are not linked with credit cards. The debit card is issued by the bank, and the credit card is issued by the credit card company. They’re not linked, so a debit purchase can’t be processed as a credit card purchase.
In the states as long as it has a MasterCard or Visa logo on it (as just about all of them do), you could have just said “Oh, just just swipe it like a credit card” and it would have worked fine. The cashier would have swiped it and you would have signed for it. As far as the cashier was concerned it might as well have been a credit card. But on your end it would still come out of your bank account.
If someone forgets their PIN they’ll do this or when our PIN pad isn’t working we just swipe them all as credit.
Come to think of it, when we get to the point where Chip and PIN hit critical mass they should probably phase out the mag stripe and set a date to get rid of it entirely since you can still bypass using the PIN anyways. It’s like coming up with new $100 bills but still leaving the old ones in circulation. I never understood that. If I was making fake $100 bills and the gov’t started making new ones that were harder to make, I’ll just keep making the old ones thank you very much.
I just got back from a week in Canada and did pay by debit card in several places. It was processed just like a credit card. I don’t think the cashier even knew it was a debit card. It has a VISA logo on it. Any place that didn’t take Amex got my debit card, because my Master Card credit card has obscene fees for foreign currency charges.
Canadian debit cards are not Visa or MasterCard when used in Canada. In Canada, they run on a separate system called Interac.
Some Canadian debit cards are also Visa or MasterCard if used outside of Canada, though.
Last summer, jools and I were in line at a store behind an American who wanted to use his US debit card at a gas station in Quebec; the cashier had to explain that they only took Canadian Interac debit cards. So apparently some places distinguish between Visa/MasterCard credit and debit.
My understanding is that contactless credit cards do not use passive RFID, and it’s not possible to do what you’re describing (see post #29). Am I missing something?
I understand that EMV cards that use contactless use the chip to encrypt the data that is passed across the wireless link. US non-EMV contactless cards merely transfer a copy of the data on the magstripe across the wireless link. Theoretically, I suppose, it would be possible to snoop the US contactless card and clone the magstripe data onto a new card far more easily than snooping and cloning an EMV card.
I suspect this is why Interac did not roll out contactless cards until well after it went EMV.
Do non-EMV contactless cards work in EMV contactless readers?
But it wouldn’t have made any difference for what happened at Target due to the way the malware worked in that case. It was running on the POS device where the card data sits unencrypted.