Go Back  FlyerTalk Forums > Miles&Points > Credit, Debit and Prepaid Card Programs > Credit Card Programs
Reload this Page >

USA EMV cards: Availability, Q&A (Chip & PIN or Signature) [2017>]

Old Jan 16, 2017, 11:23 am
FlyerTalk Forums Expert How-Tos and Guides
Last edit by: serpens


Older (archived) threads:
2012-2015 2016

What is EMV?
EMV is a standard for smart (or integrated-circuit, or chip) cards and the devices that can accept them. The standards are maintained by EMVCo and based on ISO 7816 (or ISO 14443 for contactless).

These cards come in two flavours: contact and contactless. Examples below:
----------------------------------------------------------

Notice the contactless indicator on the right-hand side (it looks like a sideways Wi-Fi symbol). It may also be found on the back of the card (for example, on the back of the new Costco credit card).


Where can I get a chip card?

Hawaiian717 operates a website with crowd-sourced information about various cards. You can adjust the search parameters to see cards with contactless, have PIN-primary authentication, etc.

Which businesses accept chip cards?

tmiw operates a website, also primarily crowd-sourced, that tracks chip-enabled merchants on a map. You can see if a merchant supports PIN, contactless, Quick Chip, et al.

Why doesn't my chip card ask for a PIN?

This is likely because you have a signature-preferring card. At this time, PIN-preferring cards issued in the US are rare. Not many financial institutions offer them; most of them instead provide Chip-and-Signature cards, which are programmed to prefer signature over PIN, if the card supports PIN at all.

What is the difference between Chip-and-Signature and Chip-and-PIN?

To the cardholder, the only major difference is how they authenticate themselves at the point of sale. The cardholder inserts their card as normal; instead of signing a screen or receipt, they will be asked to enter their PIN on the keypad.

[spoiler]

A few financial institutions issue some form of Chip-and-PIN credit cards or prepaid cards. Prepaid EMV cards however are not recommended due to junk fees.

Why no PIN? (cont.)
American debit cards are unique because they are psuedo-PIN-preferring cards. which may work at many automated kiosks. However, bear in mind the word may is used above is a context where there is no absolute certainty of success for certain environments such as automated kiosks due to different natures of offline and online transactions.

What is the difference between Chip-and-Signature and Chip-and-PIN? (cont.)

Most cards issued in the US are programmed to prefer signature, so save very few instances, they will prompt for a signature (unless the merchant sets a signature waiver). A PIN may be necessary in countries with mostly PIN-preferring cards when using unattended terminals (such as pay-at-the-pump or mass transit). If the card has a PIN for backup verification or ATMs, then that PIN should work. Otherwise, the card will be rejected. If the card is rejected, then either a.) the transaction must be performed by an attendant or b.) an alternative payment method will be required.

Some credit union issued credit cards will have this CVM (Cardholder Verification Method) as secondary if Chip-and-Signature cannot be done. Chip-and-PIN is the more prevalent method of authentication used outside the US, especially in transaction environments where no human interaction is needed (i.e. automated gas pumps, toll roads, train kiosks, etc.).

One chip can hold a lot more data, therefore it is capable of doing multiple verification methods. That's one of the great things about EMV over the mag-stripe which can hold very little data.

I want to know for sure what my EMV chip does. Is there anyway I can test out my own EMV card to see what the CVM list is?
alexmt has written up a nice step-by-step procedure on Post #3615.

If most of the EMV cards in the US is the Chip-and-Signature type, doesn't that mean it's still useless abroad?
Depends if you see it as glass half empty or glass half full. See Post #3 for further details on how Chip-and-Signature has worked both successfully and unsuccessfully depending on the merchant transaction environment and use your best judgment whether which one is right for you.


I don't want a chip in my card. I heard horror stories all over the media saying hackers can steal my credit card info from a mile away.


There are two types of chips. One is contactless and the other is contact. Cards can be either one or the other, or both.

In the Google Docs spreadsheet, the cards that are capable of contactless payments are listed seperately under the "RFID or NFC contactless chip" column. If it says yes, then that means it has the ability to do contactless payments. If it says no, it doesn't have that feature.

The one that the media has overhyped about hackers "stealing your information wirelessly" was the contactless type like this:

You are worried about this happening, right?

You don't have to worry. EMV is a chip standard that can have both contact and contactless interfaces. With the traditional contact interface, this means you actually have to physically insert the chip into a POS terminal for it to be authorized, like this:

With the contact interface, nothing is wireless. No data is sent out in a stand-alone contact type EMV chip. With the EMV contactless interface, data is sent wirelessly.

Furthermore, contactless chip cards are required to show a symbol (looks like Wi-Fi symbol) somewhere on the card that to denote its capability as a contactless card. For example, here's an example of a Discover Card with contactless capability (in which Discover calls "Discover ZIP") showing the contactless symbol on the back of the card:

Don't believe everything that the media says. Besides, millions of people all over the world from London to Singapore, uses contactless payments daily in extremely crowded subways and mass transit with nary any problems. There are multiple layers of encrypted securities and keys that are needed to break the code.

Frankly, giving your physical card to a waiter/waitress who takes the card out of your view is much more susceptible to fraud than contactless payments.

Why should I care?
If you are an international traveler, you will want this because majority of the world has or in the process of converting to this payment format.

In fact, in 2012, even North Korea moved to the EMV format, leaving the US as one of the countries in the world that hasn't done so.

In addition, VISA, MC, AMEX, and Discover have all agreed to incentivize the USA shifting to EMV payments by 2015 by shifting liability for fraudulent transactions to merchants if they do not have EMV equipment and the cardholder has an EMV card. So if you travel internationally or would like to get one before the others, you might be interested in getting one.


BS! I had no problems using my card in [insert whereever country], [insert whatever point in time]
If you stick to the tourist path where they have lots of visitors from the US, you should have no problems using your mag-stripe only card in hotels and restaurants, at least for now. But as things can change as things go forward.

However, consider that once you start taking the off-beaten path, go to non-touristy places where they are not familiar with mag-stripes, rent a car and use toll roads, fill up gas, or try to buy train tickets you might end up into a trouble of the machine not recognizing your card because it lacks the chip. Furthermore, a lot of toll roads, gas pumps, and automated ticket machines lack any human assistance to help you when you need it the most.

But [insert credit card company] told me all merchants that display their logo must accept them! All I have to do is report them for violating their agreements, right?
There are several factors against this.

1. You can only speak English. The merchant representative, most likely a part-time clerk earning minimum wage, speaks in a different language, let's say French. If you have no French language skills, how are you going to get your point across? Are you going to whip out your cell phone at exorbitant int'l roaming charges and hope the customer service is going to translate it for you on the spot? Or maybe you might actually know French. But how about Swahili, Farsi, Balinese, or the multiple languages in mainland China?

2. Just like US, the rest of the world's businesses uses part-time minimum wage workers as cashiers to cut down on labor costs. Most of their SOP training manuals are written by MBA types to not to do anything they are not familiar with. Do not expect them to understand the intricate details of credit card mumbo jumbo. You don't expect Taco Bell employees to understand the minute details of Discover-JCB-Union Pay agreements, right? Same thing the other way around: be respectful as a guest in their country, prepare in advance in their ways, avoid being an "ugly American" stereotype.

3. You are a guest in their country. You are a minority. If 99.9% of their country's people and other tourists from around the world uses EMV, do you really think they are going to accomodate the 0.1% of American tourists who only have mag-stripes credit cards?

4. Again, you are a guest in their country. How would you, as an American standing in line, react if a Chinese tourist was clogging up the lines at a local Taco Bell because the clerk doesn't understand the Discover-Union Pay agreement and has trouble communicating between Mandarin spoken by the tourist and English spoken by the Taco Bell clerk? Same way the other way around. You do not want to clog up the lines for everyone. The less hassle, the better.

5. VISA and MC make tons of money from merchants in that country. Say SNCF French Rail. It's a billion dollar company in France. Do you think VISA is going to pull the plug of their relationship with SNCF because SNCF refuses to do mag-stripe processing at their unmanned train station kiosk? Of course not. Be realistic.

6. And lastly, if you're up against an unstaffed toll kiosk, gas pump or train ticket machine, are you going to yell curses at the machine?

But I want my credit card to be able to be used in the US too!
No worries. They have not gotten rid of the mag-stripe on the back of the card for backward compatibility reasons, just like we still have embossed numbers on our cards for backwards compatibility to using those old carbon copy imprinters.

[insert own Hyatt card image front and back together with red arrows pointing to all the backward compatibility features]

You use the chip on the front of the card abroad (for now), and the mag-stripe just like any other card for the US. Basically, you're increasing your credit card's acceptance rate by getting a card that both via the chip and the mag-stripe. You're getting a better deal for free.

And when 2015 comes along and US switches to EMV, you'll be way ahead of everyone else too!


So why did the rest of the world and the US moved/moving toward EMV?
Primarily, due to fraud concerns. You see, the mag-stripe has been with us since the 1950s. It may have been the most high tech thing back in the day, but with the technology that is available today, any shmo can pick up a $100 USB magnetic card skimming device off of eBay and get your credit card info.

And unlike skimming off contactless cards which actually need the person to have l33t programming skills, skimming off a magnetic stripe has become so ubiquitous that nary a day goes about skimming fraud going on somewhere in America, from gas pumps, Michael's stores (2011), Target breaches (2013), restaurant waiters/waitresses, to even McDonald's drive thrus.

https://www.google.com/search?q=skimming+fraud

These type of fraud used to be prevalent in Europe. But once they started switching over to EMV starting over 2 decades ago, this type of fraud went elsewhere. It went over to Asia, Canada and Mexico, Latin America, etc. etc. until they too began implementing EMV to combat skimming fraud. The US is practically the only country left that hasn't done so, therefore all the fraud that used to take place elsewhere is now happening here.


But EMV is old and it's not fool proof. Shouldn't we just skip over it and do something new instead?
Yes, EMV is old. It was developed in the 1990s, and its smart card payment predecessor was first introduced in France. But as of today, it has become the de-facto global standard of payments.

But then, what else is there? There is no other de facto global standard of payments alternative. For example, if we decide to skip over it and do something new, hypothetically like DNA matching technology, it still means US int'l travelers will continue to have problems abroad with useless plastic acceptance because no other country is using this DNA matching technology except the US.

Besides, nothing is fool proof. You can say that the bank vault isn't fool proof because you can crack it open if enough C4 is used. But your average low-life scumbag isn't likely to get military grade C4 easily either. But the bank vault does make it harder to get the bank's money over say a petty cash box. That's the point here. EMV is akin to a security tight bank vault, the old mag-stripe is akin to a petty cash box lying around inside the drawer.


I'm a business owner and I don't think EMV is going to take off. I'm not going to spend extra hundreds of dollars to upgrade my credit card machine. Convince me other wise why I should.
I can understand the added extra cost to your business once this switchover takes place. But before even saying that, look at your existing POS terminal. Does it have a slot somewhere to insert a card?

Most likely, if you had replaced your POS terminal within the past five years, you already have an EMV capable terminal. EMV is basically just not turned on yet from the processor and acquirer side.

If you have an EMV capable terminal, then a best bet would be to contact your acquirer to have the EMV feature turned on. You did your end of the deal already by having an EMV capable terminal, it is now the acquirers' responsibility to turn it on in accordance to the EMV switchover mandate.

And if you don't, you are going to replace your POS terminal anyway from common wear and tear. It isn't a hard switch-over. You can continue to use your POS terminal until it dies out because EMV cardholders will still have the mag-stripe on the back. And by the time your non-EMV capable POS terminal is up for replacement the market will be full with these newer POS terminals that can accept the mag-stripe, EMV, as well as contactless payments.

In addition, you may also want to check with your acquirer or processor about EMV capable terminals. Some of them are willing to replace your terminal for free in preparation for the US EMV switchover. Call and ask for details.


But what's in it for me? I'm the one that has to pay for the upgrade.
All the major card networks have given incentives for merchants for the upcoming EMV switchover.

If 75% or more of your credit card transactions are done on an EMV contact and contactless terminal, they are going to waive your annual PCI-DSS fees, which usually costs you around $5.00-$19.95/month per terminal. The overall long term cost savings of those compliance fees will be larger than the cost of an one time upgrade for the terminal.

The downside is that once EMV switchover happens and if you do not have a POS terminal that is able to accept EMV, the fraud liability shifts over to the merchant.
Print Wikipost

USA EMV cards: Availability, Q&A (Chip & PIN or Signature) [2017>]

Old May 18, 2017, 3:57 pm
  #1516  
FlyerTalk Evangelist
 
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,433
Originally Posted by RedLight2015
Is it just flashing or a solid light?
Solid.
tmiw is offline  
Old May 18, 2017, 4:52 pm
  #1517  
 
Join Date: Nov 2012
Posts: 3,537
Originally Posted by tmiw
Solid.
Should be ready to tap. If it isn't, that's non-compliant.
AllieKat is offline  
Old May 18, 2017, 6:52 pm
  #1518  
 
Join Date: Mar 2017
Programs: HHonors, TrueBlue, Delta SkyMiles, Hyatt Discoverist, Starwood Preferred Guest, American Airlines.
Posts: 2,035
Originally Posted by JEFFJAGUAR
Mike...back in 2012 one of the arguments against going with chip and pin by some was it would give banks a better handle on b;laming consumers for fraud. Bear in mind, by federal law, a law passed in1969 believe it or not, one's liability for fraud is limited to $50. There isn't a bank I know of, however, who makes any effort to collect the $50; hence the claim of no liability for fraud. Basically and this is the part one must bear in mind, the banks make a lot of money on their plastic card operations and don't want to do anything to discourage people from using their cards. Zero liability for fraud is one of those.
It depends on what you're talking about. In this case I'm talking more in the debit card sector. Banks aren't as favorable with debit cards as they are with credit card fraud protections, especially small credit unions who might not have the budget to have their own investigation teams. Some banks like Chase and BoA have great debit card protections, but they aren't all equal when it comes to debit cards vs. what's equal for credit cards.

Your liability for debit is limited to $50, except for after two business days, and then it goes up to $500, and then unlimited after 60 days. I think after two business days many banks will hold you liable for the amount up to $500. After all, losing a few customers probably doesn't matter to them - they'd rather just get their $465 back from the customer due to their carelessness than eat the cost. Think about how long it takes for a customer to earn a bank $465 from debit swipe fees with how much Durbin put a stranglehold on the amount banks/issuers can charge.
mikesyr18 is offline  
Old May 18, 2017, 7:20 pm
  #1519  
 
Join Date: Oct 2015
Location: Northern Virginia
Posts: 1,592
Originally Posted by mikesyr18
It depends on what you're talking about. In this case I'm talking more in the debit card sector. Banks aren't as favorable with debit cards as they are with credit card fraud protections, especially small credit unions who might not have the budget to have their own investigation teams. Some banks like Chase and BoA have great debit card protections, but they aren't all equal when it comes to debit cards vs. what's equal for credit cards.

Your liability for debit is limited to $50, except for after two business days, and then it goes up to $500, and then unlimited after 60 days. I think after two business days many banks will hold you liable for the amount up to $500. After all, losing a few customers probably doesn't matter to them - they'd rather just get their $465 back from the customer due to their carelessness than eat the cost. Think about how long it takes for a customer to earn a bank $465 from debit swipe fees with how much Durbin put a stranglehold on the amount banks/issuers can charge.
Yeah...no. Federal Law mandates the $50 maximum liability, but almost all banks will say to hell with the $50, as we have so many banking options and can easily move elsewhere. I know I would change if COF tried to hold me liable (after getting my money back).

As for banks making money, card processing fees are far from the only revenue source. They only have to keep a small percentage of your deposits as a reserve, but they can take the rest of the money and make some sweet interest by loaning it out.
emmanuel_t is offline  
Old May 18, 2017, 7:28 pm
  #1520  
 
Join Date: Mar 2017
Programs: HHonors, TrueBlue, Delta SkyMiles, Hyatt Discoverist, Starwood Preferred Guest, American Airlines.
Posts: 2,035
Originally Posted by emmanuel_t
Yeah...no. Federal Law mandates the $50 maximum liability, but almost all banks will say to hell with the $50, as we have so many banking options and can easily move elsewhere. I know I would change if COF tried to hold me liable (after getting my money back).

As for banks making money, card processing fees are far from the only revenue source. They only have to keep a small percentage of your deposits as a reserve, but they can take the rest of the money and make some sweet interest by loaning it out.
Ummm, read up again.

https://www.consumer.ftc.gov/article...nd-debit-cards

Also, read here:

With ATM or debit cards, you must act quickly in order to avoid full liability for unauthorized charges when your card is lost or stolen. Under the federal Electronic Fund Transfer Act, your liability is:

$0 if you report the loss or theft of the card immediately and the card has not been used.

Up to $50 if you notify the bank within two business days after you realize the card is missing

Up to $500 if you fail to notify the bank within two business days after you realize the card is missing, but do notify the bank within 60 days after your bank statement is mailed to you listing the unauthorized withdrawals, or
unlimited if you fail to notify the bank within 60 days after your bank statement is mailed to you listing the unauthorized withdrawals.
mikesyr18 is offline  
Old May 18, 2017, 7:33 pm
  #1521  
 
Join Date: Oct 2015
Location: Northern Virginia
Posts: 1,592
Originally Posted by mikesyr18
Ummm, read up again.

https://www.consumer.ftc.gov/article...nd-debit-cards

Also, read here:
I understand that, but my point seems to have escaped you. I'm saying that legislation is different from practice. Most banks won't bother you about the $50/$500, even though they are legally permitted to hold you liable up to that amount.
emmanuel_t is offline  
Old May 18, 2017, 7:39 pm
  #1522  
 
Join Date: Mar 2017
Programs: HHonors, TrueBlue, Delta SkyMiles, Hyatt Discoverist, Starwood Preferred Guest, American Airlines.
Posts: 2,035
Originally Posted by emmanuel_t
I understand that, but my point seems to have escaped you. I'm saying that legislation is different from practice. Most banks won't bother you about the $50/$500, even though they are legally permitted to hold you liable up to that amount.
You said federal law mandates $50 liability, which is not true. You're thinking of credit cards, not debit cards.

I think the law needs to be updated, but congress is too stupid to do so... They can't even pass a replacement for Dodd-Frank or come up with a healthcare solution. It shouldn't be that hard to take five minutes to officially cap all debit card fraud, including with a PIN to $50 maximum. In fact I think it should have been written as an amendment in the Dodd-Frank act while they scapped the EFTA.
mikesyr18 is offline  
Old May 18, 2017, 7:55 pm
  #1523  
 
Join Date: Jul 2007
Posts: 1,762
...all of which shows why it is not prudent to use a debit card in lieu of a credit card. I do understand there are people who have lousy credit who have no choice or limited choice but other than that, I most heartily recommend you not use the "credit card" feature of a debit card. You will probably get your money back but why hassle about it?
JEFFJAGUAR is offline  
Old May 18, 2017, 8:07 pm
  #1524  
 
Join Date: Mar 2017
Programs: HHonors, TrueBlue, Delta SkyMiles, Hyatt Discoverist, Starwood Preferred Guest, American Airlines.
Posts: 2,035
Originally Posted by JEFFJAGUAR
...all of which shows why it is not prudent to use a debit card in lieu of a credit card. I do understand there are people who have lousy credit who have no choice or limited choice but other than that, I most heartily recommend you not use the "credit card" feature of a debit card. You will probably get your money back but why hassle about it?
I still think it needs to be changed. I talk up how great credit cards can be, but certain (and most) people seem to like the fact that the item is paid for once you use the card. Credit card debt is such a big problem in this country that the debit card protection laws should match credit card protections.
mikesyr18 is offline  
Old May 18, 2017, 8:11 pm
  #1525  
FlyerTalk Evangelist
 
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,433
Originally Posted by mikesyr18
You said federal law mandates $50 liability, which is not true. You're thinking of credit cards, not debit cards.
Some fun reading if you're curious: https://www.federalreserve.gov/board...l/cch/efta.pdf

If you don't want to read the whole thing, the table on page 13 goes into extreme detail as to one's maximum liability for debit card fraud. "Maximum" because as mentioned above, most banks and CUs don't bother. And if you still have the card in your possession, there's zero liability by law as long as you don't wait more than 60 days.

Page 12 also mentions that only the amount of time before reporting can be taken into consideration. That is, the usage of PIN is not justification of cardholder liability.

Based on that, I'm not really seeing the need for new or changed laws.
tmiw is offline  
Old May 18, 2017, 8:14 pm
  #1526  
 
Join Date: Oct 2014
Programs: Skymiles
Posts: 3,243
Originally Posted by tmiw
Some fun reading if you're curious: https://www.federalreserve.gov/board...l/cch/efta.pdf

If you don't want to read the whole thing, the table on page 13 goes into extreme detail as to one's maximum liability for debit card fraud. "Maximum" because as mentioned above, most banks and CUs don't bother. And if you still have the card in your possession, there's zero liability by law as long as you don't wait more than 60 days.

Page 12 also mentions that only the amount of time before reporting can be taken into consideration. That is, the usage of PIN is not justification of cardholder liability.

Based on that, I'm not really seeing the need for new or changed laws.
A lot of banks also market their zero liability, Wells Fargo called theirs WellsProtect, and Bank of America called theirs Total Security Protection., where Chase just simply called theirs "Zero Liability Protection"...However these aren't law, the banks just offered them. The law is $50
RedLight2015 is offline  
Old May 18, 2017, 8:18 pm
  #1527  
FlyerTalk Evangelist
 
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,433
Originally Posted by RedLight2015
A lot of banks also market their zero liability, Wells Fargo called theirs WellsProtect, and Bank of America called theirs Total Security Protection., where Chase just simply called theirs "Zero Liability Protection"...However these aren't law, the banks just offered them. The law is $50
They can probably do that because the vast majority of fraud by far is CNP and counterfeit fraud, which they can't make the cardholder pay for anyway. Unless said cardholder procrastinates for more than two months, of course.
tmiw is offline  
Old May 18, 2017, 8:44 pm
  #1528  
 
Join Date: Mar 2017
Programs: HHonors, TrueBlue, Delta SkyMiles, Hyatt Discoverist, Starwood Preferred Guest, American Airlines.
Posts: 2,035
Originally Posted by tmiw
Some fun reading if you're curious: https://www.federalreserve.gov/board...l/cch/efta.pdf

If you don't want to read the whole thing, the table on page 13 goes into extreme detail as to one's maximum liability for debit card fraud. "Maximum" because as mentioned above, most banks and CUs don't bother. And if you still have the card in your possession, there's zero liability by law as long as you don't wait more than 60 days.

Page 12 also mentions that only the amount of time before reporting can be taken into consideration. That is, the usage of PIN is not justification of cardholder liability.

Based on that, I'm not really seeing the need for new or changed laws.
The federal reserve doesn't write laws. In fact it's not even part of any branch of government despite its name.

God forbid there should be thoroughness though, lets just leave the law outdated then.
mikesyr18 is offline  
Old May 18, 2017, 8:58 pm
  #1529  
FlyerTalk Evangelist
 
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,433
Originally Posted by mikesyr18
The federal reserve doesn't write laws. In fact it's not even part of any branch of government despite its name.
The Electronic Funds Transfer Act is a law, though, as it passed both houses of Congress and was signed by the President at the time. It also gave the Federal Reserve authority to implement said law, as evidenced by the page from their website.

BTW the Fed's leadership is nominated by the President and confirmed by the Senate. I'm not sure how that doesn't make them part of the government.
tmiw is offline  
Old May 18, 2017, 8:59 pm
  #1530  
 
Join Date: Oct 2015
Location: Northern Virginia
Posts: 1,592
Originally Posted by mikesyr18
The federal reserve doesn't write laws. In fact it's not even part of any branch of government despite its name.
I don't see how that's relevant. They also do have authority...
emmanuel_t is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.