Credit Card Security Chip
- Thread starter Greg Bockelman
- Start date
Yeah, I liked that as well, and have found more and more restaurants here using smart phone and tablet solutions that keeps the card at the table.
asechrest
En-Route
Chilis, for example, has that Ziosk thing where you pull up your bill and swipe your card at the table.
Jeff Oslick
Final Approach
Exactly that appears to already have happened to a new chip card my wife got a few weeks ago. Ironically, some of the fraudulent transactions were from a Target hundreds of miles away. I know Target has EMV chip readers, so what I can't figure out is why the network wasn't smart enough to figure out "hey, this is supposed to be a chip card, why is it being swiped?".
Matthew
Touchdown! Greaser!
Not all places have the chip reader enabled yet. I don't know about our local Target. A lot of places have the new readers at the registers, but still need you to swipe because the haven't gotten their systems self-aware yet.
jesse
Touchdown! Greaser!
Well, you would sure think they would have closed up all the holes but they haven't.
If you take the swipe data off an EMV card, modify the service code, then write a new card with that swipe data it will be accepted at any terminal EMV or not.
Also, if you just break the chip on an EMV card, after three failed reads an EMV terminal will fallback and tell you to do it as a swipe which will be approved.
Lots of holes really, all because they don't want to cause compatibility issues for those that have no intentions of buying an EMV terminal.
Nothing is more important to the card brands then cards being accepted and they're willing to take whatever risks are needed to ensure a card is accepted...even if that means removing all the security EMV was supposed to provide in the first place.
Jeff Oslick
Final Approach
Yup, we have the new reader at our business, but Intuit Merchant Services isn't ready for it yet, so they are retaining liability for EMV cards through at least next March.
The reality is if a business is smart and does ID and/or signature checks, and address verification for not-in-person transactions, fraudulent transactions will be very rare. We've experienced exactly 2 in 7-1/2 years, with tens of thousands of transactions.
Last edited:
X3 Skier
En-Route
Out of all the stores locally with chip readers in my area, only two actually work, Lowes and Walmart. Why the others, like Kroger, don't is beyond me just like why the d*** clowns didn't make them chip and PIN.
When I use the cards in Europe, I sometimes get a surprised look from the person making a sale when the machine spits out a receipt to sign.
Now I have a debit card that has a stripe and PIN and credit cards with chip and sign. WTFO?
Cheers
When I use the cards in Europe, I sometimes get a surprised look from the person making a sale when the machine spits out a receipt to sign.
Now I have a debit card that has a stripe and PIN and credit cards with chip and sign. WTFO?
Cheers
Matthew
Touchdown! Greaser!
I haven't seen any indication of chip readers being installed in gas pumps yet. Maybe inside at the register, but not at the pump.
I've run into that at a few bodega shops as well, plug in the card and they tell me I need to swipe.
jesse
Touchdown! Greaser!
most of the emv terminals aren't online yet it seems. however, the majority of cards being used in the country today are EMV capable. they're being issued very quickly.
I typically look at the screen, and if it says "Swipe" then I just swipe and don't try the EMV and that works fine. If it says "Swipe" and something about "Dip" or "Insert Card" then that is the clue that you need to insert the card.
Just recently though. I asked for a chip card from Wells Fargo earlier this year and it still was not available. Then when they finally send me one, it's an ATM only card.
I walked in, "Thank you ever so much for sending me a chip card which I need, now could you please send me one I can actually use? Because this thing is useless." So now I finally have a US issued chip card what, 3 years after my first European one? Failure to adopt web service EFT is another costly failure to adapt in the US. My WestPac account on Aus a decade ago I could log in online and enter any account and routing to any bank and for $1.00 complete an EFT. On line Bill Pay with the bank was the same, except free for utilities and would do it via EFT. Here, either there is a $25 wire fee (and often a pick up fee), or, get this, Wells Fargo Bill Pay system is that they mail a paper check, pulling the money 7 days prior and floating it; but floating it doesn't even pay the postage anymore.
X3 Skier
En-Route
Here, either there is a $25 wire fee (and often a pick up fee), or, get this, Wells Fargo Bill Pay system is that they mail a paper check, pulling the money 7 days prior and floating it; but floating it doesn't even pay the postage anymore.
Seems to me you need a new bank.:wink2:
I have both a Wells Account that I use when living in CO and my main account with PNC. I agree Wells bill pay is stupid and I don't use it. PNC, OTHO charges nothing and I have over ten accounts from Credit Cards to Utilities to Lawn Service I pay direct with no charge.
Both of them finally sent me Chip Cards earlier this year but there're the chip and sign versions like the rest of the ones I have.
Cheers
Seems to me you need a new bank.:wink2:
I have both a Wells Account that I use when living in CO and my main account with PNC. I agree Wells bill pay is stupid and I don't use it. PNC, OTHO charges nothing and I have over ten accounts from Credit Cards to Utilities to Lawn Service I pay direct with no charge.
Both of them finally sent me Chip Cards earlier this year but there're the chip and sign versions like the rest of the ones I have.
Cheers
I really don't use any of it anymore, so I really don't care. I also have accounts with USAA, their services really aren't better, and they haven't even sent me a chip card yet.
Oh well, none of it really matters so long as I can now buy my own smokes after hours...
RJM62
Touchdown! Greaser!
- Joined
- Jun 15, 2007
- Messages
- 13,157
- Location
- Upstate New York
- Display Name
Display name:
Geek on the Hill
Yeah, I remember that from years ago. This is not new technology. It's just decades late being implemented here. My understanding is that it took the threat of being held liable for fraud to force the banking and merchant services industries to cough up the coin before they finally adopted it.
As for implementation, most or all of the stores in Sparrow Fart now have it up and running, so the rest of the country shouldn't be far behind. As someone whose card numbers have been stolen from the old POS systems (in both senses of the acronym), I couldn't be happier.
Rich
asechrest
En-Route
My credit union (Alliant, whom I'm obsessed with) just sent me my first chip enabled card. Many retailers here have the capability, though just today I noticed I still had to swipe at one location. Henning, dump your bank and get a credit union. I've never been happier.
I've never been happier.
RJM62
Touchdown! Greaser!
- Joined
- Jun 15, 2007
- Messages
- 13,157
- Location
- Upstate New York
- Display Name
Display name:
Geek on the Hill
My credit union (Alliant, whom I'm obsessed with) just sent me my first chip enabled card. Many retailers here have the capability, though just today I noticed I still had to swipe at one location. Henning, dump your bank and get a credit union.
Amen to that. I switched to credit unions years ago and never looked back. I drive 27 miles and past probably a dozen banks to deal with my credit union. There's just no comparison.
Rich
My credit union (Alliant, whom I'm obsessed with) just sent me my first chip enabled card. Many retailers here have the capability, though just today I noticed I still had to swipe at one location. Henning, dump your bank and get a credit union.
I'll look for an Alliant, I really no longer need WF, actually I never signed up with them, I had ditched them long ago. When I got back from Aus the first time I signed up with Wachovia, I liked them, they were good, then WF took them over, and really it's been on thing after another since.
We are so far behind on implementation. Spent a month in Scandinavia and chip/pin was everywhere. Don't remember signing anything. Of course I had to call my credit card co to get a pin. I think the merchant here is liable if they accept a swipe and sign that's no good.
RJM62
Touchdown! Greaser!
- Joined
- Jun 15, 2007
- Messages
- 13,157
- Location
- Upstate New York
- Display Name
Display name:
Geek on the Hill
I'll look for an Alliant, I really no longer need WF, actually I never signed up with them, I had ditched them long ago. When I got back from Aus the first time I signed up with Wachovia, I liked them, they were good, then WF took them over, and really it's been on thing after another since.
Some other very good ones include First Tech, PennFed, and State Department FCU. They tend to require membership in some charitable organization or another if you don't meet the membership qualifications otherwise, but it's usually something like a $15.00 one-time contribution to the organization.
I deal with a local credit union that only accepts members who live, work, worship, volunteer, etc. in the three surrounding counties, as well as their relatives or employees. They have both my business and personal accounts.
One day I wound up needing a fairly substantial amount of money on a short-term basis, and I needed it very quickly. I called my CU and explained the situation. They approved the loan over the phone told me to come in and pick up the money. When I got there, I signed the note and picked up the check. That was that. No bull****.
One thing you'll want to look for is that the CU participates in the "CU Swirl" Shared Branch Program. That allows you to use any of more than six thousand credit unions to do almost all your in-person banking, even if your CU is a tiny one with only one branh. Credit unions who belong to the Co-Op program also let other CU members use their ATMs fee-free.
Rich
asechrest
En-Route
Alliant is formerly United Airlines employees credit union. There is no brick and mortar location near us but I have little need for a physical location. Checking accounts offer 0.7% APR. Savings account is 1.0%. Call center open 24 hours staffed by US reps. Website is slick and efficient. Deposit checks by smartphone. Loan and CD rates are reasonable.I'll look for an Alliant, I really no longer need WF, actually I never signed up with them, I had ditched them long ago. When I got back from Aus the first time I signed up with Wachovia, I liked them, they were good, then WF took them over, and really it's been on thing after another since.
President and CEO has last name Mooney.
Last edited:
petrolero
Pattern Altitude
My US passport, I believe, has an RFID. Also my Global Entry card, issued by the US of A has RFID and comes with a foil sleeve. The passport does not.
Lindberg
Final Approach
It depends. But the simplified version is that if the card has a chip and the merchant accepts a swipe transaction from a counterfeit card, the merchant is liable. For merchants that have dual capability, the mag stripe tells the reader if it is a chip card. But as Jesse says, this can be altered. The readers can be confused in other ways, too.
There are a bunch of other holes. Even in Europe, where it is mostly chip and PIN vs. chip and signature, there's still fraud. But this isn't all about security, it's about risk transfer and who accepts the risk of loss for bad transactions.
Passport has no particularly exploitable info on it, just the link to the database that pulls you up, and from my understanding that database doesn't have enough info to create an 'identity theft' issue even if they made it in. Certainly I'm sure someone could work their way through it, but considering that the ability to continue to do so would be very limited, I would expect that someone capable would choose their target well, and I don't qualify for their attention.
RJM62
Touchdown! Greaser!
- Joined
- Jun 15, 2007
- Messages
- 13,157
- Location
- Upstate New York
- Display Name
Display name:
Geek on the Hill
With rare exceptions, PayPal is the only debit card I use at magstripe terminals since the last time my card information got stolen. My PayPal card information was among the information stolen (and used to the tune of ~$700.00), but because I immediately get an email on my trusty BlackBerry every time it's used, I was able to nip it in the bud.
I called PayPal, who immediately refunded my money and canceled the card. They did, however, offer to authorize one last ATM withdrawal at any ATM near my home if I needed cash before they canceled it, or to wire-transfer money to my credit union if I needed more than could be withdrawn from an ATM and didn't have time to wait for an EFT to clear. I thought that was a nice touch.
Granted, I've had a business PayPal account for 16 years this coming February, maintain a pretty high balance in it, process thousands of dollars of plastic through them every month, and have never once had a complaint or chargeback. Whatever PayPal's highest level of love for a user is, I'm probably in that group; so maybe I got some sort of priority treatment when I called. I do know I'm in some class that gets instant phone support when I call based on the amount of charges I process, so maybe I also got a little extra love from them when I called about the card fraud. But maybe not. Maybe they bend over backwards for anyone who's been a fraud victim. I like to believe the latter.
PayPal also assisted my county Sheriff's department in the investigation until it was handed over to the State Police and ultimately to the Secret Service. The deputy said they were actually very helpful and provided a lot of useful information about investigating identity theft and payment card fraud that she didn't know before.
Another interesting PayPal experience: Some years ago I charged airline tickets to my PayPal debit card, but I wound up staying in California a few days longer than I originally expected. I charged the additional fare for the return trip extension to whatever other card I happened to pull out of my pocket.
The day after my original return date, I used the PayPal debit card while still in California. I think it was at an ATM. The transaction went through, but PayPal's fraud department immediately called me on my cell and asked me some security questions to make sure it was me.
After verifying my identity, the agent explained that according to the information PayPal had, I should have been back in New York by then, so using the card in California raised a red flag. Had I used the PayPal card to pay for the trip extension their system probably would have figured it out; but because I didn't, they thought it might be fraud. I was impressed.
My credit union was also very proactive, but I'm still leery of using a card attached to my personal or business checking accounts even though there was no loss to me when the card information was stolen. The credit union's fraud department called me at 05:30 to tell me that one of my cards had been attempted to be used to buy jewelry overseas somewhere, and when I told them it wasn't me, they cancelled both cards and had replacement cards waiting for me at the branch that same morning.
I do use my credit union's debit cards to pay routine bills online with companies that I trust (at least as much as I trust any of them these days) like AT&T, USAA, Sparrow Fart Telephone, and others that don't charge extra fees for using plastic. I want the CU to get the revenue. But I'd really have to be hard up to use them at a swipe terminal or ATM.
Now that it's all going EMV, maybe I'll rethink that. But magstripe? No way. Never again. Not on a card linked to my checking account, anyway.
I'll also use my Fidelity debit card once in a while because there's usually not more than a grand in the card-accessible part of the Cash Management Account (basically the checking part -- I don't have card access set up for the brokerage part and don't intend to), so the risk is very limited. They also offer some pretty nice advantages for using the card such as automatic extended warranties, ATM fee refunds, and so forth.
Rich
Last edited:
Home Depot or someplace I was in recently did exactly that when I swiped my card it told me to insert it in the slot.
ifly4fun
Line Up and Wait
Isn't the fact it has EMV capabilities embedded in the Mag strip? When I goto WalMart or wherever thats using EMV, and I swipe it instead, the terminal says "this is an emv card.. please insert."
Are the hackers removing this flag from the MSR when they clone?
Edit: I see you already answered this.
Last edited:
RJM62
Touchdown! Greaser!
- Joined
- Jun 15, 2007
- Messages
- 13,157
- Location
- Upstate New York
- Display Name
Display name:
Geek on the Hill
Jesse's the expert on this (and many other things), but he's busy crunching code in The City.
I do know, however, that the flag can be removed, as I think Jesse pointed out already. I suspect that in time (probably lots of time), the industry will insert another query that checks on the issuer side whether the card is EMV-capable, thus closing that loophole. But it's also possible that magstripe may become a thing of the past before then. If the local mom-and-pops in my little town are EMV-ready, the civilized world can't be far behind.
Personally, I can't wait. Even if EMV isn't perfect, it's a hell of a lot better than magstripe.
Rich
James331
Ejection Handle Pulled
- Joined
- Apr 18, 2014
- Messages
- 20,309
- Display Name
Display name:
James331
I've had similar experiences with my paypal business debt card, it's the only card I use, plus when I run it as credit, which I always do, I get 1% cash back on everything.
RJM62
Touchdown! Greaser!
- Joined
- Jun 15, 2007
- Messages
- 13,157
- Location
- Upstate New York
- Display Name
Display name:
Geek on the Hill
I've had similar experiences with my paypal business debt card, it's the only card I use, plus when I run it as credit, which I always do, I get 1% cash back on everything.
Yeah, I forgot about that part. It can add up pretty quickly.
Rich