If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Guardian)   Why the United States is at least 10 years behind the rest of the world when it comes to chip and pin technology, and why that's not going to change any time soon   (theguardian.com) divider line 99
    More: Interesting, United States, Europe, smart cards, swipe card, debit cards  
•       •       •

4268 clicks; posted to Business » on 27 Jan 2014 at 12:41 PM (23 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



99 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2014-01-27 10:58:25 AM
I had heard using non-chip and PIN cards can cause confusion overseas, so when I went overseas I took a card I have with a chip in it, a Citi AAdvantage card. Then I was confused what PIN to type in, because I never recall being asked to choose one, but luckily it worked without a PIN, or whatever I typed in. I typed in my bank PIN. Then the bill comes and I'm slammed with foreign transaction fees. Argggggggggggh. Next time I go overseas I'll have to use a non-chip and PIN card, but at least it doesn't charge foreign transaction fees, my Chase United MileagePlus card.
 
2014-01-27 11:06:25 AM
I have a Lithuanian Visa card with both. Plus a really need ghostly hologram image of my ugly mug on the back.

I got my first card in 2002. So needless to say we are way way behind.
 
2014-01-27 11:21:19 AM
That's ridiculous.

America leads the world in advanced chip design.

www.fritolay.com
 
2014-01-27 11:28:57 AM
Wait... chip and pin is uncommon? WTF?

/Canada
 
2014-01-27 11:49:59 AM

Tr0mBoNe: Wait... chip and pin is uncommon? WTF?

/Canada


Neither the US or South Africa commonly use Chip & Pin.
 
2014-01-27 12:16:27 PM
Fubini:
Neither the US or South Africa commonly use Chip & Pin.

I also just found out North Korea hasn't picked up on them yet.
 
2014-01-27 12:31:48 PM

Tr0mBoNe: Fubini:
Neither the US or South Africa commonly use Chip & Pin.

I also just found out North Korea hasn't picked up on them yet.


Meh, only one of the planets in the solar system uses them with any regularity, and none of the moons do.  In terms of surface area, the places which use chip and pin are mathematically insignificant.
 
2014-01-27 12:33:00 PM
I understand that there are a lot of cards and machines out there.  But I have cards that support chip and pin as well as regular swipe.  What would be so hard about replacing old machines with new chip and pin ones.
 
2014-01-27 12:35:51 PM

EvilEgg: I understand that there are a lot of cards and machines out there.  But I have cards that support chip and pin as well as regular swipe.  What would be so hard about replacing old machines with new chip and pin ones.


Because apparently, you can't ever put any financial burden, ever, at all, on any business in this country.
 
2014-01-27 12:49:55 PM
Um, isn't Visa switching over to this? Within a year?
 
2014-01-27 12:50:51 PM
I've heard that at least in some places where Chip and PIN has been implemented, the banks are using it to shift the burden of fraud to cardholders.  As in, "Your card has Chip and PIN, therefore this transaction in Lithuania using your card could not possibly have been fraud, and you are responsible for the charges".

I can't imagine too many people in the US swallowing that one.  Like, say, Elizabeth Warren.
 
2014-01-27 12:51:05 PM
My AmEx Blue card has had a chip forever, but I have no idea what the purpose of it is.
 
2014-01-27 12:55:45 PM
It would cost banks to implement.  Maybe we can get a bailout for them to change their practices.
 
2014-01-27 12:56:43 PM

NightSteel: I've heard that at least in some places where Chip and PIN has been implemented, the banks are using it to shift the burden of fraud to cardholders.  As in, "Your card has Chip and PIN, therefore this transaction in Lithuania using your card could not possibly have been fraud, and you are responsible for the charges".

I can't imagine too many people in the US swallowing that one.  Like, say, Elizabeth Warren.


My feeble understanding of smart cards is that they are nigh-impossible to forge, so fraud would be incredibly unlikely
 
2014-01-27 01:00:17 PM
Without reading the article, I'm going to say because no one wants to pay to switch over to the new technology.
 
2014-01-27 01:00:42 PM
I wouldn't be too proud of your fancy tech, europe.

*squints eyes*
It makes you look  different


and  different looking people tend to get bombed
 
2014-01-27 01:02:47 PM

NightSteel: I've heard that at least in some places where Chip and PIN has been implemented, the banks are using it to shift the burden of fraud to cardholders.  As in, "Your card has Chip and PIN, therefore this transaction in Lithuania using your card could not possibly have been fraud, and you are responsible for the charges".

I can't imagine too many people in the US swallowing that one.  Like, say, Elizabeth Warren.


It's actually the exact opposite of that. If in fact someone got into your online banking (way more common fraud than card skimming now) then you have the chip to prove it wasn't you being an idiot and it was actual fraud. My uncle recently had $1500 stolen because he accidentally clicked one of those phishing scams. The bank paid him back within 24 hours.

Also with chips there is no reason for the clerk to touch your card so they can't dupe it under the counter while they swipe it.

Aaaaand most retailers rent or lease their units from a parent company so it's not like they're out of pocket when it comes time to upgrade... the dude who services them comes in and replaces the unit and the monthly charges continue.

It's stupid not to upgrade.
 
2014-01-27 01:08:38 PM
As hinted at in the article, with the way the Target and Neiman-Marcus breaches were done, it is possible chip & pin would not have helped since the memory in the card reader itself was compromised.  The hackers would have been able to capture the pin and possibly enough chip information to clone the chip.
 
2014-01-27 01:10:02 PM
One wag in the thread following the article explains: "Freedom Fry and Pin" did not catch on.

I'm wondering why Canada mandated chip and pin by 2010.

https://www.eigendev.com/e/featured1.php

I can only suppose that it was due to a more flexible political climate and possibly to the fact that Canada has relatively few banks--the Seven Sisters accounting for almost all retail banking in the Country. Even with foreign banks such as the Hong Kong Bank of Canada (HKBC), there are still fewer Canadian banks by orders of magnitude. We also have a very small number of universities (under 85 to 16,000 in the US).

Americans have feared big banks since colonial times. Notable citizens such as President John Adams, Samuel Morse, and President Andrew Jackson have been hostile the creation of national banks. Therefore the US banking market is Balkanized despite enormous banks such as the Chase Manhattan, Bank of America, and CitiBank. That impedes technological progress and makes the US more vulnerable to crashes and many other problems.

Like the obsession with gold versus silver and the obsession with guns, America's panicky attitude towards banks and Central Bank regulation (the infamous FED system) can be a serious handicap at times.

Certain elements of the population love gold for being hard to trace, love guns and Bibles for their efficient  and effective control of the rest of the population, and hate banks and the government passionately as threats to their "freedom" to be as criminal as they want to be. Crime is a very big business. Big business is often criminal. Panic is a form of control preferred by the anarchist, whether of the extreme right or left.

But the article is right about the diffusion of banking and credit agencies as well. It's not all about conspiracies--the biggest conspiracy is stupidity and the biggest obstacle is sheer scale.

Like Wall Street, the USA is simply too big not to fail on a regular basis. On the other hand, it is extremely resilient as well. As Voltaire pointed out on the subject of Parliament, it is much harder to bribe 600 dictators than one. You need a whole lot more than 40 acres to turn the US rig around. It often takes 40 years as well.
 
2014-01-27 01:11:17 PM

NateAsbestos: My feeble understanding of smart cards is that they are nigh-impossible to forge, so fraud would be incredibly unlikely


Researchers at Cambridge University disagree:

http://www.bbc.co.uk/news/technology-19559124

Also:

http://www.americanbanker.com/issues/178_99/why-chip-and--pin-techno lo gy-is-not-a-fraud-cure-all-1059323-1.html

Using the example of a recent spate of fraud in the Middle East, the latter article explains that even if Chip and PIN had been in wide use before the breach, it would have done nothing to prevent the breach or reduce its consequences.  Compromise the payment processor, and Chip and PIN are just as vulnerable as anything else.

Finally:

http://www.computerweekly.com/news/2240160260/BlackHat-2012-UK-firm- MW R-InfoSecurity-reveals-chip-and-PIN-vulnerability

The scheme is vulnerable to certain attacks at the point of sale made possible by specially crafted cards.

This isn't to say that I'm against Chip and PIN.  I'm all for making fraud more difficult.  But using it to shift the burden of fraud onto the cardholder?  Absolutely not.
 
2014-01-27 01:11:28 PM
My wife freaks out every time a waiter walks off with her credit card.    American Exceptionalism wins again.

/ Fraud is big business.  Can't screw with that.
 
2014-01-27 01:12:14 PM
I was just in London for a week and used my chip-and-pin Visa card for the first time.  I was obviously a rookie because the first time I used it (at the Tube ticket office at LHR T123-5), I inserted the card and pulled it right back out - the way we swipe cards in the US - and the guy assisting me had to tell me to leave the card inserted into the reader until it said I could remove it.  I was fine after that.  My excuse is that it was 7am (2am EST) and I wasn't able to sleep on the plane.  All in all, it's a much better technology than swiping.
 
2014-01-27 01:12:35 PM

Eddie Adams from Torrance: That's ridiculous.

America leads the world in advanced chip design.

[www.fritolay.com image 215x310]


Those aren't sold in my area.  I want some, now.  Who cares about fraud?
 
2014-01-27 01:16:21 PM
I've just ordered to change my USAA card to a chip and pin.  Interesting enough from what I read on other forums, its is the only true chip and pin cards.  The others in the US are Chip and signature, and more than a few folks have been stuck unable to used supposed chip and pin card as unattended fuel stations and the like.  I've not idea if it is true, but eh, I'll just stick with USAA anyway.  Just have to watch the transactions fees.  Will try to use my other, swipe/strip cards that have not transaction fee first and have the cashiers look at me like any other foolish american.
 
2014-01-27 01:21:19 PM
Target's terminals are ready for chip and pin cards, but they've already proved that's not an answer.

Swipe - smartphone app- confirmation is probably the future. Say a purchase over $100, the terminal pauses while you confirm via app or txt. Would be simple enough.
 
2014-01-27 01:22:58 PM
FTA: Now they're trying to sort out who will pay for the estimated $8bn costs for chip and pin technology.

Credit card and debit card fraud resulted in losses amounting to $11.27 billion during 2012

Keep waiting idiots
 
2014-01-27 01:23:03 PM

wingnut396: I've just ordered to change my USAA card to a chip and pin.  Interesting enough from what I read on other forums, its is the only true chip and pin cards.  The others in the US are Chip and signature, and more than a few folks have been stuck unable to used supposed chip and pin card as unattended fuel stations and the like.  I've not idea if it is true, but eh, I'll just stick with USAA anyway.  Just have to watch the transactions fees.  Will try to use my other, swipe/strip cards that have not transaction fee first and have the cashiers look at me like any other foolish american.


Yeah, I found out the one I used was "Chip and signature".

Q: Do I need a PIN to use my card?
A: No. Today, your Citi Chip Card is a chip + signature card, so just sign your name like you currently do today to complete your transaction. There is no need to memorize a new PIN.
 
2014-01-27 01:24:59 PM
My store got new machines six months ago. They support the no-swipe cards that you wave in front of the machine, but not the chip-and-pin cards. There's even a slot on the reader with an extra piece of plastic blocking it. I had a few annoyed customers during the holiday season since the cards wouldn't swipe, and the registers require a zip code when you type in the card number manually.
 
2014-01-27 01:33:50 PM

Tr0mBoNe: Also with chips there is no reason for the clerk to touch your card so they can't dupe it under the counter while they swipe it.


Yeah, it's rare for a clerk to even touch my bank and credit card nowadays (they just present me with the pinpad), and if they do (to insert my card themselves), it's all within sight.

A local pizza place will insert my card, and then start pressing OK themselves, skipping past the amount confirmation. That I'm not cool with, but I do trust these guys.
 
2014-01-27 01:37:11 PM

EvilEgg: I understand that there are a lot of cards and machines out there.  But I have cards that support chip and pin as well as regular swipe.  What would be so hard about replacing old machines with new chip and pin ones.


I don't even think that's the core of the problem.  Heavily-used terminals don't last that awfully long anyway.  My nearby grocery (part of Kroger) changes the card terminals every 2-3 years.  Terminals that take chips aren't terribly more expensive.  In fact, terminals that *don't* take chips are hard to come by anymore (because they sell the same terminals in Europe and Canada).

Which leads to the very, very common scenario in the US.  The terminal is physically designed to take all three (swipe, chip, and contactless).  Many terminals in the biggest shops have been there for several years.  Hold your contactless card up to the spot, it lights up, and then... nothing.  The register jockey looks annoyed at you and says "oh, that doesn't work, swipe it".  Same scene plays out if you try to use the chip reader.

Cheapness I get.  It's getting past that to plain-old stubbornness.
 
2014-01-27 01:43:05 PM
Bring this back
i2.cdn.turner.com
 
2014-01-27 01:45:56 PM

Felgraf: Um, isn't Visa switching over to this? Within a year?


Yup.

"So, Visa and MasterCard next year will begin twisting arms to get retailers to install new readers. "
http://www.stltoday.com/business/columns/jim-gallagher/chip-security -i s-coming-for-credit-cards/article_3780432f-a893-5298-aa3c-61c8c6d869a6 .html
 
2014-01-27 01:46:55 PM
Is the answer, because it will cost the credit card companies money?
 
RJB
2014-01-27 01:56:15 PM
One point not touched upon yet is the lack of consumer liability. Getting one's credit card stolen is a relatively routine, painless experience. A year ago, my Chase Visa card number was stolen by the corrupt merchant bank formerly used by my local grocery store. Chase immediately noticed the fraudulent activity, declined the transactions, immediately called me, and overnighted me a new card. And that's for a card with no annual fee.

Legally, consumers are liable for, what, $50 of fraudulent activity? - which no bank actually charges the consumer. In the end, consumers have no reason to demand that anything changes, because our current system might be insecure, but it works, so why change it?

I get that we would be better off with less fraud. It's a shared burden. As it stands, the banks' fraud costs are absorbed into interchange fees that merchants pay. Merchants recover interchange fees and chargeback write-offs through the prices of their goods. If we all changed to more-secure chip-and-PIN overnight, would consumer prices decrease? I doubt it.
 
2014-01-27 01:57:19 PM

Lawnchair: EvilEgg: I understand that there are a lot of cards and machines out there.  But I have cards that support chip and pin as well as regular swipe.  What would be so hard about replacing old machines with new chip and pin ones.

I don't even think that's the core of the problem.  Heavily-used terminals don't last that awfully long anyway.  My nearby grocery (part of Kroger) changes the card terminals every 2-3 years.  Terminals that take chips aren't terribly more expensive.  In fact, terminals that *don't* take chips are hard to come by anymore (because they sell the same terminals in Europe and Canada).

Which leads to the very, very common scenario in the US.  The terminal is physically designed to take all three (swipe, chip, and contactless).  Many terminals in the biggest shops have been there for several years.  Hold your contactless card up to the spot, it lights up, and then... nothing.  The register jockey looks annoyed at you and says "oh, that doesn't work, swipe it".  Same scene plays out if you try to use the chip reader.

Cheapness I get.  It's getting past that to plain-old stubbornness.


I would assume that you would not only have to upgrade the readers but that you would have to at least do a software upgrade on the register that is sending data to the reader.  Bet the vendor providing the terminal doesn't pay for that.
 
2014-01-27 02:00:39 PM
Money.
 
2014-01-27 02:02:17 PM

RJB: One point not touched upon yet is the lack of consumer liability. Getting one's credit card stolen is a relatively routine, painless experience. A year ago, my Chase Visa card number was stolen by the corrupt merchant bank formerly used by my local grocery store. Chase immediately noticed the fraudulent activity, declined the transactions, immediately called me, and overnighted me a new card. And that's for a card with no annual fee.


Here's what Chase did for my wife.   She applied for a credit card and was denied because someone using her social security number had already been issued one.   She said "That is my social security number, there must be a mistake."   Chase said, "You are attempting to fraudulently use that SSN."

So off we go to the Social Security office to get a notarized letter from them stating that my wife is the owner of the particular SSN in question.

Chase responded to that with "We don't care.   The other person isn't complaining about it."  (Literally, that is what they said.)

She no longer banks with Chase.
 
2014-01-27 02:07:06 PM

meat0918: Is the answer, because it will cost the credit card companies money?


The credit card companies pass those costs to the merchants.  They'd love for the government to require all the merchants buy new equipment that they could sell or license.
 
RJB
2014-01-27 02:13:42 PM
Rent Party:

She no longer banks with Chase.

That is pretty terrible. Inexcusable. How long ago did that happen?

I didn't mean to sound like a Chase shill. I only use them for my credit card. I mentioned them because they don't have the best reputation for customer service (as you illustrated), but they handled my fraud expertly.
 
2014-01-27 02:18:19 PM

RJB: Rent Party:

She no longer banks with Chase.

That is pretty terrible. Inexcusable. How long ago did that happen?

I didn't mean to sound like a Chase shill. I only use them for my credit card. I mentioned them because they don't have the best reputation for customer service (as you illustrated), but they handled my fraud expertly.


That was about a year ago.   She had about $70K in cash between the checking and savings accounts when that happened, which was even more mind boggling.  We've moved her over to BECU.   I've been with the same small CU for about 25 years, and love them.
 
2014-01-27 02:26:40 PM

under a mountain: Bring this back
[i2.cdn.turner.com image 340x255]


Ah yes.  The "ka-chunk ka-chunk" machine.  I was going to point out how stupid it would be to go back to something with so many possible security vectors, but then I remembered how lazy kids are these days.  "You mean I gotta go to the store and look through their garbage for carbon copies of the numbers?  Then, what, transcribe them all?"
 
2014-01-27 02:41:05 PM
Is it because we only educate the children whose parents have money?
 
2014-01-27 02:49:34 PM

EvilEgg: I understand that there are a lot of cards and machines out there.  But I have cards that support chip and pin as well as regular swipe.  What would be so hard about replacing old machines with new chip and pin ones.


My understanding is the plan is to jump right to RFID or NFC (phone) payment. Why move to a platform (chip and pin) that is already outdated from current tech?


On a related note, banks charge people to do fraud monitoring. Making cards harder to steal would cut into that revenue. Until the revenue gain from stealing marketshare outpaces the revenue lost from credit protection services, you'd be hard pressed to get people to switch.


/related: Apple doesn't conform to the world standards on chargers. I bet some one of the people complaining about the USA not using chip and pin use Apple devices without complaining that they refuse to hold to standards.
 
2014-01-27 02:50:13 PM
Why?

Because EVERY f'n company looking to sell a product here has to design it to the lowest common denominator here in the States...

And even then, the pinheads here still can't figure most things out.

www.reverseshot.com
 
2014-01-27 02:50:42 PM

Arkanaut: meat0918: Is the answer, because it will cost the credit card companies money?

The credit card companies pass those costs to the merchants.  They'd love for the government to require all the merchants buy new equipment that they could sell or license.


The credit card companies get the interchange fees which are a fixed rate set by Visa and MasterCard. They gain by lower fraud losses.

The cost to the merchant includes the interchange fee but most of it is the charge from the terminal provider. I imagine the terminal provider companies are none too pleased. Even when they're a separate division of a card-issuing bank.
 
2014-01-27 02:57:11 PM

Bullseyed: EvilEgg: I understand that there are a lot of cards and machines out there.  But I have cards that support chip and pin as well as regular swipe.  What would be so hard about replacing old machines with new chip and pin ones.

My understanding is the plan is to jump right to RFID or NFC (phone) payment. Why move to a platform (chip and pin) that is already outdated from current tech?


On a related note, banks charge people to do fraud monitoring. Making cards harder to steal would cut into that revenue. Until the revenue gain from stealing marketshare outpaces the revenue lost from credit protection services, you'd be hard pressed to get people to switch.


/related: Apple doesn't conform to the world standards on chargers. I bet some one of the people complaining about the USA not using chip and pin use Apple devices without complaining that they refuse to hold to standards.


The technology standards for phone payment integration into Visa and MasterCard systems is some way off. Cards aren't going to disappear though; not everyone carries their phone all the time. And initially I imagine payments using your phone as the "card" will be limited to low value payments (under c. $50)
 
2014-01-27 02:57:40 PM
I fail to see how this would stop hackers from getting the numbers from a database like they did in the Target fiasco.
 
2014-01-27 03:21:06 PM

Ima_Lurker: Lawnchair: EvilEgg: I understand that there are a lot of cards and machines out there.  But I have cards that support chip and pin as well as regular swipe.  What would be so hard about replacing old machines with new chip and pin ones.

I don't even think that's the core of the problem.  Heavily-used terminals don't last that awfully long anyway.  My nearby grocery (part of Kroger) changes the card terminals every 2-3 years.  Terminals that take chips aren't terribly more expensive.  In fact, terminals that *don't* take chips are hard to come by anymore (because they sell the same terminals in Europe and Canada).

Which leads to the very, very common scenario in the US.  The terminal is physically designed to take all three (swipe, chip, and contactless).  Many terminals in the biggest shops have been there for several years.  Hold your contactless card up to the spot, it lights up, and then... nothing.  The register jockey looks annoyed at you and says "oh, that doesn't work, swipe it".  Same scene plays out if you try to use the chip reader.

Cheapness I get.  It's getting past that to plain-old stubbornness.

I would assume that you would not only have to upgrade the readers but that you would have to at least do a software upgrade on the register that is sending data to the reader.  Bet the vendor providing the terminal doesn't pay for that.


I doubt it. The terminal is typically used to directly communicate with the bank, not the register.

And it wouldn't need anything new, just an install.

It took years to shift over in Canada, and some rare small places still only take swipe. But if they started 10 years ago, issuing all new cards with chips and all new terminals supporting chip you would be virtually fully converted by now with minimal extra cost.
 
2014-01-27 03:26:11 PM
Im going to bet it is because the changeover would affect current quarter revenue.
 
2014-01-27 03:38:02 PM

dywed88: Ima_Lurker: Lawnchair: EvilEgg: I understand that there are a lot of cards and machines out there.  But I have cards that support chip and pin as well as regular swipe.  What would be so hard about replacing old machines with new chip and pin ones.

I don't even think that's the core of the problem.  Heavily-used terminals don't last that awfully long anyway.  My nearby grocery (part of Kroger) changes the card terminals every 2-3 years.  Terminals that take chips aren't terribly more expensive.  In fact, terminals that *don't* take chips are hard to come by anymore (because they sell the same terminals in Europe and Canada).

Which leads to the very, very common scenario in the US.  The terminal is physically designed to take all three (swipe, chip, and contactless).  Many terminals in the biggest shops have been there for several years.  Hold your contactless card up to the spot, it lights up, and then... nothing.  The register jockey looks annoyed at you and says "oh, that doesn't work, swipe it".  Same scene plays out if you try to use the chip reader.

Cheapness I get.  It's getting past that to plain-old stubbornness.

I would assume that you would not only have to upgrade the readers but that you would have to at least do a software upgrade on the register that is sending data to the reader.  Bet the vendor providing the terminal doesn't pay for that.

I doubt it. The terminal is typically used to directly communicate with the bank, not the register.

And it wouldn't need anything new, just an install.

It took years to shift over in Canada, and some rare small places still only take swipe. But if they started 10 years ago, issuing all new cards with chips and all new terminals supporting chip you would be virtually fully converted by now with minimal extra cost.


Strange how I can watch the reader I swipe my card in display the price of each item as the register scans it if they don't talk to each other.  Must be magic.

Seriously though the reader has to send a message back to the register so the purchase gets logged there too, wouldn't be surprised if the data for a chip and pin doesn't match up to the data for a swipe when recording the payment in the register, otherwise why use the chip and pin.

In reality the only people excited about chip and pin (other than those of us tired of getting ripped off by skimmers/scammers) are the companies selling the new hardware and software.  To all the other companies it is just a new expense to be paid.
 
Displayed 50 of 99 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report