Should USA card issuers adopt EMV (Chip & PIN)? [Opinion discussion]
#91
Moderator: Manufactured Spending
Join Date: Jul 2011
Posts: 6,580
Of course it does. When the banks simply tell the court that their equipment is designed to not accept mismatching PINs, the court knows full well that the bank can never prove with 100% certainty that there are no flaws (it's been proven that no complex software can be 100% bug free) -- and courts accept this.
#92
Join Date: Aug 2010
Posts: 286
The link I have is down, but it's covered in wikipedia.
#93
FlyerTalk Evangelist
Join Date: Feb 2010
Posts: 13,573
Hybrid cards are no less secure than magstrip cards. In countries that mandate chip support (EU/UK), they provide greater security as the chip aspect significantly decreases the chance the transaction was conducted using the actual card (not a clone). Accepting a signature for a chip-and-pin card in these locations is a good indicator for fraud.
Once all cards are hybrids, and all terminals accept EMV/Chips, we can remove magstrips and everything becomes a lot more secure. No more cloning cards. This is a very long process, but it will pay off in the end.
It is still possible to physically copy all the important details and use for internet transactions, assuming we haven't smartened up by then and require additional checks for 'card-not-present' transactions (e.g. properly matching billing address, or some form of 2 factor authentication better than the 'verified by visa' passwords and 'mastercard mastercode' that we have now).
Once all cards are hybrids, and all terminals accept EMV/Chips, we can remove magstrips and everything becomes a lot more secure. No more cloning cards. This is a very long process, but it will pay off in the end.
It is still possible to physically copy all the important details and use for internet transactions, assuming we haven't smartened up by then and require additional checks for 'card-not-present' transactions (e.g. properly matching billing address, or some form of 2 factor authentication better than the 'verified by visa' passwords and 'mastercard mastercode' that we have now).
#94
Moderator: Manufactured Spending
Join Date: Jul 2011
Posts: 6,580
The link I have is down, but it's covered in wikipedia.
Essentially British regulators failed to update the liability policies when chip-and-pin came out.
It has nothing to do with any inherent legal principles.
It also has nothing to do with the US, or any other country.
#95
Join Date: Aug 2010
Posts: 286
So far you've just been an energy drain in this thread. You've brought ideas that are inconsistent with US legal principles, and you've shown no basis for this; and shown nothing that even attempts to convince. Yet you've demanded evidence to the contrary, trying burden others to do your research. If I'm going to spend copious time to digging through case law, it's not going to be used to gather esoteric and obvious data that I already have confidence on. Do your own research, and come back to us when you have something compelling.
You've been told the US-specific data on this is in the statutes. And specifically, you've been told that the US statutes are as favorable to the consumer as the pre-2009 British ones, which do not include a higher standard of evidence to prove legitimacy of PIN authentication. Regulation E does not add the missing PIN forgery protections.
Proving a negative is 10-100 times the effort of proving a positive. Since you're convinced of the positive (that US law covers the PIN forgery protection I'm claiming is absent), do some research, and cite a specific legal reference for the statute showing this protection, which can be leveraged with Regulation E.
#96
Moderator: Manufactured Spending
Join Date: Jul 2011
Posts: 6,580
Such comments are not necessary.
You've brought ideas that are inconsistent with US legal principles, and you've shown no basis for this; and shown nothing that even attempts to convince. Yet you've demanded evidence to the contrary, trying burden others to do your research. If I'm going to spend copious time to digging through case law, it's not going to be used to gather esoteric and obvious data that I already have confidence on. Do your own research, and come back to us when you have something compelling.
Proving a negative is 10-100 times the effort of proving a positive. Since you're convinced of the positive (that US law covers the PIN forgery protection I'm claiming is absent), do some research, and cite a specific legal reference for the statute showing this protection, which can be leveraged with Regulation E.
Here is the text so that you can confirm this for yourself.
http://www.fdic.gov/regulations/laws...6500-3100.html
#97
Original Poster
Join Date: Jul 2006
Location: LAX
Programs: AA EXP 1.5MM, Asiana Club Silver, KE Morning Calm, Hyatt Platinum, Amtrak Select
Posts: 7,161
IMO, signature verification these days is a vestigial remnant from the early days when credit cards were first issued back in the 1950s where graphology was actually considered "solid science."
No one hardly ever checks signature these days especially when credit/debit cards has become so common that everyone from the uber-rich to the low-income food stamp recipient has one (what, poor people can't open bank accounts and have VISA debit cards? ).
If credit/debit cards have becomes so common, no minimum wage cashier is going to spend extra time actually checking the signature on the card anyway; they're more worried about getting through to the next Joe in line behind you. Just look at the Costco "awards" on how many customers per hour a cashier could process.
The signature verification is outdated and isn't in line with actually detecting fraud these days. Any would-be crook can skim a card, copy the mag-stripe data over to a blank card, and sign for an item with any signature. No one checks anyway.
Sure, in theory merchants have to check signatures as verification. Reality is, the low end minimum wage earning cashiers don't give a hoot.
No one hardly ever checks signature these days especially when credit/debit cards has become so common that everyone from the uber-rich to the low-income food stamp recipient has one (what, poor people can't open bank accounts and have VISA debit cards? ).
If credit/debit cards have becomes so common, no minimum wage cashier is going to spend extra time actually checking the signature on the card anyway; they're more worried about getting through to the next Joe in line behind you. Just look at the Costco "awards" on how many customers per hour a cashier could process.
The signature verification is outdated and isn't in line with actually detecting fraud these days. Any would-be crook can skim a card, copy the mag-stripe data over to a blank card, and sign for an item with any signature. No one checks anyway.
Sure, in theory merchants have to check signatures as verification. Reality is, the low end minimum wage earning cashiers don't give a hoot.
Last edited by kebosabi; Oct 14, 2011 at 5:26 pm
#98
Join Date: Aug 2010
Posts: 286
If you didn't ask for what you wanted, then ask for what you want -- but please don't repeat answered questions, it wastes everyones time.
Of course I have. You have not, and your the one making a positive claim here.
The transaction could have been done with a PIN, with a signature, over the phone, or with a manual imprinter. The law doesn't care. Regulation E was intentionally written in such a way that it applies no matter what verification method is used, so that it can be adapted to new technology.
Here is the text so that you can confirm this for yourself.
http://www.fdic.gov/regulations/laws...6500-3100.html
http://www.fdic.gov/regulations/laws...6500-3100.html
You're claiming protection from PIN forgery exists -- now show us where. Which statute do you believe guides the court to find that a matching pin is insufficient for determining that a transaction is not fraudulent?
#99
Moderator: Manufactured Spending
Join Date: Jul 2011
Posts: 6,580
(I'm not going to bother replying to all the other lines in your post, because we are just going around in circles with those points and not getting anywhere.)
#100
Join Date: Aug 2010
Posts: 286
This is a false cause fallacy. The liability is the same once it's been established that you have a fraudulent transaction.
It's not really a circle if you neglect what I said and instead recycle a refuted claim. It's a circle with a gap because you have not addressed my points.
Last edited by garyschmitt; Oct 15, 2011 at 7:59 am
#101
Moderator: Manufactured Spending
Join Date: Jul 2011
Posts: 6,580
Next time make sure the law you are reading is relevant to the matter at hand before you start picking out random clauses and applying them to whatever situation you want.
#102
Join Date: Aug 2010
Posts: 286
The Uniform Commercial Code is applicable only to negotiable instruments. By definition, a credit card is not a negotiable instrument, as explicitly stated in UCC § 4-104 (a)(9). The Uniform Commercial Code is completely irrelevant to credit and debit cards.
Next time make sure the law you are reading is relevant to the matter at hand before you start picking out random clauses and applying them to whatever situation you want.
Next time make sure the law you are reading is relevant to the matter at hand before you start picking out random clauses and applying them to whatever situation you want.
This is merely an ignoratio elenchi fallacy. Regardless of the applicability of UCC § 3-401, you still have the same standard of evidence for signature authorization as for pin authorization. You've failed again to show otherwise. I could say "dogs have blue hair", but if you can prove otherwise it doesn't matter because doing so does not support your thesis.
#103
Moderator: Manufactured Spending
Join Date: Jul 2011
Posts: 6,580
And?
This is merely an ignoratio elenchi fallacy. Regardless of the applicability of UCC § 3-401, you still have the same standard of evidence for signature authorization as for pin authorization. You've failed again to show otherwise. I could say "dogs have blue hair", but if you can prove otherwise it doesn't matter because doing so does not support your thesis.
This is merely an ignoratio elenchi fallacy. Regardless of the applicability of UCC § 3-401, you still have the same standard of evidence for signature authorization as for pin authorization. You've failed again to show otherwise. I could say "dogs have blue hair", but if you can prove otherwise it doesn't matter because doing so does not support your thesis.
Here is the New York Times' take on the issue, in which they quote a Visa spokesperson and an analyst explicitly stating that there will be no change in liability: http://bucks.blogs.nytimes.com/2011/...mer-liability/
I am done with this discussion.
#104
Join Date: Aug 2010
Posts: 286
Gary, I'm not even sure what to say to you any more. While you seem well versed in the various types of logical fallacies, you don't seem to know too much about the American legal system (this is just an observation based on this thread, I don't mean it to be offensive in any way).
Here is the New York Times' take on the issue, in which they quote a Visa spokesperson and an analyst explicitly stating that there will be no change in liability: http://bucks.blogs.nytimes.com/2011/...mer-liability/
I am done with this discussion.
Here is the New York Times' take on the issue, in which they quote a Visa spokesperson and an analyst explicitly stating that there will be no change in liability: http://bucks.blogs.nytimes.com/2011/...mer-liability/
I am done with this discussion.
Ann Carrns makes the same error in judgment you do, and figures that regulation E somehow levels the liability. Ann Carrns, like you, obviously missed the fact that the standard of evidence is equal between signature authorization and pin authorization -- which is obviously unfavorable consumers (whose pin is much easier replicated to the same quality standard accepted by courts).
#105
Original Poster
Join Date: Jul 2006
Location: LAX
Programs: AA EXP 1.5MM, Asiana Club Silver, KE Morning Calm, Hyatt Platinum, Amtrak Select
Posts: 7,161
This past weekend, I had my first experience in Canada where my ol’ mag-stripe card wasn’t accepted: a gas station in Victoria, BC. It seems the pay-at-the-pump terminals were recently upgraded to one that solely took Chip-and-PIN and there was a notice stating that cardholders with mag-stripes should go inside to have the gas station attendant swipe it there.
I asked why they were doing this and apparently they had problems with fraudsters putting skimming devices onto the pay-at-the-pump machines so they weren’t taking any chances. Luckily, unlike Italy, gas stations in Canada are usually manned 24/7 so it's only a minor inconvenience to actually walk inside the gas station. But American drivers should beware if you’re driving in Canada; they’re slowly phasing in new terminals that only accept chips at the pumps.
I asked why they were doing this and apparently they had problems with fraudsters putting skimming devices onto the pay-at-the-pump machines so they weren’t taking any chances. Luckily, unlike Italy, gas stations in Canada are usually manned 24/7 so it's only a minor inconvenience to actually walk inside the gas station. But American drivers should beware if you’re driving in Canada; they’re slowly phasing in new terminals that only accept chips at the pumps.