Should USA card issuers adopt EMV (Chip & PIN)? [Opinion discussion]
#316
FlyerTalk Evangelist
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,508
I wonder how many people who back then said so-and-so about how mag-stripe is still king and EMV will never take off, now regularly dip their EMV chipped cards when they go out and buy groceries or those who said I don't want those darn contactless things because hackers can steal my info from a mile away are regularly doing that at 7-Eleven. LMAO
That said, the US implementation definitely isn't ideal. The only real difference is we insert or tap now instead of swiping; other than there being a bit more customer facing terminals than there used to be, cards basically work the same as they always have from a cardholder's perspective. I'd have preferred we forced 100% cardholder facing equipment (either by requiring PIN and/or imposing some new card network/federal rules) because as it is, the US probably will never reach 100% merchant acceptance of contactless (especially if you're using a phone or watch instead of a card).
#317
Join Date: Feb 2010
Location: US
Programs: (PM)AA SPG (Marriott), Hilton
Posts: 1,040
Wow out on a whim I re-read this entire thread and it's like opening up a time capsule from 12 years ago.
I wonder how many people who back then said so-and-so about how mag-stripe is still king and EMV will never take off, now regularly dip their EMV chipped cards when they go out and buy groceries or those who said I don't want those darn contactless things because hackers can steal my info from a mile away are regularly doing that at 7-Eleven. LMAO
I wonder how many people who back then said so-and-so about how mag-stripe is still king and EMV will never take off, now regularly dip their EMV chipped cards when they go out and buy groceries or those who said I don't want those darn contactless things because hackers can steal my info from a mile away are regularly doing that at 7-Eleven. LMAO
Magstripe is present at the grocery store for non-CC payment methods, keeping the older technology alive.
Chip hasn't made it to gas stations around here. It's swipe and zip code. The deadline swept through like a warm breeze on a summer day and then was gone.
The carbon-paper impression systems seemed to have finally vanished. It did take a very long time, but it finally went away. Mostly. You can still buy the forms from Staples and on Amazon. An impression machine will cost you $50. Technology is like that. Faxes are still around, and hospitals are infested with pagers, 'old' tech hanging on.
#318
FlyerTalk Evangelist
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,508
Theoretically signature isn't required at all anymore, regardless of the amount. However, there are enough places out there that either distrust the card networks and/or their customers (e.g. restaurants believing--possibly rightfully so--that people will tip better/at all if they sign) that we'll probably be stuck with it for a long while.
A significant amount of that was basically because we had no choice (thanks to COVID-related lockdowns, etc.) How much of that will revert back to in-person purchases (if it hasn't already) is still unknown, but considering that nearly all drive-thrus already went back to running cards for customers around here vs. handing the terminal out the window (as an example), I wouldn't be surprised if the majority of that spend does revert back.
The liability shift for those wasn't exactly that long ago, having gotten pushed back at least twice (with one of those delays being COVID related). Remember that it took at least a few years after the 2015 liability shift to even get to the point where the majority of regular stores were inserting, and that didn't involve significant construction effort (like it has depending on the gas station involved).
FWIW, the majority of gas stations around here seem to at least run the chip at the pump, if not support tapping. Legacy 7-Eleven locations being the huge exception, but at least those support chip/tap inside.
The liability shift for those wasn't exactly that long ago, having gotten pushed back at least twice (with one of those delays being COVID related). Remember that it took at least a few years after the 2015 liability shift to even get to the point where the majority of regular stores were inserting, and that didn't involve significant construction effort (like it has depending on the gas station involved).
FWIW, the majority of gas stations around here seem to at least run the chip at the pump, if not support tapping. Legacy 7-Eleven locations being the huge exception, but at least those support chip/tap inside.
#319
Moderator: Manufactured Spending
Join Date: Jul 2011
Posts: 6,580
The liability shift for those wasn't exactly that long ago, having gotten pushed back at least twice (with one of those delays being COVID related). Remember that it took at least a few years after the 2015 liability shift to even get to the point where the majority of regular stores were inserting, and that didn't involve significant construction effort (like it has depending on the gas station involved).
FWIW, the majority of gas stations around here seem to at least run the chip at the pump, if not support tapping. Legacy 7-Eleven locations being the huge exception, but at least those support chip/tap inside.
FWIW, the majority of gas stations around here seem to at least run the chip at the pump, if not support tapping. Legacy 7-Eleven locations being the huge exception, but at least those support chip/tap inside.
Even when the original liability shift (for non-gas station merchants) happened, a lot of small merchants ignored it and took their sweet time, figuring that their fraud rates were already pretty low due to the type of transactions and average amount.
#320
FlyerTalk Evangelist
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,508
I think that at this point, the liability shift is pretty meaningless. Fraudsters have moved on from stealing/cloning credit cards. It's not worth their time to use a stolen credit card to fill up their tank at a gas station. They would rather focus on hacking databases.
Even when the original liability shift (for non-gas station merchants) happened, a lot of small merchants ignored it and took their sweet time, figuring that their fraud rates were already pretty low due to the type of transactions and average amount.
Even when the original liability shift (for non-gas station merchants) happened, a lot of small merchants ignored it and took their sweet time, figuring that their fraud rates were already pretty low due to the type of transactions and average amount.
Really, the way it worked out was probably close to the best it could have. Considering our timeline, a card network or legal mandate instead of the liability shift (for EMV itself and/or for PIN) before the vast majority had already upgraded would probably have made a significant number of merchants go cash-only or something. It's not like a bunch don't already dislike the networks for other reasons (e.g. interchange), after all.
#321
Moderator: Manufactured Spending
Join Date: Jul 2011
Posts: 6,580
Sure, but if they really did suffer no added liability up until now, there'd still be a whole lot of places that are swipe-only (or maybe only upgraded within the last couple of years solely to get contactless and got EMV along with it). The reason why hackers have (mostly) gone away from skimming is because it's difficult to find a swipe-only merchant now.
#322
FlyerTalk Evangelist
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,508
I think it's simply because swipe-only terminals are no longer available. It's been 7 years since the liability shift, which is enough time for most terminals to have reached the end of their life cycle. Even with no added liability, merchants are going to get EMV terminals because there is really nothing else on the market.
#323
Join Date: Feb 2013
Posts: 401
EMV Security Improvements
It's a bit more than that...cards can't be duplicated/used easily. As a result, a huge category of card present fraud has largely gone away, and many big issuers don't even require foreign travel notifications anymore. Sure it's not perfect, fraudsters can try to force magnetic stripe acceptance, but it's far more difficult than it used to be for the carding fraud rings.
#324
FlyerTalk Evangelist
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,508
It's a bit more than that...cards can't be duplicated/used easily. As a result, a huge category of card present fraud has largely gone away, and many big issuers don't even require foreign travel notifications anymore. Sure it's not perfect, fraudsters can try to force magnetic stripe acceptance, but it's far more difficult than it used to be for the carding fraud rings.
(In fact, just the other day the In-N-Out drive-thru person tapped my card for me instead of handing the terminal out the window. And I know they're able to do the latter, too, as they did so for about a six month stretch during the pandemic. I'm sure if I said I wanted to use "Apple Pay" they'd have done so, but still.)
#325
Join Date: Jul 2020
Location: Toronto
Posts: 25
FPBP. If you even hint at disclosing your PIN to anyone, even your spouse, or ever writing it down, they burn you for the fraudulent tx amount. Combined with the fact that CDIC only insures up to CAD $100,000 in most cases - you can literally get rinsed for millions in theory.
#326
Join Date: Feb 2010
Location: US
Programs: (PM)AA SPG (Marriott), Hilton
Posts: 1,040
Agreed on the security improvements. I was referring more to how PIN still isn't required (and likely never will be for reasons discussed hundreds of times before) plus how a large number of places still run cards for customers vs. having customers do the inserting or tapping. If it was just PIN not being required but we got everything else Europe, etc. have (e.g. ubiquitous contactless acceptance and near 100% pay at the table at restaurants), I could live with that.
PIN is alive, but for debit cards, suggesting any issues with PINs are solvable by the consumer, if they must.
Swipe is alive, but seemingly not for credit cards. It seems to turn up for debit was well as other similar cards, eg: loyalty cards that have a magstripe as well as a barcode. There seems to be less of an occurrence with bad magstripes where the clerk does tricks with plastic bags to get it to read. In some cases a transaction requires two payment cards so at least some POS systems are handling splits where it's not an oddball transaction.
Inserted Chips seem to be mostly working, but occasionally bring the operation to halt when the chip mis-reads the first time.
Contactless doesn't seem to be in as much use.
For Inserted and Contactless, most people wait for the transaction to finish before inserting. It's faster if you do it and get it over, especially the contactless, but people want to see a number. This appears to occur even when the keypad does ask for the amount to be approved before finishing the transaction, for higher value transactions.
The above isn't data, it is more a collection of anecdotes and different geographies would probably turn up different results.
#327
FlyerTalk Evangelist
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,508
BTW another one of those things that weirdly isn't that common: PINless debit (i.e. running debit cards over the debit networks without providing a PIN instead of over Visa or MC). You'd think a lot of places would be all over it given how many complaints there have been about interchange over the years.
This is probably something that's still pretty location-dependent. Visa recently said that contactless is >50% in NYC and the Bay Area, for instance, while the country-wide average is a bit lower.
That said, at least usage is still growing. It sucks that we needed a pandemic (and its associated mortality and morbidity) for that to happen, though, but that's probably a different discussion.
For Inserted and Contactless, most people wait for the transaction to finish before inserting. It's faster if you do it and get it over, especially the contactless, but people want to see a number. This appears to occur even when the keypad does ask for the amount to be approved before finishing the transaction, for higher value transactions.
#328
FlyerTalk Evangelist
Join Date: Mar 2002
Location: Saipan, MP 96950 USA (Commonwealth of the Northern Mariana Islands = the CNMI)
Programs: UA Silver, Hilton Silver. Life: UA .57 MM, United & Admirals Clubs (spousal), Marriott Platinum
Posts: 15,056
I just had my first contactless purchase in two years back in the CNMI, USA.
It was a tiny purchase at a small grocery store. My usual credit card purchases have been by inserting into a chip reader.
It was a tiny purchase at a small grocery store. My usual credit card purchases have been by inserting into a chip reader.
#329
Join Date: May 2013
Location: New York
Programs: UA Silver, Marriott LTPP, Hertz Five Star
Posts: 1,079
BTW another one of those things that weirdly isn't that common: PINless debit (i.e. running debit cards over the debit networks without providing a PIN instead of over Visa or MC). You'd think a lot of places would be all over it given how many complaints there have been about interchange over the years.
It seems like an area where a lot of merchants have said between the complexity and uncertainty and debit card users being used to PIN entry, might as well leave it on.
#330
FlyerTalk Evangelist
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,508
This US Payments Forum Paper from 2019 (specifically the summary on Page 15, last page of PDF) seems to indicate that it requires proper routing on the US Common Debit AID, and that even with PIN bypass correctly enabled, it can create issuer declines and lost sales. If selectable kernel configuration is used, lost/stolen liability can occur on networks with a shift. If the global AID is used then no lost/stolen liability but it's the most expensive.
It seems like an area where a lot of merchants have said between the complexity and uncertainty and debit card users being used to PIN entry, might as well leave it on.
It seems like an area where a lot of merchants have said between the complexity and uncertainty and debit card users being used to PIN entry, might as well leave it on.
Anyway, given the number of problems I've seen trying to run contactless debit (to the point where most merchants don't even bother using anything other than the global AID anymore), I'm not surprised PINless debit (even just when inserting) isn't more common.