Sep 20, 2013, 11:40 am
Last edit by: philemer
Posts from 1/1/16 onward can be found here: http://www.flyertalk.com/forum/credit-card-programs/1739359-2016-onward-usa-emv-cards-availability-q-chip-pin-signature.html
EMV wikipost volunteers: kebosabi
What is EMV?
EMV is a defacto global standard of technology where there is a visible microchip on the front of the card. It looks like this:
Who issues them?
See Google Docs spreadsheet in Post #1
SFOAMS also has created a list of excellent webpage that shows US EMV cards in a more interactive interface
Another site, which lets you narrow the search for an EMV card by various parameters, is http://www.spotterswiki.com/emv/index.php.
Several credit unions issue some form of Chip-and-PIN credit cards or prepaid cards. Prepaid EMV cards however are not recommended due to junk fees. USAA (currently restricted to members of military) used to offer Chip-and-PIN cards, but as late has backtracked to Chip-and-Signature priority.
Hey that's a cool Google Docs list! I know others that aren't on that list. How can I help by adding them to the list?
My bad for not putting this into the wiki sooner. Right now, the Google Docs is locked out of editing and only in "read-only" view because there were instances in the past where people would just delete the rows not thinking that it affects others viewing the list.
If you promise not to delete any rows and input all the pertinent info (annual fee, rewards, FTF, etc.), I can provide you with edit access. Just shoot me a PM to kebosabi with your gmail address and I'll provide you edit access.
Thanks for helping out!
As of October 2014, no USA-based card issuer offers Chip-and-PIN priority cards except for BMO Harris (Diners Club) and UN Federal Credit Union. Other major USA-based banks such as BofA, Chase, Citi, as well as others issue Chip-and-Signature cards which may work at many automated kiosks. However, bear in mind the word may is used above is a context where there is no absolute certainty of success for certain environments such as automated kiosks due to different natures of offline and online transactions. It is highly recommended to read Post #3 which lists real life FTer examples on how Chip-and-Signature worked and did not work at various transaction environments.
Can I upgrade it right now?
If it's listed on that Google Docs spreadsheet or SFOAMS' Silk page, wouldn't hurt to call/twitter them for a free upgrade. If you get the response you don't like, hang up, try again.
What is the difference between Chip-and-Signature and Chip-and-PIN?
You insert the chipped card into the slot. The physical contact terminal will read the EMV chip and the terminal will automatically read the preferred cardholder verification methods (called CVM) for that card.
Chip-and-Signature means that the terminal will printout a receipt for you to sign. This is the most prevalent authentication for most US issued EMV cards. Chip-and-Signature helps in a way that it will get through to face-to-face merchant transactions where you and the merchant do not speak the same language.
Chip-and-PIN means that the terminal will prompt you to input a PIN for authentication. Some credit union issued credit cards will have this CVM as secondary if Chip-and-Signature cannot be done. Chip-and-PIN is the more prevalent method of authentication used outside the US, especially in transaction environments where no human interaction is needed (i.e. automated gas pumps, toll roads, train kiosks, etc.).
The Google Docs spreadsheet will list which CVM are used in the EMV cards listed. Some cards can only do Chip-and-Signature. Other cards can do both Chip-and-Signature and Chip-and-PIN. And others might have a third option called No CVM (no authentication needed) which is reserved for low value transactions.
One chip can hold a lot more data, therefore it is capable of doing multiple verification methods. That's one of the great things about EMV over the mag-stripe which can hold very little data.
I want to know for sure what my EMV chip does. Is there anyway I can test out my own EMV card to see what the CVM list is?
alexmt has written up a nice step-by-step procedure on Post #3615.
If most of the EMV cards in the US is the Chip-and-Signature type, doesn't that mean it's still useless abroad?
Depends if you see it as glass half empty or glass half full. See Post #3 for further details on how Chip-and-Signature has worked both successfully and unsuccessfully depending on the merchant transaction environment and use your best judgment whether which one is right for you.
Are there any places in the US that are accepting transactions via the EMV chip?
tmiw has created a dedicated Google maps webpage to show where EMV has been proven to work here: http://emvacceptedhere.com/ Per his Post #4240, feel free to add any places with active EMV terminals if you come across one.
As of 2014/05, the EMV terminals in most Walmarts and Sam's Clubs are being turned on. Hence, the best place to try them out would be your local Walmart or Sam's Club. For other merchants, it's slowly being phased in.
I hope people will post them in the Post your receipt of your 1st EMV based transaction in the US thread. cvarming has shown us an EMV transaction receipt from Brooklyn, NY in Post #2380. I myself had my first EMV based (Chip-and-Signature) transaction in two stores in the Los Angeles area, as shown in detail in Post #2705 (courtesy of WhatWhatTech for pointing these two stores out)
I don't want a chip in my card. I heard horror stories all over the media saying hackers can steal my credit card info from a mile away.
There are two types of chips. One is contactless and the other is contact. Cards can be either one or the other, or both.
In the Google Docs spreadsheet, the cards that are capable of contactless payments are listed seperately under the "RFID or NFC contactless chip" column. If it says yes, then that means it has the ability to do contactless payments. If it says no, it doesn't have that feature.
The one that the media has overhyped about hackers "stealing your information wirelessly" was the contactless type like this:
You are worried about this happening, right?
You don't have to worry. EMV is a chip standard that can have both contact and contactless interfaces. With the traditional contact interface, this means you actually have to physically insert the chip into a POS terminal for it to be authorized, like this:
With the contact interface, nothing is wireless. No data is sent out in a stand-alone contact type EMV chip. With the EMV contactless interface, data is sent wirelessly.
Furthermore, contactless chip cards are required to show a symbol (looks like Wi-Fi symbol) somewhere on the card that to denote it's capability as a contactless card. For example, here's an example of a Discover Card with contactless capability (in which Discover calls "Discover ZIP") showing the contactless symbol on the back of the card:
Don't believe everything that the media says. Besides, millions of people all over the world from London to Singapore, uses contactless payments daily in extremely crowded subways and mass transit with nary any problems. There are multiple layers of encrypted securities and keys that are needed to break the code.
Frankly, giving your physical card to a waiter/waitress who takes the card out of your view is much more susceptible to fraud than contactless payments.
Why should I care?
If you are an international traveler, you will want this because majority of the world has or in the process of converting to this payment format.
In fact, in 2012, even North Korea moved to the EMV format, leaving the US as one of the countries in the world that hasn't done so.
In addition, VISA, MC, AMEX, and Discover have all agreed to incentivize the USA shifting to EMV payments by 2015 by shifting liability for fraudulent transactions to merchants if they do not have EMV equipment and the cardholder has an EMV card. So if you travel internationally or would like to get one before the others, you might be interested in getting one.
BS! I had no problems using my card in [insert whereever country], [insert whatever point in time]
If you stick to the tourist path where they have lots of visitors from the US, you should have no problems using your mag-stripe only card in hotels and restaurants, at least for now. But as things can change as things go forward.
However, consider that once you start taking the off-beaten path, go to non-touristy places where they are not familiar with mag-stripes, rent a car and use toll roads, fill up gas, or try to buy train tickets you might end up into a trouble of the machine not recognizing your card because it lacks the chip. Furthermore, a lot of toll roads, gas pumps, and automated ticket machines lack any human assistance to help you when you need it the most.
But [insert credit card company] told me all merchants that display their logo must accept them! All I have to do is report them for violating their agreements, right?
There are several factors against this.
1. You can only speak English. The merchant representative, most likely a part-time clerk earning minimum wage, speaks in a different language, let's say French. If you have no French language skills, how are you going to get your point across? Are you going to whip out your cell phone at exorbitant int'l roaming charges and hope the customer service is going to translate it for you on the spot? Or maybe you might actually know French. But how about Swahili, Farsi, Balinese, or the multiple languages in mainland China?
2. Just like US, the rest of the world's businesses uses part-time minimum wage workers as cashiers to cut down on labor costs. Most of their SOP training manuals are written by MBA types to not to do anything they are not familiar with. Do not expect them to understand the intricate details of credit card mumbo jumbo. You don't expect Taco Bell employees to understand the minute details of Discover-JCB-Union Pay agreements, right? Same thing the other way around: be respectful as a guest in their country, prepare in advance in their ways, avoid being an "ugly American" stereotype.
3. You are a guest in their country. You are a minority. If 99.9% of their country's people and other tourists from around the world uses EMV, do you really think they are going to accomodate the 0.1% of American tourists who only have mag-stripes credit cards?
4. Again, you are a guest in their country. How would you, as an American standing in line, react if a Chinese tourist was clogging up the lines at a local Taco Bell because the clerk doesn't understand the Discover-Union Pay agreement and has trouble communicating between Mandarin spoken by the tourist and English spoken by the Taco Bell clerk? Same way the other way around. You do not want to clog up the lines for everyone. The less hassle, the better.
5. VISA and MC make tons of money from merchants in that country. Say SNCF French Rail. It's a billion dollar company in France. Do you think VISA is going to pull the plug of their relationship with SNCF because SNCF refuses to do mag-stripe processing at their unmanned train station kiosk? Of course not. Be realistic.
6. And lastly, if you're up against an unstaffed toll kiosk, gas pump or train ticket machine, are you going to yell curses at the machine?
But I want my credit card to be able to be used in the US too!
No worries. They have not gotten rid of the mag-stripe on the back of the card for backward compatibility reasons, just like we still have embossed numbers on our cards for backwards compatibility to using those old carbon copy imprinters.
[insert own Hyatt card image front and back together with red arrows pointing to all the backward compatibility features]
You use the chip on the front of the card abroad (for now), and the mag-stripe just like any other card for the US. Basically, you're increasing your credit card's acceptance rate by getting a card that both via the chip and the mag-stripe. You're getting a better deal for free.
And when 2015 comes along and US switches to EMV, you'll be way ahead of everyone else too!
So why did the rest of the world and the US moved/moving toward EMV?
Primarily, due to fraud concerns. You see, the mag-stripe has been with us since the 1950s. It may have been the most high tech thing back in the day, but with the technology that is available today, any shmo can pick up a $100 USB magnetic card skimming device off of eBay and get your credit card info.
And unlike skimming off contactless cards which actually need the person to have l33t programming skills, skimming off a magnetic stripe has become so ubiquitous that nary a day goes about skimming fraud going on somewhere in America, from gas pumps, Michael's stores (2011), Target breaches (2013), restaurant waiters/waitresses, to even McDonald's drive thrus.
https://www.google.com/search?q=skimming+fraud
These type of fraud used to be prevalent in Europe. But once they started switching over to EMV starting over 2 decades ago, this type of fraud went elsewhere. It went over to Asia, Canada and Mexico, Latin America, etc. etc. until they too began implementing EMV to combat skimming fraud. The US is practically the only country left that hasn't done so, therefore all the fraud that used to take place elsewhere is now happening here.
But EMV is old and it's not fool proof. Shouldn't we just skip over it and do something new instead?
Yes, EMV is old. It was developed in the 1990s and its smart card payment predecessor was first introduced in France. But as of today, it has become the defacto global standard of payments.
But then, what else is there? There is no other de facto global standard of payments alternative. For example, if we decide to skip over it and do something new, hypothetically like DNA matching technology, it still means US int'l travelers will continue to have problems abroad with useless plastic acceptance because no other country is using this DNA matching technology except the US.
Besides, nothing is fool proof. You can say that the bank vault isn't fool proof because you can crack it open if enough C4 is used. But your average low-life scumbag isn't likely to get military grade C4 easily either. But the bank vault does make it harder to get the bank's money over say a petty cash box. That's the point here. EMV is akin to a security tight bank vault, the old mag-stripe is akin to a petty cash box lying around inside the drawer.
I'm a business owner and I don't think EMV is going to take off. I'm not going to spend extra hundreds of dollars to upgrade my credit card machine. Convince me other wise why I should.
I can understand the added extra cost to your business once this switchover takes place. But before even saying that, look at your existing POS terminal. Does it have a slot somewhere to insert a card?
Most likely, if you had replaced your POS terminal within the past five years, you already have an EMV capable terminal. EMV is basically just not turned on yet from the processor and acquirer side.
If you have an EMV capable terminal, then a best bet would be to contact your acquirer to have the EMV feature turned on. You did your end of the deal already by having an EMV capable terminal, it is now the acquirers' responsibility to turn it on in accordance to the EMV switchover mandate.
And if you don't, you are going to replace your POS terminal anyway from common wear and tear. It isn't a hard switch-over. You can continue to use your POS terminal until it dies out because EMV cardholders will still have the mag-stripe on the back. And by the time your non-EMV capable POS terminal is up for replacement the market will be full with these newer POS terminals that can accept the mag-stripe, EMV, as well as contactless payments.
In addition, you may also want to check with your acquirer or processor about EMV capable terminals. Some of them are willing to replace your terminal for free in preparation for the US EMV switchover. Call and ask for details.
But what's in it for me? I'm the one that has to pay for the upgrade.
All the major card networks have given incentives for merchants for the upcoming EMV switchover.
If 75% or more of your credit card transactions are done on an EMV contact and contactless terminal, they are going to waive your annual PCI-DSS fees, which usually costs you around $5.00-$19.95/month per terminal. The overall long term cost savings of those compliance fees will be larger than the cost of an one time upgrade for the terminal.
The downside is that once EMV switchover happens and if you do not have a POS terminal that is able to accept EMV, the fraud liability shifts over to the merchant.
I own several fast food franchises. If I upgrade my POS terminals at all of my restaurants, it's going to cost me thousands, if not millions. I don't think anyone is going to use a fake credit card to buy $5 burgers. And if they do, wouldn't it be cheaper for me to eat the fraud cost?
Remember also that fraud isn't just committed by dishonest customers using fraudulent cards. Fraud can also happen with dishonest employees skimming off credit card data from the mag-stripe as in the case of a teenage McDonald's drive thru employee skimming off $13,000 of customers' credit cards in Olympia, WA. Consider the public relations fall out that your business may have if this happens (i.e. the big Target breach of 2013, where someone used a mag stripe card to load malware INTO Target's system). Is it worth risking to take such a huge PR disaster?
EMV wikipost volunteers: kebosabi
What is EMV?
EMV is a defacto global standard of technology where there is a visible microchip on the front of the card. It looks like this:
Who issues them?
See Google Docs spreadsheet in Post #1
SFOAMS also has created a list of excellent webpage that shows US EMV cards in a more interactive interface
Another site, which lets you narrow the search for an EMV card by various parameters, is http://www.spotterswiki.com/emv/index.php.
Several credit unions issue some form of Chip-and-PIN credit cards or prepaid cards. Prepaid EMV cards however are not recommended due to junk fees. USAA (currently restricted to members of military) used to offer Chip-and-PIN cards, but as late has backtracked to Chip-and-Signature priority.
Hey that's a cool Google Docs list! I know others that aren't on that list. How can I help by adding them to the list?
My bad for not putting this into the wiki sooner. Right now, the Google Docs is locked out of editing and only in "read-only" view because there were instances in the past where people would just delete the rows not thinking that it affects others viewing the list.
If you promise not to delete any rows and input all the pertinent info (annual fee, rewards, FTF, etc.), I can provide you with edit access. Just shoot me a PM to kebosabi with your gmail address and I'll provide you edit access.
Thanks for helping out!
As of October 2014, no USA-based card issuer offers Chip-and-PIN priority cards except for BMO Harris (Diners Club) and UN Federal Credit Union. Other major USA-based banks such as BofA, Chase, Citi, as well as others issue Chip-and-Signature cards which may work at many automated kiosks. However, bear in mind the word may is used above is a context where there is no absolute certainty of success for certain environments such as automated kiosks due to different natures of offline and online transactions. It is highly recommended to read Post #3 which lists real life FTer examples on how Chip-and-Signature worked and did not work at various transaction environments.
Can I upgrade it right now?
If it's listed on that Google Docs spreadsheet or SFOAMS' Silk page, wouldn't hurt to call/twitter them for a free upgrade. If you get the response you don't like, hang up, try again.
What is the difference between Chip-and-Signature and Chip-and-PIN?
You insert the chipped card into the slot. The physical contact terminal will read the EMV chip and the terminal will automatically read the preferred cardholder verification methods (called CVM) for that card.
Chip-and-Signature means that the terminal will printout a receipt for you to sign. This is the most prevalent authentication for most US issued EMV cards. Chip-and-Signature helps in a way that it will get through to face-to-face merchant transactions where you and the merchant do not speak the same language.
Chip-and-PIN means that the terminal will prompt you to input a PIN for authentication. Some credit union issued credit cards will have this CVM as secondary if Chip-and-Signature cannot be done. Chip-and-PIN is the more prevalent method of authentication used outside the US, especially in transaction environments where no human interaction is needed (i.e. automated gas pumps, toll roads, train kiosks, etc.).
The Google Docs spreadsheet will list which CVM are used in the EMV cards listed. Some cards can only do Chip-and-Signature. Other cards can do both Chip-and-Signature and Chip-and-PIN. And others might have a third option called No CVM (no authentication needed) which is reserved for low value transactions.
One chip can hold a lot more data, therefore it is capable of doing multiple verification methods. That's one of the great things about EMV over the mag-stripe which can hold very little data.
I want to know for sure what my EMV chip does. Is there anyway I can test out my own EMV card to see what the CVM list is?
alexmt has written up a nice step-by-step procedure on Post #3615.
If most of the EMV cards in the US is the Chip-and-Signature type, doesn't that mean it's still useless abroad?
Depends if you see it as glass half empty or glass half full. See Post #3 for further details on how Chip-and-Signature has worked both successfully and unsuccessfully depending on the merchant transaction environment and use your best judgment whether which one is right for you.
Are there any places in the US that are accepting transactions via the EMV chip?
tmiw has created a dedicated Google maps webpage to show where EMV has been proven to work here: http://emvacceptedhere.com/ Per his Post #4240, feel free to add any places with active EMV terminals if you come across one.
As of 2014/05, the EMV terminals in most Walmarts and Sam's Clubs are being turned on. Hence, the best place to try them out would be your local Walmart or Sam's Club. For other merchants, it's slowly being phased in.
I hope people will post them in the Post your receipt of your 1st EMV based transaction in the US thread. cvarming has shown us an EMV transaction receipt from Brooklyn, NY in Post #2380. I myself had my first EMV based (Chip-and-Signature) transaction in two stores in the Los Angeles area, as shown in detail in Post #2705 (courtesy of WhatWhatTech for pointing these two stores out)
I don't want a chip in my card. I heard horror stories all over the media saying hackers can steal my credit card info from a mile away.
There are two types of chips. One is contactless and the other is contact. Cards can be either one or the other, or both.
In the Google Docs spreadsheet, the cards that are capable of contactless payments are listed seperately under the "RFID or NFC contactless chip" column. If it says yes, then that means it has the ability to do contactless payments. If it says no, it doesn't have that feature.
The one that the media has overhyped about hackers "stealing your information wirelessly" was the contactless type like this:
You are worried about this happening, right?
You don't have to worry. EMV is a chip standard that can have both contact and contactless interfaces. With the traditional contact interface, this means you actually have to physically insert the chip into a POS terminal for it to be authorized, like this:
With the contact interface, nothing is wireless. No data is sent out in a stand-alone contact type EMV chip. With the EMV contactless interface, data is sent wirelessly.
Furthermore, contactless chip cards are required to show a symbol (looks like Wi-Fi symbol) somewhere on the card that to denote it's capability as a contactless card. For example, here's an example of a Discover Card with contactless capability (in which Discover calls "Discover ZIP") showing the contactless symbol on the back of the card:
Don't believe everything that the media says. Besides, millions of people all over the world from London to Singapore, uses contactless payments daily in extremely crowded subways and mass transit with nary any problems. There are multiple layers of encrypted securities and keys that are needed to break the code.
Frankly, giving your physical card to a waiter/waitress who takes the card out of your view is much more susceptible to fraud than contactless payments.
Why should I care?
If you are an international traveler, you will want this because majority of the world has or in the process of converting to this payment format.
In fact, in 2012, even North Korea moved to the EMV format, leaving the US as one of the countries in the world that hasn't done so.
In addition, VISA, MC, AMEX, and Discover have all agreed to incentivize the USA shifting to EMV payments by 2015 by shifting liability for fraudulent transactions to merchants if they do not have EMV equipment and the cardholder has an EMV card. So if you travel internationally or would like to get one before the others, you might be interested in getting one.
BS! I had no problems using my card in [insert whereever country], [insert whatever point in time]
If you stick to the tourist path where they have lots of visitors from the US, you should have no problems using your mag-stripe only card in hotels and restaurants, at least for now. But as things can change as things go forward.
However, consider that once you start taking the off-beaten path, go to non-touristy places where they are not familiar with mag-stripes, rent a car and use toll roads, fill up gas, or try to buy train tickets you might end up into a trouble of the machine not recognizing your card because it lacks the chip. Furthermore, a lot of toll roads, gas pumps, and automated ticket machines lack any human assistance to help you when you need it the most.
But [insert credit card company] told me all merchants that display their logo must accept them! All I have to do is report them for violating their agreements, right?
There are several factors against this.
1. You can only speak English. The merchant representative, most likely a part-time clerk earning minimum wage, speaks in a different language, let's say French. If you have no French language skills, how are you going to get your point across? Are you going to whip out your cell phone at exorbitant int'l roaming charges and hope the customer service is going to translate it for you on the spot? Or maybe you might actually know French. But how about Swahili, Farsi, Balinese, or the multiple languages in mainland China?
2. Just like US, the rest of the world's businesses uses part-time minimum wage workers as cashiers to cut down on labor costs. Most of their SOP training manuals are written by MBA types to not to do anything they are not familiar with. Do not expect them to understand the intricate details of credit card mumbo jumbo. You don't expect Taco Bell employees to understand the minute details of Discover-JCB-Union Pay agreements, right? Same thing the other way around: be respectful as a guest in their country, prepare in advance in their ways, avoid being an "ugly American" stereotype.
3. You are a guest in their country. You are a minority. If 99.9% of their country's people and other tourists from around the world uses EMV, do you really think they are going to accomodate the 0.1% of American tourists who only have mag-stripes credit cards?
4. Again, you are a guest in their country. How would you, as an American standing in line, react if a Chinese tourist was clogging up the lines at a local Taco Bell because the clerk doesn't understand the Discover-Union Pay agreement and has trouble communicating between Mandarin spoken by the tourist and English spoken by the Taco Bell clerk? Same way the other way around. You do not want to clog up the lines for everyone. The less hassle, the better.
5. VISA and MC make tons of money from merchants in that country. Say SNCF French Rail. It's a billion dollar company in France. Do you think VISA is going to pull the plug of their relationship with SNCF because SNCF refuses to do mag-stripe processing at their unmanned train station kiosk? Of course not. Be realistic.
6. And lastly, if you're up against an unstaffed toll kiosk, gas pump or train ticket machine, are you going to yell curses at the machine?
But I want my credit card to be able to be used in the US too!
No worries. They have not gotten rid of the mag-stripe on the back of the card for backward compatibility reasons, just like we still have embossed numbers on our cards for backwards compatibility to using those old carbon copy imprinters.
[insert own Hyatt card image front and back together with red arrows pointing to all the backward compatibility features]
You use the chip on the front of the card abroad (for now), and the mag-stripe just like any other card for the US. Basically, you're increasing your credit card's acceptance rate by getting a card that both via the chip and the mag-stripe. You're getting a better deal for free.
And when 2015 comes along and US switches to EMV, you'll be way ahead of everyone else too!
So why did the rest of the world and the US moved/moving toward EMV?
Primarily, due to fraud concerns. You see, the mag-stripe has been with us since the 1950s. It may have been the most high tech thing back in the day, but with the technology that is available today, any shmo can pick up a $100 USB magnetic card skimming device off of eBay and get your credit card info.
And unlike skimming off contactless cards which actually need the person to have l33t programming skills, skimming off a magnetic stripe has become so ubiquitous that nary a day goes about skimming fraud going on somewhere in America, from gas pumps, Michael's stores (2011), Target breaches (2013), restaurant waiters/waitresses, to even McDonald's drive thrus.
https://www.google.com/search?q=skimming+fraud
These type of fraud used to be prevalent in Europe. But once they started switching over to EMV starting over 2 decades ago, this type of fraud went elsewhere. It went over to Asia, Canada and Mexico, Latin America, etc. etc. until they too began implementing EMV to combat skimming fraud. The US is practically the only country left that hasn't done so, therefore all the fraud that used to take place elsewhere is now happening here.
But EMV is old and it's not fool proof. Shouldn't we just skip over it and do something new instead?
Yes, EMV is old. It was developed in the 1990s and its smart card payment predecessor was first introduced in France. But as of today, it has become the defacto global standard of payments.
But then, what else is there? There is no other de facto global standard of payments alternative. For example, if we decide to skip over it and do something new, hypothetically like DNA matching technology, it still means US int'l travelers will continue to have problems abroad with useless plastic acceptance because no other country is using this DNA matching technology except the US.
Besides, nothing is fool proof. You can say that the bank vault isn't fool proof because you can crack it open if enough C4 is used. But your average low-life scumbag isn't likely to get military grade C4 easily either. But the bank vault does make it harder to get the bank's money over say a petty cash box. That's the point here. EMV is akin to a security tight bank vault, the old mag-stripe is akin to a petty cash box lying around inside the drawer.
I'm a business owner and I don't think EMV is going to take off. I'm not going to spend extra hundreds of dollars to upgrade my credit card machine. Convince me other wise why I should.
I can understand the added extra cost to your business once this switchover takes place. But before even saying that, look at your existing POS terminal. Does it have a slot somewhere to insert a card?
Most likely, if you had replaced your POS terminal within the past five years, you already have an EMV capable terminal. EMV is basically just not turned on yet from the processor and acquirer side.
If you have an EMV capable terminal, then a best bet would be to contact your acquirer to have the EMV feature turned on. You did your end of the deal already by having an EMV capable terminal, it is now the acquirers' responsibility to turn it on in accordance to the EMV switchover mandate.
And if you don't, you are going to replace your POS terminal anyway from common wear and tear. It isn't a hard switch-over. You can continue to use your POS terminal until it dies out because EMV cardholders will still have the mag-stripe on the back. And by the time your non-EMV capable POS terminal is up for replacement the market will be full with these newer POS terminals that can accept the mag-stripe, EMV, as well as contactless payments.
In addition, you may also want to check with your acquirer or processor about EMV capable terminals. Some of them are willing to replace your terminal for free in preparation for the US EMV switchover. Call and ask for details.
But what's in it for me? I'm the one that has to pay for the upgrade.
All the major card networks have given incentives for merchants for the upcoming EMV switchover.
If 75% or more of your credit card transactions are done on an EMV contact and contactless terminal, they are going to waive your annual PCI-DSS fees, which usually costs you around $5.00-$19.95/month per terminal. The overall long term cost savings of those compliance fees will be larger than the cost of an one time upgrade for the terminal.
The downside is that once EMV switchover happens and if you do not have a POS terminal that is able to accept EMV, the fraud liability shifts over to the merchant.
I own several fast food franchises. If I upgrade my POS terminals at all of my restaurants, it's going to cost me thousands, if not millions. I don't think anyone is going to use a fake credit card to buy $5 burgers. And if they do, wouldn't it be cheaper for me to eat the fraud cost?
Remember also that fraud isn't just committed by dishonest customers using fraudulent cards. Fraud can also happen with dishonest employees skimming off credit card data from the mag-stripe as in the case of a teenage McDonald's drive thru employee skimming off $13,000 of customers' credit cards in Olympia, WA. Consider the public relations fall out that your business may have if this happens (i.e. the big Target breach of 2013, where someone used a mag stripe card to load malware INTO Target's system). Is it worth risking to take such a huge PR disaster?
USA EMV cards: Availability, Q&A (Chip & PIN -or- Chip & Signature) [2012-2015]
Aug 2, 2014, 12:41 am
#5956
Join Date: Nov 2012
Posts: 3,537
Card Problem indicates EMV isn't enabled and you can swipe the card... maybe it indicates other things too but that's what I remembered.
Aug 2, 2014, 12:52 am
#5957
Join Date: Feb 2010
Location: ORD
Programs: UA 1K
Posts: 4,217
That's too bad. I can't wait for them to work! I've tried at so many different places and every time it doesn't work and the person behind the counter gives me a really odd look and says "you swipe the card here"
Aug 2, 2014, 3:26 am
#5958
Join Date: Jan 2014
Location: LAX/SFO/OAK
Posts: 218
I got my EMV Schwab debit card earlier this week and was able to try several transactions at the same Walmart self-checkout. Here's what happened:
Note that, in the last instance, I had to force the terminal to run the card as credit. (If you select "Credit" at Walmart and swipe a debit card, it still prompts for a PIN. You have to indicate a second time that you wish to process the transaction as credit.)
A scenario I have yet to test is one wherein I swipe my Schwab debit card without first attempting to use the chip reader. Hence, I don't know if the swipes were accepted only because the terminal had already seen and rejected the chip.
- Select "Debit", Use Chip Reader: FAIL
- Select "Credit", Use Chip Reader: FAIL
- Select "Debit", Swipe Card: SUCCESS
- Select "Credit", Swipe Card: SUCCESS
Note that, in the last instance, I had to force the terminal to run the card as credit. (If you select "Credit" at Walmart and swipe a debit card, it still prompts for a PIN. You have to indicate a second time that you wish to process the transaction as credit.)
A scenario I have yet to test is one wherein I swipe my Schwab debit card without first attempting to use the chip reader. Hence, I don't know if the swipes were accepted only because the terminal had already seen and rejected the chip.
The day before I stopped by the liquor store close to my home that has EMV enabled. At first I just entered the card and the transaction went through as chip and signature. I asked the cashier if the terminal had asked him "credit or debit" like it normally does with debit cards and he said no. He suggested that I try swiping the card. So I bought something else and this time I swiped. The terminal told me to "insert or tap card". So at least the service code is working. I was about to insert my card when the cashier told me that the terminal is now is asking him "credit or debit". I told him debit and then I inserted the card. But again the terminal processed the transaction as chip and signature. Both times it used the same application on the card "Visa Debit" with AID A0000000031010 (which is the exact same AID as "Visa Credit").
To me it seems like the problem is that the terminal does not recognize the second application on the card, "US Debit" with AID A0000000980840. I did a little research and I found out that is a Visa owned AID. However it is not used anywhere else in the world (list of AIDs from around the world). So this lead me to believe that this AID must be the one that Visa created to handle merchant (Durbin Amendment) and customer choice when it comes to processing debit transactions (here, here). But this didn't explain why Walmart wouldn't process EMV debit transactions or why the terminal at the liquor store wasn't giving me a choice between "credit or debit". I did some more research and stumbled upon a document that explained it all (pdf here). The gist of it is that Walmart hasn't updated its terminals to support the 3 new "US Debit" applications (and AIDs) created by Visa, Mastercard, and the Debit Network Alliance for the United States. Walmart would be forced to do what the terminal at the liquor store above did, which is only process debit cards as credit cards (and pay the higher interchange fee for signature credit transactions). Until Walmart's terminals support the new applications/AIDs, it will continue processing debit cards as swipe only (to save on interchange fees) and we won't be able to use the chip on our debit cards. And until small businesses in the US have their EMV enabled terminals updated to support the new "US Debit" application, we'll only be able to do chip and signature credit transactions for debit cards.
Aug 2, 2014, 3:38 am
#5959
Join Date: Nov 2012
Posts: 3,537
Walmart seems to be proactively refusing chip debit cards. Not only that they seem to have a LOT of problems with their EMV system, not just here but even in Canada when I've been up there...
Aug 2, 2014, 4:26 am
#5960
Join Date: Jul 2006
Location: LAX
Programs: AA EXP 1.5MM, Asiana Club Silver, KE Morning Calm, Hyatt Platinum, Amtrak Select
Posts: 7,161
I just did the same tests today at my Neighborhood Walmart and got the same results....And until small businesses in the US have their EMV enabled terminals updated to support the new "US Debit" application, we'll only be able to do chip and signature credit transactions for debit cards.
This is exactly the reason why I think this thread is the most comprehensive place when it comes to EMV in the US. ^
Aug 2, 2014, 6:17 am
#5961
Join Date: Aug 2014
Posts: 49
* chip-less MC and Visa didn't work at the unattended Arlanda Express or T-bana ticket machines
* Amex Platinum chip-and-sign worked at the Arlanda Express machines, but not the T-bana ones
* I didn't have any trouble using non-chip-and-pin cards at restaurants, bars, or hotels other than the usual feeling bad for making life more difficult for the person swiping my card. Sometimes they knew I had to sign, sometimes I had to remind them, but the cards were always accepted.
Aug 2, 2014, 9:24 am
#5962
Join Date: Sep 2013
Programs: AA Lifetime Gold
Posts: 3,677
Temporary thread
I dont care the Chip and Signature because whenever this type of card can be used, the swipe card works just as fine. What you really need to make travel easier is the card with PIN capability, i.e. the Barclays Arrival+ among the main players. Everything else is just gimmick that does not help one at all in Europe when one needs to use an unmanned payment machine.
Frankly, I dont see any point to get the Chip and Signature card at this moment when it does NOT help in unmanned kiosk / gas station / toll booth in Europe, and it has all sorts of issues at WMT the biggest retailer here that first implements the emv terminals.
Frankly, I dont see any point to get the Chip and Signature card at this moment when it does NOT help in unmanned kiosk / gas station / toll booth in Europe, and it has all sorts of issues at WMT the biggest retailer here that first implements the emv terminals.
Whenever there was a manned payment station, it would default to signature anyway. So never used the pin function at all. And ended up paying cash at any unmanned kiosk.
Last edited by Brugge; Aug 3, 2014 at 9:31 am
Aug 2, 2014, 10:44 am
#5963
FlyerTalk Evangelist
Join Date: Jul 2003
Location: Florida
Posts: 29,760
Yeah, just got back from a month in Europe. I had been excited to have the chip and PIN Barclays card. It was basically useless. It is too thick to fit in the ticket kiosks. I watched locals put in their cards, enter the pin, and get their tickets. I'd try the same thing, and the card simply would not fit in the cc slot. My ATM card, with it's pin, worked fine, as it was the proper thickness. But I wanted to use my cc, since the ATM card doesn't give me any miles/points. My Barclays pin was useless.
Whenever there was a manned payment station, it would default to signature anyway. So never used the pin function at all. And ended up paying cash at any unmanned kiosk.
Whenever there was a manned payment station, it would default to signature anyway. So never used the pin function at all. And ended up paying cash at any unmanned kiosk.
In which countries you try to use your Barclays A+ card? I hope it is not France as that is where we are heading in Sept and count on it to work at unmanned gas stations which we may come across a lot in our 8 days driving.
Would you mind to post your experiences in both the A+ thread and the EMV card thread? (the latter thread as you know, is a bit nutty in that a lot of posters dwell on the technical instead of the practicality of the cards for us the US card holders.)
Aug 2, 2014, 10:52 am
#5964
FlyerTalk Evangelist
Join Date: Jul 2003
Location: Florida
Posts: 29,760
Barclays A+ card is TOO THICK to fit in the kiosk slot!
I want to bring this post to the attention of this thread
http://www.flyertalk.com/forum/23298518-post331.html
So, not only we are facing the PIN issue, in this case, the PIN is USELESS because the card could not even fit into the slot at the Kiosk!
I asked the poster to tell us which countries he was trying to use the card and would update this thread if he does not come over to post here.
http://www.flyertalk.com/forum/23298518-post331.html
So, not only we are facing the PIN issue, in this case, the PIN is USELESS because the card could not even fit into the slot at the Kiosk!
I asked the poster to tell us which countries he was trying to use the card and would update this thread if he does not come over to post here.
Aug 2, 2014, 11:01 am
#5965
FlyerTalk Evangelist
Join Date: Jul 2003
Location: Florida
Posts: 29,760
Last Spring we had to pay like $30 to $40 in Coins for the toll roads from Avignon to Lyon. Horrible experiences.
Yup, the primary reason to get the A+ is for usage in Europe, though the $440 bonus and the 2.2x earning rate also are among the best in the cash rebate cards except the AF from 2nd year. Though Barclays seems to be willing to waive it about 50% of the time based on the retention thread. That is why we opt for just one card and then rotate to spousal unit if the 2nd year AF is not waived when time comes next July.
Aug 2, 2014, 11:05 am
#5966
FlyerTalk Evangelist
Join Date: Jul 2003
Location: Florida
Posts: 29,760
Used swipe cards exclusively at all places and never had any issue.
Aug 2, 2014, 11:06 am
#5967
Join Date: Nov 2012
Posts: 3,537
Last year in Stockholm...
* chip-less MC and Visa didn't work at the unattended Arlanda Express or T-bana ticket machines
* Amex Platinum chip-and-sign worked at the Arlanda Express machines, but not the T-bana ones
* I didn't have any trouble using non-chip-and-pin cards at restaurants, bars, or hotels other than the usual feeling bad for making life more difficult for the person swiping my card. Sometimes they knew I had to sign, sometimes I had to remind them, but the cards were always accepted.
* chip-less MC and Visa didn't work at the unattended Arlanda Express or T-bana ticket machines
* Amex Platinum chip-and-sign worked at the Arlanda Express machines, but not the T-bana ones
* I didn't have any trouble using non-chip-and-pin cards at restaurants, bars, or hotels other than the usual feeling bad for making life more difficult for the person swiping my card. Sometimes they knew I had to sign, sometimes I had to remind them, but the cards were always accepted.
Aug 2, 2014, 11:11 am
#5968
FlyerTalk Evangelist
Join Date: Jul 2003
Location: Florida
Posts: 29,760
In this regard, the US has the rest of the world beat. And this is unlikely to change even when the EMV switchover happens. So hurray for Murica in this regard.
But the major annoyance of this is that while we may have these consumer protection laws, the more we keep the system vulnerable and the way it is, it causes frequent annoyances over and over again.
If credit card fraud happens once in a blue moon, then fine. But we're at tipping point where credit card fraud is happening almost everyday so long as we stick to using mag-stripes. Get a card, fraud happens the next week, shut it down, get a new card, card gets skimmed few weeks later... it becomes annoying and a nuisance.
That's probably the major shift that happened with the Target breach last year. Didn't have an affect with past breaches like Michaels. But Target was different; every cardholder in America realized that if hackers can breach a place like Target where almost every American from poor to rich shops at, it can happen anywhere.
But the major annoyance of this is that while we may have these consumer protection laws, the more we keep the system vulnerable and the way it is, it causes frequent annoyances over and over again.
If credit card fraud happens once in a blue moon, then fine. But we're at tipping point where credit card fraud is happening almost everyday so long as we stick to using mag-stripes. Get a card, fraud happens the next week, shut it down, get a new card, card gets skimmed few weeks later... it becomes annoying and a nuisance.
That's probably the major shift that happened with the Target breach last year. Didn't have an affect with past breaches like Michaels. But Target was different; every cardholder in America realized that if hackers can breach a place like Target where almost every American from poor to rich shops at, it can happen anywhere.
Also as I mentioned before, the biggest breach occurred at the Merchants level where their security system is breached, lots of time at the server level. In one case it was like the back up tape was lost in transportation that happened a few years ago.
I dont see emv cards could have prevented the above breaches at the merchants level.
On top of that, you GROSSLY overestimate the awareness of ordinary Americans on credit card fraud. Most ordinary folks I encountered, like neighbors, WMT MC cashiers, store clerks, they seem to just avoid using credit cards all together, and resort to either cash or debit cards!!! Very backward and very ignorant as they dont have the idea of the protection offered by credit card.
Worse, they have no clue what a true ID theft is - your credit card fraudulent charges do NOT equal to ID theft, but the medias would make it so to generate the sensationalism. As a matter of fact, right here on this thread, some of the esteemed members also seem to confuse a credit card fraudulent charge as ID Theft...
The true ID Theft, i.e. your SSN being stolen to be used in monetary transactions such as applying a car loan/ mortgage, open a bank account and such, are in a MUCH LOWER numbers than credit card fraudulent charges.
The other BIG ID Theft occurrence of course, is the fraudulent Tax Return being filed - but that has absolutely nothing to do with the "breach at Target" type of security breach! Yet, such incidents are being lumped into everything called "ID Theft".
Last edited by Happy; Aug 2, 2014 at 11:17 am
Aug 2, 2014, 11:25 am
#5969
Join Date: Nov 2012
Posts: 3,537
I dont know about others but as I said, we have had only 3 credit card fraudulent charges in TWENTY YEARS history of using credit cards. Granted, each time it is someone stole the information from the mag strip and sold that to the bigger crooks as the breaches did not occur until 30 to 45 days later.
Also as I mentioned before, the biggest breach occurred at the Merchants level where their security system is breached, lots of time at the server level. In one case it was like the back up tape was lost in transportation that happened a few years ago.
I dont see emv cards could have prevented the above breaches at the merchants level.
On top of that, you GROSSLY overestimate the awareness of ordinary Americans on credit card fraud. Most ordinary folks I encountered, like neighbors, WMT MC cashiers, store clerks, they seem to just avoid using credit cards all together, and resort to either cash or debit cards!!! Very backward and very ignorant as they dont have the idea of the protection offered by credit card.
Also as I mentioned before, the biggest breach occurred at the Merchants level where their security system is breached, lots of time at the server level. In one case it was like the back up tape was lost in transportation that happened a few years ago.
I dont see emv cards could have prevented the above breaches at the merchants level.
On top of that, you GROSSLY overestimate the awareness of ordinary Americans on credit card fraud. Most ordinary folks I encountered, like neighbors, WMT MC cashiers, store clerks, they seem to just avoid using credit cards all together, and resort to either cash or debit cards!!! Very backward and very ignorant as they dont have the idea of the protection offered by credit card.
EMV wouldn't have prevented the breaches, per se. It'd have made the data almost worthless. That's just as good because who will breach a system for nearly worthless data?
Aug 2, 2014, 11:40 am
#5970
FlyerTalk Evangelist
Join Date: Jul 2003
Location: Florida
Posts: 29,760
If it happens, it is really not a big deal other than some annoyance and efforts to inform your banks then take care of the paperwork entailed.
I also would like to point out, if the cloned card is used to make RECURRING charges, then you would have a much bigger mess on hand to deal with - usually the bank would take care of your card side but you would need to get that crap cleared with the merchant side where it was fed the fraudulent card for recurring billing. Most people probably have no idea this is the case.
The breach occurred in 2011, card was cloned and used at 24/7 gym in Los Angeles area for recurring charges. It was a Chase card. Chase told me it could NOT stop the fraudulent charge (which happened again after new card number was issued) because the initial authorization was for Recurring authorizations. Chase told me to just keep reporting it.
Or, to track the merchant down and inform the merchant of the fraudulent usage of the card... 
I did tracked down the merchant, and talked to several supervisors all asked me to give them the card number involved. I didn't but asked for the direct contact phone number to the billing dept which was located at Panama City, Panama, Central America! Though I lucked out as the guy took my call was really helpful, went over the billing records and told me it was a POS sale when it started (hence a cloned card was used). He agreed to stop any further recurring charges could be billed to this number. After waiting 2 billing cycles without any more fraudulent charges showing up, I canceled the card for good.
I would also tell you my brother's experience 3 years ago. His Citi card info was stolen. Someone used it to subscribe TIVO services. Citi took care of the card side but TIVO went after him for the unpaid bills now the card was canceled, using a collection agency no less. My brother had to file a police report and went thru hoops with TIVO to sort that out.
This is what most people may not be aware of when a breach occurred - if it is a recurring transaction, you do need to take more efforts to get that clear up from the merchant's side.