Jan 16, 2017, 10:23 am
Last edit by: serpens
What is EMV?
EMV is a standard for smart (or integrated-circuit, or chip) cards and the devices that can accept them. The standards are maintained by EMVCo and based on ISO 7816 (or ISO 14443 for contactless).
These cards come in two flavours: contact and contactless. Examples below:
----------------------------------------------------------
Notice the contactless
indicator on the right-hand side (it looks like a sideways Wi-Fi symbol). It may also be found on the back of the card (for example, on the back of the new Costco credit card).Where can I get a chip card?
Hawaiian717 operates a website with crowd-sourced information about various cards. You can adjust the search parameters to see cards with contactless, have PIN-primary authentication, etc.
Which businesses accept chip cards?
tmiw operates a website, also primarily crowd-sourced, that tracks chip-enabled merchants on a map. You can see if a merchant supports PIN, contactless, Quick Chip, et al.
Why doesn't my chip card ask for a PIN?
This is likely because you have a signature-preferring card. At this time, PIN-preferring cards issued in the US are rare. Not many financial institutions offer them; most of them instead provide Chip-and-Signature cards, which are programmed to prefer signature over PIN, if the card supports PIN at all.
What is the difference between Chip-and-Signature and Chip-and-PIN?
To the cardholder, the only major difference is how they authenticate themselves at the point of sale. The cardholder inserts their card as normal; instead of signing a screen or receipt, they will be asked to enter their PIN on the keypad.
[spoiler]
A few financial institutions issue some form of Chip-and-PIN credit cards or prepaid cards. Prepaid EMV cards however are not recommended due to junk fees.
Why no PIN? (cont.)
American debit cards are unique because they are psuedo-PIN-preferring cards. which may work at many automated kiosks. However, bear in mind the word may is used above is a context where there is no absolute certainty of success for certain environments such as automated kiosks due to different natures of offline and online transactions.
What is the difference between Chip-and-Signature and Chip-and-PIN? (cont.)
Most cards issued in the US are programmed to prefer signature, so save very few instances, they will prompt for a signature (unless the merchant sets a signature waiver). A PIN may be necessary in countries with mostly PIN-preferring cards when using unattended terminals (such as pay-at-the-pump or mass transit). If the card has a PIN for backup verification or ATMs, then that PIN should work. Otherwise, the card will be rejected. If the card is rejected, then either a.) the transaction must be performed by an attendant or b.) an alternative payment method will be required.
Some credit union issued credit cards will have this CVM (Cardholder Verification Method) as secondary if Chip-and-Signature cannot be done. Chip-and-PIN is the more prevalent method of authentication used outside the US, especially in transaction environments where no human interaction is needed (i.e. automated gas pumps, toll roads, train kiosks, etc.).
One chip can hold a lot more data, therefore it is capable of doing multiple verification methods. That's one of the great things about EMV over the mag-stripe which can hold very little data.
I want to know for sure what my EMV chip does. Is there anyway I can test out my own EMV card to see what the CVM list is?
alexmt has written up a nice step-by-step procedure on Post #3615.
If most of the EMV cards in the US is the Chip-and-Signature type, doesn't that mean it's still useless abroad?
Depends if you see it as glass half empty or glass half full. See Post #3 for further details on how Chip-and-Signature has worked both successfully and unsuccessfully depending on the merchant transaction environment and use your best judgment whether which one is right for you.
I don't want a chip in my card. I heard horror stories all over the media saying hackers can steal my credit card info from a mile away.
There are two types of chips. One is contactless and the other is contact. Cards can be either one or the other, or both.
In the Google Docs spreadsheet, the cards that are capable of contactless payments are listed seperately under the "RFID or NFC contactless chip" column. If it says yes, then that means it has the ability to do contactless payments. If it says no, it doesn't have that feature.
The one that the media has overhyped about hackers "stealing your information wirelessly" was the contactless type like this:
You are worried about this happening, right?
You don't have to worry. EMV is a chip standard that can have both contact and contactless interfaces. With the traditional contact interface, this means you actually have to physically insert the chip into a POS terminal for it to be authorized, like this:
With the contact interface, nothing is wireless. No data is sent out in a stand-alone contact type EMV chip. With the EMV contactless interface, data is sent wirelessly.
Furthermore, contactless chip cards are required to show a symbol (looks like Wi-Fi symbol) somewhere on the card that to denote its capability as a contactless card. For example, here's an example of a Discover Card with contactless capability (in which Discover calls "Discover ZIP") showing the contactless symbol on the back of the card:
Don't believe everything that the media says. Besides, millions of people all over the world from London to Singapore, uses contactless payments daily in extremely crowded subways and mass transit with nary any problems. There are multiple layers of encrypted securities and keys that are needed to break the code.
Frankly, giving your physical card to a waiter/waitress who takes the card out of your view is much more susceptible to fraud than contactless payments.
Why should I care?
If you are an international traveler, you will want this because majority of the world has or in the process of converting to this payment format.
In fact, in 2012, even North Korea moved to the EMV format, leaving the US as one of the countries in the world that hasn't done so.
In addition, VISA, MC, AMEX, and Discover have all agreed to incentivize the USA shifting to EMV payments by 2015 by shifting liability for fraudulent transactions to merchants if they do not have EMV equipment and the cardholder has an EMV card. So if you travel internationally or would like to get one before the others, you might be interested in getting one.
BS! I had no problems using my card in [insert whereever country], [insert whatever point in time]
If you stick to the tourist path where they have lots of visitors from the US, you should have no problems using your mag-stripe only card in hotels and restaurants, at least for now. But as things can change as things go forward.
However, consider that once you start taking the off-beaten path, go to non-touristy places where they are not familiar with mag-stripes, rent a car and use toll roads, fill up gas, or try to buy train tickets you might end up into a trouble of the machine not recognizing your card because it lacks the chip. Furthermore, a lot of toll roads, gas pumps, and automated ticket machines lack any human assistance to help you when you need it the most.
But [insert credit card company] told me all merchants that display their logo must accept them! All I have to do is report them for violating their agreements, right?
There are several factors against this.
1. You can only speak English. The merchant representative, most likely a part-time clerk earning minimum wage, speaks in a different language, let's say French. If you have no French language skills, how are you going to get your point across? Are you going to whip out your cell phone at exorbitant int'l roaming charges and hope the customer service is going to translate it for you on the spot? Or maybe you might actually know French. But how about Swahili, Farsi, Balinese, or the multiple languages in mainland China?
2. Just like US, the rest of the world's businesses uses part-time minimum wage workers as cashiers to cut down on labor costs. Most of their SOP training manuals are written by MBA types to not to do anything they are not familiar with. Do not expect them to understand the intricate details of credit card mumbo jumbo. You don't expect Taco Bell employees to understand the minute details of Discover-JCB-Union Pay agreements, right? Same thing the other way around: be respectful as a guest in their country, prepare in advance in their ways, avoid being an "ugly American" stereotype.
3. You are a guest in their country. You are a minority. If 99.9% of their country's people and other tourists from around the world uses EMV, do you really think they are going to accomodate the 0.1% of American tourists who only have mag-stripes credit cards?
4. Again, you are a guest in their country. How would you, as an American standing in line, react if a Chinese tourist was clogging up the lines at a local Taco Bell because the clerk doesn't understand the Discover-Union Pay agreement and has trouble communicating between Mandarin spoken by the tourist and English spoken by the Taco Bell clerk? Same way the other way around. You do not want to clog up the lines for everyone. The less hassle, the better.
5. VISA and MC make tons of money from merchants in that country. Say SNCF French Rail. It's a billion dollar company in France. Do you think VISA is going to pull the plug of their relationship with SNCF because SNCF refuses to do mag-stripe processing at their unmanned train station kiosk? Of course not. Be realistic.
6. And lastly, if you're up against an unstaffed toll kiosk, gas pump or train ticket machine, are you going to yell curses at the machine?
But I want my credit card to be able to be used in the US too!
No worries. They have not gotten rid of the mag-stripe on the back of the card for backward compatibility reasons, just like we still have embossed numbers on our cards for backwards compatibility to using those old carbon copy imprinters.
[insert own Hyatt card image front and back together with red arrows pointing to all the backward compatibility features]
You use the chip on the front of the card abroad (for now), and the mag-stripe just like any other card for the US. Basically, you're increasing your credit card's acceptance rate by getting a card that both via the chip and the mag-stripe. You're getting a better deal for free.
And when 2015 comes along and US switches to EMV, you'll be way ahead of everyone else too!
So why did the rest of the world and the US moved/moving toward EMV?
Primarily, due to fraud concerns. You see, the mag-stripe has been with us since the 1950s. It may have been the most high tech thing back in the day, but with the technology that is available today, any shmo can pick up a $100 USB magnetic card skimming device off of eBay and get your credit card info.
And unlike skimming off contactless cards which actually need the person to have l33t programming skills, skimming off a magnetic stripe has become so ubiquitous that nary a day goes about skimming fraud going on somewhere in America, from gas pumps, Michael's stores (2011), Target breaches (2013), restaurant waiters/waitresses, to even McDonald's drive thrus.
https://www.google.com/search?q=skimming+fraud
These type of fraud used to be prevalent in Europe. But once they started switching over to EMV starting over 2 decades ago, this type of fraud went elsewhere. It went over to Asia, Canada and Mexico, Latin America, etc. etc. until they too began implementing EMV to combat skimming fraud. The US is practically the only country left that hasn't done so, therefore all the fraud that used to take place elsewhere is now happening here.
But EMV is old and it's not fool proof. Shouldn't we just skip over it and do something new instead?
Yes, EMV is old. It was developed in the 1990s, and its smart card payment predecessor was first introduced in France. But as of today, it has become the de-facto global standard of payments.
But then, what else is there? There is no other de facto global standard of payments alternative. For example, if we decide to skip over it and do something new, hypothetically like DNA matching technology, it still means US int'l travelers will continue to have problems abroad with useless plastic acceptance because no other country is using this DNA matching technology except the US.
Besides, nothing is fool proof. You can say that the bank vault isn't fool proof because you can crack it open if enough C4 is used. But your average low-life scumbag isn't likely to get military grade C4 easily either. But the bank vault does make it harder to get the bank's money over say a petty cash box. That's the point here. EMV is akin to a security tight bank vault, the old mag-stripe is akin to a petty cash box lying around inside the drawer.
I'm a business owner and I don't think EMV is going to take off. I'm not going to spend extra hundreds of dollars to upgrade my credit card machine. Convince me other wise why I should.
I can understand the added extra cost to your business once this switchover takes place. But before even saying that, look at your existing POS terminal. Does it have a slot somewhere to insert a card?
Most likely, if you had replaced your POS terminal within the past five years, you already have an EMV capable terminal. EMV is basically just not turned on yet from the processor and acquirer side.
If you have an EMV capable terminal, then a best bet would be to contact your acquirer to have the EMV feature turned on. You did your end of the deal already by having an EMV capable terminal, it is now the acquirers' responsibility to turn it on in accordance to the EMV switchover mandate.
And if you don't, you are going to replace your POS terminal anyway from common wear and tear. It isn't a hard switch-over. You can continue to use your POS terminal until it dies out because EMV cardholders will still have the mag-stripe on the back. And by the time your non-EMV capable POS terminal is up for replacement the market will be full with these newer POS terminals that can accept the mag-stripe, EMV, as well as contactless payments.
In addition, you may also want to check with your acquirer or processor about EMV capable terminals. Some of them are willing to replace your terminal for free in preparation for the US EMV switchover. Call and ask for details.
But what's in it for me? I'm the one that has to pay for the upgrade.
All the major card networks have given incentives for merchants for the upcoming EMV switchover.
If 75% or more of your credit card transactions are done on an EMV contact and contactless terminal, they are going to waive your annual PCI-DSS fees, which usually costs you around $5.00-$19.95/month per terminal. The overall long term cost savings of those compliance fees will be larger than the cost of an one time upgrade for the terminal.
The downside is that once EMV switchover happens and if you do not have a POS terminal that is able to accept EMV, the fraud liability shifts over to the merchant.
USA EMV cards: Availability, Q&A (Chip & PIN or Signature) [2017>]
May 21, 2017, 7:12 am
#1576
Join Date: Nov 2014
Location: NYC
Posts: 557
Exactly. But what we don't know is what IS a UnionPay fallback in the US treated as? Technically the merchant isn't EMV compliant for UnionPay so logically the merchant is liable. But if it goes onto Discover it may be treated as a fallback since they're otherwise compliant for Discover. Does anyone know?
May 21, 2017, 7:14 am
#1577
Join Date: Nov 2012
Posts: 3,537
I didn't literally mean the terminal flag but rather for the liability shift rules. As you know, you're allowed a small percentage of transactions on non EMV equipment and you can still avoid all liability. Intended for backup/emergency situations. As long as UnionPay is rare would Discover include UnionPay in this amount?
May 21, 2017, 7:27 am
#1578
Join Date: Jul 2007
Posts: 1,762
True but because non chip cards are such easy pickings, it hasn't been a priority. I don't believe anything is so secure, it can't be hacked. It may take time, but it will happen I think. If notk I'm wrong.
May 21, 2017, 7:37 am
#1579
Join Date: Nov 2012
Posts: 3,537
We've already seen some insecure modes phased out (SDA, contactless magstripe). While massively more secure than a magnetic stripe these modes weren't adequate. With time, we will likely see longer key lengths, etc used. Some of that can be done with no changes to the EMV protocol.
Attacks against poor implementations will always be a risk. Places like Wegmans and Rue21 becoming fraud targets for their used of ancient contactless tech is a matter of when, not if.
Sometimes a bank may even be so terrible fake chip transactions are authorised in huge amounts... It has happened.
May 21, 2017, 8:17 am
#1580
Join Date: Nov 2014
Location: NYC
Posts: 557
There was also that credit union (I think) here in the US that switched to EMV but wasn't actually checking cryptograms at all, so they approved shedloads of fraudulent transactions.
May 21, 2017, 9:50 am
#1581
Join Date: Nov 2012
Posts: 3,537
Chipping away at the edges will continue. It doesn't mean EMV is broken. Tho features may need updates, keys may need lengthened, etc over time; the basis of public-private key exchange and cryptogram generation are cryptographically sound. Properly implemented encryption works. That's one of the few security certainties we have.
Proper implementation is key, but the EMV standard allows the implementation to be relatively seemlessly updated. Features like SDA and contactless MSD have been killed with little issue (outside idiotic and lazy shops in the US refusing to update their contactless implementation or, worse, doing brand new systems using MSD mode).
The networks plan to eliminate offline contactless later this year in the UK. I expect this to go without a hitch, except possibly for American Express (I don't know if this is why Amex Pay and Apple Pay have issues at some shops Amex cards work at, but if this is the reason obviously it'll break at those shops - but AFAIK that's only Tesco left. Others have fixed it).
This isn't due to the security of the data authentication, but rather is to allow issuers to instantly kill lost/stolen cards.
I also expect it to increase customer satisfaction with contactless, as offline mode transactions are one of the big customer complaints.
May 21, 2017, 11:26 am
#1582
Join Date: Jul 2009
Location: SJC
Programs: AA, AS, Marriott
Posts: 6,060
The reason I have the ICBC UnionPay card is not for transactions in the US. The reason I have the card is for transactions in Mainland China. While Discover and UnionPay in theory have an interoperability agreement, in practice it's becoming more and more difficult to use. Furthermore, a Discover card will not work over the UnionPay networks in other locations, such as Hong Kong and Macau (or even other countries), only in Mainland China. This was the original intention of the card. UnionPay enjoys wide acceptance in China, doesn't have DCC, and the card from ICBC US has a 0% FTF and 0 AF. In practice, the exchange rate is about 0.25% - 0.50% above the exchange rate, but it's still preferable to the cases of forced DCC in Mainland China when otherwise unavoidable.
Discover cards are far more likely to be refused in Mainland China - there are multiple threads on FlyerTalk focusing on using Discover in China - than UnionPay cards are to be refused in the US. Cashiers in the US for the most part are willing to try a card and only look at the card when the transaction doesn't work. There are multiple reports of Discover cards being refused for not bearing the UnionPay logo, and some more enterprising members of FlyerTalk had even gotten UnionPay logo stickers manufactured to help with this problem.
What added to this problem is enabling EMV in both countries since each card processes transactions differently. Discover uses EMV and UnionPay uses PBOC for chipped transactions. Since US networks think that a UnionPay is a Discover card, the transaction will fail unless swiped. Only if the terminal is aware of UnionPay natively and supports PBOC will a chipped transaction go through.
Back in December when I used the UnionPay card at Target, the system didn't care whether or not I inserted or swiped. Judging by the number of people I still see trying to swipe their cards, I don't think it's too much of a problem. I did try to insert the card first, which failed as expected, prior to swiping. I can try swiping first next time at a merchant with EMV.
As for contactless, I couldn't get QuickPass to work even though the card bears the QuickPass logo. It also didn't work in in Hong Kong at 2 separate merchants with EMV contactless enabled and native UnionPay support. I also didn't get it to work at Panera Bread back in December when I used the card stateside. I have not yet tried to use the feature in Mainland China.
Are there additional data points people want me to collect with this card?
May 21, 2017, 12:02 pm
#1583
Join Date: Oct 2015
Location: Northern Virginia
Posts: 1,592
I thought I had uploaded transaction receipts, but I guess I had not. I believe I still have one at home from Target (had to swipe due to PBOC being unsupported) and one from Panera Bread (had to swipe due to no EMV, contactless didn't work). I will upload a receipt when I get home this evening if I still have it. If I don't, I will go make a few more transactions for the benefit of this group.
The reason I have the ICBC UnionPay card is not for transactions in the US. The reason I have the card is for transactions in Mainland China. While Discover and UnionPay in theory have an interoperability agreement, in practice it's becoming more and more difficult to use. Furthermore, a Discover card will not work over the UnionPay networks in other locations, such as Hong Kong and Macau (or even other countries), only in Mainland China. This was the original intention of the card. UnionPay enjoys wide acceptance in China, doesn't have DCC, and the card from ICBC US has a 0% FTF and 0 AF. In practice, the exchange rate is about 0.25% - 0.50% above the exchange rate, but it's still preferable to the cases of forced DCC in Mainland China when otherwise unavoidable.
Discover cards are far more likely to be refused in Mainland China - there are multiple threads on FlyerTalk focusing on using Discover in China - than UnionPay cards are to be refused in the US. Cashiers in the US for the most part are willing to try a card and only look at the card when the transaction doesn't work. There are multiple reports of Discover cards being refused for not bearing the UnionPay logo, and some more enterprising members of FlyerTalk had even gotten UnionPay logo stickers manufactured to help with this problem.
What added to this problem is enabling EMV in both countries since each card processes transactions differently. Discover uses EMV and UnionPay uses PBOC for chipped transactions. Since US networks think that a UnionPay is a Discover card, the transaction will fail unless swiped. Only if the terminal is aware of UnionPay natively and supports PBOC will a chipped transaction go through.
Back in December when I used the UnionPay card at Target, the system didn't care whether or not I inserted or swiped. Judging by the number of people I still see trying to swipe their cards, I don't think it's too much of a problem. I did try to insert the card first, which failed as expected, prior to swiping. I can try swiping first next time at a merchant with EMV.
As for contactless, I couldn't get QuickPass to work even though the card bears the QuickPass logo. It also didn't work in in Hong Kong at 2 separate merchants with EMV contactless enabled and native UnionPay support. I also didn't get it to work at Panera Bread back in December when I used the card stateside. I have not yet tried to use the feature in Mainland China.
Are there additional data points people want me to collect with this card?
The reason I have the ICBC UnionPay card is not for transactions in the US. The reason I have the card is for transactions in Mainland China. While Discover and UnionPay in theory have an interoperability agreement, in practice it's becoming more and more difficult to use. Furthermore, a Discover card will not work over the UnionPay networks in other locations, such as Hong Kong and Macau (or even other countries), only in Mainland China. This was the original intention of the card. UnionPay enjoys wide acceptance in China, doesn't have DCC, and the card from ICBC US has a 0% FTF and 0 AF. In practice, the exchange rate is about 0.25% - 0.50% above the exchange rate, but it's still preferable to the cases of forced DCC in Mainland China when otherwise unavoidable.
Discover cards are far more likely to be refused in Mainland China - there are multiple threads on FlyerTalk focusing on using Discover in China - than UnionPay cards are to be refused in the US. Cashiers in the US for the most part are willing to try a card and only look at the card when the transaction doesn't work. There are multiple reports of Discover cards being refused for not bearing the UnionPay logo, and some more enterprising members of FlyerTalk had even gotten UnionPay logo stickers manufactured to help with this problem.
What added to this problem is enabling EMV in both countries since each card processes transactions differently. Discover uses EMV and UnionPay uses PBOC for chipped transactions. Since US networks think that a UnionPay is a Discover card, the transaction will fail unless swiped. Only if the terminal is aware of UnionPay natively and supports PBOC will a chipped transaction go through.
Back in December when I used the UnionPay card at Target, the system didn't care whether or not I inserted or swiped. Judging by the number of people I still see trying to swipe their cards, I don't think it's too much of a problem. I did try to insert the card first, which failed as expected, prior to swiping. I can try swiping first next time at a merchant with EMV.
As for contactless, I couldn't get QuickPass to work even though the card bears the QuickPass logo. It also didn't work in in Hong Kong at 2 separate merchants with EMV contactless enabled and native UnionPay support. I also didn't get it to work at Panera Bread back in December when I used the card stateside. I have not yet tried to use the feature in Mainland China.
Are there additional data points people want me to collect with this card?
May 21, 2017, 12:04 pm
#1584
Join Date: Jul 2009
Location: SJC
Programs: AA, AS, Marriott
Posts: 6,060
May 21, 2017, 6:30 pm
#1585
Join Date: Mar 2017
Programs: HHonors, TrueBlue, Delta SkyMiles, Hyatt Discoverist, Starwood Preferred Guest, American Airlines.
Posts: 2,035
Mike...in all due respect, you still don't get it. The financial institutions make a humongous amount of money on their plastic card operations. They simply do not want to do anything that will discourage people from using their cards and merchants from taking their cards. Fraud is relative. It is a part of doing business and yes it eats into those profits but in terms of actual losses, it's a spit in the ocean. Why do you think instead of mandating the issuance of chip cards and the acceptance of chip cards, we had the liability shift, sort of a soft deadline with exceptions of course. And they still have not done much about online fraud which we all know or should know if they could make the use of emv readers absolutely mandatory two things will happen . These hackers will eventually figure out ways to counterfeit the chips (it will happen anyway) and there will be a shift to online fraud. That was the reason they delayed emv for so long, besides the fact that almost 100% of American transactions are done online and they have become much better at snooping out possible fraudulent charges. I love the current system now where I get a text message for certain cards every time it is used. If somebody uses my card fraudulently, I will know immediately.
As far as consumers are concerned, few are credit card geeks like so many of the posters here. They don't give a doggone what terminal is used. They do grumble for a few seconds when they insert and are told to swipe or vice versa. They do complain when an authorization takes a few seconds longer but do the vast majority lay awake nights wondering if their credit cards will be hacked? Well some do and their answer to this is not to use the cards at all; to save them for emergencies. And then they get hacked anyway. And they discover it's no big deal. They make a few phone calls, they don't need a police report or notarizes statement, the charges are reversed, a new card is issued, they figure out their automatic payments and update the information. A bit of a hassle? Yes. In the scheme of thing a big deal? I don't think so. And life goes on as it has in the past.
As far as the "inconvenience" of foreign travel where everybody uses pin preferred cards, we've discussed this. The overwhelming majority of people do not even have passports and now that we need passports to return from Canada and Mexico, probably fewer even go to those places. So what difference to most that there is a small possibility their signature preferred card will not work at an offline kiosk in rural France on a Sunday afternoon? Sure the people here care and to them it's important. God bless them. As for me, I have more important things to worry about.
Now I don't bear any ill thoughts to you. You're obviously entitled to your opinions on this as is everybody else. But at the end of the day, the American payments system is not third world. Decisions have been made in terms of the bottom line and it works almost all the time.
As far as consumers are concerned, few are credit card geeks like so many of the posters here. They don't give a doggone what terminal is used. They do grumble for a few seconds when they insert and are told to swipe or vice versa. They do complain when an authorization takes a few seconds longer but do the vast majority lay awake nights wondering if their credit cards will be hacked? Well some do and their answer to this is not to use the cards at all; to save them for emergencies. And then they get hacked anyway. And they discover it's no big deal. They make a few phone calls, they don't need a police report or notarizes statement, the charges are reversed, a new card is issued, they figure out their automatic payments and update the information. A bit of a hassle? Yes. In the scheme of thing a big deal? I don't think so. And life goes on as it has in the past.
As far as the "inconvenience" of foreign travel where everybody uses pin preferred cards, we've discussed this. The overwhelming majority of people do not even have passports and now that we need passports to return from Canada and Mexico, probably fewer even go to those places. So what difference to most that there is a small possibility their signature preferred card will not work at an offline kiosk in rural France on a Sunday afternoon? Sure the people here care and to them it's important. God bless them. As for me, I have more important things to worry about.
Now I don't bear any ill thoughts to you. You're obviously entitled to your opinions on this as is everybody else. But at the end of the day, the American payments system is not third world. Decisions have been made in terms of the bottom line and it works almost all the time.
It makes more business sense to decline it. Why? Because having a 50% chance that card is cloned doesn't outweigh the risk to make $.30 on a $10 transaction, or $3.00 on a $100 transaction (and then be out of the $100 when it turns out to be fraud). Yes it's a spit in the ocean, but the idea of the computer algorithm is to maximize profits at insane measures.
If you're going to go through the steps to change the entire country over to EMV, at least enforce it and don't allow someone to use their card anyways. Also, if fraud was such a minimal loss for these companies, they wouldn't have had the liability shift in the first place and would've stuck with what we had, magstripe.
May 21, 2017, 7:53 pm
#1586
Join Date: Jul 2007
Posts: 1,762
If I'm a card issuer's computer and I see a chipped card is authenticating as a swiped transaction at an EMV enabled terminal, I'm declining the transaction. h
It makes more business sense to decline it. Why? Because having a 50% chance that card is cloned doesn't outweigh the risk to make $.30 on a $10 transaction, or $3.00 on a $100 transaction (and then be out of the $100 when it turns out to be fraud). Yes it's a spit in the ocean, but the idea of the computer algorithm is to maximize profits at insane measures.
If you're going to go through the steps to change the entire country over to EMV, at least enforce it and don't allow someone to use their card anyways. Also, if fraud was such a minimal loss for these companies, they wouldn't have had the liability shift in the first place and would've stuck with what we had, magstripe.
It makes more business sense to decline it. Why? Because having a 50% chance that card is cloned doesn't outweigh the risk to make $.30 on a $10 transaction, or $3.00 on a $100 transaction (and then be out of the $100 when it turns out to be fraud). Yes it's a spit in the ocean, but the idea of the computer algorithm is to maximize profits at insane measures.
If you're going to go through the steps to change the entire country over to EMV, at least enforce it and don't allow someone to use their card anyways. Also, if fraud was such a minimal loss for these companies, they wouldn't have had the liability shift in the first place and would've stuck with what we had, magstripe.
My major gripe still remains the major stink some (not necessarily you) have made about the whole signature or pin thing. That's where I think the whole thing becomes futile to keep arguing the same points. Yes emv should have come with pins. But no it's simply not going to go that way for all the reasons we've discussed. But because the banks have made the decision to go with signatures rather than pins and the fact contactless simply hasn't caught on here to call our payments systems here third world is a bit over the top. EMV only came about because unlike the USA, other places did not have the communications system in place we have to make almost all transactions online. When fraud increased significantly because of the ease of counterfeiting the magnetic strips, the banks had to do something and at that point emv was the only game in town. It also was helped along by the fact they were getting some complaints from people like many of those here of the beginnings of resistance to using non emv compliant cards. But the sheer size of our payment system, the large number of banks involved in it made the task of converting here much more difficult. I'm sure we can all agree on that. And no matter how well the conversion to emv from a "card is present" view goes, there is still the problem and it is increasing and most of the stuff I read said it will increase even further as more and more people shop at places like amazon.
The original intent of this thread and its two predecessor threads was the issuance of emv compliant cards. We thought in 2013 we had won the battle when emv cards started rolling out and the 01 October 2015 "deadline" was set. But it's all water under the bridge when we discovered we were getting chip and signature rather than chip and pin. But from my own selfish viewpoint as a consumer, it's just something I and the rest of us have to live with. What the merchants do is their business..
Last edited by JEFFJAGUAR; May 21, 2017 at 8:04 pm
May 21, 2017, 9:13 pm
#1587
Join Date: Jun 2011
Location: FRA/SXB
Programs: FB Gold
Posts: 1,996
My local Harris Teeter just went to EMV transactions. Guess it is a region by region implementation; first experience was in CLT (pages back) and it has now migrated over to western NC. ^
May 21, 2017, 9:28 pm
#1588
FlyerTalk Evangelist
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,507
The true risk is going to be dependent on a lot of factors, not simply the fact that fallback was used. There's a reason why the US didn't bother with EMV for quite a long time.
I suspect Walmart et al are going to eventually be allowed to force debit routing, thus creating a ton of confusion and inconsistency. PIN preference for debit cards may become unavoidable at that point.
Also, PIN is still going to be a topic occasionally brought up here as long as unattended terminals occasionally reject signature-only cards.
Also, PIN is still going to be a topic occasionally brought up here as long as unattended terminals occasionally reject signature-only cards.
May 21, 2017, 10:44 pm
#1589
Join Date: Jul 2009
Location: SJC
Programs: AA, AS, Marriott
Posts: 6,060
I used my ICBC UnionPay at Safeway tonight. I tried to insert, and the card immediately instructed me to swipe the card. Unfortunately, the receipt doesn't indicate whether or not it was a fallback transaction. I think I will need a standalone terminal that prints an S, C, M, R, or F next to the card number.
Another interesting behavior was it was asking if I wanted to do a debit or credit transaction. Even for a credit transaction, it was asking if I wanted cash back. I don't know whether or not this is because Discover allows for cash back as part of a normal sale (without cash advance fees) but I wasn't about to try it with the UnionPay card. I can try another purchase and enter my PIN for the card (if I remember it).
I did some quick searches, and one person reported that the USPS does correctly show China UnionPay as the card type. However, the USPS does not yet have EMV enabled, so there's no way to see if they'd support a PBOC chip transaction when they do enable EMV.
Also, I scanned the card with an NFC reader, and it came up with ISO/IEC 14443-4, which seems to match other contactless cards?
Another interesting behavior was it was asking if I wanted to do a debit or credit transaction. Even for a credit transaction, it was asking if I wanted cash back. I don't know whether or not this is because Discover allows for cash back as part of a normal sale (without cash advance fees) but I wasn't about to try it with the UnionPay card. I can try another purchase and enter my PIN for the card (if I remember it).
I did some quick searches, and one person reported that the USPS does correctly show China UnionPay as the card type. However, the USPS does not yet have EMV enabled, so there's no way to see if they'd support a PBOC chip transaction when they do enable EMV.
Also, I scanned the card with an NFC reader, and it came up with ISO/IEC 14443-4, which seems to match other contactless cards?
May 21, 2017, 11:29 pm
#1590
Join Date: Jul 2007
Posts: 1,762
The true risk is going to be dependent on a lot of factors, not simply the fact that fallback was used. There's a reason why the US didn't bother with EMV for quite a long time.
I suspect Walmart et al are going to eventually be allowed to force debit routing, thus creating a ton of confusion and inconsistency. PIN preference for debit cards may become unavoidable at that point.
Also, PIN is still going to be a topic occasionally brought up here as long as unattended terminals occasionally reject signature-only cards.
I suspect Walmart et al are going to eventually be allowed to force debit routing, thus creating a ton of confusion and inconsistency. PIN preference for debit cards may become unavoidable at that point.
Also, PIN is still going to be a topic occasionally brought up here as long as unattended terminals occasionally reject signature-only cards.
2. You're right about talking about pins. What I would love to see on this forum are the places where people have had trouble using signature preference cards while travelling. We know they will never have problems in the USA as it stands now. That was the original genesis of these 3 threads.