Sep 20, 2013, 11:40 am
Last edit by: philemer
Posts from 1/1/16 onward can be found here: http://www.flyertalk.com/forum/credit-card-programs/1739359-2016-onward-usa-emv-cards-availability-q-chip-pin-signature.html
EMV wikipost volunteers: kebosabi
What is EMV?
EMV is a defacto global standard of technology where there is a visible microchip on the front of the card. It looks like this:
Who issues them?
See Google Docs spreadsheet in Post #1
SFOAMS also has created a list of excellent webpage that shows US EMV cards in a more interactive interface
Another site, which lets you narrow the search for an EMV card by various parameters, is http://www.spotterswiki.com/emv/index.php.
Several credit unions issue some form of Chip-and-PIN credit cards or prepaid cards. Prepaid EMV cards however are not recommended due to junk fees. USAA (currently restricted to members of military) used to offer Chip-and-PIN cards, but as late has backtracked to Chip-and-Signature priority.
Hey that's a cool Google Docs list! I know others that aren't on that list. How can I help by adding them to the list?
My bad for not putting this into the wiki sooner. Right now, the Google Docs is locked out of editing and only in "read-only" view because there were instances in the past where people would just delete the rows not thinking that it affects others viewing the list.
If you promise not to delete any rows and input all the pertinent info (annual fee, rewards, FTF, etc.), I can provide you with edit access. Just shoot me a PM to kebosabi with your gmail address and I'll provide you edit access.
Thanks for helping out!
As of October 2014, no USA-based card issuer offers Chip-and-PIN priority cards except for BMO Harris (Diners Club) and UN Federal Credit Union. Other major USA-based banks such as BofA, Chase, Citi, as well as others issue Chip-and-Signature cards which may work at many automated kiosks. However, bear in mind the word may is used above is a context where there is no absolute certainty of success for certain environments such as automated kiosks due to different natures of offline and online transactions. It is highly recommended to read Post #3 which lists real life FTer examples on how Chip-and-Signature worked and did not work at various transaction environments.
Can I upgrade it right now?
If it's listed on that Google Docs spreadsheet or SFOAMS' Silk page, wouldn't hurt to call/twitter them for a free upgrade. If you get the response you don't like, hang up, try again.
What is the difference between Chip-and-Signature and Chip-and-PIN?
You insert the chipped card into the slot. The physical contact terminal will read the EMV chip and the terminal will automatically read the preferred cardholder verification methods (called CVM) for that card.
Chip-and-Signature means that the terminal will printout a receipt for you to sign. This is the most prevalent authentication for most US issued EMV cards. Chip-and-Signature helps in a way that it will get through to face-to-face merchant transactions where you and the merchant do not speak the same language.
Chip-and-PIN means that the terminal will prompt you to input a PIN for authentication. Some credit union issued credit cards will have this CVM as secondary if Chip-and-Signature cannot be done. Chip-and-PIN is the more prevalent method of authentication used outside the US, especially in transaction environments where no human interaction is needed (i.e. automated gas pumps, toll roads, train kiosks, etc.).
The Google Docs spreadsheet will list which CVM are used in the EMV cards listed. Some cards can only do Chip-and-Signature. Other cards can do both Chip-and-Signature and Chip-and-PIN. And others might have a third option called No CVM (no authentication needed) which is reserved for low value transactions.
One chip can hold a lot more data, therefore it is capable of doing multiple verification methods. That's one of the great things about EMV over the mag-stripe which can hold very little data.
I want to know for sure what my EMV chip does. Is there anyway I can test out my own EMV card to see what the CVM list is?
alexmt has written up a nice step-by-step procedure on Post #3615.
If most of the EMV cards in the US is the Chip-and-Signature type, doesn't that mean it's still useless abroad?
Depends if you see it as glass half empty or glass half full. See Post #3 for further details on how Chip-and-Signature has worked both successfully and unsuccessfully depending on the merchant transaction environment and use your best judgment whether which one is right for you.
Are there any places in the US that are accepting transactions via the EMV chip?
tmiw has created a dedicated Google maps webpage to show where EMV has been proven to work here: http://emvacceptedhere.com/ Per his Post #4240, feel free to add any places with active EMV terminals if you come across one.
As of 2014/05, the EMV terminals in most Walmarts and Sam's Clubs are being turned on. Hence, the best place to try them out would be your local Walmart or Sam's Club. For other merchants, it's slowly being phased in.
I hope people will post them in the Post your receipt of your 1st EMV based transaction in the US thread. cvarming has shown us an EMV transaction receipt from Brooklyn, NY in Post #2380. I myself had my first EMV based (Chip-and-Signature) transaction in two stores in the Los Angeles area, as shown in detail in Post #2705 (courtesy of WhatWhatTech for pointing these two stores out)
I don't want a chip in my card. I heard horror stories all over the media saying hackers can steal my credit card info from a mile away.
There are two types of chips. One is contactless and the other is contact. Cards can be either one or the other, or both.
In the Google Docs spreadsheet, the cards that are capable of contactless payments are listed seperately under the "RFID or NFC contactless chip" column. If it says yes, then that means it has the ability to do contactless payments. If it says no, it doesn't have that feature.
The one that the media has overhyped about hackers "stealing your information wirelessly" was the contactless type like this:
You are worried about this happening, right?
You don't have to worry. EMV is a chip standard that can have both contact and contactless interfaces. With the traditional contact interface, this means you actually have to physically insert the chip into a POS terminal for it to be authorized, like this:
With the contact interface, nothing is wireless. No data is sent out in a stand-alone contact type EMV chip. With the EMV contactless interface, data is sent wirelessly.
Furthermore, contactless chip cards are required to show a symbol (looks like Wi-Fi symbol) somewhere on the card that to denote it's capability as a contactless card. For example, here's an example of a Discover Card with contactless capability (in which Discover calls "Discover ZIP") showing the contactless symbol on the back of the card:
Don't believe everything that the media says. Besides, millions of people all over the world from London to Singapore, uses contactless payments daily in extremely crowded subways and mass transit with nary any problems. There are multiple layers of encrypted securities and keys that are needed to break the code.
Frankly, giving your physical card to a waiter/waitress who takes the card out of your view is much more susceptible to fraud than contactless payments.
Why should I care?
If you are an international traveler, you will want this because majority of the world has or in the process of converting to this payment format.
In fact, in 2012, even North Korea moved to the EMV format, leaving the US as one of the countries in the world that hasn't done so.
In addition, VISA, MC, AMEX, and Discover have all agreed to incentivize the USA shifting to EMV payments by 2015 by shifting liability for fraudulent transactions to merchants if they do not have EMV equipment and the cardholder has an EMV card. So if you travel internationally or would like to get one before the others, you might be interested in getting one.
BS! I had no problems using my card in [insert whereever country], [insert whatever point in time]
If you stick to the tourist path where they have lots of visitors from the US, you should have no problems using your mag-stripe only card in hotels and restaurants, at least for now. But as things can change as things go forward.
However, consider that once you start taking the off-beaten path, go to non-touristy places where they are not familiar with mag-stripes, rent a car and use toll roads, fill up gas, or try to buy train tickets you might end up into a trouble of the machine not recognizing your card because it lacks the chip. Furthermore, a lot of toll roads, gas pumps, and automated ticket machines lack any human assistance to help you when you need it the most.
But [insert credit card company] told me all merchants that display their logo must accept them! All I have to do is report them for violating their agreements, right?
There are several factors against this.
1. You can only speak English. The merchant representative, most likely a part-time clerk earning minimum wage, speaks in a different language, let's say French. If you have no French language skills, how are you going to get your point across? Are you going to whip out your cell phone at exorbitant int'l roaming charges and hope the customer service is going to translate it for you on the spot? Or maybe you might actually know French. But how about Swahili, Farsi, Balinese, or the multiple languages in mainland China?
2. Just like US, the rest of the world's businesses uses part-time minimum wage workers as cashiers to cut down on labor costs. Most of their SOP training manuals are written by MBA types to not to do anything they are not familiar with. Do not expect them to understand the intricate details of credit card mumbo jumbo. You don't expect Taco Bell employees to understand the minute details of Discover-JCB-Union Pay agreements, right? Same thing the other way around: be respectful as a guest in their country, prepare in advance in their ways, avoid being an "ugly American" stereotype.
3. You are a guest in their country. You are a minority. If 99.9% of their country's people and other tourists from around the world uses EMV, do you really think they are going to accomodate the 0.1% of American tourists who only have mag-stripes credit cards?
4. Again, you are a guest in their country. How would you, as an American standing in line, react if a Chinese tourist was clogging up the lines at a local Taco Bell because the clerk doesn't understand the Discover-Union Pay agreement and has trouble communicating between Mandarin spoken by the tourist and English spoken by the Taco Bell clerk? Same way the other way around. You do not want to clog up the lines for everyone. The less hassle, the better.
5. VISA and MC make tons of money from merchants in that country. Say SNCF French Rail. It's a billion dollar company in France. Do you think VISA is going to pull the plug of their relationship with SNCF because SNCF refuses to do mag-stripe processing at their unmanned train station kiosk? Of course not. Be realistic.
6. And lastly, if you're up against an unstaffed toll kiosk, gas pump or train ticket machine, are you going to yell curses at the machine?
But I want my credit card to be able to be used in the US too!
No worries. They have not gotten rid of the mag-stripe on the back of the card for backward compatibility reasons, just like we still have embossed numbers on our cards for backwards compatibility to using those old carbon copy imprinters.
[insert own Hyatt card image front and back together with red arrows pointing to all the backward compatibility features]
You use the chip on the front of the card abroad (for now), and the mag-stripe just like any other card for the US. Basically, you're increasing your credit card's acceptance rate by getting a card that both via the chip and the mag-stripe. You're getting a better deal for free.
And when 2015 comes along and US switches to EMV, you'll be way ahead of everyone else too!
So why did the rest of the world and the US moved/moving toward EMV?
Primarily, due to fraud concerns. You see, the mag-stripe has been with us since the 1950s. It may have been the most high tech thing back in the day, but with the technology that is available today, any shmo can pick up a $100 USB magnetic card skimming device off of eBay and get your credit card info.
And unlike skimming off contactless cards which actually need the person to have l33t programming skills, skimming off a magnetic stripe has become so ubiquitous that nary a day goes about skimming fraud going on somewhere in America, from gas pumps, Michael's stores (2011), Target breaches (2013), restaurant waiters/waitresses, to even McDonald's drive thrus.
https://www.google.com/search?q=skimming+fraud
These type of fraud used to be prevalent in Europe. But once they started switching over to EMV starting over 2 decades ago, this type of fraud went elsewhere. It went over to Asia, Canada and Mexico, Latin America, etc. etc. until they too began implementing EMV to combat skimming fraud. The US is practically the only country left that hasn't done so, therefore all the fraud that used to take place elsewhere is now happening here.
But EMV is old and it's not fool proof. Shouldn't we just skip over it and do something new instead?
Yes, EMV is old. It was developed in the 1990s and its smart card payment predecessor was first introduced in France. But as of today, it has become the defacto global standard of payments.
But then, what else is there? There is no other de facto global standard of payments alternative. For example, if we decide to skip over it and do something new, hypothetically like DNA matching technology, it still means US int'l travelers will continue to have problems abroad with useless plastic acceptance because no other country is using this DNA matching technology except the US.
Besides, nothing is fool proof. You can say that the bank vault isn't fool proof because you can crack it open if enough C4 is used. But your average low-life scumbag isn't likely to get military grade C4 easily either. But the bank vault does make it harder to get the bank's money over say a petty cash box. That's the point here. EMV is akin to a security tight bank vault, the old mag-stripe is akin to a petty cash box lying around inside the drawer.
I'm a business owner and I don't think EMV is going to take off. I'm not going to spend extra hundreds of dollars to upgrade my credit card machine. Convince me other wise why I should.
I can understand the added extra cost to your business once this switchover takes place. But before even saying that, look at your existing POS terminal. Does it have a slot somewhere to insert a card?
Most likely, if you had replaced your POS terminal within the past five years, you already have an EMV capable terminal. EMV is basically just not turned on yet from the processor and acquirer side.
If you have an EMV capable terminal, then a best bet would be to contact your acquirer to have the EMV feature turned on. You did your end of the deal already by having an EMV capable terminal, it is now the acquirers' responsibility to turn it on in accordance to the EMV switchover mandate.
And if you don't, you are going to replace your POS terminal anyway from common wear and tear. It isn't a hard switch-over. You can continue to use your POS terminal until it dies out because EMV cardholders will still have the mag-stripe on the back. And by the time your non-EMV capable POS terminal is up for replacement the market will be full with these newer POS terminals that can accept the mag-stripe, EMV, as well as contactless payments.
In addition, you may also want to check with your acquirer or processor about EMV capable terminals. Some of them are willing to replace your terminal for free in preparation for the US EMV switchover. Call and ask for details.
But what's in it for me? I'm the one that has to pay for the upgrade.
All the major card networks have given incentives for merchants for the upcoming EMV switchover.
If 75% or more of your credit card transactions are done on an EMV contact and contactless terminal, they are going to waive your annual PCI-DSS fees, which usually costs you around $5.00-$19.95/month per terminal. The overall long term cost savings of those compliance fees will be larger than the cost of an one time upgrade for the terminal.
The downside is that once EMV switchover happens and if you do not have a POS terminal that is able to accept EMV, the fraud liability shifts over to the merchant.
I own several fast food franchises. If I upgrade my POS terminals at all of my restaurants, it's going to cost me thousands, if not millions. I don't think anyone is going to use a fake credit card to buy $5 burgers. And if they do, wouldn't it be cheaper for me to eat the fraud cost?
Remember also that fraud isn't just committed by dishonest customers using fraudulent cards. Fraud can also happen with dishonest employees skimming off credit card data from the mag-stripe as in the case of a teenage McDonald's drive thru employee skimming off $13,000 of customers' credit cards in Olympia, WA. Consider the public relations fall out that your business may have if this happens (i.e. the big Target breach of 2013, where someone used a mag stripe card to load malware INTO Target's system). Is it worth risking to take such a huge PR disaster?
EMV wikipost volunteers: kebosabi
What is EMV?
EMV is a defacto global standard of technology where there is a visible microchip on the front of the card. It looks like this:
Who issues them?
See Google Docs spreadsheet in Post #1
SFOAMS also has created a list of excellent webpage that shows US EMV cards in a more interactive interface
Another site, which lets you narrow the search for an EMV card by various parameters, is http://www.spotterswiki.com/emv/index.php.
Several credit unions issue some form of Chip-and-PIN credit cards or prepaid cards. Prepaid EMV cards however are not recommended due to junk fees. USAA (currently restricted to members of military) used to offer Chip-and-PIN cards, but as late has backtracked to Chip-and-Signature priority.
Hey that's a cool Google Docs list! I know others that aren't on that list. How can I help by adding them to the list?
My bad for not putting this into the wiki sooner. Right now, the Google Docs is locked out of editing and only in "read-only" view because there were instances in the past where people would just delete the rows not thinking that it affects others viewing the list.
If you promise not to delete any rows and input all the pertinent info (annual fee, rewards, FTF, etc.), I can provide you with edit access. Just shoot me a PM to kebosabi with your gmail address and I'll provide you edit access.
Thanks for helping out!
As of October 2014, no USA-based card issuer offers Chip-and-PIN priority cards except for BMO Harris (Diners Club) and UN Federal Credit Union. Other major USA-based banks such as BofA, Chase, Citi, as well as others issue Chip-and-Signature cards which may work at many automated kiosks. However, bear in mind the word may is used above is a context where there is no absolute certainty of success for certain environments such as automated kiosks due to different natures of offline and online transactions. It is highly recommended to read Post #3 which lists real life FTer examples on how Chip-and-Signature worked and did not work at various transaction environments.
Can I upgrade it right now?
If it's listed on that Google Docs spreadsheet or SFOAMS' Silk page, wouldn't hurt to call/twitter them for a free upgrade. If you get the response you don't like, hang up, try again.
What is the difference between Chip-and-Signature and Chip-and-PIN?
You insert the chipped card into the slot. The physical contact terminal will read the EMV chip and the terminal will automatically read the preferred cardholder verification methods (called CVM) for that card.
Chip-and-Signature means that the terminal will printout a receipt for you to sign. This is the most prevalent authentication for most US issued EMV cards. Chip-and-Signature helps in a way that it will get through to face-to-face merchant transactions where you and the merchant do not speak the same language.
Chip-and-PIN means that the terminal will prompt you to input a PIN for authentication. Some credit union issued credit cards will have this CVM as secondary if Chip-and-Signature cannot be done. Chip-and-PIN is the more prevalent method of authentication used outside the US, especially in transaction environments where no human interaction is needed (i.e. automated gas pumps, toll roads, train kiosks, etc.).
The Google Docs spreadsheet will list which CVM are used in the EMV cards listed. Some cards can only do Chip-and-Signature. Other cards can do both Chip-and-Signature and Chip-and-PIN. And others might have a third option called No CVM (no authentication needed) which is reserved for low value transactions.
One chip can hold a lot more data, therefore it is capable of doing multiple verification methods. That's one of the great things about EMV over the mag-stripe which can hold very little data.
I want to know for sure what my EMV chip does. Is there anyway I can test out my own EMV card to see what the CVM list is?
alexmt has written up a nice step-by-step procedure on Post #3615.
If most of the EMV cards in the US is the Chip-and-Signature type, doesn't that mean it's still useless abroad?
Depends if you see it as glass half empty or glass half full. See Post #3 for further details on how Chip-and-Signature has worked both successfully and unsuccessfully depending on the merchant transaction environment and use your best judgment whether which one is right for you.
Are there any places in the US that are accepting transactions via the EMV chip?
tmiw has created a dedicated Google maps webpage to show where EMV has been proven to work here: http://emvacceptedhere.com/ Per his Post #4240, feel free to add any places with active EMV terminals if you come across one.
As of 2014/05, the EMV terminals in most Walmarts and Sam's Clubs are being turned on. Hence, the best place to try them out would be your local Walmart or Sam's Club. For other merchants, it's slowly being phased in.
I hope people will post them in the Post your receipt of your 1st EMV based transaction in the US thread. cvarming has shown us an EMV transaction receipt from Brooklyn, NY in Post #2380. I myself had my first EMV based (Chip-and-Signature) transaction in two stores in the Los Angeles area, as shown in detail in Post #2705 (courtesy of WhatWhatTech for pointing these two stores out)
I don't want a chip in my card. I heard horror stories all over the media saying hackers can steal my credit card info from a mile away.
There are two types of chips. One is contactless and the other is contact. Cards can be either one or the other, or both.
In the Google Docs spreadsheet, the cards that are capable of contactless payments are listed seperately under the "RFID or NFC contactless chip" column. If it says yes, then that means it has the ability to do contactless payments. If it says no, it doesn't have that feature.
The one that the media has overhyped about hackers "stealing your information wirelessly" was the contactless type like this:
You are worried about this happening, right?
You don't have to worry. EMV is a chip standard that can have both contact and contactless interfaces. With the traditional contact interface, this means you actually have to physically insert the chip into a POS terminal for it to be authorized, like this:
With the contact interface, nothing is wireless. No data is sent out in a stand-alone contact type EMV chip. With the EMV contactless interface, data is sent wirelessly.
Furthermore, contactless chip cards are required to show a symbol (looks like Wi-Fi symbol) somewhere on the card that to denote it's capability as a contactless card. For example, here's an example of a Discover Card with contactless capability (in which Discover calls "Discover ZIP") showing the contactless symbol on the back of the card:
Don't believe everything that the media says. Besides, millions of people all over the world from London to Singapore, uses contactless payments daily in extremely crowded subways and mass transit with nary any problems. There are multiple layers of encrypted securities and keys that are needed to break the code.
Frankly, giving your physical card to a waiter/waitress who takes the card out of your view is much more susceptible to fraud than contactless payments.
Why should I care?
If you are an international traveler, you will want this because majority of the world has or in the process of converting to this payment format.
In fact, in 2012, even North Korea moved to the EMV format, leaving the US as one of the countries in the world that hasn't done so.
In addition, VISA, MC, AMEX, and Discover have all agreed to incentivize the USA shifting to EMV payments by 2015 by shifting liability for fraudulent transactions to merchants if they do not have EMV equipment and the cardholder has an EMV card. So if you travel internationally or would like to get one before the others, you might be interested in getting one.
BS! I had no problems using my card in [insert whereever country], [insert whatever point in time]
If you stick to the tourist path where they have lots of visitors from the US, you should have no problems using your mag-stripe only card in hotels and restaurants, at least for now. But as things can change as things go forward.
However, consider that once you start taking the off-beaten path, go to non-touristy places where they are not familiar with mag-stripes, rent a car and use toll roads, fill up gas, or try to buy train tickets you might end up into a trouble of the machine not recognizing your card because it lacks the chip. Furthermore, a lot of toll roads, gas pumps, and automated ticket machines lack any human assistance to help you when you need it the most.
But [insert credit card company] told me all merchants that display their logo must accept them! All I have to do is report them for violating their agreements, right?
There are several factors against this.
1. You can only speak English. The merchant representative, most likely a part-time clerk earning minimum wage, speaks in a different language, let's say French. If you have no French language skills, how are you going to get your point across? Are you going to whip out your cell phone at exorbitant int'l roaming charges and hope the customer service is going to translate it for you on the spot? Or maybe you might actually know French. But how about Swahili, Farsi, Balinese, or the multiple languages in mainland China?
2. Just like US, the rest of the world's businesses uses part-time minimum wage workers as cashiers to cut down on labor costs. Most of their SOP training manuals are written by MBA types to not to do anything they are not familiar with. Do not expect them to understand the intricate details of credit card mumbo jumbo. You don't expect Taco Bell employees to understand the minute details of Discover-JCB-Union Pay agreements, right? Same thing the other way around: be respectful as a guest in their country, prepare in advance in their ways, avoid being an "ugly American" stereotype.
3. You are a guest in their country. You are a minority. If 99.9% of their country's people and other tourists from around the world uses EMV, do you really think they are going to accomodate the 0.1% of American tourists who only have mag-stripes credit cards?
4. Again, you are a guest in their country. How would you, as an American standing in line, react if a Chinese tourist was clogging up the lines at a local Taco Bell because the clerk doesn't understand the Discover-Union Pay agreement and has trouble communicating between Mandarin spoken by the tourist and English spoken by the Taco Bell clerk? Same way the other way around. You do not want to clog up the lines for everyone. The less hassle, the better.
5. VISA and MC make tons of money from merchants in that country. Say SNCF French Rail. It's a billion dollar company in France. Do you think VISA is going to pull the plug of their relationship with SNCF because SNCF refuses to do mag-stripe processing at their unmanned train station kiosk? Of course not. Be realistic.
6. And lastly, if you're up against an unstaffed toll kiosk, gas pump or train ticket machine, are you going to yell curses at the machine?
But I want my credit card to be able to be used in the US too!
No worries. They have not gotten rid of the mag-stripe on the back of the card for backward compatibility reasons, just like we still have embossed numbers on our cards for backwards compatibility to using those old carbon copy imprinters.
[insert own Hyatt card image front and back together with red arrows pointing to all the backward compatibility features]
You use the chip on the front of the card abroad (for now), and the mag-stripe just like any other card for the US. Basically, you're increasing your credit card's acceptance rate by getting a card that both via the chip and the mag-stripe. You're getting a better deal for free.
And when 2015 comes along and US switches to EMV, you'll be way ahead of everyone else too!
So why did the rest of the world and the US moved/moving toward EMV?
Primarily, due to fraud concerns. You see, the mag-stripe has been with us since the 1950s. It may have been the most high tech thing back in the day, but with the technology that is available today, any shmo can pick up a $100 USB magnetic card skimming device off of eBay and get your credit card info.
And unlike skimming off contactless cards which actually need the person to have l33t programming skills, skimming off a magnetic stripe has become so ubiquitous that nary a day goes about skimming fraud going on somewhere in America, from gas pumps, Michael's stores (2011), Target breaches (2013), restaurant waiters/waitresses, to even McDonald's drive thrus.
https://www.google.com/search?q=skimming+fraud
These type of fraud used to be prevalent in Europe. But once they started switching over to EMV starting over 2 decades ago, this type of fraud went elsewhere. It went over to Asia, Canada and Mexico, Latin America, etc. etc. until they too began implementing EMV to combat skimming fraud. The US is practically the only country left that hasn't done so, therefore all the fraud that used to take place elsewhere is now happening here.
But EMV is old and it's not fool proof. Shouldn't we just skip over it and do something new instead?
Yes, EMV is old. It was developed in the 1990s and its smart card payment predecessor was first introduced in France. But as of today, it has become the defacto global standard of payments.
But then, what else is there? There is no other de facto global standard of payments alternative. For example, if we decide to skip over it and do something new, hypothetically like DNA matching technology, it still means US int'l travelers will continue to have problems abroad with useless plastic acceptance because no other country is using this DNA matching technology except the US.
Besides, nothing is fool proof. You can say that the bank vault isn't fool proof because you can crack it open if enough C4 is used. But your average low-life scumbag isn't likely to get military grade C4 easily either. But the bank vault does make it harder to get the bank's money over say a petty cash box. That's the point here. EMV is akin to a security tight bank vault, the old mag-stripe is akin to a petty cash box lying around inside the drawer.
I'm a business owner and I don't think EMV is going to take off. I'm not going to spend extra hundreds of dollars to upgrade my credit card machine. Convince me other wise why I should.
I can understand the added extra cost to your business once this switchover takes place. But before even saying that, look at your existing POS terminal. Does it have a slot somewhere to insert a card?
Most likely, if you had replaced your POS terminal within the past five years, you already have an EMV capable terminal. EMV is basically just not turned on yet from the processor and acquirer side.
If you have an EMV capable terminal, then a best bet would be to contact your acquirer to have the EMV feature turned on. You did your end of the deal already by having an EMV capable terminal, it is now the acquirers' responsibility to turn it on in accordance to the EMV switchover mandate.
And if you don't, you are going to replace your POS terminal anyway from common wear and tear. It isn't a hard switch-over. You can continue to use your POS terminal until it dies out because EMV cardholders will still have the mag-stripe on the back. And by the time your non-EMV capable POS terminal is up for replacement the market will be full with these newer POS terminals that can accept the mag-stripe, EMV, as well as contactless payments.
In addition, you may also want to check with your acquirer or processor about EMV capable terminals. Some of them are willing to replace your terminal for free in preparation for the US EMV switchover. Call and ask for details.
But what's in it for me? I'm the one that has to pay for the upgrade.
All the major card networks have given incentives for merchants for the upcoming EMV switchover.
If 75% or more of your credit card transactions are done on an EMV contact and contactless terminal, they are going to waive your annual PCI-DSS fees, which usually costs you around $5.00-$19.95/month per terminal. The overall long term cost savings of those compliance fees will be larger than the cost of an one time upgrade for the terminal.
The downside is that once EMV switchover happens and if you do not have a POS terminal that is able to accept EMV, the fraud liability shifts over to the merchant.
I own several fast food franchises. If I upgrade my POS terminals at all of my restaurants, it's going to cost me thousands, if not millions. I don't think anyone is going to use a fake credit card to buy $5 burgers. And if they do, wouldn't it be cheaper for me to eat the fraud cost?
Remember also that fraud isn't just committed by dishonest customers using fraudulent cards. Fraud can also happen with dishonest employees skimming off credit card data from the mag-stripe as in the case of a teenage McDonald's drive thru employee skimming off $13,000 of customers' credit cards in Olympia, WA. Consider the public relations fall out that your business may have if this happens (i.e. the big Target breach of 2013, where someone used a mag stripe card to load malware INTO Target's system). Is it worth risking to take such a huge PR disaster?
USA EMV cards: Availability, Q&A (Chip & PIN -or- Chip & Signature) [2012-2015]
Feb 4, 2014, 5:36 pm
#2971
Join Date: Jul 2006
Location: LAX
Programs: AA EXP 1.5MM, Asiana Club Silver, KE Morning Calm, Hyatt Platinum, Amtrak Select
Posts: 7,161
You know its not that easy, and its not $150-$300 in one time costs. For some mom & pop using a standalone reader like that, sure... but for most institutions, they use integrated readers (NCR, IBM, Radiant, Micros, etc.) and those POS systems need to be able to read the EMV card through their readers - not some $150 off the shelf reader.
1. Banks made the decision for us without asking that Americans were too stupid to remember PINs because they're used to credit = signature
2. Mommieeee it's gonna cost us billions of dollars to do that change, waah-waah-waah
3. EMV is not fool proof blah-blah-blah
4. Merchants must accept it per agreements blah-blah-blah
5. Or whatever BS response that any millennial generation can see through
Last edited by kebosabi; Feb 4, 2014 at 5:51 pm
Feb 4, 2014, 5:41 pm
#2972
In memoriam
Join Date: Aug 2002
Programs: AA EXP "Life is good! Really good.""
Posts: 4,923
You don't have to go to exotic locations to need the chip and pin: last week tried to buy a bus ticket from the airport to downtown Montreal and it took a few tries before I realized I had to use my trusty State Dept CC with a chip and pin (and no Forex or annual fee. Go SDFCU!)
I just checked this thread and was amazed there has been no proliferation of chip and pin cards in the US in the last two years. Unbelievable for a country that claims to be a world leader.
The Wiki is great and coherent, the spreadsheet great, wish the banks and CC companies were as efficient and concerned as the people keeping this thread up to date. I appreciate your diligence.
I just checked this thread and was amazed there has been no proliferation of chip and pin cards in the US in the last two years. Unbelievable for a country that claims to be a world leader.
The Wiki is great and coherent, the spreadsheet great, wish the banks and CC companies were as efficient and concerned as the people keeping this thread up to date. I appreciate your diligence.
Feb 4, 2014, 6:18 pm
#2973
FlyerTalk Evangelist
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,508
You don't have to go to exotic locations to need the chip and pin: last week tried to buy a bus ticket from the airport to downtown Montreal and it took a few tries before I realized I had to use my trusty State Dept CC with a chip and pin (and no Forex or annual fee. Go SDFCU!)
Feb 4, 2014, 8:05 pm
#2974
FlyerTalk Evangelist
Join Date: Jan 2005
Location: home = LAX
Posts: 25,934
Well, MC is the only one of these that's behind chip & PIN to any degree. But EMV MC cards from the "major" FT banks (Citi, Chase, etc) are almost all Visa to this point. (In fact, Chase made a big announcement recently about how Visa-centric they're going to be.)
One of the early chip & PIN cards was Diners Club US (issued by BMO/Harris), which happens to be an MC. So was that chip & PIN because it was an MC??? (In any case, Diners Club US is not taking applications for new personal cards yet, so if you don't already have one, you can't get one.)
There are some other MC rewards cards liked by FTers out there. but most of them have not been issued with EMV of any kind yet, so too soon to have statistics that bear out this "MC almost required for chip & PIN" theory. (For example, will Amtrax MC be chip & PIN because it's MC< or chip & sig because it's Chase? How will Barclays come down on the type of EMV on its MCs such as US and BW, where it's been late to EMV game?)
Feb 4, 2014, 8:26 pm
#2975
Join Date: Mar 2013
Posts: 35
You know its not that easy, and its not $150-$300 in one time costs.
For some mom & pop using a standalone reader like that, sure... but for most institutions, they use integrated readers (NCR, IBM, Radiant, Micros, etc.) and those POS systems need to be able to read the EMV card through their readers - not some $150 off the shelf reader.
For some mom & pop using a standalone reader like that, sure... but for most institutions, they use integrated readers (NCR, IBM, Radiant, Micros, etc.) and those POS systems need to be able to read the EMV card through their readers - not some $150 off the shelf reader.
Feb 4, 2014, 9:19 pm
#2976
Join Date: Feb 2013
Posts: 401
Without meaning to split hairs, many BofA cards are available with emv chips but by no means all of them. Also, although FIA is a subsidiary of BofA, they are really a separate entity. I got the emv chipped Amex card issued by Fidelity as an Amex under the guise that all Amex cards except Delta Sky Miles are available with emv chips although that was a couple of months ago. Things might have changed since then.
BoA and FIA are interchangeable on the back end, as it is a common division providing card services. The operations processing and customer service centers are common--the same person might answer a call for a BoA brand card one minute and a FIA brand card the next. Look closely at a BoA card's paperwork, you may find it actually says "this credit card program program is issued and administered by FIA Card Services, NA...." Employees (foreign and domestic) are instructed to not talk about FIA/BoA. The EMV policies are the same for both brands, and most cards are available to be issued with Chip and Signature, upon request.
Feb 4, 2014, 9:25 pm
#2977
Join Date: Feb 2013
Posts: 401
Target's CFO is now indicating that Target plans to speed up their EMV rollout to arrive by early 2015, including on the REDcard credit and debit cards. That should help create the critical mass of retailers that will make it worthwhile for others to follow suit.
Last edited by emvchip; Feb 4, 2014 at 10:02 pm
Feb 4, 2014, 10:51 pm
#2978
Join Date: Jul 2007
Posts: 1,762
Did anyone say that all BoA cards are available with EMV?
BoA and FIA are interchangeable on the back end, as it is a common division providing card services. The operations processing and customer service centers are common--the same person might answer a call for a BoA brand card one minute and a FIA brand card the next. Look closely at a BoA card's paperwork, you may find it actually says "this credit card program program is issued and administered by FIA Card Services, NA...." Employees (foreign and domestic) are instructed to not talk about FIA/BoA. The EMV policies are the same for both brands, and most cards are available to be issued with Chip and Signature, upon request.
BoA and FIA are interchangeable on the back end, as it is a common division providing card services. The operations processing and customer service centers are common--the same person might answer a call for a BoA brand card one minute and a FIA brand card the next. Look closely at a BoA card's paperwork, you may find it actually says "this credit card program program is issued and administered by FIA Card Services, NA...." Employees (foreign and domestic) are instructed to not talk about FIA/BoA. The EMV policies are the same for both brands, and most cards are available to be issued with Chip and Signature, upon request.
The second point may be splitting hairs. When Charles Schwab got out of the credit card business, they made a big deal, even though many here know FIA is a subsidiary of BofA, that FIA would no longer be servicing the cards but BofA would and the cards were all re-issued with BofA on them (they were re-issued as a matter of fact as a BofA cash rewards card with one significant difference i.e. no foreign transaction fee which has been grandfathered, at least for the time being, on this card for those cardholders who were given new BofA cash rewards cards to replace the Charles Schwab card. About a year after these cards were first issued, BofA announced which of its card would be available, upon request, with an emv chip (chip and signature naturally) and BofA cash rewards is one of them. In general, though, BofA non premium cash rewards cards carry the hideous 3% foreign transaction fee (which should be outlawed as the banks perform no service on the currency front and just charge the fee to increase their bottom line but then again that's true for most fees banks charge). The BofA travel rewards card is a new offering which came out at the time BofA announced it was making some cards available with emv chips and has no foreign transaction fee.
But I agree. I may be making it more complicated than it really is.
Feb 4, 2014, 11:48 pm
#2979
Join Date: Feb 2010
Location: US
Programs: (PM)AA SPG (Marriott), Hilton
Posts: 1,040
Someone in charge made a decision, it wasn't you or me.
2. Mommieeee it's gonna cost us billions of dollars to do that change, waah-waah-waah
3. EMV is not fool proof blah-blah-blah
4. Merchants must accept it per agreements blah-blah-blah
5. Or whatever BS response that any millennial generation can see through
There's enough legitimate reasons for this imperfect technology to still happen. There's enough facts for debate, without resorting to ridicule.
Feb 5, 2014, 1:24 am
#2980
FlyerTalk Evangelist
Join Date: Dec 2009
Location: HaMerkaz/Exit 145
Programs: UA, LY, BA, AA
Posts: 13,167
Visa and Amex prefer Signature to PIN. But don't they anyways use PIN in Europe?
And once October 2015 comes around, and merchants must be EMV-capable (or face liability), what happens? Will they be taking EMV transactions for anyone with a chip card?
And once October 2015 comes around, and merchants must be EMV-capable (or face liability), what happens? Will they be taking EMV transactions for anyone with a chip card?
Feb 5, 2014, 7:54 am
#2981
Join Date: Jan 2014
Location: Cambridge, MA, US
Programs: Hyatt, Amtrak
Posts: 26
You don't have to go to exotic locations to need the chip and pin: last week tried to buy a bus ticket from the airport to downtown Montreal and it took a few tries before I realized I had to use my trusty State Dept CC with a chip and pin (and no Forex or annual fee. Go SDFCU!)
I just checked this thread and was amazed there has been no proliferation of chip and pin cards in the US in the last two years. Unbelievable for a country that claims to be a world leader.
On top of this, many countries only have a small handful of banks, while the US has thousands, so it is much more involved here.
Last edited by blue2000; Feb 5, 2014 at 8:24 am
Feb 5, 2014, 9:32 am
#2982
Join Date: Jul 2006
Location: LAX
Programs: AA EXP 1.5MM, Asiana Club Silver, KE Morning Calm, Hyatt Platinum, Amtrak Select
Posts: 7,161
When paper switched to embossed plastic, there was a cost for issuers to invest in plastic card manufacturing machines. Those must've been very expensive back in the 1960s. And there was a cost for retailers to buy those carbon copy imprinters which themselves probably cost a lot of money for retailers back then as well. Furthermore, most of those plastic card making machines and workers back then were American instead of outsourced jobs to China like today. Overall, the American industry and the economy as a whole benefited from this switchover as it created more jobs and kept people working.
When plastic came with mag-stripes and holograms, there was a cost for issuers to buy specialized magnetic stripe coding machines and holographic printers. I'm sure it was very expensive for card manufacturers and issuers back in the 1970s. And there was also a huge cost for retailers to start buying those magnetic card swipers as well which back then, was probably the leading edge of technology of its time. Same as above, this switchover actually benefited the American industry and economy as American workers built those mag-stripe coding machines, holographic printers and mag-stripe swipers.
All of these industry wide shifts happened in the past and were done at a short term loss for longer term benefits as well as benefiting the American economy with more manufacturing and jobs. An industry wide shift is not anything new as it has occurred in the past. So no, I don't buy that boo-hoo sob stories and constant whinings that it's gonna cost more money. If they sucked up the short term losses for the longer term better good as they did in the past, they can suck them up today.
Last edited by kebosabi; Feb 5, 2014 at 11:13 am
Feb 5, 2014, 10:10 am
#2983
Join Date: Jul 2006
Location: LAX
Programs: AA EXP 1.5MM, Asiana Club Silver, KE Morning Calm, Hyatt Platinum, Amtrak Select
Posts: 7,161
It's better at preventing a particular type of fraud we know about today, it's not better for CNP transactions that are growing in use, and it will eventually be easily compromised. Hopefully not until after the life cycle of the technology, and hopefully adjustments are made during its' life cycle to ensure that's promised is delivered, but this is not a set-it-and-forget-it technology.
Just like the time when the first EMV cards came out available for average Americans, anything is better than nothing.
Banks took the opportunity to shift responsibility to someone else and there is resistance. In the US, existing cardholder protections remain in place ($50 if reported in a given time window.) If instead the liability shift was to the consumer, consumer organizations would be likely objecting, not the merchants or banks. If anyone is objecting to this, it means objectionable features (flaws?) exist.
One is the failure to realize that EMV has become a defacto global standard. American cardholders expect more, like the ability to use their card anyplace, anywhere in the world.
American consumers were lead to believe that "Life takes VISA," "for everything else, there's MC" and "Don't Leave Home Without It" (AMEX). They watch ads and commercials where cardholders just whip out their cards in exotic locations and it gets accepted, totally hassle free and convenient. I'm pretty sure you'll all see this again in the next few days from the Sochi Winter Olympics as VISA is always the official Olympic sponsor.
And once Americans go on a journey abroad (and a growing number are, from retiring Baby-Boomers and curious Millennials), if they see a VISA, MC, or AMEX logo on a merchant in Bangkok, Thailand, a restaurant in Prague, Czech Republic, from the Shinkansen kiosk in Japan, they expect that it'll work without any problems just like they saw in the ads and commercials.
They don't expect hassles like the language barrier or that the non-human kiosks will not accept it. The VISA, MC, and AMEX card is supposed to be hassle free like the ads and commercials. And when they come home after their trip angry and tired, the last thing they want to hear are lame excuses like the memes on the wiki. They want issuers to do something about it and be proactive, not make spreadsheet excuses.
And one another flaw that they haven't considered is the overall cost and time wasted by all parties involved as these fraud cases start to happen more frequently here domestically. On paper, it sounds great that consumers aren't held liable for fraudulent purchases. But this is based on the basis that fraud cases are rare. Now it's happening more often, from TJX to Heartland, Michaels, the teenager at the McDonald's drive thru, the dishonest waiters in restaurants, organized crime setting up skimming devices at gas pumps, from Target to Neiman Marcus, and who's bound to be the next one?
It's happening a lot more often, it leads to more consumer frustration, loss of confidence in the system, and becomes a huge strain on time and money involved. Everytime there is a skimming fraud, everytime there's a security breach, the card has to be shutdown, a new card has to be manufactured and sent out, only to last a few months before the next big skimming fraud or breach happens again. The repetitive nature from frequency itself becomes a huge time and money strain on the consumers, retailers, and the issuers. And that doesn't include the bad PR effect either.
Last edited by kebosabi; Feb 5, 2014 at 10:30 am
Feb 5, 2014, 11:08 am
#2984
Join Date: Jul 2006
Location: LAX
Programs: AA EXP 1.5MM, Asiana Club Silver, KE Morning Calm, Hyatt Platinum, Amtrak Select
Posts: 7,161
Good article from my own state's capital newspaper
Swiping your plastic: Cards with microchips could become more common
Comes with a drawing of how EMV cards work with an odd placement of the chip in the upper left corner, instead of slightly off center left. What, was Google Images hard to do to replicate the illustration?
Interesting points in the article, confirming the consumer attitude as I wrote in the post before this:
Changing attitudes of retailers:
Swiping your plastic: Cards with microchips could become more common
Comes with a drawing of how EMV cards work with an odd placement of the chip in the upper left corner, instead of slightly off center left. What, was Google Images hard to do to replicate the illustration?
Interesting points in the article, confirming the consumer attitude as I wrote in the post before this:
Originally Posted by SacBee
“The magnitude, velocity and scope of these incidents is accelerating,” said OTA president Craig Spiezle. And it’s no accident that high-volume retailers such as Target are getting hit. “Cybercriminals are being more precise and sophisticated about who they’re targeting, in order to get the biggest payload.”
Dealing with cybertheft of credit/debit card information is a costly, unnerving headache.
Sacramentan Anne Bartkiewicz knows the hassle only too well. Last year, in June and October, two of her banks canceled and reissued her credit cards due to suspected data breaches. She had to redo all of her online bill payments, including her Amazon and Netflix accounts. This year, in January alone, she’s already been notified of possible fraudulent activity by several banks and retailers, including Target, which offered her free credit monitoring.
“I’ve been inundated with it. It’s been a pain,” said Bartkiewicz, who said she’s now monitoring her credit card statements online – daily.
Dealing with cybertheft of credit/debit card information is a costly, unnerving headache.
Sacramentan Anne Bartkiewicz knows the hassle only too well. Last year, in June and October, two of her banks canceled and reissued her credit cards due to suspected data breaches. She had to redo all of her online bill payments, including her Amazon and Netflix accounts. This year, in January alone, she’s already been notified of possible fraudulent activity by several banks and retailers, including Target, which offered her free credit monitoring.
“I’ve been inundated with it. It’s been a pain,” said Bartkiewicz, who said she’s now monitoring her credit card statements online – daily.
Changing attitudes of retailers:
Originally Posted by SacBee
That cost-benefit analysis is rapidly changing.
“It’s inevitable, going to a chip-and-PIN technology instead of a magnetic stripe,” said Bill Dombrowski, president and CEO of the California Retailers Association, which represents large retailers, department stores, fast-food outlets and other merchants.
In the past, he said, “America wasn’t ready for it,” but the increase in costly data breaches has changed attitudes about microchipped cards. “It’s a proven technology,” he said.
[snip]
Some grocery chains, such as West Sacramento-based Raley’s, which operates 128 stores in California and Nevada, are diving in.
“We are already investing in technology that will enable us to (handle) chip-and-PIN-enabled cards for our customers,” said Raley’s spokeswoman Nicole Townsend, who declined to disclose the cost. “Our goal is to as quickly as possible get them in place, and certainly well before the (October 2015) deadline.”
“It’s inevitable, going to a chip-and-PIN technology instead of a magnetic stripe,” said Bill Dombrowski, president and CEO of the California Retailers Association, which represents large retailers, department stores, fast-food outlets and other merchants.
In the past, he said, “America wasn’t ready for it,” but the increase in costly data breaches has changed attitudes about microchipped cards. “It’s a proven technology,” he said.
[snip]
Some grocery chains, such as West Sacramento-based Raley’s, which operates 128 stores in California and Nevada, are diving in.
“We are already investing in technology that will enable us to (handle) chip-and-PIN-enabled cards for our customers,” said Raley’s spokeswoman Nicole Townsend, who declined to disclose the cost. “Our goal is to as quickly as possible get them in place, and certainly well before the (October 2015) deadline.”
Feb 5, 2014, 1:07 pm
#2985
Join Date: Dec 2007
Location: SYR
Programs: US/AA-Platinum, Hilton-Diamond, Marriott-Gold, AVIS-Presidents Club, National-Executive Elite
Posts: 2,755
Sure, but majority of them are built just like computers that we use today: they're built with fairly easy peripheral add-on capability mindset. You're not going to throw away the entire system every time something new comes along, just like you're not going throw away your computer just because you need a new ink jet printer.
For a small restaurant with 6-9 registers you're talking thousands of dollars.