Credit Card Chips Fail to Halt Fraud, Survey Says

Discussion in 'HardForum Tech News' started by Megalith, Nov 11, 2018.

  1. Meeho

    Meeho [H]ardness Supreme

    Messages:
    4,470
    Joined:
    Aug 16, 2010
    Why?
     
  2. daglesj

    daglesj [H]ardness Supreme

    Messages:
    5,089
    Joined:
    May 7, 2005

    Yet once again...the rest of the world manages just fine.

    What is it with Americans?
     
    SvenBent likes this.
  3. faugusztin

    faugusztin 2[H]4U

    Messages:
    2,653
    Joined:
    Mar 9, 2008
    American banks/ATMs do not allow PIN change on the card ? Sure, having let's say 2 different PINs for 10 cards is not ideal (setting 5 to one PIN and 5 to another PIN), but still safer than having no PINs requested at all.
     
  4. naib

    naib [H]ard|Gawd

    Messages:
    1,265
    Joined:
    Jul 26, 2013
    So let me get this straight...

    In the EU it has been shown that Chip&Pin collapsed creditCard fraud. It was finally deployed in the US but wasn't deployed correctly AND chip&pin is being blamed....

    If I buy the worlds most secure safe but leave the keys on a hook next door to the safe, is it the fault of the safe or the user?



    and crying over lots of cards and lots of different pins
    1) sort your finances out... relying on credit is BAD! I have 2 debit cards (mine and joint), I have two credit cards (mine and business)
    2) for about 20years the PIN of such cards have been changeable. For the last 10years replacement cards have not come with a new PIN... All my cards have the same PIN and the last time I had to change my PIN was when my company changed from AMEX to <insert> and so I had a brand new account.

    This just sounds like poor deployment in USA and rather than stating they fked up, blame the tech ...
    Everyone else does it just fine why can't America?
     
  5. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    13,020
    Joined:
    Mar 18, 2010
    As the son of a small business owner (a gas station), it has always been the case that we take the loss whenever fraud happened on our pumps, even though pay-at-the-pump security is out of our control.

    Additionally, debit cards are assessed a transaction fee to the merchant. That's why stations with cash/credit prices have debit the same price as credit.

    The gas dispenser manufacturers keep delaying on implementing a standard for pay-at-the-pump chip readers. How are we supposed to implement it when the tech isn't even there? At last report, they delayed implementation to 2020. They were supposed to be ready by 2016 or something like that.

    Also, it is obscenely easy to bypass a chip requirement, and the irony is that magnetic swipe transactions are much quicker (1/3 the time) than chip.

    Had one person come in and do Apple pay. That transaction was practically instantaneous. Tap phone, authentication and approval in less than half a second. By comparison, the chip takes at least 7 seconds, and the swipe around 3.
     
    Armenius likes this.
  6. naib

    naib [H]ard|Gawd

    Messages:
    1,265
    Joined:
    Jul 26, 2013
    Again this sounds like poor deployment in USA..

    I have been able to pay at the pump for like 10years. This isn't a problem to solve, this shouldn't even be a problem because the technology exists with real-life use data...
     
    LightsOut41 likes this.
  7. faugusztin

    faugusztin 2[H]4U

    Messages:
    2,653
    Joined:
    Mar 9, 2008
    Apple Pay is AFAIK same EMV as the chip cards. So as naib said, it is a problem with actual terminals, and not with chip or chip & pin in general.
     
  8. Merc1138

    Merc1138 2[H]4U

    Messages:
    2,087
    Joined:
    Sep 25, 2010
    The deployment was horrendous. To this day there's still places with chip reading terminals, that do mag swipes because the chip portion of the terminal doesn't work. Gas pumps? Forget about it.

    As other people have mentioned, the transaction times are ridiculous. With a swipe, I could just put the card back in my wallet. Chip? 5-10 seconds standing there waiting on it every time. Grocery stores, big box retailers, doesn't matter.

    Hell, even just finally getting a card that doesn't have raised numbers on it, that didn't happen for me till 2017 and some of my cards still have them. No one uses a damn carbon copy slip for CC transactions. Even when I had a crappy retail job well over 15 years ago by now, the store had one of those CC slip slide machines as a "backup", most people in the store including some of the management had no idea wtf it was even for other than corporate said they needed to have it and that was something like 2002? Then to top it off, you've got conspiracy wackos who think this is the sign of the beast because it's a chip and the government is going to "get you" because of the chip somehow. Yes, those people are a thing in 2018.

    The craziest part is, that tap and pay cards existed in the US easily back in 2005. The cards had chips in them, and there's a few fast food places around that still have the readers outside(non-functional at this point), but it got abandoned and my bank issued me a new card without one after a year.

    Between the businesses not wanting to spend money to change hardware, the CC companies not wanting to add the slightest inconvenience(even if the transactions now take as lot as a swipe and PIN would have previously anyway), and nutjobs who are scared of something, I doubt we'll get a proper implementation before 2025.
     
    Armenius likes this.
  9. This is what happens when you take old technology (and yes, the chip cards are old tech, they've been used in Europe for years) and implement it in a half-assed manner (no chip-and-pin).
     
  10. atom

    atom Gawd

    Messages:
    851
    Joined:
    May 3, 2005
    Some places I have to still swipe. Some places I have to choose debit or credit. Some places I have to put in a pin. Some places I have to sign. Some places I just put it in and magic happens. That's what she said.
     
  11. naib

    naib [H]ard|Gawd

    Messages:
    1,265
    Joined:
    Jul 26, 2013
    wow...
    How did they screw all this up... It had been proven in the EU for like 10years.. .
    The contactless goes through in 1-2 seconds ( used it twice this morning for coffee and then for lunch)
    When I need to use chip it takes 1-2 seconds

    dont get me wrong... the speed of it comes downto the quality of the site internet connection as the set needs to authenticate against visa so if that is slow (the site isp, local routing issues, visa etc) then yes it will slow down. 2 weeks ago I bought a load of fireworks for bonfire night, that took 30seconds to go though and the store said they were having BT issues.
    What is usually find is some shops just use home ISP plans (to save money) but then are subjected to other issues. if you pay for a home business plan that comes with other benefits, like stability and turn around support
     
  12. LightsOut41

    LightsOut41 Limp Gawd

    Messages:
    443
    Joined:
    Mar 5, 2017
    Back in the mid-90s I worked for a bank that was prototyping a "SmartCard" solution. It was chip/PIN based, but you only had one card in your wallet regardless of the number of accounts you had. After inserting the card, the terminal would display choices like "checking", "Discover", "AMEX", "Chase Visa", etc. The user would choose which account to debit or charge and then enter their PIN.

    I thought it was a fantastic idea, but it never came to fruition.
     
  13. Merc1138

    Merc1138 2[H]4U

    Messages:
    2,087
    Joined:
    Sep 25, 2010
    Oh, I know. I mean, it's not hard to see video of people in europe inserting a card and pulling it out 2 seconds later if they aren't just using contactless. At least now with the number not being raised and on the front of the primary card I use, I don't feel the need to keep my thumb over it while I'm standing there waiting for the stupid machine.

    And sure, on a big holiday like you mentioned(at least I'm assuming it is?), it makes sense for transactions to take more time if there's a bunch of traffic. Right now, it's 5:23am where I'm at. I'm actually about to go get some breakfast. I'll time it. I think we can generally agree that 5:30am on a Monday isn't exactly peak business hours, but we'll see what happens.
     
  14. Gasaraki_

    Gasaraki_ Gawd

    Messages:
    614
    Joined:
    Oct 27, 2016
    It's because we don't do it correctly. It's supposed to be chip and pin. You take out half the security, you get half the security.
     
    Armenius and LightsOut41 like this.
  15. Merc1138

    Merc1138 2[H]4U

    Messages:
    2,087
    Joined:
    Sep 25, 2010
    Lol, and of course the damn bagel place I go to.. Swipe.
     
  16. Merc1138

    Merc1138 2[H]4U

    Messages:
    2,087
    Joined:
    Sep 25, 2010
    It's not even just that. It's supposed to be chip and pin. Well, there's no pin so there goes half the security. And because an incredibly large portion of terminals toward the end of 2018 still rely on the mag stripe...(seriously, the chip wasn't an option when I got my bagels), then even any security features the chip may have are right out the window. And then further still, "card not present" is a thing.

    It's far, far worse than just half the security.
     
    likeman and Armenius like this.
  17. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    9,175
    Joined:
    Apr 9, 2012
    when you can use said card on the internet without the need of the fancy pin then you aren't going to stop shit.
     
    Armenius likes this.
  18. Bowman15

    Bowman15 [H]ard|Gawd

    Messages:
    1,238
    Joined:
    Apr 7, 2015
    The chip card fails because half the merchants do not properly implement it, override it or haven't set it up yet. "Sorry no chip reader yet please swipe".

    I can't count the number of stores that have a chip reader but it isn't implemented yet. Please swipe. And how many of these convenient store cashiers that are in on it with their friends "cough".
     
  19. LightsOut41

    LightsOut41 Limp Gawd

    Messages:
    443
    Joined:
    Mar 5, 2017
    I've always thought you should have to use a USB chip reader connected to your PC in order to make any internet purchase.
     
  20. The rules were supposed to change to encourage chip use. If a store failed tonise the chip then if it was a fraudluoent purchase they were on the hook for it. If a chip was used and it was fraudulent the cc cc comp was responsible for the lost money.

    Amazon used to have a chip card reader that would work online. I wonder what happened to that.
     
    Armenius likes this.
  21. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    13,043
    Joined:
    Aug 16, 2004
    Because:
    1. They can drain your bank account
    2. It takes lot longer for the bank to replace your money.
    3. With a credit card, you are NEVER liable in any way if your card is compromised and used for fraudulent purposes. The credit card company is 100% on the hook to recover anything they can on your end and the charges are wiped from your account right away.
     
  22. Megaslug

    Megaslug Limp Gawd

    Messages:
    173
    Joined:
    Jul 30, 2015
    Let's get the REAL statistics, shall we? Chip and pin does nothing when the store does not have a working chip reader. Still FAR too many places have a note taped over the chip slot telling you to swipe. I once played around with credit card terminals for a project we did where I used to work, they aren;t that difficult to configure, so how in the hell can ANY store have the hardware that is capable but not accept the chip?

    And of course all those places you hand your card to someone and they walk off with it, like most restaurants. Plenty of opportunity to record all the information, which can then be used anywhere that accepts card not present transactions.

    This "fact' from this article has pretty much nothing to do with the chip. It's the merchants and credit card companies that allow transactions where the chip is not involved that lead to card theft.
     
    Armenius likes this.
  23. Tak Ne

    Tak Ne [H]ard|Gawd

    Messages:
    1,233
    Joined:
    Jan 28, 2008
    The PIN part doesn't add security either and was also designed to reduce liability for credit card issuers. As you mentioned the merchant or a customer not keeping their PIN secret tends to get blamed.
     
  24. Armenius

    Armenius I Drive Myself to the [H]ospital

    Messages:
    18,178
    Joined:
    Jan 28, 2014
    All the places I go to are now chip & PIN. The problem is you can still swipe. Just say my chip doesn't work, insert the card 3 times and the machine tells you to swipe instead.
     
  25. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,987
    Joined:
    Nov 15, 2016

    sadly, for us, that statement applies to far more items then credit card usage :oops:
     
  26. Domingo

    Domingo [H]ard as it Gets

    Messages:
    17,150
    Joined:
    Jul 30, 2004
    I think there are still CC generators floating around. I had a card that I have never ever used get some mysterious charges for Eurail tickets with a Canadian shipping address. No amount of chips can prevent fraud when you still can order things online (or over the phone) with just a number.
     
  27. DocNo

    DocNo Gawd

    Messages:
    654
    Joined:
    Apr 23, 2012
    If it's a straight debit card (No Visa or Mastercard branding) you need to read your card holder agreement very carefully. If you are unfortunate enough to use a merchant that sends your card and pin over unsecured wifi (happens at least two to three times a year in the news it seems) and someone gets it and cleans your account out you are hosed.

    At least with credit cards you have dispute processes.

    Now if you have a branded debit card there are typically some protections, but still typically less than with a credit card.

    Typical example:

    https://www.investopedia.com/articles/personal-finance/050214/credit-vs-debit-cards-which-better.asp

    Debit cards aren't covered by that act, typically so your protections aren't as great. Obviously this is US only and represents the bare minimum - your bank/credit union may exceed the minimum required protections, read the fine print for your cards, etc.
     
  28. Axiomatic

    Axiomatic Limp Gawd

    Messages:
    451
    Joined:
    Jun 10, 2004
  29. Caeden

    Caeden n00b

    Messages:
    22
    Joined:
    Oct 7, 2018
    Well dua.
    CCs are not required to be present for most translations. Even when a card is present, it rarely requires a pin. Translations online don't require chip or pin. So... if we are not using the technology that is there to protect us, then why would we expect it to solve anything?
    Also, most fraud is not with a person's current CC info. It is with personal data leaks of major companies and then fraudsters use that information to open new credit lines. But people don't freeze their credit, and CC companies are more than happy to hand out cards to just about anyone, so there is no stopping that.
     
  30. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,315
    Joined:
    Oct 29, 2000
    This is surprising, considering this tech has been in use in Europe since the 90's. I know there must be regulatory differences in gas pumps between the markets, and that the European designs can't be used directly, but one would think given this, a derivative US configuration would be relatively quick to develop.

    The real solution here is to simply remove all magnetic strips.

    It would seem to me the issue of online fraudulent use is more challenging. You can't just remove the card number.
     
  31. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,315
    Joined:
    Oct 29, 2000
    I don't recall the details. This may be old information, as it is from the pre-chip era, but I seem to remember it has to do with how the law in the U.S. protects consumers from fraud.

    If you are a victim of fraud on a credit card, you tell your bank, and they fix it very quickly.

    Do the same on a debit card, and it can take a several weeks. In the mean time you could have mortgage payments bounce and lose your house, or have your car repossessed, etc. etc.

    My ex-wife - back when we were dating - damned near lost her house after someone fraudulently charged thousands to her debit card, her mortgage payment bounced, and it triggered foreclosure action.

    (This was back in the late 00's when the banks were very foreclosure happy, and seemingly not even following their own rules, I lent her the money to cover it, and we FedEx:ed a bank check to them THREE times, after they conveniently lost it the first time, and claimed it wasn't a cashiers check - it was - the second time and trashed it. Fun times.)


    After that experience I now always charge everything I buy to credit, and unless I've had some really large emergency expense, I typically pay it in full every month. My debit card goes completely unused, except for the rare occasion when I need cash from an ATM, but that almost never happens. I don't use cash unless I am forced to.
     
  32. Domingo

    Domingo [H]ard as it Gets

    Messages:
    17,150
    Joined:
    Jul 30, 2004
    % usage of cash and ATM cards vs. credit cards in the US and Europe are definitely different. Apples and oranges different.
     
  33. Bootleg Usher

    Bootleg Usher Gawd

    Messages:
    699
    Joined:
    Apr 14, 2010
    Crazy idea: The government makes a law requiring credit card companies to phase out the mag stripe and switch to chip and pin. The government provides a 12 month grace period for credit card companies and merchants to sort themselves out. 12 months later everyone is on the same playing field and security has increased. Voila.
     
  34. SvenBent

    SvenBent 2[H]4U

    Messages:
    3,043
    Joined:
    Sep 13, 2008
    They cant do what the rest of the world is doing fine.
    that is pretty much often a political view.
    US: this is IMPOSSIBLE TO DO ( translation its going to be slightly more expensive)
    World: we been doing it fine for decades...

    anything fomr not using bad food addictives to not feeding farm animals antibiotics etc etc.

    American just cant do things the rest of hte world is capable.

    I like to remind my US inlaws whenever they say that "this" will never work"
     
  35. Domingo

    Domingo [H]ard as it Gets

    Messages:
    17,150
    Joined:
    Jul 30, 2004
    Pretty much true. I feel like whenever we're discussing anything that the rest of the world does differently, all of our replies are prefixed by a silent "Oh yeah? {eyeroll} Well, we're America and..."
    It's the joy of being raised to think that we're doing everything the right way. That worked a lot better when information about the rest of the world wasn't as readily accessible, but there are several generations that still believe that about everything.
     
  36. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,315
    Joined:
    Oct 29, 2000
    There are many people in the U.S. who argue for the free market above all, with market returns being the only metric of success they care about.

    These people fight tooth and nail against anything that raises costs, regardless of the benefit.

    I think it all comes down to the U.S. mentality of valuing the individual above all, whereas in Europe people tend to value whats best for society as a whole a bit more.

    There are arguments to be made for the benefits of each philosophy. Personally I tend to favor the well-being of society, and don't mind that taking a little bite out of overall GDP growth, but there are many who would argue against this. I think there are fewer people who argue against it in most European countries.

    When it comes to Chip+PIN implementation here in the U.S, the political landscape made it impossible to go all in, as having to switch all the existing systems was deemed too costly compared to the cost of fraud. Whenever something new like this comes along, everyone tries to lobby with reasons why they are different and shouldn't have to comply and try to carve out exceptions for themselves.

    Sure this happens in politics everywhere, but I think our individualism-centered culture means it happens more and more forcefully here.

    I wish we could be more like Japan, where people are concerned with the well-being of society and being respectful of others, instead of our "me first" mania. I was very impressed with how orderly and respectful the Japanese people were after the 2011 tsunamis, especially compared to the rioting and looting we saw here in the U.S. after hurricane Katrina.
     
    Last edited: Nov 12, 2018
    SvenBent likes this.
  37. likeman

    likeman Gawd

    Messages:
    606
    Joined:
    Aug 17, 2011
    this is for customer present transactions, not online

    not sure why its so hard to do its a 5 year process

    step one cards replaced have Chip and pin chip its "use" is not mandatory (the chip and pin support is mandatory) and magswipe works as normal

    step two , over 5 years as shops card machines contracts run out they are forced to replace the card machine at no cost

    >>>> Step two is the issue i believe (second issue been banks not including it on cards until recently but eve so its its setup in useless Chip and signature mode which does not stop fraud at all ) 3rd issue the card machines companies make money off the the Sign pads if Chip and pin is used they don't make any money as the sign pads become more useless then they already are <<<< in USA i would imagine they are trying to sell merchants Chip and pin support as a paid feature and if you don't pay they disable the chip reader and contactless, most shops have a supported chip and pin reader its just disabled by the card machine company or its not disabled just the owner is unaware it supports it, if it supports contactless its supports Chip and pin as they are interconnected cant have one without the other

    step 3 after 5 years everyone will have a chip and pin card and cards will switch to force chip and pin if swiped first, and Visa and mastercard force 100% liability to merchant if fraud happened if magswipe was used (chip and pin was used the owner of the card is liable unless they can prove it or reported card stolen within 24 hours)

    any shops not replaced there card machines for ones that support it will be liable for 100% fraud , all card machines made in last 10 years supports it, just a lot of card merchant companies disable it or the merchant/employer/owner is completely unaware that it supports it (i have seen some comments around the internet about this topic where the shop is unaware and confused why its asking to Insert the card for chip and pin after swiping the card, as that's what chip and pin cards do in the UK if you swipe them they force you to use chip and pin first) again if it supports contactless its supports Chip and pin even if they are unaware of it

    this is how it was done in the UK and EU/rest of the world (yep your mum and dad will mone about it and say i only use cash now but that does not last long)

    and for very small set of people who say well i won't use that store if they force me to use chip and pin is they wont let me mag swipe then well your custom is not welcome (mag swipe will still work but it needs some more of your info than normally but shop is still liable for the fraud )
     
    Last edited: Nov 12, 2018