Requiring a chipped CC?
#1
FlyerTalk Evangelist
Original Poster
Join Date: Sep 2002
Location: Chicagoland, IL, USA
Programs: WN CP, Hilton Diamond
Posts: 14,176
Requiring a chipped CC?
Looking at a night at the Hyatt Wacker Chicago. I see this on their page:
”CREDIT CARD USERS: All credit cards must have a chip and name on the card...”
Not that it affects me particularly, but is a chipped CC a common requirement at Hyatts?
”CREDIT CARD USERS: All credit cards must have a chip and name on the card...”
Not that it affects me particularly, but is a chipped CC a common requirement at Hyatts?
#2
Join Date: Sep 2019
Location: YYZ / NYC
Programs: AC E50K, DL GM , Hyatt Glob.
Posts: 123
My guess is that this particular location disabled swiping once the EMV (chip) standard came about in the US.
A little backstory: EMV standard was introduced worldwide a long time ago, but in around 2015 the CC processors had enough of the higher rates of fraud found with swipe only, that they forced merchants (like this hyatt site) to play with new rules. The biggest rule change was that the burden of having a fraudulent charge was now the burden of the merchant to pay for if the CC was swiped. With EMV transactions banks would still cover the charge. Most retailers with big-ticket items will generally go down this path - e.g. Best Buy. On a side note: CC skimmers generally skim the magnetic stripe vs. cloning the chip.
People would still swipe cards since it was baked into our psyche, but over time merchants would upgrade to the "insert card" CC terminals and as a step further they may also tell their processor "no swipe" as a method of CC entry.
A little backstory: EMV standard was introduced worldwide a long time ago, but in around 2015 the CC processors had enough of the higher rates of fraud found with swipe only, that they forced merchants (like this hyatt site) to play with new rules. The biggest rule change was that the burden of having a fraudulent charge was now the burden of the merchant to pay for if the CC was swiped. With EMV transactions banks would still cover the charge. Most retailers with big-ticket items will generally go down this path - e.g. Best Buy. On a side note: CC skimmers generally skim the magnetic stripe vs. cloning the chip.
People would still swipe cards since it was baked into our psyche, but over time merchants would upgrade to the "insert card" CC terminals and as a step further they may also tell their processor "no swipe" as a method of CC entry.
#3
Join Date: Jul 1999
Programs: QF WP, AA EXP
Posts: 3,520
Now if hotels can get finally get away from handling your credit card at check-in, and allowing you to insert your own card in a terminal at the counter, or better yet using a contactless card/device. The whole concept of not allowing the merchant to handle the card helps prevent card data theft by an unscrupulous employee. But old habits die hard.
I've been to so many hotels (not just Hyatt) that have counter top terminals, yet the clerk still wants to paw at your card and not even use the terminal.
I've been to so many hotels (not just Hyatt) that have counter top terminals, yet the clerk still wants to paw at your card and not even use the terminal.
#5
Join Date: May 2007
Programs: UA 1K, Hyatt Globalist
Posts: 5,447
Now if hotels can get finally get away from handling your credit card at check-in, and allowing you to insert your own card in a terminal at the counter, or better yet using a contactless card/device. The whole concept of not allowing the merchant to handle the card helps prevent card data theft by an unscrupulous employee. But old habits die hard.
I've been to so many hotels (not just Hyatt) that have counter top terminals, yet the clerk still wants to paw at your card and not even use the terminal.
I've been to so many hotels (not just Hyatt) that have counter top terminals, yet the clerk still wants to paw at your card and not even use the terminal.
#6
Join Date: May 2002
Location: Arizona
Posts: 5,688
#7
FlyerTalk Evangelist
Join Date: Jul 2005
Location: Seat 2A
Programs: AA EXP LT GLD 1MM, BA GLD, NH/UA*G, Hyatt Dia, Marr Tit LT PLT, IHG Spire,HH Dia, MGM NOIR,Hertz PC
Posts: 10,571
How does a chip vs magnet stripe prevent fraud? Unless there is a pin code attached to it it means absolutely nothing.
#8
Join Date: Feb 2011
Posts: 1,353
The chip is a live circuit that generates new/different codes for each transaction (I believe using a challenge-response to a code provided by the terminal); unlike skimming the static data on the mag stripe, the code captured from the chip on one transation does no good in the next transaction. So the terminal passing on a valid code from the chip proves that you are using the original physical card. Doesn't protect against the card being stolen (which a PIN would), but a LOT of credit card fraud is from mag-stripes being cloned onto fake cards and swiped.
#9
Moderator: Manufactured Spending
Join Date: Jul 2011
Posts: 6,578
My guess is that this particular location disabled swiping once the EMV (chip) standard came about in the US.
A little backstory: EMV standard was introduced worldwide a long time ago, but in around 2015 the CC processors had enough of the higher rates of fraud found with swipe only, that they forced merchants (like this hyatt site) to play with new rules. The biggest rule change was that the burden of having a fraudulent charge was now the burden of the merchant to pay for if the CC was swiped. With EMV transactions banks would still cover the charge. Most retailers with big-ticket items will generally go down this path - e.g. Best Buy. On a side note: CC skimmers generally skim the magnetic stripe vs. cloning the chip.
A little backstory: EMV standard was introduced worldwide a long time ago, but in around 2015 the CC processors had enough of the higher rates of fraud found with swipe only, that they forced merchants (like this hyatt site) to play with new rules. The biggest rule change was that the burden of having a fraudulent charge was now the burden of the merchant to pay for if the CC was swiped. With EMV transactions banks would still cover the charge. Most retailers with big-ticket items will generally go down this path - e.g. Best Buy. On a side note: CC skimmers generally skim the magnetic stripe vs. cloning the chip.
With that said, I doubt any fraudsters are going to use stolen/cloned credit cards at a hotel where they have to provide ID and there are cameras everywhere.
My guess is that this rule is meant to disallow prepaid cards, Visa gift cards, and the like. A "real" credit/debit card will almost universally have a chip these days.
#10
FlyerTalk Evangelist
Join Date: Jul 2005
Location: Seat 2A
Programs: AA EXP LT GLD 1MM, BA GLD, NH/UA*G, Hyatt Dia, Marr Tit LT PLT, IHG Spire,HH Dia, MGM NOIR,Hertz PC
Posts: 10,571
The chip is a live circuit that generates new/different codes for each transaction (I believe using a challenge-response to a code provided by the terminal); unlike skimming the static data on the mag stripe, the code captured from the chip on one transation does no good in the next transaction. So the terminal passing on a valid code from the chip proves that you are using the original physical card. Doesn't protect against the card being stolen (which a PIN would), but a LOT of credit card fraud is from mag-stripes being cloned onto fake cards and swiped.
#11
Join Date: Apr 2004
Posts: 126
1) The hotel bears all liability for fraud for swiped transactions so by disallowing swipes they are removing all fraud liability and chargebacks
2) In most cases, if you are inserting your card into a hard reader (like an Ingenico device), you and the hotel are benefitting from "Point to Point Encryption" (P2PE.) An encryption public key is embedded into the hardware of the device, and the decryption private key is only held by the credit card brand -- its not on the device and the hotel doesn't have it either. Can't lose a credit card to fraud if you never possess it. It simplifies the hotel credit card compliance program and improves safety for the customer
2) In most cases, if you are inserting your card into a hard reader (like an Ingenico device), you and the hotel are benefitting from "Point to Point Encryption" (P2PE.) An encryption public key is embedded into the hardware of the device, and the decryption private key is only held by the credit card brand -- its not on the device and the hotel doesn't have it either. Can't lose a credit card to fraud if you never possess it. It simplifies the hotel credit card compliance program and improves safety for the customer
#12
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,369
Doesn't the requirement to have a name (presumably the name of the hotel guest who is attempting to check in versus Mickey Mouse) on the credit card require the hotel employee to see/handle the credit card?
From the viewpoint of a guest, having to insert a card and then sign on the screen with the special pen requires the guest to touch items and surfaces that have been touched by many previous hotel guests, so it doesn't help to prevent the spread of COVID-19. [In some many merchants, I can at least sign with my pinkie knuckle rather than handling the special pen and most other merchants allow me to wave/touch the terminal with my credit card rather than fiddle to insert it.]
From the viewpoint of a guest, having to insert a card and then sign on the screen with the special pen requires the guest to touch items and surfaces that have been touched by many previous hotel guests, so it doesn't help to prevent the spread of COVID-19. [In some many merchants, I can at least sign with my pinkie knuckle rather than handling the special pen and most other merchants allow me to wave/touch the terminal with my credit card rather than fiddle to insert it.]
#13
FlyerTalk Evangelist
Join Date: Jul 2005
Location: Seat 2A
Programs: AA EXP LT GLD 1MM, BA GLD, NH/UA*G, Hyatt Dia, Marr Tit LT PLT, IHG Spire,HH Dia, MGM NOIR,Hertz PC
Posts: 10,571
That's definitely not correct. They might remove some liability by adding an extra security layer but certainly not all. There can be multiple reasons of fraud and resulting chargebacks.