The End of the Swipe-and-Sign Credit Card

Only your bank ever sees your pin, the place you are paying at and online stores never see your pin.

Online payments don't change.

Except the POS provider, the telecom that transfers the data, and God knows who else. Online payments don't involve PIN, that is correct.
 
. . . . They need to come out with something better. DNA encoding or breath encoding from air vapor. With all the new tech that so easy to hack these days I kinda want to go back to CASH.

Agreed, why just catch up to the current poor system of chip and pin, why not also add biometrics -- but not one where they can cut off my finger or rip out my eye to verify the charge. :D
 
been using chip/PIN for 2 yrs now, also pay rent with debit

the only time i use a check is if i postdate it, which still is no guarantee

just last month i made a postdated one for a month to be not cashed, was cashed 2 days later lol, called the bank and asked what moron do they have working there, they got the cash back for me and destroyed the check, so fuck the company that cashed it early too, i got the item they won't see my cash for being morons aswell.

facepalm
 
Lol, during my last trip to the usa, I had to swipe, sign, and show ID to buy with my credit card.
Wtf, you guys are like 5 years behind. No one swipes their cards in the rest of the developed world but you guys. About time. And you guys are getting up to date with the world.... in more than a year! outrageous.
 
What gets me is the chips and PIN is much easier to crack and hack then the magnetic strip on the side. I find it so funny that they came out with these chip things and 2 months later the banks were selling metal wallets so your chip could not be scanned by wireless readers.

Most credit cards now have tap to pay that is soo easy to crack. The tap card thing has no security and the pin is on the boardcast all you need is a scanner from ebay and tap someones wallet and you have there info.

They need to come out with something better. DNA encoding or breath encoding from air vapor. With all the new tech that so easy to hack these days I kinda want to go back to CASH.

Thats not the chip card per se. Thats the tap and go card that has an RFID tag/chip inside it. Chip card doesnt necessarily mean RFID at the same time although it is starting to.

I have a chip enabled debit card and a chip+pin Visa that also has RFID on it. The RFID is a new thing, before it was just chip+pin but no RFID for the "tap and go feature".

That is really a separate issue though, with wireless technology. Passports now have RFID and should have a copper sleeve to shield them. My Nexus card (single card that allows me to cross between Canada and the US much faster and without my passport, and lets me use retina scans at the airports) came with a copper sleeve since it is RFID enabled.

The US is way behind on credit cards. When I went to Ireland for business and used my USA corporate credit card that was mag stripe only they looked at me like I was wearing a loin cloth and had bones in my nose. I wound up paying with my Canadian credit cards that were chip+pin to prevent the issues that some places gave me over mag strip only. Ireland and Canada have been chip+pin forever.
 
The RFID (VISA PayWave) is a very limited option, not worth "hacking" - the daily limit for these transactions is very low, for example in my country it is 20€. So the limit is high enough for a restaurant or a grocery store, but not high enough for "hackers".
 
It's ridiculous nonsense. Most of the breaches occured in retailer databases of data AFTER the swipe and sign. The chip will get read, pin entered, and THEN they will still steal the info.

This also does nothing for mail order, and that is how most theft is apply, however they got the info they use it to order stuff online, deliver it to a "drop" and then resell it for cash.

None of the chip/pin shit will stop the bulk of the fraud/theft going on.

The industry needs to go back to the drawing board and come up with methods that close the loop, so that purchases feed back around to the consumer for verification in a way merely having the ccard information, even PIN can achieve. For instance, the ccard company calls you and sends a text message to your phone that you have to respond to. Since the phone number is NOT on the card, but the ccard processor knows it, you close the loop to verify the purchase.

I'm sure we can get a lot more imaginative if we really try.
 
newegg used to have that for visa. did they remove it?

It wasn't well promoted, because not every bank participated (Visa collects a higher fee for it's use) so people had no clue what was going on when the popup appeared. Most thought it was a phishing attempt or were confused on who to call to reset the password.

This brings up the real reason why the US is so slow on implementing chip and pin, It's not stoers not wanting to pay for the upgrades, it's because the card companies get a higher percentage because of the higher risk. Now that more businesses and banks are forcing the use of debit card pins and laws are being created to limit the amount of fees it's not as profitable to just look the other way and ignore the fraud like they were before.
 
The RFID (VISA PayWave) is a very limited option, not worth "hacking" - the daily limit for these transactions is very low, for example in my country it is 20€. So the limit is high enough for a restaurant or a grocery store, but not high enough for "hackers".

In Canada its set by retailer. McDonalds is $20 my grocery store is $50, they explained that there allowed to pick limits (I'm sure to within reason).
 
Except the POS provider, the telecom that transfers the data, and God knows who else. Online payments don't involve PIN, that is correct.

Er not, the POS system connects to the bank via an encrypted channel and the PIN is sent over that. Only the bank can see your PIN.

If the POS system can see the PIN then the company that makes the POS system will get an unlimited fine.
 
What gets me is the chips and PIN is much easier to crack and hack then the magnetic strip on the side. I find it so funny that they came out with these chip things and 2 months later the banks were selling metal wallets so your chip could not be scanned by wireless readers.

Most credit cards now have tap to pay that is soo easy to crack. The tap card thing has no security and the pin is on the boardcast all you need is a scanner from ebay and tap someones wallet and you have there info.

They need to come out with something better. DNA encoding or breath encoding from air vapor. With all the new tech that so easy to hack these days I kinda want to go back to CASH.

I wouldn't mind seeing some sources cited on why you think chip and PIN are easier to hack than magnetic stripe.

I'd also like to know why you think biometrics are better. I mean, if someone snarfs the transaction of my DNA and replays it or whatever, how do I change it? Today, for instance with PINs and/or passwords, I can change them. But how do I change biometrics in the eventual situation it's disclosed? How do I also protect them from being taken and re-used without me being present?

And by the way, if you want to go back to cash, no one is stopping you. Just go ahead and pay cash for what you can pay cash for. That's what I do. (And if you shop at smaller local stores, it does them a favor as they don't have to pay for the CC transaction.)
 
been using chip/PIN for 2 yrs now, also pay rent with debit

the only time i use a check is if i postdate it, which still is no guarantee

just last month i made a postdated one for a month to be not cashed, was cashed 2 days later lol, called the bank and asked what moron do they have working there, they got the cash back for me and destroyed the check, so fuck the company that cashed it early too, i got the item they won't see my cash for being morons aswell.

facepalm

Did you just admit to fraud?
 
It's ridiculous nonsense. Most of the breaches occured in retailer databases of data AFTER the swipe and sign. The chip will get read, pin entered, and THEN they will still steal the info.

This also does nothing for mail order, and that is how most theft is apply, however they got the info they use it to order stuff online, deliver it to a "drop" and then resell it for cash.

None of the chip/pin shit will stop the bulk of the fraud/theft going on.

The industry needs to go back to the drawing board and come up with methods that close the loop, so that purchases feed back around to the consumer for verification in a way merely having the ccard information, even PIN can achieve. For instance, the ccard company calls you and sends a text message to your phone that you have to respond to. Since the phone number is NOT on the card, but the ccard processor knows it, you close the loop to verify the purchase.

I'm sure we can get a lot more imaginative if we really try.

Chip and PIN isn't position to stop card-not-present transactions, which you describe. It's meant to deter against card-present transactions, by requiring a PIN that you need to know in order to use the card successfully. Though, yes, there are plenty of situations where post-scanned data is stolen and re-used, but hopefully things like the PIN are not stored and are verified through a closed channel. Yes, there are still attacks, but it's also about continuously raising the bar for attackers.

Second, I'm unsure what you envision with having a processor call you will do. Do I stand around at the retailer POS waiting for a call before a transaction is verified? And how does a PIN that only you know not close that loop at least a little bit further?
 
Can't remember the last time I used a signature for a credit card purchase. Must be at least 7-8 years ago. Maybe even 10.

Biometrics are not a good security feature for this type of situation really. It's very hard for your fingerprints/retinas/DNA to be changed if the data gets compromised. They will find a way to copy and compromise.
 
Yes he did. Stated how he writes bad checks all the time with no intent of actually allowing them to be processed.



That isn't how that works. What he just admitted to is check fraud.

the check was to be cashed on Feb 28/14, it was cashed on Jan 3rd or 4th

really it was banks fault for cashing a postdated check to begin with.
 
edit, anyways, bank apologized for doing it, the other party know they shouldn't have, i'll still honor that $75 for the item, but still on Feb 28/14
 
It's ridiculous nonsense. Most of the breaches occured in retailer databases of data AFTER the swipe and sign. The chip will get read, pin entered, and THEN they will still steal the info.
There are two sides to card fraud, stealing the card details and using the stolen card details.

In general a thief isn't going to want to process the stolen details through their own merchant account for obvious reasons. So they need to get a retailer to accept them. Afaict chip and pin is mostly about making it harder to get a retailer to accept stolen card details.

With swipe and sign they can just program the magstripe on a new card from the details they stole, sign their own signature on the back and then buy stuff in a retail store. If the retail stores only accept chip and pin (or at least look on swipe and sign only as suspicious) it is much harder for them to do that.

They can still use the details mail order but using a stolen card mail order means you have to get the stuff delivered somewhere and therefore you risk the cops getting caught up with you there. Also many retailers will only deliver to the cardholders address for new customers.
 
edit, anyways, bank apologized for doing it, the other party know they shouldn't have, i'll still honor that $75 for the item, but still on Feb 28/14

Remind me to never sell anything to you.
 
Chip and pin is standard here in Canada. (At least in Saskatchewan) They quickly moved to it in just the last few years.

PayPass (tapping the card to the POS without using the chip or pin) is becoming quite popular as well for small purchases like fast food.
 
Yes, at the POS, you would get immediately a text message with a secondary PIN or requiring a secondary PIN be messaged back. For higher priced purchases, a voice call from a computer program asking you one of three security questions and needing the correct reply to allow processing. And on very large purchases/debit transactions, etc... a human with more extensive security verification.

I can't see why we all wouldn't regard measures like this reasonable and desirable... nothing like getting your bank account hit with a stolen debit card to soften up your resistance to added security.
 
the check was to be cashed on Feb 28/14, it was cashed on Jan 3rd or 4th

really it was banks fault for cashing a postdated check to begin with.
It's not banks aren't legally required to enforce postdating. The responsibility is on to recipient and you, if the recipient checks it before your date and you don't have the money you've just bounced check btw to which the bank will charge you a fee for. See why banks aren't responsible because they prefer it like this, everyone gets pissed off but the banks. Banks are only responsible if you flag the specific check to be only accepted at a certain time. You also post dated a check for longer then 2 weeks which in the US isn't protected no matter what. Your bank could have easily said "fuck you" and been fine legally.
 
It takes my bank SIX days to do an electronic transfer to my mortgage bank.

I have ZERO faith in banks being able to pull this off.
 
It takes my bank SIX days to do an electronic transfer to my mortgage bank.

Why do you use that bank then ? I wonder what does your bank does, in Europe a SEPA transfer (which is now every transfer in EEA) takes maximum 1-2 days. That includes a payment from bank from east Slovakia to west Portugal, or from souh Sicily to north Norway.
 
Every time I see somebody on here bring up checks my first thought is you can still use checks at places.

I do know it differs in areas. Around me, no gas stations accept them, most smaller stores don't accept them, some grocery stores don't accept them. can't think of any fast food or restaurants in general that accept them. I know you can use them to make payments for bills as of course that is the only secure method of mailing a payment. but other than that and maybe a few larger stores. I can't think of anyone that takes them. On the flip side, most banks now charge you extra if you even want an account that you can write checks from. I don't know the last time I actually saw anyone try to use one in any store that would even allow it. So around me they are dead.


How is mailing a piece of paper that has your full name, address and bank account number on it secure? At least online banking has encryption between you and the servers. Can't say the same for your check traveling through the post office.....
 
Worse then that...
My 97 year old great grandmother stands in line in front of you at the gas station buying 5 of each type of ticket then refuses to move as she scratches them off!
So this. I have actually asked people like that to please move it out of the way to make way for the increasing line behind them. Some don't take the hint when kindly asked and then you have to break the big guns out and actually yell at them. :p

Like the "no candy" checkout lanes they need "no lottery tickets" lanes/counters. :D
 
The industry needs to go back to the drawing board and come up with methods that close the loop, so that purchases feed back around to the consumer for verification in a way merely having the ccard information, even PIN can achieve. For instance, the ccard company calls you and sends a text message to your phone that you have to respond to. Since the phone number is NOT on the card, but the ccard processor knows it, you close the loop to verify the purchase.

This will probably never happen because it would slow card transactions to a crawl. Even an extra five or ten seconds added to the transaction is enough to cause issues. Card issuers want card transactions to be as fast or faster than cash so card holders will use their cards instead of cash.

There are still plenty of folks who don't have cell phones, don't have cell phones with texting, or don't have unlimited text plans. I personally only have a 250 text per month plan.
 
I write checks to my daughter's daycare, her piano teacher, her gymnastics school, utility companies, for my property taxes and a bunch of other things. I actually write more checks now than I did 5 years ago.

If I want to use a card for most of my bills, they want to charge me a "convenience" fee that is usually around 5+%. So yeah, I'll keep writing checks.

Same here. Local government stuff also charges a fee if anything but check or cash.
 
cool. maybe checks are next. in no other country on the planet is this backwards method of payment still in use :p

I had, and still have a chip protected debit card for the last thirteen years, UK got something right with consumer protection.
 
Same here. Local government stuff also charges a fee if anything but check or cash.

How is that even legal :eek: ? Ok, i accept if they would add a fee if you are paying via card, as bank asks for a fee from every transaction made via card terminal, but how can they ask a fee for transferring money via bank transfer ?
 
The Banks should honestly be ashamed at letting such an article get posted. There's nothing more pitiful when Europe is doing things better than you.

Europe has been doing a lot of things better for a dam long time!
 
Back
Top