dgz
Supreme [H]ardness
- Joined
- Feb 15, 2010
- Messages
- 5,838
Except the POS provider, the telecom that transfers the data, and God knows who else. Online payments don't involve PIN, that is correct.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
The End of the Swipe-and-Sign Credit Card
- Thread starter CommanderFrank
- Start date
Except the POS provider, the telecom that transfers the data, and God knows who else. Online payments don't involve PIN, that is correct.
Agreed, why just catch up to the current poor system of chip and pin, why not also add biometrics -- but not one where they can cut off my finger or rip out my eye to verify the charge.
mullet
[H]ard|Gawd
- Joined
- Aug 19, 2004
- Messages
- 2,024
been using chip/PIN for 2 yrs now, also pay rent with debit
the only time i use a check is if i postdate it, which still is no guarantee
just last month i made a postdated one for a month to be not cashed, was cashed 2 days later lol, called the bank and asked what moron do they have working there, they got the cash back for me and destroyed the check, so fuck the company that cashed it early too, i got the item they won't see my cash for being morons aswell.
facepalm
the only time i use a check is if i postdate it, which still is no guarantee
just last month i made a postdated one for a month to be not cashed, was cashed 2 days later lol, called the bank and asked what moron do they have working there, they got the cash back for me and destroyed the check, so fuck the company that cashed it early too, i got the item they won't see my cash for being morons aswell.
facepalm
Lol, during my last trip to the usa, I had to swipe, sign, and show ID to buy with my credit card.
Wtf, you guys are like 5 years behind. No one swipes their cards in the rest of the developed world but you guys. About time. And you guys are getting up to date with the world.... in more than a year! outrageous.
Wtf, you guys are like 5 years behind. No one swipes their cards in the rest of the developed world but you guys. About time. And you guys are getting up to date with the world.... in more than a year! outrageous.
Thats not the chip card per se. Thats the tap and go card that has an RFID tag/chip inside it. Chip card doesnt necessarily mean RFID at the same time although it is starting to.
I have a chip enabled debit card and a chip+pin Visa that also has RFID on it. The RFID is a new thing, before it was just chip+pin but no RFID for the "tap and go feature".
That is really a separate issue though, with wireless technology. Passports now have RFID and should have a copper sleeve to shield them. My Nexus card (single card that allows me to cross between Canada and the US much faster and without my passport, and lets me use retina scans at the airports) came with a copper sleeve since it is RFID enabled.
The US is way behind on credit cards. When I went to Ireland for business and used my USA corporate credit card that was mag stripe only they looked at me like I was wearing a loin cloth and had bones in my nose. I wound up paying with my Canadian credit cards that were chip+pin to prevent the issues that some places gave me over mag strip only. Ireland and Canada have been chip+pin forever.
faugusztin
2[H]4U
- Joined
- Mar 9, 2008
- Messages
- 2,668
The RFID (VISA PayWave) is a very limited option, not worth "hacking" - the daily limit for these transactions is very low, for example in my country it is 20€. So the limit is high enough for a restaurant or a grocery store, but not high enough for "hackers".
xX_Jack_Carver_Xx
2[H]4U
- Joined
- Jun 6, 2005
- Messages
- 2,542
It's ridiculous nonsense. Most of the breaches occured in retailer databases of data AFTER the swipe and sign. The chip will get read, pin entered, and THEN they will still steal the info.
This also does nothing for mail order, and that is how most theft is apply, however they got the info they use it to order stuff online, deliver it to a "drop" and then resell it for cash.
None of the chip/pin shit will stop the bulk of the fraud/theft going on.
The industry needs to go back to the drawing board and come up with methods that close the loop, so that purchases feed back around to the consumer for verification in a way merely having the ccard information, even PIN can achieve. For instance, the ccard company calls you and sends a text message to your phone that you have to respond to. Since the phone number is NOT on the card, but the ccard processor knows it, you close the loop to verify the purchase.
I'm sure we can get a lot more imaginative if we really try.
This also does nothing for mail order, and that is how most theft is apply, however they got the info they use it to order stuff online, deliver it to a "drop" and then resell it for cash.
None of the chip/pin shit will stop the bulk of the fraud/theft going on.
The industry needs to go back to the drawing board and come up with methods that close the loop, so that purchases feed back around to the consumer for verification in a way merely having the ccard information, even PIN can achieve. For instance, the ccard company calls you and sends a text message to your phone that you have to respond to. Since the phone number is NOT on the card, but the ccard processor knows it, you close the loop to verify the purchase.
I'm sure we can get a lot more imaginative if we really try.
It wasn't well promoted, because not every bank participated (Visa collects a higher fee for it's use) so people had no clue what was going on when the popup appeared. Most thought it was a phishing attempt or were confused on who to call to reset the password.
This brings up the real reason why the US is so slow on implementing chip and pin, It's not stoers not wanting to pay for the upgrades, it's because the card companies get a higher percentage because of the higher risk. Now that more businesses and banks are forcing the use of debit card pins and laws are being created to limit the amount of fees it's not as profitable to just look the other way and ignore the fraud like they were before.
In Canada its set by retailer. McDonalds is $20 my grocery store is $50, they explained that there allowed to pick limits (I'm sure to within reason).
Spazturtle
[H]ard|Gawd
- Joined
- Jan 4, 2013
- Messages
- 1,526
Er not, the POS system connects to the bank via an encrypted channel and the PIN is sent over that. Only the bank can see your PIN.
If the POS system can see the PIN then the company that makes the POS system will get an unlimited fine.
I wouldn't mind seeing some sources cited on why you think chip and PIN are easier to hack than magnetic stripe.
I'd also like to know why you think biometrics are better. I mean, if someone snarfs the transaction of my DNA and replays it or whatever, how do I change it? Today, for instance with PINs and/or passwords, I can change them. But how do I change biometrics in the eventual situation it's disclosed? How do I also protect them from being taken and re-used without me being present?
And by the way, if you want to go back to cash, no one is stopping you. Just go ahead and pay cash for what you can pay cash for. That's what I do. (And if you shop at smaller local stores, it does them a favor as they don't have to pay for the CC transaction.)
Did you just admit to fraud?
Spazturtle
[H]ard|Gawd
- Joined
- Jan 4, 2013
- Messages
- 1,526
Chip and PIN isn't position to stop card-not-present transactions, which you describe. It's meant to deter against card-present transactions, by requiring a PIN that you need to know in order to use the card successfully. Though, yes, there are plenty of situations where post-scanned data is stolen and re-used, but hopefully things like the PIN are not stored and are verified through a closed channel. Yes, there are still attacks, but it's also about continuously raising the bar for attackers.
Second, I'm unsure what you envision with having a processor call you will do. Do I stand around at the retailer POS waiting for a call before a transaction is verified? And how does a PIN that only you know not close that loop at least a little bit further?
Can't remember the last time I used a signature for a credit card purchase. Must be at least 7-8 years ago. Maybe even 10.
Biometrics are not a good security feature for this type of situation really. It's very hard for your fingerprints/retinas/DNA to be changed if the data gets compromised. They will find a way to copy and compromise.
Biometrics are not a good security feature for this type of situation really. It's very hard for your fingerprints/retinas/DNA to be changed if the data gets compromised. They will find a way to copy and compromise.
Yes he did. Stated how he writes bad checks all the time with no intent of actually allowing them to be processed.
That isn't how that works. What he just admitted to is check fraud.
the check was to be cashed on Feb 28/14, it was cashed on Jan 3rd or 4th
really it was banks fault for cashing a postdated check to begin with.
There are two sides to card fraud, stealing the card details and using the stolen card details.
In general a thief isn't going to want to process the stolen details through their own merchant account for obvious reasons. So they need to get a retailer to accept them. Afaict chip and pin is mostly about making it harder to get a retailer to accept stolen card details.
With swipe and sign they can just program the magstripe on a new card from the details they stole, sign their own signature on the back and then buy stuff in a retail store. If the retail stores only accept chip and pin (or at least look on swipe and sign only as suspicious) it is much harder for them to do that.
They can still use the details mail order but using a stolen card mail order means you have to get the stuff delivered somewhere and therefore you risk the cops getting caught up with you there. Also many retailers will only deliver to the cardholders address for new customers.
Remind me to never sell anything to you.
Chip and pin is standard here in Canada. (At least in Saskatchewan) They quickly moved to it in just the last few years.
PayPass (tapping the card to the POS without using the chip or pin) is becoming quite popular as well for small purchases like fast food.
PayPass (tapping the card to the POS without using the chip or pin) is becoming quite popular as well for small purchases like fast food.
xX_Jack_Carver_Xx
2[H]4U
- Joined
- Jun 6, 2005
- Messages
- 2,542
Yes, at the POS, you would get immediately a text message with a secondary PIN or requiring a secondary PIN be messaged back. For higher priced purchases, a voice call from a computer program asking you one of three security questions and needing the correct reply to allow processing. And on very large purchases/debit transactions, etc... a human with more extensive security verification.
I can't see why we all wouldn't regard measures like this reasonable and desirable... nothing like getting your bank account hit with a stolen debit card to soften up your resistance to added security.
I can't see why we all wouldn't regard measures like this reasonable and desirable... nothing like getting your bank account hit with a stolen debit card to soften up your resistance to added security.
Semantics
2[H]4U
- Joined
- May 18, 2010
- Messages
- 2,811
It's not banks aren't legally required to enforce postdating. The responsibility is on to recipient and you, if the recipient checks it before your date and you don't have the money you've just bounced check btw to which the bank will charge you a fee for. See why banks aren't responsible because they prefer it like this, everyone gets pissed off but the banks. Banks are only responsible if you flag the specific check to be only accepted at a certain time. You also post dated a check for longer then 2 weeks which in the US isn't protected no matter what. Your bank could have easily said "fuck you" and been fine legally.
TechLarry
RIP [H] Brother - June 1, 2022
- Joined
- Aug 9, 2005
- Messages
- 30,481
It takes my bank SIX days to do an electronic transfer to my mortgage bank.
I have ZERO faith in banks being able to pull this off.
I have ZERO faith in banks being able to pull this off.
faugusztin
2[H]4U
- Joined
- Mar 9, 2008
- Messages
- 2,668
Why do you use that bank then ? I wonder what does your bank does, in Europe a SEPA transfer (which is now every transfer in EEA) takes maximum 1-2 days. That includes a payment from bank from east Slovakia to west Portugal, or from souh Sicily to north Norway.
How is mailing a piece of paper that has your full name, address and bank account number on it secure? At least online banking has encryption between you and the servers. Can't say the same for your check traveling through the post office.....
So this. I have actually asked people like that to please move it out of the way to make way for the increasing line behind them. Some don't take the hint when kindly asked and then you have to break the big guns out and actually yell at them.
Like the "no candy" checkout lanes they need "no lottery tickets" lanes/counters.
This will probably never happen because it would slow card transactions to a crawl. Even an extra five or ten seconds added to the transaction is enough to cause issues. Card issuers want card transactions to be as fast or faster than cash so card holders will use their cards instead of cash.
There are still plenty of folks who don't have cell phones, don't have cell phones with texting, or don't have unlimited text plans. I personally only have a 250 text per month plan.
Ihaveworms
Ukfay Ancerkay
- Joined
- Jul 25, 2006
- Messages
- 4,630
Same here. Local government stuff also charges a fee if anything but check or cash.
Outamyhead
Supreme [H]ardness
- Joined
- Jan 3, 2008
- Messages
- 4,263
cool. maybe checks are next. in no other country on the planet is this backwards method of payment still in use
I had, and still have a chip protected debit card for the last thirteen years, UK got something right with consumer protection.
faugusztin
2[H]4U
- Joined
- Mar 9, 2008
- Messages
- 2,668
How is that even legal
? Ok, i accept if they would add a fee if you are paying via card, as bank asks for a fee from every transaction made via card terminal, but how can they ask a fee for transferring money via bank transfer ?
MrGuvernment
Fully [H]
- Joined
- Aug 3, 2004
- Messages
- 21,817
Europe has been doing a lot of things better for a dam long time!