Credit Card Chips Fail to Halt Fraud, Survey Says

Because lots of people have five to ten cards in their wallet and that's too many pins to remember.

If you're the first card in my wallet with a pin, I'll probably remember it; but I won't remember the rest, and if I can't use it without remembering the pin, I guess I won't use it. That's not good for card issuers.


Yet once again...the rest of the world manages just fine.

What is it with Americans?
 
Because lots of people have five to ten cards in their wallet and that's too many pins to remember.

If you're the first card in my wallet with a pin, I'll probably remember it; but I won't remember the rest, and if I can't use it without remembering the pin, I guess I won't use it. That's not good for card issuers.

American banks/ATMs do not allow PIN change on the card ? Sure, having let's say 2 different PINs for 10 cards is not ideal (setting 5 to one PIN and 5 to another PIN), but still safer than having no PINs requested at all.
 
So let me get this straight...

In the EU it has been shown that Chip&Pin collapsed creditCard fraud. It was finally deployed in the US but wasn't deployed correctly AND chip&pin is being blamed....

If I buy the worlds most secure safe but leave the keys on a hook next door to the safe, is it the fault of the safe or the user?



and crying over lots of cards and lots of different pins
1) sort your finances out... relying on credit is BAD! I have 2 debit cards (mine and joint), I have two credit cards (mine and business)
2) for about 20years the PIN of such cards have been changeable. For the last 10years replacement cards have not come with a new PIN... All my cards have the same PIN and the last time I had to change my PIN was when my company changed from AMEX to <insert> and so I had a brand new account.

This just sounds like poor deployment in USA and rather than stating they fked up, blame the tech ...
Everyone else does it just fine why can't America?
 
Pretty simple actually... because credit cards are all about quick transactions with absolutely nothing to prevent their use, add a PIN to it and how many times will they not get used because someone forgot their PIN? 1234 is apparently a bad one to use, as is your birthday, and seriously you're going to get to the point of having to remember a PIN they are going to get used a lot less frequently. Now why is this that big of a problem? Money, you swipe a card the credit card company gets a small percentage of the action, someone uses their ATM card there typically is no fee for that usage. And ultimately somewhere some bean counter crunched the numbers and found that the credit card companies losses due to fraud are acceptable as opposed to the losses if X percentage of people stop using them due to "inconvenience"

I'm not going to lie, as infrequently as I use my ATM card there are many times I have to seriously think about what the hell my PIN is, and as a result tend to not use it as much.

As the son of a small business owner (a gas station), it has always been the case that we take the loss whenever fraud happened on our pumps, even though pay-at-the-pump security is out of our control.

Additionally, debit cards are assessed a transaction fee to the merchant. That's why stations with cash/credit prices have debit the same price as credit.

My understanding was that the typical configuration is that it IS forced, if both th eterminal and the card are compatible.

I've accidentally used my magnetic strip in a reader that is chip capable, and it has rejected it, telling me to insert the chip.

Maybe all we need is time for the few retailers that don't have chip activated readers by now to adopt it. After all, the retailers are now on the hook for fraudulent charges if they don't.

The gas dispenser manufacturers keep delaying on implementing a standard for pay-at-the-pump chip readers. How are we supposed to implement it when the tech isn't even there? At last report, they delayed implementation to 2020. They were supposed to be ready by 2016 or something like that.

Also, it is obscenely easy to bypass a chip requirement, and the irony is that magnetic swipe transactions are much quicker (1/3 the time) than chip.

Credit card companies don't want to make the system too complicated because they're afraid people will switch over to digital device payment systems like Apple and Samsung pay. I've read about new security systems being tested by Apple, and if Apple suspects a bogus charge is taking place, they can call your phone and ask for a selfie to verify. If Apple is really suspicious they can call in security, and when that happens I doubt many criminals are going to bother trying to steal through Apple pay.

Credit cards don't have the luxury of a computational device to handle higher forms of security (unless they build more abilities into the card reader). Most retailers are still whining about having to replace their card reader last year, I can't see them wanting to replace their card readers every few years.


P.S. I know a place in the US that still uses a credit card imprinter.

Had one person come in and do Apple pay. That transaction was practically instantaneous. Tap phone, authentication and approval in less than half a second. By comparison, the chip takes at least 7 seconds, and the swipe around 3.
 
As the son of a small business owner (a gas station), it has always been the case that we take the loss whenever fraud happened on our pumps, even though pay-at-the-pump security is out of our control.

Additionally, debit cards are assessed a transaction fee to the merchant. That's why stations with cash/credit prices have debit the same price as credit.



The gas dispenser manufacturers keep delaying on implementing a standard for pay-at-the-pump chip readers. How are we supposed to implement it when the tech isn't even there? At last report, they delayed implementation to 2020. They were supposed to be ready by 2016 or something like that.

Also, it is obscenely easy to bypass a chip requirement, and the irony is that magnetic swipe transactions are much quicker (1/3 the time) than chip.



Had one person come in and do Apple pay. That transaction was practically instantaneous. Tap phone, authentication and approval in less than half a second. By comparison, the chip takes at least 7 seconds, and the swipe around 3.
Again this sounds like poor deployment in USA..

I have been able to pay at the pump for like 10years. This isn't a problem to solve, this shouldn't even be a problem because the technology exists with real-life use data...
 
Had one person come in and do Apple pay. That transaction was practically instantaneous. Tap phone, authentication and approval in less than half a second. By comparison, the chip takes at least 7 seconds, and the swipe around 3.

Apple Pay is AFAIK same EMV as the chip cards. So as naib said, it is a problem with actual terminals, and not with chip or chip & pin in general.
 
Again this sounds like poor deployment in USA..

I have been able to pay at the pump for like 10years. This isn't a problem to solve, this shouldn't even be a problem because the technology exists with real-life use data...
The deployment was horrendous. To this day there's still places with chip reading terminals, that do mag swipes because the chip portion of the terminal doesn't work. Gas pumps? Forget about it.

As other people have mentioned, the transaction times are ridiculous. With a swipe, I could just put the card back in my wallet. Chip? 5-10 seconds standing there waiting on it every time. Grocery stores, big box retailers, doesn't matter.

Hell, even just finally getting a card that doesn't have raised numbers on it, that didn't happen for me till 2017 and some of my cards still have them. No one uses a damn carbon copy slip for CC transactions. Even when I had a crappy retail job well over 15 years ago by now, the store had one of those CC slip slide machines as a "backup", most people in the store including some of the management had no idea wtf it was even for other than corporate said they needed to have it and that was something like 2002? Then to top it off, you've got conspiracy wackos who think this is the sign of the beast because it's a chip and the government is going to "get you" because of the chip somehow. Yes, those people are a thing in 2018.

The craziest part is, that tap and pay cards existed in the US easily back in 2005. The cards had chips in them, and there's a few fast food places around that still have the readers outside(non-functional at this point), but it got abandoned and my bank issued me a new card without one after a year.

Between the businesses not wanting to spend money to change hardware, the CC companies not wanting to add the slightest inconvenience(even if the transactions now take as lot as a swipe and PIN would have previously anyway), and nutjobs who are scared of something, I doubt we'll get a proper implementation before 2025.
 
This is what happens when you take old technology (and yes, the chip cards are old tech, they've been used in Europe for years) and implement it in a half-assed manner (no chip-and-pin).
 
Some places I have to still swipe. Some places I have to choose debit or credit. Some places I have to put in a pin. Some places I have to sign. Some places I just put it in and magic happens. That's what she said.
 
The deployment was horrendous. To this day there's still places with chip reading terminals, that do mag swipes because the chip portion of the terminal doesn't work. Gas pumps? Forget about it.

As other people have mentioned, the transaction times are ridiculous. With a swipe, I could just put the card back in my wallet. Chip? 5-10 seconds standing there waiting on it every time. Grocery stores, big box retailers, doesn't matter.

Hell, even just finally getting a card that doesn't have raised numbers on it, that didn't happen for me till 2017 and some of my cards still have them. No one uses a damn carbon copy slip for CC transactions. Even when I had a crappy retail job well over 15 years ago by now, the store had one of those CC slip slide machines as a "backup", most people in the store including some of the management had no idea wtf it was even for other than corporate said they needed to have it and that was something like 2002? Then to top it off, you've got conspiracy wackos who think this is the sign of the beast because it's a chip and the government is going to "get you" because of the chip somehow. Yes, those people are a thing in 2018.

The craziest part is, that tap and pay cards existed in the US easily back in 2005. The cards had chips in them, and there's a few fast food places around that still have the readers outside(non-functional at this point), but it got abandoned and my bank issued me a new card without one after a year.

Between the businesses not wanting to spend money to change hardware, the CC companies not wanting to add the slightest inconvenience(even if the transactions now take as lot as a swipe and PIN would have previously anyway), and nutjobs who are scared of something, I doubt we'll get a proper implementation before 2025.
wow...
How did they screw all this up... It had been proven in the EU for like 10years.. .
The contactless goes through in 1-2 seconds ( used it twice this morning for coffee and then for lunch)
When I need to use chip it takes 1-2 seconds

dont get me wrong... the speed of it comes downto the quality of the site internet connection as the set needs to authenticate against visa so if that is slow (the site isp, local routing issues, visa etc) then yes it will slow down. 2 weeks ago I bought a load of fireworks for bonfire night, that took 30seconds to go though and the store said they were having BT issues.
What is usually find is some shops just use home ISP plans (to save money) but then are subjected to other issues. if you pay for a home business plan that comes with other benefits, like stability and turn around support
 
Back in the mid-90s I worked for a bank that was prototyping a "SmartCard" solution. It was chip/PIN based, but you only had one card in your wallet regardless of the number of accounts you had. After inserting the card, the terminal would display choices like "checking", "Discover", "AMEX", "Chase Visa", etc. The user would choose which account to debit or charge and then enter their PIN.

I thought it was a fantastic idea, but it never came to fruition.
 
wow...
How did they screw all this up... It had been proven in the EU for like 10years.. .
The contactless goes through in 1-2 seconds ( used it twice this morning for coffee and then for lunch)
When I need to use chip it takes 1-2 seconds

dont get me wrong... the speed of it comes downto the quality of the site internet connection as the set needs to authenticate against visa so if that is slow (the site isp, local routing issues, visa etc) then yes it will slow down. 2 weeks ago I bought a load of fireworks for bonfire night, that took 30seconds to go though and the store said they were having BT issues.
What is usually find is some shops just use home ISP plans (to save money) but then are subjected to other issues. if you pay for a home business plan that comes with other benefits, like stability and turn around support
Oh, I know. I mean, it's not hard to see video of people in europe inserting a card and pulling it out 2 seconds later if they aren't just using contactless. At least now with the number not being raised and on the front of the primary card I use, I don't feel the need to keep my thumb over it while I'm standing there waiting for the stupid machine.

And sure, on a big holiday like you mentioned(at least I'm assuming it is?), it makes sense for transactions to take more time if there's a bunch of traffic. Right now, it's 5:23am where I'm at. I'm actually about to go get some breakfast. I'll time it. I think we can generally agree that 5:30am on a Monday isn't exactly peak business hours, but we'll see what happens.
 
It's because we don't do it correctly. It's supposed to be chip and pin. You take out half the security, you get half the security.
It's not even just that. It's supposed to be chip and pin. Well, there's no pin so there goes half the security. And because an incredibly large portion of terminals toward the end of 2018 still rely on the mag stripe...(seriously, the chip wasn't an option when I got my bagels), then even any security features the chip may have are right out the window. And then further still, "card not present" is a thing.

It's far, far worse than just half the security.
 
when you can use said card on the internet without the need of the fancy pin then you aren't going to stop shit.
 
The chip card fails because half the merchants do not properly implement it, override it or haven't set it up yet. "Sorry no chip reader yet please swipe".

I can't count the number of stores that have a chip reader but it isn't implemented yet. Please swipe. And how many of these convenient store cashiers that are in on it with their friends "cough".
 
The rules were supposed to change to encourage chip use. If a store failed tonise the chip then if it was a fraudluoent purchase they were on the hook for it. If a chip was used and it was fraudulent the cc cc comp was responsible for the lost money.

Amazon used to have a chip card reader that would work online. I wonder what happened to that.
 

Because:
1. They can drain your bank account
2. It takes lot longer for the bank to replace your money.
3. With a credit card, you are NEVER liable in any way if your card is compromised and used for fraudulent purposes. The credit card company is 100% on the hook to recover anything they can on your end and the charges are wiped from your account right away.
 
Let's get the REAL statistics, shall we? Chip and pin does nothing when the store does not have a working chip reader. Still FAR too many places have a note taped over the chip slot telling you to swipe. I once played around with credit card terminals for a project we did where I used to work, they aren;t that difficult to configure, so how in the hell can ANY store have the hardware that is capable but not accept the chip?

And of course all those places you hand your card to someone and they walk off with it, like most restaurants. Plenty of opportunity to record all the information, which can then be used anywhere that accepts card not present transactions.

This "fact' from this article has pretty much nothing to do with the chip. It's the merchants and credit card companies that allow transactions where the chip is not involved that lead to card theft.
 
Card companies are fine with this - part of the changes that introduced the chip also shifted the liability of fraud to the merchant if they allowed bypass of the chip mechanic.

Chip readers still suck here, chip transactions take several times longer than magstripe, and the POS reader providers have no real incentive to put out better units.

The PIN part doesn't add security either and was also designed to reduce liability for credit card issuers. As you mentioned the merchant or a customer not keeping their PIN secret tends to get blamed.
 
It's not even just that. It's supposed to be chip and pin. Well, there's no pin so there goes half the security. And because an incredibly large portion of terminals toward the end of 2018 still rely on the mag stripe...(seriously, the chip wasn't an option when I got my bagels), then even any security features the chip may have are right out the window. And then further still, "card not present" is a thing.

It's far, far worse than just half the security.
All the places I go to are now chip & PIN. The problem is you can still swipe. Just say my chip doesn't work, insert the card 3 times and the machine tells you to swipe instead.
 
I think there are still CC generators floating around. I had a card that I have never ever used get some mysterious charges for Eurail tickets with a Canadian shipping address. No amount of chips can prevent fraud when you still can order things online (or over the phone) with just a number.
 

If it's a straight debit card (No Visa or Mastercard branding) you need to read your card holder agreement very carefully. If you are unfortunate enough to use a merchant that sends your card and pin over unsecured wifi (happens at least two to three times a year in the news it seems) and someone gets it and cleans your account out you are hosed.

At least with credit cards you have dispute processes.

Now if you have a branded debit card there are typically some protections, but still typically less than with a credit card.

Typical example:

Disputing transactions. The Fair Credit Billing Act allows credit card users to dispute unauthorized purchases or purchases of goods that are damaged or lost during shipping. But if the item was bought with a debit card, it cannot be reversed unless the merchant is willing to do so. What’s more, debit card victims don’t get their refund until an investigation has been completed. Credit card holders, on the other hand, are not assessed the disputed charges; the amount is usually deducted immediately and restored only if the dispute is withdrawn or settled in the merchant's favor. While some credit and debit card providers offer zero-liability protection to their customers, the law is much more forgiving for credit card holders.

https://www.investopedia.com/articles/personal-finance/050214/credit-vs-debit-cards-which-better.asp

Debit cards aren't covered by that act, typically so your protections aren't as great. Obviously this is US only and represents the bare minimum - your bank/credit union may exceed the minimum required protections, read the fine print for your cards, etc.
 
pacmancharthumor.jpg
<this.
 
Well dua.
CCs are not required to be present for most translations. Even when a card is present, it rarely requires a pin. Translations online don't require chip or pin. So... if we are not using the technology that is there to protect us, then why would we expect it to solve anything?
Also, most fraud is not with a person's current CC info. It is with personal data leaks of major companies and then fraudsters use that information to open new credit lines. But people don't freeze their credit, and CC companies are more than happy to hand out cards to just about anyone, so there is no stopping that.
 
The gas dispenser manufacturers keep delaying on implementing a standard for pay-at-the-pump chip readers. How are we supposed to implement it when the tech isn't even there? At last report, they delayed implementation to 2020. They were supposed to be ready by 2016 or something like that.

This is surprising, considering this tech has been in use in Europe since the 90's. I know there must be regulatory differences in gas pumps between the markets, and that the European designs can't be used directly, but one would think given this, a derivative US configuration would be relatively quick to develop.

The real solution here is to simply remove all magnetic strips.

It would seem to me the issue of online fraudulent use is more challenging. You can't just remove the card number.
 
What kind of experts ? Considering whole world uses debit + chip & pin without issues and credit card is considered a "luxury item" (considering most credit cards require monthly fees). The only risk is when one uses their debit card number & CVC as a VISA card on internet. Or if someone makes a fake clone of it and uses it in US as magnetic stripe card.

I don't recall the details. This may be old information, as it is from the pre-chip era, but I seem to remember it has to do with how the law in the U.S. protects consumers from fraud.

If you are a victim of fraud on a credit card, you tell your bank, and they fix it very quickly.

Do the same on a debit card, and it can take a several weeks. In the mean time you could have mortgage payments bounce and lose your house, or have your car repossessed, etc. etc.

My ex-wife - back when we were dating - damned near lost her house after someone fraudulently charged thousands to her debit card, her mortgage payment bounced, and it triggered foreclosure action.

(This was back in the late 00's when the banks were very foreclosure happy, and seemingly not even following their own rules, I lent her the money to cover it, and we FedEx:ed a bank check to them THREE times, after they conveniently lost it the first time, and claimed it wasn't a cashiers check - it was - the second time and trashed it. Fun times.)


After that experience I now always charge everything I buy to credit, and unless I've had some really large emergency expense, I typically pay it in full every month. My debit card goes completely unused, except for the rare occasion when I need cash from an ATM, but that almost never happens. I don't use cash unless I am forced to.
 
% usage of cash and ATM cards vs. credit cards in the US and Europe are definitely different. Apples and oranges different.
 
Yeah, this was predictable.
In the U.S. credit card companies feared that if users had to enter a pin, they'd be lazy and instead use their competitors card without a pin, so none of them (except Target's Redcard) adopted the pin.

Crazy idea: The government makes a law requiring credit card companies to phase out the mag stripe and switch to chip and pin. The government provides a 12 month grace period for credit card companies and merchants to sort themselves out. 12 months later everyone is on the same playing field and security has increased. Voila.
 
On a recent trip to Sweden, I had no cash on me. I used my Canadian pin and chip card flawlessly there. It's a really convenient and safe system to be honest and I get e-mail and text alerts of purchases out of the ordinary of my normal patterns.

Yet once again...the rest of the world manages just fine.

What is it with Americans?

They cant do what the rest of the world is doing fine.
that is pretty much often a political view.
US: this is IMPOSSIBLE TO DO ( translation its going to be slightly more expensive)
World: we been doing it fine for decades...

anything fomr not using bad food addictives to not feeding farm animals antibiotics etc etc.

American just cant do things the rest of hte world is capable.

I like to remind my US inlaws whenever they say that "this" will never work"
 
They cant do what the rest of the world is doing fine.
that is pretty much often a political view.
US: this is IMPOSSIBLE TO DO ( translation its going to be slightly more expensive)
World: we been doing it fine for decades...

anything fomr not using bad food addictives to not feeding farm animals antibiotics etc etc.

American just cant do things the rest of hte world is capable.

I like to remind my US inlaws whenever they say that "this" will never work"

Pretty much true. I feel like whenever we're discussing anything that the rest of the world does differently, all of our replies are prefixed by a silent "Oh yeah? {eyeroll} Well, we're America and..."
It's the joy of being raised to think that we're doing everything the right way. That worked a lot better when information about the rest of the world wasn't as readily accessible, but there are several generations that still believe that about everything.
 
They cant do what the rest of the world is doing fine.
that is pretty much often a political view.
US: this is IMPOSSIBLE TO DO ( translation its going to be slightly more expensive)
World: we been doing it fine for decades...

There are many people in the U.S. who argue for the free market above all, with market returns being the only metric of success they care about.

These people fight tooth and nail against anything that raises costs, regardless of the benefit.

I think it all comes down to the U.S. mentality of valuing the individual above all, whereas in Europe people tend to value whats best for society as a whole a bit more.

There are arguments to be made for the benefits of each philosophy. Personally I tend to favor the well-being of society, and don't mind that taking a little bite out of overall GDP growth, but there are many who would argue against this. I think there are fewer people who argue against it in most European countries.

When it comes to Chip+PIN implementation here in the U.S, the political landscape made it impossible to go all in, as having to switch all the existing systems was deemed too costly compared to the cost of fraud. Whenever something new like this comes along, everyone tries to lobby with reasons why they are different and shouldn't have to comply and try to carve out exceptions for themselves.

Sure this happens in politics everywhere, but I think our individualism-centered culture means it happens more and more forcefully here.

I wish we could be more like Japan, where people are concerned with the well-being of society and being respectful of others, instead of our "me first" mania. I was very impressed with how orderly and respectful the Japanese people were after the 2011 tsunamis, especially compared to the rioting and looting we saw here in the U.S. after hurricane Katrina.
 
Last edited:
when you can use said card on the internet without the need of the fancy pin then you aren't going to stop shit.

this is for customer present transactions, not online

not sure why its so hard to do its a 5 year process

step one cards replaced have Chip and pin chip its "use" is not mandatory (the chip and pin support is mandatory) and magswipe works as normal

step two , over 5 years as shops card machines contracts run out they are forced to replace the card machine at no cost

>>>> Step two is the issue i believe (second issue been banks not including it on cards until recently but eve so its its setup in useless Chip and signature mode which does not stop fraud at all ) 3rd issue the card machines companies make money off the the Sign pads if Chip and pin is used they don't make any money as the sign pads become more useless then they already are <<<< in USA i would imagine they are trying to sell merchants Chip and pin support as a paid feature and if you don't pay they disable the chip reader and contactless, most shops have a supported chip and pin reader its just disabled by the card machine company or its not disabled just the owner is unaware it supports it, if it supports contactless its supports Chip and pin as they are interconnected cant have one without the other

step 3 after 5 years everyone will have a chip and pin card and cards will switch to force chip and pin if swiped first, and Visa and mastercard force 100% liability to merchant if fraud happened if magswipe was used (chip and pin was used the owner of the card is liable unless they can prove it or reported card stolen within 24 hours)

any shops not replaced there card machines for ones that support it will be liable for 100% fraud , all card machines made in last 10 years supports it, just a lot of card merchant companies disable it or the merchant/employer/owner is completely unaware that it supports it (i have seen some comments around the internet about this topic where the shop is unaware and confused why its asking to Insert the card for chip and pin after swiping the card, as that's what chip and pin cards do in the UK if you swipe them they force you to use chip and pin first) again if it supports contactless its supports Chip and pin even if they are unaware of it

this is how it was done in the UK and EU/rest of the world (yep your mum and dad will mone about it and say i only use cash now but that does not last long)

and for very small set of people who say well i won't use that store if they force me to use chip and pin is they wont let me mag swipe then well your custom is not welcome (mag swipe will still work but it needs some more of your info than normally but shop is still liable for the fraud )
 
Last edited:
Back
Top