Target Moves To Chip and Pin Cards To Boost Security

jfruh (300774) writes "U.S. retailers must accept chip-and-pin charge cards by the end of 2015 or become liable for fraudulent purchases made with chip cards. Target, still smarting from its recent embarrassing security breach, is moving to get ahead of that trend. The company will be installing chip-and-pin terminals in all its stores, and will also be issuing chip-and-pin versions of its own branded cards, which account for about 20 percent of Target sales. Will this move by a huge retailer push the U.S. into parity with the rest of the world?"

America is *finally* implementing chip-and-pin

[Lumpio-]

Meanwhile in Finland, everything and everybody has a wireless payment terminal. I once even saw a street musician with one for tips...

Re:America is *finally* implementing chip-and-pin

[Ol+Olsoc]

I can confirm this.

Only Netcraft can confirm this.

This isn't why they had a security breach

[Karmashock]

They might as well announce they're getting Yettie insurance. They had their payment system compromised by people that got access to their point of sale system at one of their stores and then used that to gain access to their central system.

That has nothing to do with chip and pin.

And ultimately, how would you do chip and pin for online retail? You know, people that literally have to type their credit card number into a field? So indifferent to chip and pin, that is going to keep working. And I suspect that indifferent to chip and pin, somewhere in the target billing system there will be a list of credit card numbers, expiration dates, and security codes. A hacker gaining access to that database isn't going to care if the cards were chip and pin or not. Because by that point the data is prepared for processing. The only way chip and pin would be effective is if the security code were different for each transaction. That seems extremely unlikely but if you could some how pull that off then snagging the numbers might not get the thieves anything. Of course, how you'd get that to work with online retail is anyone's guess.

TLDR... I don't think chip and pin is going to accomplish anything and in so far as I understand the issue it wouldn't have stopped the breach at target in the first place. So i don't know why they're talking about it like its a solution to anything.

Fucking finally

[PvtVoid]

The U.S. is finally catching up with Bulgaria on this one.

Nope

[mice7943]

We will not gain parity simply because Target said "make it so". Sadly the cheap and easy CC system the US uses is the easy thing to stay with. Expect an extension of the current system just before it expires in 2015. Nobody want to spend money to be more secure - "that won't happen to us" mentality rules here in the States...

Re: Chip and PIN

[Em+Adespoton]

Square will have to do what PayPal Here does in territories with Chip and Pin, and that's replace their device with one that has a chip reader.

Of course, the PayPal Here reader with Chip and Pin is almost ten times the cost of the US PayPal Here swipe reader.

Well, it really depends. Without chip and pin, the vendor assumes all responsibility for chargebacks. It will be a decision for each square user as to whether it is more profitable to assume liability or pay for the more expensive reader. upgrade.

Re: 'Bout time

[AlphaWolf_HK]

The US almost always suffers from the early adopter problem. That is, we get the earlier versions of standards merely because we adopt them first, and by the time Europe gets around to adopting them the technology has improved based on what was learned in the US. Note similar things like T1 equivalent E1 being faster, and given that superseding technologies (such as optical carrier) are sold in multipliers of T1 speeds, the Europe versions tend to be speced higher.

Broad adoption of standards is like a marriage: You're stuck with it, flaws and all, and changing to another incompatible one requires a lot of pain and sacrifice, with there being more pain the longer the marriage has lasted. For another perspective on this, look how much of a PITA it was to switch to digital TV, which the US actually did faster than most of the world.

And yes, I know Europe also had magnetic stripe. But like the marriage analogy they didn't have it for as long nor was it adopted as broadly before chip and pin came along, likewise switching wasn't as difficult.

There is a silver lining to our system though:

One time I saw somebody commenting on how much he hates chip and pin because it was supposedly only being pushed so that banks can force you to pay for fraudulent charges, whereas magnetic stripe they supposedly can't. The article was referring to the US adoption, and so I told him that we already have laws that strictly limit liability for consumers that mostly just make banks liable, and they aren't going away. He then lambastes me that "the rest of the world" doesn't do it that way, therefore chip and pin is evil, and I'm a stupid ignorant American for thinking that, even though the article was specifically about the US where such a problem doesn't exist.

Why doesn't it exist? Well, because us backward Americans have been on magnetic stripe for so long, that it was born out of necessity. (Which by the way, looking in his profile revealed he lived in Europe, which isn't "the rest of the world" as other non-European countries do have similar laws to the US, for the same reasons.)