Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States IT Technology

The Chip Card Transition In the US Has Been a Disaster (qz.com) 675

Ian Kar, writing for Quartz: Over the last year or so in the U.S., a lot of the plastic credit cards we carry around every day have been replaced by new one with chips embedded in them. The chips are supposed to make your credit and debit cards more secure -- a good thing! -- but there's one little secret no one wants to admit: The U.S.'s transition to chip cards has been an utter disaster. They're confusing to use, painstakingly slow, less secure than the alternatives, and aren't even the best solution for consumers. If you've shopped in a store and used a credit card, you've noticed the change. Retailers have likely asked you to insert the chip into the card reader, instead of swiping. But reading the chip seems to take much longer than just swiping. And on top of that, even though many retailers now have chip reading machines, some of them ask us just the opposite -- they say not to insert the card, and just swipe. It seems like there's no rhyme or reason to the whole thing.
This discussion has been archived. No new comments can be posted.

The Chip Card Transition In the US Has Been a Disaster

Comments Filter:
  • by Anrego ( 830717 ) * on Saturday July 30, 2016 @11:39AM (#52612341)

    As a Canadian I really don't get this. We've had chip and pin here for awhile, and while the initial adoption was a bit rough, it generally works fine.

    Confusing

    Reader says "insert chip in the bottom".
    You insert chip in the bottom.
    Reader says "enter pin".
    You enter pin.

    Painstakingly slow

    I've noticed some readers are slow, but this probably has nothing to do with the chip, the merchant just has a shitty system. If you're talking about the process being slower, ok yeah, by about 10 to 15 seconds or so.

    Less secure than the alternatives

    What alternatives? Getting a signature that no teller ever verifies or checking the name against your ID (which again, never actually happens)?

    Not saying chip and pin is perfect, but I really don't get why this is such a big "disaster".

    • by FrankHaynes ( 467244 ) on Saturday July 30, 2016 @11:43AM (#52612361)

      You should never deny Slashdot the satisfaction of posting an over-the-top headline to attract CLICKZZZ!!

    • by Anonymous Coward on Saturday July 30, 2016 @11:43AM (#52612371)

      Because here in the USA it's Chip and Signature, not Chip and Pin.

      • by Z00L00K ( 682162 ) on Saturday July 30, 2016 @12:10PM (#52612571) Homepage Journal

        Which is really seriously stupid since almost anyone can fake a signature.

        • by Kohath ( 38547 )

          No one reads the signatures. I would guess they're stored for possible use in court in fraud cases.

          • by fahrbot-bot ( 874524 ) on Saturday July 30, 2016 @12:47PM (#52612777)

            No one reads the signatures. I would guess they're stored for possible use in court in fraud cases.

            It's pointless anyway. My signature looks completely different (and worse) when I try to sign on those stupid little pads then when on paper. Granted, my handwriting is terrible, but I can imagine the same for others.

        • by ShanghaiBill ( 739463 ) on Saturday July 30, 2016 @12:27PM (#52612673)

          Which is really seriously stupid since almost anyone can fake a signature.

          There is no need to "fake" a signature. Any scribble will suffice. No one, absolutely no one, checks the signature for anything. Just drag the stylus across the screen in a straight line, and it will say "accepted".

        • by caseih ( 160668 ) on Saturday July 30, 2016 @12:54PM (#52612823)

          As I understand it, this is not the point of the chip and signature system. The point of the chip is to make it much much harder to clone the card. With the old non-chip system, all someone needs is your CC number. They can program that into the magnetic strip and start using it. Many places like fast food never even required signatures. Gas stations only required zip codes, and then only sometimes.

          My biggest problem with chip and pin is that banks disclaim themselves of all liability for transactions that go through with a valid PIN, as they feel the chip is secure enough to prove that the card must have been real and if the pin was used, that's because you intended to do it. Nevermind that cards can still be cloned and pin numbers skimmed. This is also a problem if someone steels your card and knows your pin, you're on the hook for everything. Happened to a guy here in Canada when his ex girlfriend stole his card. Back when they were dating he shared his pin with her (big mistake... but what about marriages that end in divorce?).

          • They cannot disclaim liability for anything over $50 in the USA if you report a stolen card or fraudulent transaction within 24 hours of discovering it. This is part of Federal Law. This applies to credit cards, not debit cards, they are not covered.

            If you've encountered a bank attempting to do this then you have valid cause to bring a serious lawsuit. Most likely if you encountered this it was in regard to a debit card that does not have the same protections. You should never use debit cards because of thi

        • Re: (Score:3, Insightful)

          by slimjim8094 ( 941042 )

          This is an interesting point. The signature in the US isn't considered an authenticator, it's actually considered agreeing to a contract. If you look at your receipt it probably says "I agree to pay the above amount according to the terms of the cardholder agreement" or something. The idea is (in theory) they could take you to court and say "but you signed a contract saying you'd pay!". If they have someone other than the cardholder in court over that transaction, it's not because of a broken contract - it'

    • Its considered discriminatory against those with PIN Retention Deficit Disorder.
    • by grahamsz ( 150076 ) on Saturday July 30, 2016 @11:44AM (#52612375) Homepage Journal

      The US hasn't done chip and pin.

      It's chip and signature, effectively the worst of both worlds. Very little extra security and much slower.

      • The US hasn't done chip and pin. It's chip and signature, effectively the worst of both worlds. Very little extra security and much slower.

        Maybe for some cards in the US, but mine is chip & pin. Probably depends on the bank.

        • Re: (Score:2, Informative)

          by Anonymous Coward

          It's PIN if it's a debit card, but if it's credit card it's signature.

          It's only good enough for the banks to have better deniability against the merchants, but provides
          the consumer no extra protection.

    • Not saying chip and pin is perfect, but I really don't get why this is such a big "disaster".

      Editor is obviously using hyperbole. I just got a replacement card with a chip from my credit union. I went grocery shopping, and 2 of the stores had me swipe, the 3rd had me insert the card. It did take significantly longer, and you need to remove it at a specific time in the process or else the transaction will fail. That store also has Apple Pay, so I think I'll just use that at that particular store in the future. Other stores have told me that the chip reader on their unit doesn't work.

      • by Kohath ( 38547 )

        "Using hyperbole" is just "being false and intentionally misleading" in stories about factual situations. Writers who write that way are assholes who should be ashamed of themselves.

        Using the chip reader takes a few seconds longer. It's bad because taking longer is bad. But it's only 10 seconds or so.

        • Which is it? A "few" or 10? In my experience it takes at least 20 seconds. No big deal right? Until you remember that stores are eliminating as many cashiers as possible so even IF those 5 people in front of you know how to use the cards you just wasted at least 2 minutes per store. The sky is not falling but pretending it isn't a hassle for the consumer is disingenuous at best. The best thing to do is speed up the transactions to the previous standard of 1 to 2 seconds.
          • by Kohath ( 38547 )

            Neither number is "a disaster". If your store has long lines, I guess they don't value your business very much.

        • Comment removed based on user account deletion
      • by jittles ( 1613415 ) on Saturday July 30, 2016 @11:57AM (#52612461)

        Not saying chip and pin is perfect, but I really don't get why this is such a big "disaster".

        Editor is obviously using hyperbole. I just got a replacement card with a chip from my credit union. I went grocery shopping, and 2 of the stores had me swipe, the 3rd had me insert the card. It did take significantly longer, and you need to remove it at a specific time in the process or else the transaction will fail. That store also has Apple Pay, so I think I'll just use that at that particular store in the future. Other stores have told me that the chip reader on their unit doesn't work.

        As someone who writes software dealing with those sorts of terminals and transactions for many many banks I can tell you that the problem with Chip and PIN (or Signature) is not the technology itself, but a lack of understanding of the people implementing it in the US. First of all, removing the card before the second application cryptogram (this is after your issuing bank authorizes the transaction and the card sees this auth) ALWAYS results in an automatic decline and reversal generated by the terminal. You could leave the card in the terminal forever after that and the transaction would still be authorized. If you see anything else, it's (again) due to someone not understanding how the process works!

        The reason it's slow is probably due to the way the processing bank configured its terminal. I worked with one bank who wanted the terminal configured with every single possible application ID under the sun - even though there are brand specific applications you can use to say "I want to support all VISA". Instead they added over 10 different VISA applications that are region specific in addition to the global VISA application. So what happens when you dip the card? The terminal (usually) asks the card one by one "Hey do you support this application ID?" and it takes a long time to do this. You spend 30-45 seconds waiting for the card and the terminal to agree on what type of card will be presented for payment. I've seen MANY banks do this and its entirely unnecessary unless you want to exclude certain regions. Even then, it would be faster to accept the global AID at the start of the transaction and have the POS application decide that it didn't like your card due to the issuer country code or the application of the card rather than list the dozens of applications that can be available for each card brand.

        And for those above who say that Chip and Signature is the worst of both worlds - you're entirely wrong! I can easily clone your mag stripe card and use it to my heart's content. I know of no current attacks against EMV that allow you to clone a chip and use it for online transactions. Since the US requires ALL transactions to go online (floor limit of 0), you cannot effectively use a cloned chip card in the United States. Furthermore, the chip card dynamically generates certain card information at the time of each transaction. This makes it very difficult to steal the track data from an EMV card and turn it into a cloned mag stripe card.

        • by DarkOx ( 621550 ) on Saturday July 30, 2016 @12:51PM (#52612809) Journal

          What people mean when they say worst of both worlds is that it does not solve the entirety of the problem where card present transactions are concerned and chip and pin easily could have.

          Implementation issues aside the mechanical action of swipe is always going to be faster than insert, wait, remove; pretty much no matter how small you make the value of wait. That said plain text mag strips with no 'real' client authentication was not a realistic security model for 21st century.

          Yes its beyond the reach of most attackers to clone a chip card. Stolen card is still a problem though. It might take me hours to notice my entire wallet is missing, could be a day or more before I realize a single credit card is gone AWOL. There is plenty of time for someone to run up a lot of charges there, and cause me a real headache even if I won't ultimately be liable. Chip + PIN would have made it nearly perfect. Sure steal the card from my back pocket, now what? Go get the account locked for exceeding the number of allowed invalid PIN entries?

          As a consumer I am getting a lot of new inconvenience ( which I would have found acceptable otherwise ) for a far less than ideal security solution. I could probably bang in a 4, 5, or 6 digit PIN faster than scrawling something on those signature pads anyway.

    • The slowness can be explained by some merchants still using dial-up or being in an area with poor communication infrastructure. I know. Few merchants I go to, have slow systems because a) they use dial-up and b) it is also their voice line. When it is slow, just have a friendly chat with the clerk about how life is - just chill out :)

      • diffident some places / atm's with dial up waited to end the of the day to dial in?

      • I don't think that is the issue we are seeing; it isn't small merchants that seem to be bad, it is the larger ones with 10+ registers. Would they still really be doing dial-up authentication?! I could see it if they were still using the old terminals (from the 90’s), but these are all brand new...

    • Painstakingly slow

      I've noticed some readers are slow, but this probably has nothing to do with the chip, the merchant just has a shitty system. If you're talking about the process being slower, ok yeah, by about 10 to 15 seconds or so.

      The terminal we have in our shop is not greatly different to swipe only machines of the past. It smells of 8-bit micro with LCD. I know it to be doing two way 1024 RSA for the authentication because I checked. I'm familiar with the X.9 series and PCI specifications, so I know what is going on on the wire.

      So my assumption is the delay is doing 1024 RSA sign and verify (It's two way auth) for each chip transaction on an 8 bit CPU. This is the authentication of the terminal, not the card.

      A normal extended sess

    • Not saying chip and pin is perfect, but I really don't get why this is such a big "disaster".

      Here in Canada they're really pushing the "tap" feature which is bypassing the "security" for smaller purchases anyhow. So if someone steals your card they can nickel and dime you with many transactions. I check my card's transaction logs regularly (at least once a day) but if my card goes missing who knows how many dozens of transactions can be rung up before I notice.

      Basically all you do is wave the card across th

      • by DamonHD ( 794830 )

        I refuse to have a card with contactless / tap / NFC / PayWave for this reason, especially for business accounts.

        I have had to move banks to avoid contactless, and have shopped one of my old banks to the regulator for claiming that it was *impossible* to issue a card without it. Unlike by personal and business banks. Duh. If a bank can't tell the difference between "won't" (or "don't want to") and "can't" then they shouldn't be in charge of other people's money IMHO.

        The card schemes and banks do care abo

    • "initial adoption was a bit rough"

      Yeah - that's where we are now. You just admitted that you DO "get this"... because it was the same in Canada.

      Initial adoption of any new technology that you use multiple times a day is going to cause some confusion and consternation... this is no different.

      • by Anrego ( 830717 ) *

        Yeah, but "a bit rough" meant there was maybe a month or so where the teller would say "our chip and pin isn't working yet" and maybe the odd occasion you'd have to re-try a few times or eventually "lets just do it the old fashioned way". It sounds like the US is having a much harder time of it.

        • Nah - that's what's going on here too. It's not the apocalypse or anything. If you're referring to the headline that's just normal sensationalism.

          People on the ground here just grumble about it and move on their way. It'll work itself out.

    • "Getting a signature that no teller ever verifies or checking the name against your ID (which again, never actually happens)?"

      It happens to me if there is more than $100 at stake. And I'm a white male to boot.

    • by SuiteSisterMary ( 123932 ) <slebrun@ g m ail.com> on Saturday July 30, 2016 @12:04PM (#52612529) Journal

      From a fellow Canuckistanian:

      Remember that we, in Canada, have a fairly unified banking system. Really, we've got the big 5, and we've got the Interac system, and any bank that wants to sign on, signs on.

      In the US, however, you've got thousands and thousands of banks. They don't have a unified banking system; they have the big Credit Card companies.

      But, yes, we've been on swipe and pin for decades, and chip and pin for years, and applepay Just Worked when the banks turned it on, because virtually any place that's set up for electronic transactions already has a tap capable terminal, and the infrastructure's all already there.

    • The US implementation doesn't use the PIN, so they are doing something different on the back end than the rest of the world. Apparently ROW queues transactions of relatively small value (offline transactions?) where in the US, there seem to be a few round-trips with the processing company for each transaction over something like $5.

      With the mag stripe, there would just be one round-trip to authenticate, and it would take about 5-10 seconds. At one store (Trader Joe's), it takes about 30-35 seconds, but th

    • by Z00L00K ( 682162 )

      It's slow either because the retailer has a bad connection to the payment service/bank or that the payment service/bank is slow.

      Here in Sweden we sometimes experience lag in the transactions whenever there's a large holiday with a lot of shopping going on. Not a big deal though.

    • The worst time was in Europe when they had made use of the chip reader mandatory, except for cards that did not have a chip.

      Travelling in Europe with a US credit card (no chip at the time) and many shop assistants only heard that the use of the chip reader was mandatory. They didn't seem to hear the part about what do do if the card did not have a chip.

    • We were suppose to move to chip & pin in 2008. We didn't (what with our whole economy imploding around then nobody had any money to do crap like that). So there's tons of old hardware businesses were sold in 2005-2008 that never got used. The businesses are pissed that they spent hundreds (thousands?) on new terminals and readers that did nothing. So it's like pulling teeth to get them onboard. Imagine spending $800 on something that offered you little value but you have to, then you never use it and no
    • by AikonMGB ( 1013995 ) on Saturday July 30, 2016 @12:50PM (#52612807) Homepage

      As a Canadian that recently moved the US, the system here is utterly ridiculous and broken. I never know when I should swipe vs insert the chip, I have never been asked for a pin, sometimes I have to sign and sometimes I don't (there doesn't seem to be a clear limit), and there's no tap-to-pay. It's that last part that was killer; I used tap-to-pay for 90% of purchases in Canada, with chip+pin being the remaining 10% of larger purchases like electronics.

      There's also an obsession with literal cash, here. People see it as the default, whereas in Canada, cash tended to be a fall-back for most people.

      It's truly bizarre. I find it much more annoying to pay for things here.

    • What alternatives?

      NFC. Instant, far more secure, available for years now just stupid business types fighting over money and who gets to steal your personal info.

  • by Nemyst ( 1383049 ) on Saturday July 30, 2016 @11:44AM (#52612377) Homepage
    First of all, "But reading the chip seems to take much longer than just swiping." Big fucking whoop? That's the time it takes for the card to obtain authentication from the bank server instead of the terminal just blindly accepting the transaction. That's already more secure, so stop whining.

    But more importantly, chip and PIN is known to be more secure than swipe and sign. That's not up for debate, it's a fact. Unfortunately, the US, in their wise ways, decided to bastardize the system into chip and sign, removing the vast majority of the additional security for no real benefit. Oh, you can't remember a 4-digit PIN? Tough fucking luck. Instead, you'll probably have to switch to chip and PIN at some point in the future, causing another confusing transition.

    Furthermore, the partial transition, various fuckups and all have largely been isolated to the US. Sure, Europe, Canada and others have also had a few hiccups when moving to the new system, but they had clear, strict deadlines that all providers followed. The US basically let the monkeys run the show, and so it's been a mess of delays.

    You guys fucked up, now you get to live with the consequences. This isn't a failing of the chip system, it's a failing of the US thinking they could half-adopt it. That entire article sounds like entitled whining.
    • Normally I encourage rtfa, but not this time. Something in progress isn't complete, therefore is a disaster? Nope, here's someone irritated by some aspect of the process, and rants about it. Looks like he submitted it himself, too.

      Don't click. In fact, don't discuss. Move on to something worth wasting time on.

    • First of all, "But reading the chip seems to take much longer than just swiping." Big fucking whoop? That's the time it takes for the card to obtain authentication from the bank server instead of the terminal just blindly accepting the transaction. That's already more secure, so stop whining. But more importantly, chip and PIN is known to be more secure than swipe and sign. That's not up for debate, it's a fact. Unfortunately, the US, in their wise ways, decided to bastardize the system into chip and sign, removing the vast majority of the additional security for no real benefit. Oh, you can't remember a 4-digit PIN? Tough fucking luck. Instead, you'll probably have to switch to chip and PIN at some point in the future, causing another confusing transition.

      The US Should start transitioning to Chip and PIN during or shortly after 2017. It's anticipated that MasterCard and VISA will start requiring a transition to PIN in the US in 2018. The biggest obstacle was actually the banks trying to delay the capital costs of replacing all of their terminals and ATMs all at once. They used the "confusion of a PIN" to sell the argument that they should not roll out Chip and PIN immediately. However, I can tell you from the payment processing side that everyone is doing everything they can to support PIN at their gateways and to get certified. I keep seeing companies ask me to help them integrate PIN padless terminals and I keep telling them that they're making a short sided mistake.

      Furthermore, the partial transition, various fuckups and all have largely been isolated to the US. Sure, Europe, Canada and others have also had a few hiccups when moving to the new system, but they had clear, strict deadlines that all providers followed. The US basically let the monkeys run the show, and so it's been a mess of delays. You guys fucked up, now you get to live with the consequences. This isn't a failing of the chip system, it's a failing of the US thinking they could half-adopt it. That entire article sounds like entitled whining.

    • by DamonHD ( 794830 )

      Please note that not everyone CAN reasonably remember distinct decent PINs for a wallet full of cards, never mind those who cannot see a keypad for example.

      The rest of the world is not exactly like you, thankfully.

      Damon

    • by nnull ( 1148259 )
      This is reminiscent of the US industry in general. Everything is half-assed here. A lot of my suppliers in the US that I vet are half-assed that I have to dump them. I go through a lot of resumes for managers and engineering positions, all their stuff on linkdin is about saving me money and how they saved "X" company money. I asked them how they did it, of course they can never tell me (Obvious cost cutting procedures). Even contractors, I had to go through a full year of them before I found one that wasn't
    • I thought the U.S. screwed up too at first. But then I read an article that in Europe, you basically can't contest fraud on your card. The reasoning is that because the chip cannot be defeated, and you're not supposed to tell your PIN to anyone, any use of "your" card must be legit. Either you made the purchase yourself, or you loaned the card to someone else and told them the PIN. So it must be your fault, therefore you are on the hook for the fraudulent purchases. Even if you're talking with the bank
  • by ScentCone ( 795499 ) on Saturday July 30, 2016 @11:49AM (#52612409)
    It's not that there's "no rhyme or reason" to the experience at the register - it's that the purchase of chip-capable readers doesn't mean that the retailer's point of sale system, back end accounting platform, security reviews, and everything else that comes in the wake of this have been completed. Getting chip-capable devices at the register is the easy part - they're often leased anyway, and the processing companies are simply replacing older units, as they fail, with newer units that meet the new specs. But there is a lot of behind the scenes work to do. It's easiest for mom-and-pop retailers who don't have a lot of integration, and it's relatively easy for the very large chains that have big IT departments. But the mid-sized operations, owner-operated gas stations, etc., have to take on considerable expense. And it cannot break, or they're expensively down and out.

    I have indeed noticed the significant increase in processing time. Even at a bank-owned ATM, where I know the branch has a nice fast pipe back to the mothership, it's pretty shocking how long it takes the ATM to complete the extra crypto dance before it even gets down to business with you on the user interface. If nothing else, they need to have the ATMs give a better sign of life as that handshake is taking place - many users will be baffled by what doesn't appear to happening.
  • is that some vendors charged two upgrade prices: one for the new chip-ready terminal, a SECOND to upgrade the software to a set that is chip-ready! So many businesses ended up with new terminals with deactivated chip readers.

    Another issue that I've seen is speed. It seems like some chip-ready installs are using dial-up to transmit info, which is really odd. We spent a few weeks in Germany last summer, and all of the terminals that we used were quite brisk.
  • It's really not that bad. It takes exactly the same amount of time, the only difference is it feels longer because you have to leave your card in while it authorizes. But there's no extra round-trips or computation or anything - the card gets challenged with the amount, and it generates a one-time code for that amount that gets sent instead of (or alongside?) the card number. For the annoyance of leaving your card in the reader, skimming becomes impossible. I've had my debit card skimmed, which was annoying

    • by SeaFox ( 739806 )

      Amen.

      I read a similar story last night [theverge.com], and all I could think was "would you like me to call a whambulance?"

    • by Hartree ( 191324 )

      "It's really not that bad. It takes exactly the same amount of time"

      That's not true, at least at many of the locations I've been to. It should be true, but isn't.

      I used to work for a credit card processor and had to test the systems for grocery stores with 20 or so lanes before they were installed. One of the things I was watching for was slow performance (way back in the day of X.25 links. Get offa my lawn. ;) ), so I still pick that up regardless of the swipe versus insert dichotomy.

      Based on what I've see

    • The payment does take significantly longer though, for one thing, it does not seem to be possible to start the process while the cashier is in the process of scanning the groceries, so it all has to take place after the total is known.
  • by Bender Unit 22 ( 216955 ) on Saturday July 30, 2016 @11:55AM (#52612451) Journal

    Last October, I spent some time in the US again and I noticed the few places that had started using chip readers had a person standing by to help people. They seemed a bit surprised when I just inserted my card and typed my pin code in a few seconds. :D They didn't even finish their line about being sorry about me having to remember the pin code. But I have been using it for years now.

    We had a few problems in the beginning too both with speed of the approval process and the people using the card. but it is really not a problem more.
    Now both my VISA and Mastercards have NFC( I'm guessing it is?) so I just hold the card over the reader.

  • by __aaclcg7560 ( 824291 ) on Saturday July 30, 2016 @11:57AM (#52612465)
    The local 7-11 store taped over the slot and have a note to swipe the card instead. The chip reader is too slow to move a long line at a faster pace. With limited parking out in front, the clerks want to turn over as many customers as fast as possible to avoid losing sales.
  • I can confirm; every place that has upgraded their equipment has experienced significant slowdowns in the transaction process. It is, frankly, ridiculous. It shouldn't take upwards of a minute to process the transaction where before it took seconds.

    On top of all that, it's a silly system. Why don't we use disposable QR codes that they scan for the transaction? That would seem to be a more secure and easier to implement solution; the equipment is already there, it would just require software.

  • The fault lies.... (Score:5, Insightful)

    by Lumpy ( 12016 ) on Saturday July 30, 2016 @12:17PM (#52612617) Homepage

    Completely at the feet of the banks. They needed to get off their asses and spend a tiny bit of their immense profits to fucking switch over. The banks could send every retailler a new chip reader for every register for free and STILL make record profits every quarter.

    So blame the Banks and the Greedy assholes that run those banks.

    I'm for bringing back all the heavy handed bank regulation from before 1980. Fuck the bankers.

  • by taustin ( 171655 ) on Saturday July 30, 2016 @12:18PM (#52612625) Homepage Journal

    For a disaster, it's been pretty mild for my employer.

    Several points to consider, from my personal observations (as the IT guy in charge of deploying and training on this):

    1) Chip & PIN vs. Chip & signature. Yeah, chip and PIN is more secure for the consumer, but EMV isn't about security for the consumer. That's not at all the point of EMV. The point of EMV is to protect the banks, who eat the loss, when somebody breaks into a big retailer and steals 120 million credit card numbers at the same time, because PCI compliance hasn't been enough, and never could be. EMV is the half of the new system that gets the news coverage, but the other half, point-to-point encryption, is more important. The transaction gets encrypted in the credit card pad, and the merchant never sees the card information. So if you break into their network, there's nothing there to steal. The benefit to the merchant is that PCI compliance is a hell of a lot easier (and less expensive). The benefit to the consumer is that their cards are, in fact, less likely to be compromised (because that kind of break-in is a huge part of credit card fraud these days), so less hassle waiting for a new card.

    But in the US, the consumer isn't protected by the technology, they're protected by the law. If your card is stolen, you're never responsible for more than the first $50 (and if you're bank gives you static about that, file a complaint and open an account with a bank that isn't crooked).

    2)It's not confusing, it's just different. The process isn't any more complicated, it's just a different process. So the cashiers need about one minute of training, mainly by me buying a soft drink so they could see the new screens, and then they had it down (because we don't hire idiots as cashiers, and we train them), and the customers will need a few reminders for a while. The only two actual issues we've had (both very minor) are that we used to not need a signature for transactions under a certain amount, and we need a signature on every transaction now (because it's chip & signature, not chip & sometimes signature - but I expect that to be relaxed very soon), and we have to remind the customers to remove the card when it's all done (and our system actually helps on that, because it won't let them sign until the card is removed, which reminds the cashier to remind the customer). The pads could beep a little louder, but it's not a problem.

    3) It's only slower if you bought shitty equipment. I've seen very slow chip card transactions. They're pretty much always the cheap-ass little standalone terminals that small merchants get on a lease from their merchant service (who don't care how slow it is). The reason for this is that the pad is doing the encryption, and that requires a certain amount of processing horsepower. Ours are new, expensive, and high quality. The difference in time processing a chip card and a mag strip card is less than one second. Barely enough to notice. Other big chain stores I've been in that do EMV also have new, expensive, high quality pads, and they, too, are basically just as fast either way.

    So no, it's not the end of the world. Just more hysteria mongering from somebody who has a book to sell, or just hates all change, even for the better. In other words, it's a day that ends in "y."

  • What the hell?! (Score:4, Insightful)

    by silviuc ( 676999 ) on Saturday July 30, 2016 @12:21PM (#52612639) Homepage
    From the article:

    "But, for the less digitally inclined, plastic cards and those tiny metal chips will probably still be pretty cumbersome for the foreseeable future."

    My mom has 70+ years and can shop the any local store with her card just fine. We use chip & pin over here. She can remember her card pin just fine. She's also not digitally or technically inclined. The whole thing takes a few seconds until the transaction is authorized by the bank.

    What exactly is your excuse there, over the pond?

    Banks have been issuing new cards (or replacing older ones) with NFC versions for at least a year. Just bonk and pay.

  • One local store here is very quick in processing the chip card. I don't know if it is a reader thing or a back-end processing thing, but I insert the card and in a couple of seconds it is done. On the other hand, the chain stores seem to be dog slow in reading/processing the chip cards.

    .
    So let's abort the whole project because there are some transition problems.

  • I love Citibank's ATM's ... you now have to "dip" your card (swipe), wait for the machine to tell you to just insert and leave the card (chip'd), wait some more, THEN enter your PIN number.

    My other problem (with ALL banks) is that I DO NOT WANT A CREDIT CARD (or debit) tied to my primary checking account. The account where I, you know, pay my bills. Who's bright idea was it to do this -- allow someone to easily empty my account leaving me with bounced payments while cleaning up the mess?

    I want a ATM [only]

  • Up here with the igloos and polar bears, we have had these machines for years. You can slide, swipe or tap. If you do the first two, you'll have to input your PIN. Occasionally sliding the chip end of the card into the reader is a bit slower than swiping, but not as a rule. Newer machines simply require you to tap your chip card on the display screen. That's it...no PIN or anything. It takes about a second.

    It's a bit ironic that most of this technology was invented in the US, but it's the only First W

  • I think calling it a disaster is an exaggeration. Most of the problems described will be fixed in time: The spped will improve (already at some merchants is it quite acceptable). Also, as everyone migrates to the system, the confusion over insert vs swipe will go away as well...

    These IMHO are the REAL problems:

    1) The roll-out has been slow. Every article I've read says that the scanners and software are very expensive so a lot of merchants can't afford to adopt it or are delaying adoption. This is just stup

  • by quax ( 19371 ) on Saturday July 30, 2016 @01:17PM (#52612967)

    And then screwing up the implementation.

    Maybe Trump can make paying with credit cards great again?

"The pathology is to want control, not that you ever get it, because of course you never do." -- Gregory Bateson

Working...