kebosabi

I believe finally the tide is turning towards more increased demand for EMV in the US.

Card fraud is increasing here and starting to hurt banks with their 100% no-liability guarantee starting to backfire against them. I'm sure that the ticket agent who got arrested for skimming $480,000 at SJC must've been a real eye-opener to many on how easy this stuff is to do as we continue to rely on fifty year old mag-stripe technology. And because so it's easy to do, organized crime, theives, crooks, and gangs are turning to this way to skim off card info from just a few hundred investment of equipment off of eBay

And recently it seems VISA began to put extra pressure for a push towards EMV by offering Merchant incentives to switch to EMV terminals by exempting those who comply with EMV processing terminals to be exempted from hefty annual PCI-DSS compliant fees. The catch? It's not offered to US merchants. But I'm sure this is to raise serious eyebrows for US merchants to consider to just pay an one-time upgrade of their terminals instead of being dinged with annual compliance fees because they continue to process it through fifty year old technology

Perhaps we'll finally be able to get our credit cards updated to EMV standards sooner than we thought. Just a year ago we had zero option, at least we now have the Travelex Chip & PIN card. That's a good start IMO.

EUnomad

It's a BAD start. Chips reverse the burden of proof in fraud cases. In a chip/pin fraud case, it's the cardholders burden to prove that they did not enter the pin. After all, all pin numbers that are accepted are an exact match of the original (not the case with signatures).

If fraud occurs with swipe and sign, it's the bank/merchants burden to prove that the signature matches your signature.

jbcarioca

IT is not quite that simple. The UK has seen much more sophisticated fraud since the EMV was introduced, involving cloning with more advanced technology than before. The consumer retains rights, the pattern recognition in transactions still guards imperfectly but does aid the consumer. CNP retains precisely the same problems it had before. Merchant disputes differ only in that the process of merchant payment disputes is altered.

Unauthorized transactions in an EMV environment do decrease very substantially, thus merchants with one off transactions within normal cardholder patterns have less difficulty justifying the transaction. Dispute volumes in EMV are much lower than in magstripe environments in all the places I know.

Thus, it is a good thing for both sides. Consumer complaint rights continue unabated in all major countries AFAIK.

EUnomad

Exactly the problem. A more trusted technology is being exploited. The consumer becomes more of a suspect than before.

Sure, the liability is the same. The liability is on the bank either way. But the burden of proof differs. This is the problem for the consumer -- to the advantage of the bank. The liability is only applicable to the extent that the proof is sufficient.

A decrease in fraud is of course good for the bank. For the consumer it's only an advantage in terms of fewer instances of paperwork and hassle, but this is quickly outweighed by the burden of proof hassle and potential loss to the consumer in the case of insuffient proof. The increased risk of potential difficulty in proving fraud far outweighs the slight chance of extra paperwork.

With swipe and sign, the consumer need not prove anything. The bank takes the hit, consumer files a report, and walks.

kebosabi

If that is true then, well that too could be prone to intentional fraud by a dishonest cardholder too. If the consumer doesn't need to prove anything then, what's stopping anyone from say...buying a 60" flat screen TV at BestBuy 150 miles away with their own credit card, and claim that his/her credit card was skim-cloned somewhere and someone just charged $2000 or so at BestBuy? Would the card company just take the $2000 hit and credit them back, all in the while practically making their new flat screen TV free?

EUnomad

The transaction is over $25, so BB is likely to require a signature. If the buyer signs quite differently than the signature on the back of their credit card, then BB denies the sale. If the buyer gives a matching sig, then the merchant and bank have proof that he did buy the TV.

And furthermore, if the sales person recognizes the buyer, BB then has an eye witness that the buyer committed fraud. So the charge not only goes through, but the buyer risks criminal penalties as well.

JFKLAX321

I do not think that BestBuy or any other store is really matching electronic signatures or ink signatures to the signature on the back of credit cards. I for one do not have a signature on the back of my card, so that would be impossible.

I do agree with your point regarding the burden of proof shifting unfavorably away from the consumer, but I find it hard to believe that there aren't still as many ways to demonstrate a charge was fraudulent with Chip and Pin technology.

EUnomad

It's BBs option to check the signature. If they don't check, they're deciding to take the risk. Presumably, if the sigs don't match, then BB is (hopefully) at a loss, not the bank or the consumer.

In the case of an unsigned card, it's in BBs interest to force both the card and the receipt to be signed on the spot, and if both signatures match, then there's no issue as far as BB is concerned. If this were to happen with a malicious buyer other than the card holder, the card holder will possibly learn an expensive lesson in the importance of signing the backs of the cards as they are received, as they are instructed.

mia

Burden of proof merely means that the issuer must produce some evidence that I authorized the transaction. If I dispute a signature transaction the bank will typically produce a signed sales slip. If I assert that it is not my signature the bank may compare it with signatures from other transactions, or examine other evidence. In the Best Buy example there will likely be security video available.

In the UK the burden of proof remains with the issuer even after the introduction of Chip & PIN:

http://www.telegraph.co.uk/finance/p...m-hackers.html

However, as a practical matter the banks consider the fact that the correct PIN was (apparently) used to be sufficient evidence to satisfy this burden:

http://www.timesonline.co.uk/tol/mon...cle5575295.ece

(Both articles are a worthwhile read for anyone interested in this topic.)

mreed911

If the person standing in front of them signs both at the same time, why would they NOT match?

jmhayes

In fact, an unsigned card is invalid. Read the fine print. In practice, businesses perform real-time risk management on an ongoing basis. Am I suspucious of you? Maybe I reject this card from you. If you have another with the same name, maybe I let it through. And on.

This thread is drifting ...

EUnomad

A malicious card holder could deliberately sign one of them differently, so they could later deny the purchase. So it's in the merchants interest to check. Merchants could easily go a step further, and take an optical scan of the card, so they have a record of the matching sigs. Perhaps it's not a common enough problem.

sdsearch

If everyone could deny purchases just based on wrong signature, then everyone who uses those horrid miniature electronic signature pens at the self-checkout counters at my local Ralph's (Krogers' brand in SoCal) could be disputing most every purchase there. I compalined to the person monitoring the self-checkout area that I couldn't sign despite many attempts (the electronic pen kept turning signature into incomprehensible garbage) and he said just to try and click accept no matter what the result! And they never fit them, so now I have to do that every time!

EUnomad

Sure, but it would be fraudulent. You couldn't fit enough Ralphs food in your minivan to justify the risk of being charged with fraud. Better to skip the cash register altogether, and make a dash for the getaway car -- at least then you're only risking theft charges, as opposed to fraud and theft charges.

francophiliac

No sooner did I finish my post on the Durbin Amendment than I found this:

"TCF National Bank (TCF) has filed a suit in the United States District Court in South Dakota challenging the constitutionality of ... the Durbin Amendment"

(You can read quoted article here: http://www.regulatoryreformtaskforce...2010.13.10.pdf )

TCF is one of the nations biggest banks, with assets well over $10B, so the amendment's fee limits definitely apply to them. But what I find most amusing (and appalling) are their rationales for the suit:

"(1) that by limiting fees to below the actual cost to produce the services, the government is taking property without just compensation"

Let's remember that we're talking about debit card transactions, which represent withdrawals of YOUR money from YOUR bank account, YOUR money with which you've entrusted the bank, and which you allow them to use (to their profit) until the point in time at which you decide to withdraw it. They make money off of your money while it's in their bank... but that doesn't mean (as TCF seems to have forgotten) that it's THEIR money!

So no, the government is in no way taking their money, nor forcing them to spend their money, nor forcing them to operate at a loss. We all know that if debit card transactions become less profitable for them, they'll make up the difference somewhere else... for instance, perhaps, on the interest they earn on YOUR money before you decide to spend it in a debit card transaction.

"(2) violation of due process related to Congressional approval of the Durbin Amendment and the absence of public hearings"

"Due process" applies to the criminal code, as in "not convicted without due process". Are we talking about a crime here?

"and (3) violation of equal protection, because the Durbin Amendment expressly applies only to issuers with $10 billion or more in assets, thus leaving unaffected (and potentially advantaged) approximately 99% of U.S. banks."

Hmmm... I see. So, banks can have different accounts available for different levels of deposits, (for example, a "Premium" account with special benefits and higher interest rates for depositors who keep a minimum balance of $100K), but they don't like it very much when special rules are applied to THEM based on how much money they have? How's that again?

I truly hope the judge laughs long and loud, and then kicks them out of his courtroom.

... In the meantime, I truly hope that the other banks get a move on with our EMV debit cards!

-- Claudia