Goodbye MagStripe, Hello Chip Cards

Paul_Johnson said:
Taking twice as long to check out is not what I would call more convenient.
Click to expand...


Yeah, I'm seeing that. It's taking a good 15-25 seconds of holding the chip to the reader. Meanwhile my entire card number is exposed to those in line for the entire time.

I was somewhat glad to see Chips but once I saw that they wouldn't require a pin I was amazed. Why go through all the overhaul if your still going to leave the door wide open and people can steal/find your card and use it.

IDK I don't see the point, I have 2 chip and pin cards but they are secondary not primary authentication so I only put in a pin if I'm traveling in Europe at an unmanned terminal. It would be nice to allow the cardholders to choose if they require a pin to be entered every time.
 
Smoeki said:
Yeah, I'm seeing that. It's taking a good 15-25 seconds of holding the chip to the reader. Meanwhile my entire card number is exposed to those in line for the entire time.

I was somewhat glad to see Chips but once I saw that they wouldn't require a pin I was amazed. Why go through all the overhaul if your still going to leave the door wide open and people can steal/find your card and use it.

IDK I don't see the point, I have 2 chip and pin cards but they are secondary not primary authentication so I only put in a pin if I'm traveling in Europe at an unmanned terminal. It would be nice to allow the cardholders to choose if they require a pin to be entered every time.
Click to expand...

how is the card number exposed half of it is inside the card reader

in the EU where chip and pin has been around for very long time , if you try and swipe your forced to use chip and pin (this was implemented after 5 years when every one had a chip and pin card) most places will reject your sale if you try to use mag swipe only or use a cheque (as the merchant is liable for the loss)
 
It's not covered that's my point they aren't all the same. I'm seen a few that cover a few digits. Also some numbers are printed, some are embossed all carrying in different sizes and locations. All I'm saying is it's another point for "shoulder surfers" to gain access as well as cameras. It just seems ridiculous they don't implement pin when they are already causing the convenience factor to drop by requiring a 1/4 second swipe vs 15-25 seconds.

In Europe, US issued cards with chips still don't default to pin unless you have pin as primary authentication. They require a signature. I can only think a 3 or 4 cards that do that and none of them from the big Credit companies. Most US cards are also Chip and Signature cards only and don't even have the option for Pin. Apparently there is some new rule set implemented that if a terminal requires a pin on a signature only card that it overrides and allows the transaction to occur. I don't know how well that works yet but I've heard it isn't working everywhere.
 
I miss the good old days of the late 20th century:

credit_card_swiper.jpg


There was just something about that *SCHWICK* *SWHACK* swipe noise that was very satisfying.
 
Smoeki said:
Yeah, I'm seeing that. It's taking a good 15-25 seconds of holding the chip to the reader. Meanwhile my entire card number is exposed to those in line for the entire time.

I was somewhat glad to see Chips but once I saw that they wouldn't require a pin I was amazed. Why go through all the overhaul if your still going to leave the door wide open and people can steal/find your card and use it.

IDK I don't see the point, I have 2 chip and pin cards but they are secondary not primary authentication so I only put in a pin if I'm traveling in Europe at an unmanned terminal. It would be nice to allow the cardholders to choose if they require a pin to be entered every time.
Click to expand...

I've only got one card with a chip, but the chip side of the card doesn't have a number. it's only on the reverse side.
 
nilepez said:
I've only got one card with a chip, but the chip side of the card doesn't have a number. it's only on the reverse side.
Click to expand...

Not all of them are like that. All of mine are chipped on the number side.
 
Elledan said:
We phased out magnet strips here in Europe years ago. I barely remember using cards with them. Only strong memories are there from the immense frustration they caused because every magstrip reader required a different speed and other tricks to get it to read properly.
Click to expand...

You have a very short memory span or are very young as the CC based EMVs weren't even commonly available until 1999/2000 (even though the standard is older and not to be confused with other chip implementations) and they weren't active or able to be used in most places. Hell, it was not even common in Europe for them to be really widely used until like 4-5 years ago and certainly not much sooner than that in the Netherlands.

The range of speed to get a stripe reader to read is very large, it is your card condition that is the issue. The only "trick" that used to work on people's shitty cards was plastic film and even then customer's wouldn't do that your cashier would.
 
What's terribly inconvenient is that all the places I shop upgraded their POS card readers to chip style readers. That's great, but I use Android Pay and all of these new readers do not have NFC payment built in. I never had to remove my wallet from my pocket anywhere I shopped. Now I'm forced to since they no longer work via NFC.

What the fuck. This is not progress. This blows.
 
Oh, the wrong thinking here is strong in this one.
xX_Jack_Carver_Xx said:
You realize the ONLY reason this is finally happening is that Gubmint regulation is forcing it.
Click to expand...

It's not actually being forced. What happened on the first of October was the liability shift from the banks to the retailers. And in this case the shift is if a consumer has a chip enabled card and the retailer doesn't have chip and pin any resulting fraud is eaten by the retailer.

MC/Visa the banks and retailers were/are all too cheap and greedy to give a shit about security/privacy. And why should they, massive breaches occur, people's lives get turned inside out, and it doesn't COST them squat.
Click to expand...

First, it's not about privacy, it's about fraud. MC/VISA/Banks certainly gave a shit. If a credit card is stolen or cloned it is the bank that eats the cost of the fraud. Not the consumer. It has been in their best interest to limit the liability they face. this is why they are moving to Chip and Pin. It effectively moves the liability away from them and to the retailer. In both cases, the consumer is protected from the liability.

If you think retailers aren't concerned about breaches, you are just flat out wrong. It costs them pretty big time. In dollars and reputation.

And since they own the credit reporting agencies, even if they get ordered to pay for monitoring .... they are paying themselves AND writing the cost off of their taxes .... meaning YOU pay for it as a taxpayer, no matter which way the ball drops.
Click to expand...

The Three largest consumer credit reporting agencies are Equifax, Experian and transunion. None are owned by banks. So this is clearly a lie or ignorance. Either way, false information.

Conservative mantra: What you pay for you get more of ..... here What you don't pay for you definitely get none of.

However, without something like a PIN or a cell phone text temporary PIN to close the loop. The point of security breach will just shift to the next weakest point in the system.
Click to expand...

This last line is, pretty much, the only truth in your entire post.
 
Smoeki said:
I was somewhat glad to see Chips but once I saw that they wouldn't require a pin I was amazed. Why go through all the overhaul if your still going to leave the door wide open and people can steal/find your card and use it.

.
Click to expand...

Apparently, you can request a PIN from the issuing bank. But the point of the change is more about making it more difficult to hack into the system and steal the numbers. One of the features of the new PIN Pads is that they are now stand alone devices that encrypt everything immediately. Start to finish. A lot of older POS systems have the PIN Pads attached directly to the register, having the registers POS software do all the encrypting.

Changing over to this new method is actually very complex and expensive. For Small, mom and pop type retailers it's not bad. They contract out most of this stuff and do not need to feed all this information directly into existing inventory, warehousing and financial systems. Chain retailers, on the other hand.... Very expensive, very complex. They only reason my company tackled it this year (and we are not done yet) is due to the liability shift.

It's worth mentioning that there has been a general shortage of new PIN pads. A lot of companies just haven't been able to get their hands on the devices. Between shortages and the fact that most consumers do not yet have a chip enabled card, it will still be a while before we see it wide spread.
 
likeman said:
in the EU where chip and pin has been around for very long time , if you try and swipe your forced to use chip and pin (this was implemented after 5 years when every one had a chip and pin card) most places will reject your sale if you try to use mag swipe only or use a cheque (as the merchant is liable for the loss)
Click to expand...

I live in Germany. There's places that have chip/pin. Some that have swipe/pin. Some that are cash only. Sometimes those chip/pin or swipe/pin don't take cash. It's a toss up on how to pay around here.

So I'm walking around with a chip/pin card, swipe/pin card, and cash. A couple of my cards are both chip/pin and swipe/pin on the card. It's just annoying.
 
Red Falcon said:
I miss the good old days of the late 20th century:

credit_card_swiper.jpg


There was just something about that *SCHWICK* *SWHACK* swipe noise that was very satisfying.
Click to expand...

Considering all the stores that keep getting hacked it seems this is probably more secure than anything electronic. :D

All this hacking would end if companies were actually held liable for securing people's information though.
 
Red Falcon said:
I miss the good old days of the late 20th century:

credit_card_swiper.jpg


There was just something about that *SCHWICK* *SWHACK* swipe noise that was very satisfying.
Click to expand...

I was in Canada in 2011 and must have turned up to a store that hadn't caught up as they were still using those machines for card payments. They nearly had a heart attack when I handed over my credit card...as it was totally flat.

No raised lettering. They looked at it like it was from Mars. Had to use another card.

In another store we just paid for some stuff with cash when some slacker dude turned up and handed a card reader over to the guy at the cash register and he quickly hid it under the counter. We got out of there quick.

Went back in 2014 and it was pretty much all chip and pin thank goodness. Still a nightmare buying gas, just settle on one serving/payment system dammit!

One more thing it is physically and mentally possible for humans to remember more than one PIN number. Just in case any of our US cousins were panicking over that. I manage three...incredible I know, but I live with it.;)
 
daglesj said:
One more thing it is physically and mentally possible for humans to remember more than one PIN number. Just in case any of our US cousins were panicking over that. I manage three...incredible I know, but I live with it.;)
Click to expand...

I hate PIN numbers. I have an obscene amount of pins to remember. 25 to remember actually.
 
Problem is in this "interim" phase, my card has both the chip and the magstripe. So if a fraudster gets a hold of it, or if a store is compromised, most of the time it will still get all the data off the magstripe.

Worthless so far, the merchants and networks are dragging their feet way too long.
 
Dead Parrot said:
A few US banks are doing chip and pin. Of course, the pin only adds security if the CC user memorizes the pin as opposed to writing it on each of their 10+ CCs or on a helpful note card kept in their wallet.
.
Click to expand...
You forget. Every credit card co thinks that they are the one and only card you'll ever need, so they feel you only have to remember ONE pin number.
 
Being a POS Tech, I've been seeing a number of retailers have upgraded their payment devices, while omitting other features such as NFC compliance. While each bank is different in how the new card are to be used, it's a major PITA for us when we have to replace said devices, in different retailers that use the same device with different firmware and hardware configurations. When time is money for them, getting as many customers through their registers is priority, you'd think they would try and simplify the replacement procedure as much as possible. And not all retailers have all of their locations live with the chip reader, so again, a different firmware is required. Uhg.
 
nilepez said:
How long does it take? I've got a card, but I've yet to see a place that takes a chip card...unless Kroger does and I just didn't notice.
Click to expand...
I haven't received any chip card replacements yet, but I have seen the devices in use. Target was one of the first ones I saw to get the devices. The guy in front of me had a chip card. It seems everyone is wired to remove the card as soon as they insert it, like when using an ATM. It took him four tries to get it right, and the reading of the card itself took around 30 seconds. The whole transaction took about four minutes from the first time he yanked the card. Then it was my turn and it took 20 seconds for me from swiping my debit card to entering my PIN and tapping "Yes" to confirm.

I really hope that my bank offers PIN as primary authentication. I rarely write anything by hand anymore...

I can tell you what: this holiday shopping season is going to be an absolute nightmare at the brick and mortar retailers.

mlcarson said:
How does a guy not sit on their back wallet? Use a European Carry All (ie purse)?
Click to expand...
Am I the only one who carries their wallet in a front pocket? I do it out of habit because theoretically it's going to be a little harder for someone to pickpocket out of a front pocket than a back one.
 
Armenius said:
Am I the only one who carries their wallet in a front pocket? I do it out of habit because theoretically it's going to be a little harder for someone to pickpocket out of a front pocket than a back one.
Click to expand...

Do the same.
 
Armenius said:
I haven't received any chip card replacements yet, but I have seen the devices in use. Target was one of the first ones I saw to get the devices. The guy in front of me had a chip card. It seems everyone is wired to remove the card as soon as they insert it, like when using an ATM. It took him four tries to get it right, and the reading of the card itself took around 30 seconds. The whole transaction took about four minutes from the first time he yanked the card. Then it was my turn and it took 20 seconds for me from swiping my debit card to entering my PIN and tapping "Yes" to confirm.
Click to expand...

I tried it today and it took maybe 10 seconds at Walmart. Went to a Kroger and it didn't work and a local store where I didn't try it, because the check out person told the person in front of me that it didn't work.

Once they actually are set up, I don't think it's a big difference between swiping, but maybe Wallyworld has better readers than most.
 
I have yet to see anywhere that has chip readers installed. None of my local gas stations have updated.
Unless they are forced by some fine it looks like many are dragging their feet due to $$.
 
TwistedAegis said:
Do the same.
Click to expand...

Scruffy thirds.

Used to carry in back pocket. Caused back problems because I was always sitting on an angle.

I still haven't had a chance to use my chip. Places have had readers that support chip for the past year, none have enabled it yet :(.
 
I got a little embarrassed at Wally Mart. I had no idea how to use the new card reader and the cashier was a bit lost as well. Another cashier helped us out. You have a new slot that reads the chip, and it takes a few seconds to do its thing.
 
ep0x73 said:
I have yet to see anywhere that has chip readers installed. None of my local gas stations have updated.
Unless they are forced by some fine it looks like many are dragging their feet due to $$.
Click to expand...

There will be pressure on business to shift over for liability reasons, at least that is how it works here. The weakest link so to speak will end up being liable for fraudulent charges.
 
Sorry but chip cards as in ones with gold contacts like a sim card instead of black 'tape'?

If so, we had them for many years and they are just as susceptible to fraud. I live in a small town where any tech related crime should be null and yet skimmer+cam combos are discovered all the time.
 
So I was just doing a little reading up on some of the new products we've been installing and I found this vid on youtube... https://www.youtube.com/watch?v=PBpmZZuQjuU

From the load screen, I'm pretty sure that is a Kroger device. Should authorities be contacted?
He's also got a couple other video's showing stuff done with older Verifone models.
 
Also, heads up guys, we used to have a controversial implementation of the 'paywave' feature whereupon the cashier didn't actually check your balance before charging. You could easily overdraft and go negative even when you explicitly declared no such intention or even ability.
 
mlcarson said:
How does a guy not sit on their back wallet? Use a European Carry All (ie purse)?
Click to expand...

I wear cargo pants, so my wallet goes in my cargo pocket.

TwistedAegis said:
Problem is in this "interim" phase, my card has both the chip and the magstripe. So if a fraudster gets a hold of it, or if a store is compromised, most of the time it will still get all the data off the magstripe.

Worthless so far, the merchants and networks are dragging their feet way too long.
Click to expand...

What "interim" phase? I have a Girocard for the German bank system. They've had it for years. I've got the chip and magstripe on a single card. Don't see that changing at all, as the card is designed to work well...anywhere in the world. Unless the whole world goes to chip, I don't see anything changing.
 
ep0x73 said:
I have yet to see anywhere that has chip readers installed. None of my local gas stations have updated.
Unless they are forced by some fine it looks like many are dragging their feet due to $$.
Click to expand...

As of October 1, liability for fraud shifts to the merchant if they don't comply with the new requirements. Part of the requirements are having that EMV chip reader.
 
Red Squirrel said:
Considering all the stores that keep getting hacked it seems this is probably more secure than anything electronic. :D
Click to expand...
While maybe seems true, there was lots of hacking back in the day, it just took you to actually be at the location that used the card, cans full of carbon paper inserts that all the valuable data that you need right on it. CC#, name, expiration date, hell there was no need for mag strips or any of that :D

The move to electronic probably saved forests of trees though.
 
oh noes! an extra 10 seconds of my life just went by...really? Waiting a few more secs for a safer method of paying is definitely worth it. My AMEX has a chip and other than forgetting once in a while that I can't swipe is no big deal.
 
michalrz said:
Sorry but chip cards as in ones with gold contacts like a sim card instead of black 'tape'?

If so, we had them for many years and they are just as susceptible to fraud. I live in a small town where any tech related crime should be null and yet skimmer+cam combos are discovered all the time.
Click to expand...

Evidence? If it's a skimmer, then it's getting the unprotected magstripe data. Since the transition is slow due to legacy, every chip card I've seen still has magstripe, and as I said earlier, I've yet to see a retailer use the chip :-\.

With the chip, the stripe doesn't pass through fully, so the data shouldn't be available to such a skimmer. I'd love to see the design made for trying to tap and intercept this, as it would be a pretty big crypto breakthrough, too.
 
I did, and the only place that it works at is Walmart. No where else.

Our company refuses to buy card readers and instead makes us type everything in by hand.
 
I have read that eventually the USA will go to PINs like the rest of the world. They want to get everyone used to chip cards first.

Many retailers have the card readers with the slot for chip cards, but they can't actually take chip cards yet. Target, Home Depot, and Walmart/Sam's Club are a few big chains I know that are taking chip cards now. I was shocked that the local hardware store had a new working reader already a month ago. Walmart has been taking chip cards for a long time. It was the first place I ever used a chip card, and for quite a while it was the only place.

Why is it that Home Depot makes you sign for every chip card transaction, but not for swiped transactions?
 
canna said:
They sent me a new card while I was on vacation and deactivated the old one, "for my convenience" (when I called them). I drilled that guy a new asshole when he said that to me, worthless script monkey. How the fuck is it convenient for me when you deactivate my card unannounced while I'm on vacation?

Fuckers.
Click to expand...

Basically this. I got lucky as fuck that my vacation was at the end of June instead of end of July, because they cut off my card starting in August. I just assumed that they would just wait until my current card expired next year, since all terminals STILL ACCEPT SWIPE if that's all you have.

SURPRISE card? SURPRISE, I threw it out! I had to wait a week for a replacement.

Also, the chip takes for fucking ever to verify compared to swipe. And I have to stand there looking like a neanderthal.

SECONDS to power and wake the fucking EMV chip? I thought this was 2015. I thought instant-on was a solved problem?
 
Sorry, don;t have an article handy and it would be in Polish.
However, I think the way it works is either it indeed downloads the magnetic strip (which is still there and functional on our chip cards) while a pin sized camera records your hands as you type in the PIN number.
My parents were affected, had some fraudulent charges but the bank was quite quick to reverse the invalid charges and a new feature was installed in all ATMs - after you're done with drawing your money, the card is being ejected in a jittery 'random' sort of way to fool the strip reader.
Some very sophisticated reader-within-a-reader were also found that could even access the chip.
However, the Paywave feature is a complete mess. If I were to lose my card, anyone can just walk into the store, get some stuff and just put the card near the reader. No PIN, no nothing, and in one period it could even cause balances to go into 'red' even if you had no credit line!
Also, there was even an app for Android (now pulled) that would let nearby phones capture the signal when you neared the card to the reader.


Tawnos said:
Evidence? If it's a skimmer, then it's getting the unprotected magstripe data. Since the transition is slow due to legacy, every chip card I've seen still has magstripe, and as I said earlier, I've yet to see a retailer use the chip :-\.

With the chip, the stripe doesn't pass through fully, so the data shouldn't be available to such a skimmer. I'd love to see the design made for trying to tap and intercept this, as it would be a pretty big crypto breakthrough, too.
Click to expand...
 
Oh, and be sure to get some shell for the thing as the metal contacts get really maimed after only a year.

As for the people who experienced 30 second pauses - for some reason the first transaction of the day performs some initialization voo-doo that does indeed takes a long ass time.
 
It used to be I could just swipe my card, put it in my wallet, put wallet back in pocket, wait a second for the receipt, grab shit n go.

Now its put card in chip reader, wait 30 seconds, take it out as receipt is printing, put card in wallet, grab receipt, step forward two steps so i can put wallet in pocket, grab shit n go.

I don't like it.
 
You must log in or register to reply here.
Back
Top