tmiw

Most people eventually get over it when something new comes out.

That said, the US implementation definitely isn't ideal. The only real difference is we insert or tap now instead of swiping; other than there being a bit more customer facing terminals than there used to be, cards basically work the same as they always have from a cardholder's perspective. I'd have preferred we forced 100% cardholder facing equipment (either by requiring PIN and/or imposing some new card network/federal rules) because as it is, the US probably will never reach 100% merchant acceptance of contactless (especially if you're using a phone or watch instead of a card).

reft

Original title was Chip & Pin. Chip made it. Pin did not. It was Chip and Signature for a while, with the dollar value of transactions requiring signature has risen. At the same time, a lot of spend moved to online, no stripe, no chip, no pin. The ultimate form of contactless.

Magstripe is present at the grocery store for non-CC payment methods, keeping the older technology alive.

Chip hasn't made it to gas stations around here. It's swipe and zip code. The deadline swept through like a warm breeze on a summer day and then was gone.

The carbon-paper impression systems seemed to have finally vanished. It did take a very long time, but it finally went away. Mostly. You can still buy the forms from Staples and on Amazon. An impression machine will cost you $50. Technology is like that. Faxes are still around, and hospitals are infested with pagers, 'old' tech hanging on.

tmiw

Theoretically signature isn't required at all anymore, regardless of the amount. However, there are enough places out there that either distrust the card networks and/or their customers (e.g. restaurants believing--possibly rightfully so--that people will tip better/at all if they sign) that we'll probably be stuck with it for a long while.

A significant amount of that was basically because we had no choice (thanks to COVID-related lockdowns, etc.) How much of that will revert back to in-person purchases (if it hasn't already) is still unknown, but considering that nearly all drive-thrus already went back to running cards for customers around here vs. handing the terminal out the window (as an example), I wouldn't be surprised if the majority of that spend does revert back.

The liability shift for those wasn't exactly that long ago, having gotten pushed back at least twice (with one of those delays being COVID related). Remember that it took at least a few years after the 2015 liability shift to even get to the point where the majority of regular stores were inserting, and that didn't involve significant construction effort (like it has depending on the gas station involved).

FWIW, the majority of gas stations around here seem to at least run the chip at the pump, if not support tapping. Legacy 7-Eleven locations being the huge exception, but at least those support chip/tap inside.

cbn42

I think that at this point, the liability shift is pretty meaningless. Fraudsters have moved on from stealing/cloning credit cards. It's not worth their time to use a stolen credit card to fill up their tank at a gas station. They would rather focus on hacking databases.

Even when the original liability shift (for non-gas station merchants) happened, a lot of small merchants ignored it and took their sweet time, figuring that their fraud rates were already pretty low due to the type of transactions and average amount.

tmiw

Sure, but if they really did suffer no added liability up until now, there'd still be a whole lot of places that are swipe-only (or maybe only upgraded within the last couple of years solely to get contactless and got EMV along with it). The reason why hackers have (mostly) gone away from skimming is because it's difficult to find a swipe-only merchant now.

Really, the way it worked out was probably close to the best it could have. Considering our timeline, a card network or legal mandate instead of the liability shift (for EMV itself and/or for PIN) before the vast majority had already upgraded would probably have made a significant number of merchants go cash-only or something. It's not like a bunch don't already dislike the networks for other reasons (e.g. interchange), after all.

cbn42

I think it's simply because swipe-only terminals are no longer available. It's been 7 years since the liability shift, which is enough time for most terminals to have reached the end of their life cycle. Even with no added liability, merchants are going to get EMV terminals because there is really nothing else on the market.

tmiw

Swipe-only hardware was still being sold for at least a year or two after the supposed 2015 liability shift, too. Not to mention that it's apparently still possible to disable chip on some new hardware (recent example: Pei Wei, which now uses the same Equinox terminals that Chipotle and Walgreens use and only supports swiping and tapping, unlike the latter two). Fortunately, I don't know anyone else that does the same at this point.

emvchip

It's a bit more than that...cards can't be duplicated/used easily. As a result, a huge category of card present fraud has largely gone away, and many big issuers don't even require foreign travel notifications anymore. Sure it's not perfect, fraudsters can try to force magnetic stripe acceptance, but it's far more difficult than it used to be for the carding fraud rings.

tmiw

Agreed on the security improvements. I was referring more to how PIN still isn't required (and likely never will be for reasons discussed hundreds of times before) plus how a large number of places still run cards for customers vs. having customers do the inserting or tapping. If it was just PIN not being required but we got everything else Europe, etc. have (e.g. ubiquitous contactless acceptance and near 100% pay at the table at restaurants), I could live with that.

(In fact, just the other day the In-N-Out drive-thru person tapped my card for me instead of handing the terminal out the window. And I know they're able to do the latter, too, as they did so for about a six month stretch during the pandemic. I'm sure if I said I wanted to use "Apple Pay" they'd have done so, but still.)

Belmont_

FPBP. If you even hint at disclosing your PIN to anyone, even your spouse, or ever writing it down, they burn you for the fraudulent tx amount. Combined with the fact that CDIC only insures up to CAD $100,000 in most cases - you can literally get rinsed for millions in theory.

reft

I watched other transactions for the last month, grocery and other retail.

PIN is alive, but for debit cards, suggesting any issues with PINs are solvable by the consumer, if they must.

Swipe is alive, but seemingly not for credit cards. It seems to turn up for debit was well as other similar cards, eg: loyalty cards that have a magstripe as well as a barcode. There seems to be less of an occurrence with bad magstripes where the clerk does tricks with plastic bags to get it to read. In some cases a transaction requires two payment cards so at least some POS systems are handling splits where it's not an oddball transaction.

Inserted Chips seem to be mostly working, but occasionally bring the operation to halt when the chip mis-reads the first time.

Contactless doesn't seem to be in as much use.

For Inserted and Contactless, most people wait for the transaction to finish before inserting. It's faster if you do it and get it over, especially the contactless, but people want to see a number. This appears to occur even when the keypad does ask for the amount to be approved before finishing the transaction, for higher value transactions.

The above isn't data, it is more a collection of anecdotes and different geographies would probably turn up different results.

tmiw

Yeah, it's basically the same as it's always been. However, I'd say the majority of places will let you just not use a PIN at all for purchases if you want, which is why people tend to say that debit cards are also chip and signature in the US (along with credit cards).

BTW another one of those things that weirdly isn't that common: PINless debit (i.e. running debit cards over the debit networks without providing a PIN instead of over Visa or MC). You'd think a lot of places would be all over it given how many complaints there have been about interchange over the years.

Outside of gift cards, swipe seems to be most common with HSA and other similar type cards in my experience. Given that those can only be used with a limited set of merchants, there's probably not too much fraud coming from those (though I don't know for sure).

This is probably something that's still pretty location-dependent. Visa recently said that contactless is >50% in NYC and the Bay Area, for instance, while the country-wide average is a bit lower.

That said, at least usage is still growing. It sucks that we needed a pandemic (and its associated mortality and morbidity) for that to happen, though, but that's probably a different discussion.

It's actually good practice not to tap or insert before they're finished scanning your items. However, the ability to run your card at any point in the transaction is another one of those things that people expect, hence why that needed to be added for chip and contactless.

SPN Lifer

I just had my first contactless purchase in two years back in the CNMI, USA.

It was a tiny purchase at a small grocery store. My usual credit card purchases have been by inserting into a chip reader.

phltraveler

This US Payments Forum Paper from 2019 (specifically the summary on Page 15, last page of PDF) seems to indicate that it requires proper routing on the US Common Debit AID, and that even with PIN bypass correctly enabled, it can create issuer declines and lost sales. If selectable kernel configuration is used, lost/stolen liability can occur on networks with a shift. If the global AID is used then no lost/stolen liability but it's the most expensive.

It seems like an area where a lot of merchants have said between the complexity and uncertainty and debit card users being used to PIN entry, might as well leave it on.

tmiw

As someone who's had PIN preferring cards outright refused by US merchants before, "chip and choice" (mentioned in the summary of that PDF) is really de facto chip and signature without any real enforcement. We almost would have been better off if the networks just made signature/no CVM the official standard (and required disabling PIN as a CVM at the terminal level), at least from a UX perspective.

Anyway, given the number of problems I've seen trying to run contactless debit (to the point where most merchants don't even bother using anything other than the global AID anymore), I'm not surprised PINless debit (even just when inserting) isn't more common.