Slashdot Mirror
Judge Allows Small Businesses To Sue Credit Card Giants For Forcing Them To Adopt Chip Readers (computerworld.com)
An anonymous reader quotes a report from Computerworld: A federal judge has ruled it is plausible that four national credit-card companies improperly conspired "in lockstep" to set a deadline of Oct. 1, 2015 for requiring retailers to upgrade their technology to accept embedded chip cards for credit and debit card purchases. In an order issued Friday (Case number C 16-01150 WHA), U.S. District Court Judge William Alsup agreed with two small Florida businesses -- B and R Supermarket and Grove Liquors -- which brought the lawsuit in March. Alsup's ruling also allows the antitrust case against Visa, Mastercard, American Express and Discover Financial Services to move forward in federal court for the Northern District of California. The two retailers are seeking to create a class-action case involving millions of small retailers who have been required under the Oct. 1, 2015 deadline to assume liability for fraudulent card charges if they haven't upgraded to the more-secure chip card technology instead of magnetic-stripe cards. The retailers believe there was industry conspiracy over creation of the deadline that violates fair trade practices. In the same ruling, the judge allowed two other retailers -- Los Angeles-based gourmet food chain Monsieur Marcel and New York-based grocery story chain Fine Fare -- to intervene in the case. Lawyers for the retailers have said a class-action lawsuit could include 8 million U.S. small businesses. They would seek repayment of the cost of upgrading to chip card readers and related software, estimated at $6 billion. However, the National Retail Federation has recently estimated the total cost of the conversion in the U.S. at up to $35 billion.
The processing of nearly every credit card purchase in the US eventually trickles down to one firm, so perhaps it wasn't the 'big four' conspiring.
I'm not really sure why them setting the same date for themselves affects anyone. Just upgrade your damn terminal already.
They're just not happy about the liability shift strong-arming them into this. But honestly? They SHOULD be liable when they're the roadblocks preventing customers from having good security. They're dragging their feet on this because it's an externality--they don't care if their customers get screwed, as can be seen with, e.g. the Target hack, but they do see a cost for newer, more secure equipment.
And I can tell you right now that they won't make proper upgrades unless someone holds a gun to their heads.
I'm not sure if I have any sympathy for these retailers. The card industry did not force them to accept chip transactions, they forced them to accept liability if they refused to accept chip transactions. You can still, to this day, accept magnetic stripe data instead of chip data. You can also choose to take cash at any time. They also gave the warning more than a year in advance and even basically extended the deadline past October 2015.
Disclosure: I do make money off the chip card transition. However, I make money off of magnetic stripe implementations also.
There is no reason to upgrade to chip cards except to benefit the card cartels. Forcing a small business owner to eat the fraudulent card charges is a big middle finger to these businesses, you can still fraudulently charge a chip card and the cost-benefit is just too insane for a business. Chip card transactions often not only cost more, but the readers and associated systems are a magnitude more expensive than their mag-stripe counterparts, for no good reason, I can get a Chinese chip card reader for $25, but the bank doesn't certify units under $250 and charge hefty monthly fees to use 'their' (same model) units.
At least with a mag stripe, a developer could interface with a verifiable fully secure API, now you have to trust the banks and manufacturers not to screw with the system. To the strict letter, they can't even be considered PCI compliant because the owners have no control to change the passphrase or keys on them.
Custom electronics and digital signage for your business: www.evcircuits.com
This "upgrade" is a complete farce. If they had moved to chip and pin then, yes, it would make sense for all businesses to adopt it. As it is, they moved from a "something you have" model to a slower "something you have" model. Without a "something you have and something you know" model, the upgrade is mostly just an inconvenience to all involved parties (except the credit card companies who can now defer more blame).
... to accept the business of a company that doesn't want to do things the way the CC company requires?
File under 'M' for 'Manic ranting'
I can't figure out why retailers would refuse new terminals, unless they were being asked/demanded to pay for them.
If these new terminals are trully going to save the credit card companies so much money, it ought to have been a no brainer to provide them to retails on their own dime and see the return on investment come over time, rather than, essentially, demand the retails make investments solely for the credit card companies benefit (with the exception that if the cc co's are going to turn liability over to the retailers, then, yes, they would stand to save their own money, but only because of a change in business dynamics)
Again, I could just be shooting in the dark as I didn't read the article, just chiming in with an opinion and nothing to back it up, which is what slashdots all about, right? :)
It works well, efficiently, quickly and I'd be shocked if I came across a retailer that only took magnetic stripe. I literally cannot remember the last time I signed for something, it seems arcane. I can't believe Americans are fighting against it. Faking a magnetic stripe is piss easy, I imagine copying a chip is quite challenging in comparison. I feel no compassion for these retailers, whether the word of the law is broken or not, this seems stupid.
US banking is so behind...
All point of sale machines have read chips in Canada for YEARS.
Also, stores in the US still accept checks...
I mean it's high time that the USA got dragged kicking and screaming into the 2000s, but to sue the banks over it as well? I mean the USA has the current second highest amount of credit card fraud in the world behind Mexico who are also still in an age where they are marvelling about this fancy new thing called the internet.
Being forced to upgrade to something which in every other country in the world has caused a significant drop in credit card fraud is a damn good thing, not a sueable offence.
What I would object to is the absurd price points for the technology upgrade given we are talking abut mass produced technology. Especially given the security it'll provide is little more than snake oil.
They should have ramped it up gradually. For example, increase the percent of retailer liability by say 5% a month.
I don't know if that makes it "fairer", but it's better "customer relations" psychology. There's a right way and wrong way to be a jerk. (Both prez candidates are doing it the wrong way.)
Table-ized A.I.
I wonder what makes Americans so resistant to change, and when they implement change, it has so many compromises to be unworkable?
Whether it be.
- Adoption of the metric system
- More sensible gun management
- Universal basic health care
- Writing dates mm-dd-yy
- Reform of you court/prison system
Australia has changed completely to chip cards. Mag swipe is no longer accepted.
For most merchants, transactions below $100, contact-less is used.
For over $100, a pin is required (and for some cards like amex, you need to insert the card for a chip read).
The transactions take around 2 seconds.
It works great. The $100 threshold is a good compromise for convenience vs fraud risk.
I assume you are complaining because your banks have stuffed up the implementation???
46137
The card companies should adjust the merchant fees per transaction tech. So chip transactions would have a slightly lower merchant fee (assuming fraud costs are lower) and magstripe readers would have the same merchant fee as when all readers were magnetic.
No mandate necessary and the seller can decide on their acceptable burden.
We're not getting Chip and PIN, just Chip. And the retailers are expected to foot the bill.
There's a million and one reasons small businesses SHOULD sue credit card companies. This is one is stupid garbage.
Wild guess, but this here might be why the change took this long, and was this half-assed. :P
Actually, the infrastructure supports Chip and PIN. What makes the card Chip and Signature is something baked into the card by the issuers.
While the new terminals do support Chip and PIN, places like restaurants will need to buy wireless terminals to allow customers to enter a PIN at their table. I haven't seen any wireless credit card terminals in use in the USA.
The real "Libtards" are the Libertarians!
Um... where they forced to accept credit cards? If you are accepting someone's 3rd party method of payment, aren't agreeing to THEIR terms?
It's the cost of doing business, suck it up.
So what they are saying is "We want to force our credit-card using customers to use unsecured, outdated, and fraudulent-prone systems because we don't want to pay for new ones but we don't want to be responsible if fraud occurs" - whereas the credit card companies are saying "we want to reduce fraud and increase security for the users of our products".
Who has the better tagline?
A lot of diners and some chains (i.e. Denny's, IHOP) are set up such that you just bring your receipt to the hostess and they cash you out there. So, more places could move to that model.
Honestly waiting for the waitress to come pick up our cards, then bring them back with a pen is a pointless waste of everyone's time. "Just bring up your receipt when ready" works so much better...
3 or 4 years ago I used a chipless card in Sheffield, the machine read it OK but the staff didn't know what to do with the slip of paper which printed. A year before I tried the same card in Amsterdam, that required blowing the dust off the only mag stripe reader they had and getting the one person who knew how to operate it.
Not a small business operator, but I was under the impression that mag stripe readers and yes, even carbon paper imprints are still acceptable. You've just got to pay additional per transaction fees applicable to each non preferred method. To cover added processing costs and risk.
Have gnu, will travel.
I guess it is like x86. The banks have become decent at spotting small scale credit card fraud, after all those years of investing in trying to spot weird transactions. It is mostly transparent to the consumer. And, technology keeps on changing, so why try to change as soon as possible, especially if it requires a giant investment to put it into place.
It depends on the attack model.
Against card cloning A chip is much harder to clone than a magnetic stripe. Against physical theft of a card The chip changes nothing. Against account cancellation out of cardholder frustration with too many changes to the payment method at once A delay of a few years between instituting chip and instituting PIN is less jarring than instituting both at once.I used to hate the tap because really, it seems like a step backward in security. Nice to know it uses rolling codes, but it still kinda sucks if you have your card stolen.
On the other hand, tap is pretty nice when you're grabbing a quick coffee etc, and the theft thing isn't too bad if you set a low purchase limit. Still seems like a terrible idea for debit though.
because their laws allow them to shift liability onto the consumer when your pin gets compromised. It's sorta like if someone breaks into a bank they get to take your money instead of the banks.
In the United States every single credit card swipe is a loan. And you can't enter into a loan without consent. That's why it's so easy to dispute things. But it's also the only way Americans would swallow credit cards. Chip & Pin wasn't worth the extra effort because you don't get a full liability shift to the consumer here.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
There is no country on Earth more stubbornly refusing to modernise than the US.
I bought a rug at the flea market the other day, the merchant had a chip reader hooked to a phone.
It may not be built into the cash register and its accounting software, but the chip reader itself is cheap.
The problem is the accounting "SYSTEM" provider jacking up the price of the chip reader and its integration.
The cryptocurrency guys hate any degree of centralization, and the rest of the world doesn't want weird new technology, but the eeeeevil "banksters" who are testing blockchain technology are actually right.
What we need is the best of both worlds - theft insurance for your bank-issued hardware wallet so the merchant can be sure they're getting irreversible money for their irreversible goods, no need to trust merchants with sensitive information or risk card/pin skimmers, and if YOU lose your keys your insurance rates go up but you're not ruined financially. Enough of these earning miles and cashback rewards workarounds; what they're trying to solve is ultimately an adverse selection problem. We're expecting merchants to do identify verification constantly when having specialists do it once would be far more economical.
There's a reason merchants prefer cash, and the consumer's problems with cash are now solvable. Forget the macroeconomics... If you're worried about Fed conspiracies you can still use Bitcoin, and if you don't care (like most people) you can use a private blockchain denominated in USD. What matters first are the microeconomic solutions that are now light years ahead of cards.
When we switched over to chip and pin from swipe here in the UK a deadline was set and that was that. Everyone just got on with it without feeling like they were being badly done to, let alone launch a lawsuit.
I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
In Mexico --yes, that Mexico that MopHair Trump despises so much-- ALL CCs are chipped, ALL terminals are chip-enabled and ALL transactions are chip-protected. Been that way for over a year. And nobody is whining and wringing their panties in a bunch.
Doesn't mean that all of a sudden this became Happy-Happy Land and fraudulent transactions disappeared. Identities still get stolen as do credit cards, but fraud dropped off enormeously.
1. As of the beginning of this year, the PCI - the organization of credit card vendors section that deals with security, announced, over a year ago, that not having chip readers enabled meant that the store is liable for fraud.. The chip is a *lot* more trouble to clone or steal.
2. What's the big deal? Time them printing out the chit, you signing it, or inputting crap on the screen, then having to sign (I *loathe* "signing" with my fingertip) - as if anyone could read half your signatures - as opposed to shoving the card in and waiting a minute for it to beep.
It's about them not wanting to loose a *lot* of money because users don't care about people stealing their data, or watching you punch in your PIN, or....
mark
With the waitress handling the card, I can sit at the table uninterrupted and then get up and walk out when I please. There's usually delays when I have to pay at a register, and the chip implementation in the US will only make that worse.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
It's something you can do while you're chatting with your dining companions instead of standing in line to leave the restaurant.
Denny's and I-SLOP do that because they're crappy restaurants. Nice places take care of all of it at the table, with very minimal intrusiveness.
If you haven't seen wireless terminals, then you have no idea what convenience is. Heck, last time I ate out with a group the waitress brought 2 terminals over to the table and the group was settling their bills in parallel 2 at a time.
In India we've had chipped credit/debit cards for at least 3-4 years now. Every shop and restaurant has a card reader that works with both chip and magstripe, and they give you the machine to enter your pin. Some of them are attached to the cashiers' desk on account of a landline, but many of them use mobile SIM cards, so they just bring the reader over to your table or hand it to you to enter the pin.. On some of them there's a shield over the keypad to conceal your fingers when typing the pin. And for online transactions, Mastercard & VISA both enforce an extra layer of security, either by an OTP sent to your phone (which you presumably have with you while making the online purchase) or by another password known only to you.
"..One hosts to look them up, one DNS to find them, and in the darkness BIND them."