Following Other Credit Cards, Visa Will Also Stop Requiring Signatures (siliconbeat.com)

← Back to Stories (view on slashdot.org)

Following Other Credit Cards, Visa Will Also Stop Requiring Signatures (siliconbeat.com)

Posted by EditorDavid on Sunday January 14, 2018 @05:34AM from the everywhere-a-sign dept.

An anonymous reader quotes SiliconBeat: Visa, the largest U.S. credit card issuer, became the last of the major credit card companies to announce its plan to make signatures optional... Visa joined American Express, Discover, and Mastercard in the phase-out. Mastercard was the first one to announce the move in October, and American Express and Discover followed suit in December... However, this change does not apply to every credit card in circulation; older credit cards without EMV chips will still require signatures for authentication... Since 2011, Visa has deployed more than 460 million EMV chip cards and EMV chip-enabled readers at more than 2.5 million locations.
"Businesses that accepted EMV cards reported a 66 percent decline in fraud in the first two years of EMV deployment," the article notes -- suggesting a future where fewer shoppers are signing their receipts.

"In Canada, Australia and most of Europe, credit cards have long abandoned the signature for the EMV chip and a PIN to authenticate the transaction, like one does with a debit card."

171 comments

Min score:

Reason:

Sort:

Turn on your damn chip reader by L.+J.+Beauregard · 2018-01-14 05:41 · Score: 5, Insightful

Does this also apply to merchants who won't turn on their damn chip readers?

--
Ooh, moderator points! Five more idjits go to Minus One Hell!
Delendae sunt RIAA, MPAA et Windoze
1. Re:Turn on your damn chip reader by whoever57 · 2018-01-14 05:49 · Score: 1
  
  I doubt it.
  It will only apply when the chip is used to authenticate the card.
  
  --
  The real "Libtards" are the Libertarians!
2. Re: Turn on your damn chip reader by Anonymous Coward · 2018-01-14 05:49 · Score: 0
  
  The chip readers that KEEP BREAKING years after their introduction?
3. Re:Turn on your damn chip reader by Anonymous Coward · 2018-01-14 05:54 · Score: 5, Insightful
  
  The signature isn't for verification. It's all about signing saying you agree to the charges and agree to pay. The signature doesn't even get sent to the clearing house. I've scribbled,signed heywood blowme, Dick Hertz, Mike Hunt,....and never heard a thing about it.
  The signature is just a stupid throwback to the days of the paper credit card slips.
4. Re:Turn on your damn chip reader by ShanghaiBill · 2018-01-14 06:06 · Score: 4, Informative
  
  Nobody, absolutely nobody, looks at the signature for anything. You can sign anything you want. You can just draw a horizontal line, or even just tap the pad. As long as at least one pixel is set, the card reader will accept the signature.
5. Re:Turn on your damn chip reader by Anonymous Coward · 2018-01-14 06:25 · Score: 0
  
  In California signature has not been legally required since the days of manual paper imprint, unless of course the transaction was later disputed. I've not signed for years saving an aggregate of 42 months.
6. Re:Turn on your damn chip reader by Anonymous Coward · 2018-01-14 06:51 · Score: 0
  
  This! Yesterday I just drew an ebola virus, the clerk saw it and smiled.
  Chips without pins are not a good idea though.
7. Re: Turn on your damn chip reader by Anonymous Coward · 2018-01-14 07:08 · Score: 5, Insightful
  
  No. The ones the rest of the world uses successfully and reliably.
8. Re:Turn on your damn chip reader by viperidaenz · 2018-01-14 07:28 · Score: 2
  
  They do get kept by the merchant
  If the charge is disputed and the merchant can't produce a signature (if that was used for authorisation) then the charge gets reversed.
  The person taking the signature doesn't care though, it's not their shop and not their money
9. Re:Turn on your damn chip reader by fahrbot-bot · 2018-01-14 07:30 · Score: 3, Funny
  
  Nobody, absolutely nobody, looks at the signature for anything. You can sign anything you want.
  
  Many, many years ago, a friend asked me to buy something for him using his credit card, while he was at work. I signed the paper receipt "Eddie Van Halen". The cashier didn't look at or even care about the signature.
  For the record, I am NOT Eddie Van Halen (had to be said).
  
  --
  It must have been something you assimilated. . . .
10. Re: Turn on your damn chip reader by nospam007 · 2018-01-14 07:30 · Score: 2
  
  "No. The ones the rest of the world uses successfully and reliably."
  For several years now.
  Most of my acquaintances render the magnetic strip unusable with magnets, so that the cards can't be easily skimmed.
11. Re:Turn on your damn chip reader by Wrath0fb0b · 2018-01-14 07:34 · Score: 1
  
  The merchants that won't turn on their chip readers are already penalized (since 2015) by being liable for in-person fraud against their terminals, if the card used was chip-capable. In other words, both issuers and acquirers are incentivized to adopt chip-card.
  For some merchants, however, the cost of a chip rollout might be more than the cost of eating the liability. The example that comes to mind is gas stations -- they have lots of readers, which are built directly into the pumps and not modular in any meaningful sense. I can imagine them being quoted astronomical costs to update them. And it's not that they are against chip card, because every terminal I see in the gas station is enabled.
  Another example that comes to mind is automated parking machines. No one designed those things to be modular, and so who knows if there's even an upgrade path for them. For a small operator -- for example a mid-sized airport or a mall -- the cost could be truly out of proportion to just sucking it up.
  The way I see it, this is a perfectly good bargain now (even a Coasian one) because they have both the cost and the liability. Let them figure out whether it's worth it for them.
12. Re: Turn on your damn chip reader by Anonymous Coward · 2018-01-14 07:35 · Score: 0
  
  Tell that to the state of Florida, where cloned CC and debit cards are sold and used.
13. Re: Turn on your damn chip reader by Anonymous Coward · 2018-01-14 07:52 · Score: 0
  
  That seems like a foolish thing to do, but we should probably acknowledge the weakness in current chip/nfc cards is that they STILL have magstripes.
  Most ATM's, transit ticket kiosk and vending machines still use the magstripe. Though fortunately we've had chip+pin long enough that those have been almost entirely phased out.
  Personally, I just use Apple Pay everywhere, and when it doesn't work, THEN use the chip card.
14. Re:Turn on your damn chip reader by Anonymous Coward · 2018-01-14 07:56 · Score: 0
  
  ATM's and Gas pumps, even in Canada are the only remaining uses of the magstripe.
  Every single store you go into will accept a chip card, and 99% will accept a NFC card. It's only early chip+pin adopters that got stuck with chip-only cards and chip-only readers, and you will still find them in some food courts.
  When Apple Pay came out, it worked with absolutely everything I tried it with that would take Amex in Canada, and that's not everyone.
15. Re:Turn on your damn chip reader by DogDude · 2018-01-14 07:58 · Score: 2
  
  It has nothing to do with merchants. It has to do with particular software stacks not being "certified" as "PCI compliant". Visa/MC handled this very badly, and of course, we've got no real guidance or regulation from our federal government, so the transition has been a shitstorm in the US.
  
  --
  I don't respond to AC's.
16. Re: Turn on your damn chip reader by stephanruby · 2018-01-14 08:31 · Score: 4, Interesting
  
  The chip readers work differently in the US. Before the transaction is authorized, the amount is verified through a centralized database. Plus all the handshake protocols are done synchronously and no information is allowed to be cached.
  This is why the chip readers in the US at times seem to be taking forever to process transactions and the chip readers in Europe are actually quicker than their European magnetic strip reader counterparts.
  So in the US, I really doubt that it's the chip readers are even broken. It is more likely that a store owner decided not to use that feature until the business could switch to a more reliable and blazing fast internet connection, or until the business could get more cashier staff to deal with the extra wait time and queue time this created during peak business rush hours.
17. Re:Turn on your damn chip reader by Wrath0fb0b · 2018-01-14 08:48 · Score: 1
  
  Yup, we're pretty much there in the States, just a. few years late to the party.
18. Re: Turn on your damn chip reader by Anonymous Coward · 2018-01-14 08:58 · Score: 0
  
  That's not the merchant, generally.
  Fun fact: certifying the software that runs on the terminal for EMV costs tens of thousands of dollars in certification fees, takes months, and requires a deep understanding of how EMV works.
  The SDKs for these devices are generally archaic, leaving most of the work of understanding the requirements of EMV to the integrator, and the EMV spec is over a thousand pages spread across 4 books.
  It can take over a year to develop and certify a terminal, even for professionals in the payment industry. The fact that Hank's Discount Terminals does not yet support chip readers is not surprising.
19. Re:Turn on your damn chip reader by ebh · 2018-01-14 09:45 · Score: 1
  
  I usually sign "secure?". I've done it somewhere between 50 and 100 times, and only once has a cashier called me on it. He said, "Hey, it's gotta at least resemble a signature."
20. Re:Turn on your damn chip reader by Maxo-Texas · 2018-01-14 10:01 · Score: 1
  
  Some signature readers do a kind of "lameness" check on the signature.
  Most places don't require a signature below a certain amount any more.
  The only time I've faced credit card fraud was at a movie theater because they took my card and brought it back.
  It was cloned and the credit card company caught it immediately based on the fact charges were being made in impossible combinations of time and geography.
  
  --
  She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
21. Re: Turn on your damn chip reader by AntronArgaiv · 2018-01-14 11:45 · Score: 2
  
  I have an EMV MasterCard. Used it today, in fact, and was asked to sign. I don't think I have a PIN for the card.
22. Re: Turn on your damn chip reader by quetwo · 2018-01-14 13:55 · Score: 2
  
  Pretty much this. That and most "mom and pop" stores still use dial-up credit card readers. These readers, in order to have a faster handshake, connect at 2400 baud. The payload of an encrypted session with an EVM chip is about 50 - 75kb, which takes about 20 - 40 seconds over a 2400 baud connection. A non-EVM session transfers about 10kb worth of data and can be done in about 4 - 10 seconds.
  In Europe, most credit card readers, even in small stores used ISDN-BRI or better. Even the EVM sessions would take under 10 seconds.
23. Re:Turn on your damn chip reader by No+Longer+an+AC · 2018-01-14 14:29 · Score: 1
  
  Of all the places I shop only two stores have not adopted a chip reader. They're both liquor stores if that matters.
  I believe they're both of the mindset that swiping a card through their magnetic readers has always worked before so why should they change things?
  And perhaps they're wise to do that. There is a 3rd liquor store that I sometimes go to and they have an Apple POS (point of sale) system. It's incredible. I have never seen an Apple POS system other than that place.
  I don't know if it's Apple software but it's horrid. Sometimes it just can't process payments - and that's without even using your Apple Pay (I have an Android anyway)...
  My credit card number has been stolen a few times - probably from internet purchases. But to their credit (ha - "credit") my Master Visa has never held me responsible for those fraudulent charges,.
  So I'm not really all that worried. In most cases they were calling me to ask if I really bought a handbag in Milan for $6000. And when I tell them I didn't they're all like "I didn't think so....we need to issue you a new card."
  Okay.
  Maybe I shouldn't go to so many liquor stores, but signatures have been a joke for a long time. I just scribble something to make the machine accept my payment. It's not consistent from transaction to transaction.
  One time I was in a bad mood and I wrote "Fuck You" as my signature. It accepted that with no problem even though I assure you my name is not "Fuck You".
24. Re: Turn on your damn chip reader by Anonymous Coward · 2018-01-14 15:52 · Score: 0
  
  and then there is this thing called the Internet, which lets you use plain text to enter credit card info over encrypted channels without a signature or chip...
25. Re: Turn on your damn chip reader by Anonymous Coward · 2018-01-14 20:33 · Score: 0
  
  I support ma and pa stores, and carry cash just for that reason
26. Re: Turn on your damn chip reader by Anonymous Coward · 2018-01-14 21:14 · Score: 0
  
  Ma and pa shops have had signs that they prefer card payments for decades...
27. Re:Turn on your damn chip reader by Cederic · 2018-01-14 21:26 · Score: 1
  
  I was in Morocco 3-4 weeks ago and if you wanted to pay with a card, it had to be chip & pin.
  Are you telling me that the US is less sophisticated than Africa? I guess I can believe that.
28. Re:Turn on your damn chip reader by Bert64 · 2018-01-14 21:41 · Score: 1
  
  If the merchant hasn't got a signature on the card receipt they can just draw one on there themselves. It means absolutely nothing.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
29. Re:Turn on your damn chip reader by MoarSauce123 · 2018-01-15 00:08 · Score: 1
  
  Does this also apply to the US financial industry who insisted on NOT implementing the PIN requirement?
30. Re: Turn on your damn chip reader by zifn4b · 2018-01-15 00:15 · Score: 4, Interesting
  
  I have an EMV MasterCard. Used it today, in fact, and was asked to sign. I don't think I have a PIN for the card.
  You really don't seem to understand how credit/debit cards work. Unless you're getting a cash advance, credit transactions never require a PIN. Hence, why they all used to require a signature. That way if the cardholder disputed the charge, the merchant could represent the signature to the cardholder and say "is this your signature?" Debit cards, on the other hand, always require PIN's because it's a completely different type of network with different operating regulations. Visa/MasterCard use variants of the ISO 8583 specification whereas Cirrus/STAR/etc. use something completely different. And, by the way, if you have a debit card from a financial institution that is Visa or MasterCard this is why they tell you to always run it as credit. If you run it as credit, the merchant pays the interchange fees. If you run it as debit, the issuer does and in many cases passes the cost along to the cardholder.
  
  --
  We'll make great pets
31. Re:Turn on your damn chip reader by zifn4b · 2018-01-15 00:19 · Score: 1
  
  Nobody, absolutely nobody, looks at the signature for anything. You can sign anything you want.
  Many, many years ago, a friend asked me to buy something for him using his credit card, while he was at work. I signed the paper receipt "Eddie Van Halen". The cashier didn't look at or even care about the signature.
  For the record, I am NOT Eddie Van Halen (had to be said).
  That's because the signature is only relevant if the cardholder calls the issuer and disputes the charge. When the charge is disputed, the merchant will represent the signature to the cardholder. If the transaction settles and no one disputes, nobody cares.
  
  --
  We'll make great pets
32. Re: Turn on your damn chip reader by houghi · 2018-01-15 01:00 · Score: 1
  
  In Europe the payment is verified online. The amount of data that is exchanged looks more like a single TCP/IP packet in size than anything else. So card is read, verification is done to the server if the card is valid and the amount is available. PIN is entered to do the verification, this is send back and forth and the transaction receives an OK and the transaction is done.
  The thing I understand is that many cardreaders are mallconfigured, so they do a verification to every sever that is programmed instead of just the one.
  In more detail for Europe:
  Merchant does a connection to his credit company, they look at the cardnumber and look up who does the autorisation for that card. They do the autorisation and it gets back. Bit like DNS works.
  In the US, as far as I understand, many are configured to verify at several places. That would be as if your google.com waits for every server from Google if you ask for a page, even if there is no need for it.
  In Europe there is also no caching of data. Most merchands will not have the data with them. Even online they will not have it, so you need to enter CC data each time. This reduces their liability.
  
  --
  Don't fight for your country, if your country does not fight for you.
33. Re: Turn on your damn chip reader by Wulf2k · 2018-01-15 02:50 · Score: 2
  
  Speaking as a Canadian, credit card transactions always require a PIN unless they're small enough to go through with just the tap.
34. Re: Turn on your damn chip reader by DutchUncle · 2018-01-15 04:02 · Score: 1
  
  It can't be a "completely different type of network" when it's the same reader of the same chips on the same wires. Yes, it's different OPERATING REGULATIONS. And the biggest problem is that the US banks didn't set up PINs like the entire rest of the world, so they'll have to gradually phase them in and confuse people *again*.
35. Re: Turn on your damn chip reader by zifn4b · 2018-01-15 04:50 · Score: 1
  
  It can't be a "completely different type of network" when it's the same reader of the same chips on the same wires.
  It is a completely different network. The first 6 digits of the card number are the BIN aka business identification number. What happens is at POS (Point of Sale) the information whether it was read off the magnetic strip or chip is sent to a payment processor. The payment processor then based on the BIN routes it to the correct issuing network (Visa, MasterCard, AMEX, STAR, Cirrus, etc.) What you may be quibbling about is the merchant payment processor vs. the issuer's processor. Yes, for a specific merchant, the merchant payment processor is the same but the message goes to completely different destinations based on the BIN.
  
  --
  We'll make great pets
36. Re:Turn on your damn chip reader by DogDude · 2018-01-15 07:21 · Score: 1
  
  Are you telling me that the US is less sophisticated than Africa?
  
  Yes, I am.
  
  --
  I don't respond to AC's.
37. Re:Turn on your damn chip reader by viperidaenz · 2018-01-15 07:52 · Score: 1
  
  The issuer checks the signature matches the one on file. They also have a financial incentive to find lazy merchants - the merchants have to pay penalties when they get charges reversed.
38. Re: Turn on your damn chip reader by Anonymous Coward · 2018-01-15 09:42 · Score: 0
  
  The Canadian Experience... PIN is a requirement for EVERY tx. Tap feature is turned off, my choice, a few digits is easier than any lost-card-tap-debate with VISA. PIN has been the norm for years... 5-10. Each and every time my card is compromised it is after use in the USA. Would be nice to see N.A. get itself "all-in" with PINs.
39. Re: Turn on your damn chip reader by david_thornley · 2018-01-15 11:50 · Score: 1
  
  What you say is contrary to my experience. I've used credit cards for transactions where I was required to sign, required to enter a PIN, and with no such authentication.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
40. Re: Turn on your damn chip reader by DutchUncle · 2018-01-15 17:06 · Score: 1
  
  Umm . . . is that maybe a different server on the same network? considering that everybody is using the same number format and routing and message format and all?
41. Re: Turn on your damn chip reader by Anonymous Coward · 2018-01-15 22:40 · Score: 0
  
  How does one clone a debit card? They have been chip-and-PIN exclusively since long before credit cards.
42. Re: Turn on your damn chip reader by zifn4b · 2018-01-15 23:58 · Score: 1
  
  Umm . . . is that maybe a different server on the same network? considering that everybody is using the same number format and routing and message format and all?
  Google is your friend. I don't have time to explain it all to you. I built an enterprise issuer credit card processing middleware platform and worked in the business for 5 years. Different companies are not using the same routing and message format. But yes, I do believe they all use the same 16 digit card number format.
  
  --
  We'll make great pets
Join the first world America by Anonymous Coward · 2018-01-14 05:44 · Score: 0, Insightful

N/t
The dying art of editing by whoever57 · 2018-01-14 05:47 · Score: 5, Informative

From TFA:

"In Canada, Australia and most of Europe, credit cards have long abandoned the signature for the EMV chip and a PIN to authenticate the transaction, like one does with a debit card."
That sentence is missing the word "require": "and require a PIN" . This changes the meaning, since in most of Europe the signature requirement has not been dropped, it has been (mostly) replaced with a PIN. I believe banks in Europe will still issue chip-and-signature cards to elderly people on request.
[I now await the replies pointing out the grammar errors in my post. Also, my recent experience is limited to the UK -- perhaps it is different in other European countries, but I don't think so].

--
The real "Libtards" are the Libertarians!
1. Re:The dying art of editing by Baron_Yam · 2018-01-14 06:02 · Score: 0
  
  How's that going, by the way? When car keys were chipped, we saw the rise of home invasions and car jackings.
  I'd expect with all credit cards chipped, you're going to get an increase in stalk-and-mugs, where the thief follows you until they can see you enter your PIN, THEN they mug you for your cards.
  And that's just what I thought up in the last 10 seconds - actual criminals are often a lot more crafty and probably have several more nasty options I haven't considered.
2. Re:The dying art of editing by PvtVoid · 2018-01-14 06:02 · Score: 4, Insightful
  
  This. Transaction verification is a long-solved problem that Americans refuse to adopt because we're too fucking stupid.
3. Re:The dying art of editing by Anonymous Coward · 2018-01-14 06:08 · Score: 0
  
  Gone fine. Maybe you should consider moving to a country with a lower crime rate.
4. Re:The dying art of editing by r1348 · 2018-01-14 06:19 · Score: 1
  
  Fraud declined, mugging did not change a bit.
  Actually, why go through the hassle of having to spy on someone's PIN when you can simply forge a signature?
5. Re:The dying art of editing by PvtVoid · 2018-01-14 06:28 · Score: 0, Troll
  
  This. Transaction verification is a long-solved problem that Americans refuse to adopt because we're too fucking stupid.
  I aspire to the perfect Slashdot post, which is equally modded "Funny" and "Troll".
6. Re:The dying art of editing by Anonymous Coward · 2018-01-14 06:46 · Score: 0
  
  where the thief follows you until they can see you enter your PIN, THEN they mug you for your cards.
  So you walk into a deserted area, turn into an alley and draw your handgun. When the thief rounds the corner you blow his head off. No problem.
7. Re:The dying art of editing by Anonymous Coward · 2018-01-14 06:54 · Score: 0
  
  The reason is tipping. On a chip and pin card the chip authorizes and signs the transaction, the amount cannot be changed afterwards like they do with tipping in the US. But it would also require that US actually start paying their waiters and others salaries instead of mooching on free labour.
8. Re:The dying art of editing by mrbester · 2018-01-14 07:14 · Score: 4, Informative
  
  There's a button that can be pressed that allows customers to tip; the reader is handed to you and there is a blank field for the you to type in an amount. Then you enter your PIN. AFAIK this functionality has always been present so you could do it on chip and signature as well.
  If the server has pressed OK twice after entering the bill total (skipping the gratuity step) then the transaction can be voided and restarted if necessary.
  
  --
  "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
9. Re:The dying art of editing by Anonymous Coward · 2018-01-14 07:17 · Score: 0
  
  No. It works like this:
  Waiter brings over portable card terminal (because if anyone takes your card out of sight, they are up to no good).
  You insert your card and confirm the bill amount.
  You choose to add a tip or not.
  If you chose to add a tip, you enter the amount and confirm it.
  You enter your PIN and confirm the transaction.
  Two copies of the receipt are printed, one for you, one for the restaurant.
10. Re:The dying art of editing by Anonymous Coward · 2018-01-14 07:19 · Score: 0
  
  Anything under $100 - $150 (depending on card) is simply tap & go (no PIN required)...in Canada. This is more secure than using a PIN.
11. Re:The dying art of editing by viperidaenz · 2018-01-14 07:35 · Score: 1
  
  Lucky. The limit is $80 in NZ.
12. Re: The dying art of editing by Anonymous Coward · 2018-01-14 09:04 · Score: 0
  
  And because it's too expensive.
  Most of the US has now replaced its swipe readers with chip readers that don't have a PIN pad or aren't certified to actually use them. When the US goes to PIN, it's going to be another round of hideously expensive changes.
  It won't be quite as bad this time. Ingenicos and Verifones with PIN support are pretty popular. Might be able to get away with just re-certifying at the gateway level (which takes months and costs many thousands of dollars).
13. Re: The dying art of editing by Anonymous Coward · 2018-01-14 09:31 · Score: 0
  
  And for restaurants that don't want to invest in wireless readers, the waiter explains you can pay on the way out. Otherwise, same process. Heck, I was in the US recently and even the US is doing this (at least at Denny's).
  I find the whole paper receipt writing thing so cumbersome. Chip and pin made tipping much simpler.
14. Re:The dying art of editing by Anonymous Coward · 2018-01-14 10:42 · Score: 0
  
  It doesn't matter whether a pin is required. There is a work-around that completely bypasses chip & pin authentication. You literally just flip the card around the reader then states it can't read the chip. Then you swipe the card as credit. The mechanism is most likely a feature and not a bug in case a reader doesn't work properly. However, it negates the whole process of using a chip.
  All this does is attempt to reduce the numbers of skimmed cards. It doesn't fix authenticating the actual owner of the card. The card could state John Smith and I could be Jane Smith and most retail outlets would still take the card as payment. Most retailers don't even look at the card when its utilized.
15. Re:The dying art of editing by batkiwi · 2018-01-14 14:55 · Score: 1
  
  In Australia anything under $100 doesn't require a PIN (and most people use tap-to-pay for years now)
16. Re:The dying art of editing by Anonymous Coward · 2018-01-14 18:34 · Score: 0
  
  Yep, that sounds like the American way.
17. Re:The dying art of editing by thegarbz · 2018-01-14 20:51 · Score: 1
  
  I believe banks in Europe will still issue chip-and-signature cards to elderly people on request.
  That varies greatly by country and also varies greatly by utility. e.g. Public transport ticketing machines around here don't accept chip and signature cards.
18. Re:The dying art of editing by thegarbz · 2018-01-14 20:53 · Score: 1
  
  If the server has pressed OK twice after entering the bill total (skipping the gratuity step) then
  
  ... he's likely well paid and not an American desperately relying on the messed up tipping culture.
19. Re:The dying art of editing by Anonymous Coward · 2018-01-14 21:18 · Score: 0
  
  In Europe you can just ask the waiter to add a tip when they present the terminal. That works fine.
20. Re:The dying art of editing by Anonymous Coward · 2018-01-14 21:25 · Score: 0
  
  I am amased that a public transport ticketing machine accepts credit cards at all. In most countries, that only works with a bank card.
21. Re:The dying art of editing by Cederic · 2018-01-14 21:33 · Score: 1
  
  Just checked the crime map for my village. One 'Theft from person' in the past six months, and no details on whether that was a mugging or just a schoolkid running off with another kid's phone.
22. Re:The dying art of editing by Cederic · 2018-01-14 21:35 · Score: 1
  
  Except that's a shitty way to do it. Insert your card, accept the bill amount, don't add a tip, enter your PIN and confirm the transaction.
  Leave a tip in cash on the table.
23. Re:The dying art of editing by Cederic · 2018-01-14 21:40 · Score: 1
  
  Is it bollocks. It's easier and quicker, and that's why it's prevalent.
  It doesn't validate that the person using the card is its owner, as they are not required to provide a second factor, and that exposes the merchant and the card provider to greater fraud - and as a result also exposes the customer to greater exposure to the hassles of reversing fraudulent transactions.
  It's not more secure.
24. Re:The dying art of editing by Bert64 · 2018-01-14 21:50 · Score: 1
  
  In a location where handguns are common, chances are the thieves will have them too, and are actually *more* likely to have one as a handgun can be used for the purposes of committing their crime.
  And of course if you shoot someone before they have taken aggressive action against you, then chances are you will go to jail, but if you wait until he draws his gun first you might be too late and get shot.
  You're better off handing over the card to a thief, and then immediately call the police and card issuer to report what happened. You're not liable for any transactions which take place after you've reported the card stolen even if the thief knows the pin.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
25. Re:The dying art of editing by Anonymous Coward · 2018-01-15 01:04 · Score: 0
  
  That only works if you have brought the exact amount you wanted to tip in cash, though.
26. Re:The dying art of editing by rhazz · 2018-01-15 02:52 · Score: 1
  
  The sentence is also partially misleading. In Canada the contactless Tap & Go method for purchases under $100 has been growing for years. You just tap your debit or credit card on the handset rather than inserting the chip. Not sure if mastercard owns this tech but I have it in both my mastercard and my bank's debit card. For $100+ you still have to do chip & PIN, but otherwise it's just super fucking fast. Most businesses with third-party card-scanners support them, whereas some larger retailers with their own POS infrastructure don't (e.g. Home Depot).
  
  So the US can enjoy their super slow adoption of the crap pay methods we're already moving beyond.
What they *should* do is enable PIN-priority by gaiageek · 2018-01-14 05:48 · Score: 1

Europe has this right: Any in-person transaction requires you to enter your chosen PIN. It's simple, it's fast, and it protects your card from unauthorized use if it's stolen.

--
www.gaiageek.com
1. Re:What they *should* do is enable PIN-priority by ShanghaiBill · 2018-01-14 06:10 · Score: 1
  
  Europe has this right: Any in-person transaction requires you to enter your chosen PIN.
  How can I use an American credit card in Europe?
2. Re:What they *should* do is enable PIN-priority by r1348 · 2018-01-14 06:23 · Score: 1
  
  Most card readers in Europe still have the magnetic reader for legacy reasons, but some newer implementations (i.e. self-checkout stalls in supermarkets) are dropping it. Actually, most cards in Europe now are contactless.
3. Re:What they *should* do is enable PIN-priority by gaiageek · 2018-01-14 06:28 · Score: 3, Funny
  
  If you use an American credit card in Europe you still sign (most U.S. cards). The card issuers decide the priority of authentication methods, i.e. signature vs PIN (which has sub-variants), and the vast majority of U.S. card issuers go with signature verification as the first priority. Europe has PIN as the first priority.
  
  Paying with a credit card at supermarkets in Europe is a great way to stand out as an American, as you hold up the checkout line that extra 10 seconds
  
  --
  www.gaiageek.com
4. Re:What they *should* do is enable PIN-priority by Anonymous Coward · 2018-01-14 06:30 · Score: 0
  
  In a lot of places, you will find that you can't.
  Most non US cards require chip and pin. In the US, in many stores that don't understand how this works, you can't use them. This is usually because her merchant staff have been told to hit 'cancel' if enter pin comes up... if you can stop them doing that, it usually works (in my experience).
  It's a mess. The US public is just as smart as Canadians or Europeans, for the most part, and can handle chip and pin. You don't succeed by dumbing things down in the long run,
5. Re:What they *should* do is enable PIN-priority by swimboy · 2018-01-14 06:35 · Score: 2
  
  How can I use an American credit card in Europe?
  Some credit card issuers will assign a PIN to your credit card if you request it. That way, when you go to Europe, you can use your card just like everyone else.
  
  --
  Ask me how the Heisenberg Principle may or may not have saved my life.
6. Re:What they *should* do is enable PIN-priority by mrbester · 2018-01-14 07:16 · Score: 1
  
  Most readers still have a swipe reader on the right hand side. If not, the main till will have one.
  
  --
  "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
7. Re:What they *should* do is enable PIN-priority by MachineShedFred · 2018-01-14 07:26 · Score: 1
  
  The terminal tells the cashier to get a signature from you. There's no line on the receipt for it, but they'll ask you to sign.
  I had this exact answer when I was in the Paris airport a month or so ago, and that's what happened.
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
8. Re:What they *should* do is enable PIN-priority by MachineShedFred · 2018-01-14 07:28 · Score: 1
  
  Especially since if you pay with a VISA or MasterCard backed "debit" card, it defaults to PIN entry.
  We've had this in the US for decades. I don't know why anyone would give two damns if their credit card asked for it too, as long as you know what the hell the PIN is.
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
9. Re:What they *should* do is enable PIN-priority by gaiageek · 2018-01-14 08:02 · Score: 1
  
  Having a card with a PIN doesn't mean you can use it instead of signing. It all depends on the priority list of the CVM (card verification method) for that card. There's a good searchable database of U.S. cards here. Browse it and you'll see that most credit cards have signature verification at the top of the list.
  
  The result is that while you may have a PIN, you'll still be asked for a signature when you check out at the supermarket in Europe (unless the store doesn't offer it, but this would just create problems for them, because then they wouldn't be able to verify purchases by American tourists, creating checkout delays and lost business). If you try to use your card at an unmanned terminal (e.g. to buy a train ticket) where signature verification is not accepted, it will go on down the list and, assuming PIN verification is an available option on your card, you'll be able to enter your PIN to checkout - so it still helps to have a PIN for your card, just for these situations.
  
  --
  www.gaiageek.com
10. Re:What they *should* do is enable PIN-priority by swimboy · 2018-01-14 08:40 · Score: 1
  
  Interesting. My bank isn't on that list, and I only used my card a few times the last time I traveled (ApplePay worked just about everywhere), but when I did use my card, I always validated with PIN and not signature.
  
  --
  Ask me how the Heisenberg Principle may or may not have saved my life.
11. Re:What they *should* do is enable PIN-priority by Quantum+gravity · 2018-01-14 10:30 · Score: 1
  
  Actually, most cards in Europe now are contactless.
  That is a bit of an exaggeration. About 40% of cards in the north European country where I live are contactless. And for purchases below a certain amount, typically 35 Euros, you don't need to enter a PIN. The limit varies between countries and some have no limit.
12. Re:What they *should* do is enable PIN-priority by Quantum+gravity · 2018-01-14 10:31 · Score: 1
  
  35 should be 25.
13. Re:What they *should* do is enable PIN-priority by r1348 · 2018-01-14 10:47 · Score: 1
  
  Same here, I live in Italy, both debit and credit cards issued by my bank are contactless and the no-PIN limit is 25€.
14. Re:What they *should* do is enable PIN-priority by quetwo · 2018-01-14 14:14 · Score: 2
  
  Last time I was in Germany (a few years ago), I was at a deli and I did the EVM thing. All of a sudden the register beeped and spit out a receipt for me to sign. I already had the pen in my hand by the cashier had no idea what was going on. It was the first time they had ever seen the receipt print out like that and ask for a signature.
  I think in the grocery store, they had at least seen it a few times. I couldn't use that card at all for the train since the PIN function had been blocked, and the terminal had no way to use the signature.
15. Re:What they *should* do is enable PIN-priority by TechyImmigrant · 2018-01-14 17:31 · Score: 1
  
  Europe has this right: Any in-person transaction requires you to enter your chosen PIN.
  How can I use an American credit card in Europe?
  Apple pay, Google Pay, Android Pay or some other semi proprietary payment conduit seems to work in some places. Hotels will accept everything. For everything else, carry cash.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
16. Re:What they *should* do is enable PIN-priority by Cederic · 2018-01-14 21:48 · Score: 1
  
  It varies by country - I'm not sure if it can vary by merchant too.
  What tends to happen is that a small percentage of contactless transactions are validated for funds available, and potentially some could be validated by PIN, but the rest are taken on faith and so the limits are kept low enough for the merchant and card provider exposure to be manageable.
  I'm not actually sure who takes the fraud hit for an unchecked contactless payment. I'll have to do some research.
17. Re:What they *should* do is enable PIN-priority by Cederic · 2018-01-14 21:50 · Score: 1
  
  As long as you're not trying to use Amex just pay as normal. Merchants can cope.
18. Re:What they *should* do is enable PIN-priority by Actually,+I+do+RTFA · 2018-01-14 23:37 · Score: 1
  
  Why is a PIN better protection than the ability to chargeback?
  
  --
  Your ad here. Ask me how!
19. Re:What they *should* do is enable PIN-priority by Anonymous Coward · 2018-01-15 00:49 · Score: 0
  
  That's bank cards, not credit cards.
20. Re:What they *should* do is enable PIN-priority by TechyImmigrant · 2018-01-16 11:22 · Score: 1
  
  As long as you're not trying to use Amex just pay as normal. Merchants can cope.
  I happen to be a merchant to. Amex is a pain in the arse. Higher fees. Not supported in many POS devices. So yes. Avoid Amex.
  General rule of travel - Vendors will not let language or technology get in the way of a financial transaction. They will work it out.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
One reason for requiring signatures by Anonymous Coward · 2018-01-14 05:54 · Score: 0

That I can think of, is to discourage a housemate from borrowing and using a card in a store, with or w/o permission of the card holder. The housemate wouldn't be able to talk their way out of fraud charges in that case.
1. Re:One reason for requiring signatures by r1348 · 2018-01-14 06:25 · Score: 1
  
  A housemate can forge a signature, but if you're careful enough he won't know your PIN.
Dark Ages by Anonymous Coward · 2018-01-14 06:08 · Score: 1

Yep the US is still in the dark ages of signatures compared to the rest of the world.
1. Re:Dark Ages by ELCouz · 2018-01-14 06:21 · Score: 1
  
  I'm born in the '80s...had a debit card since '00 and a credit card since '04 never signed once. Everything is chip & pin years ago. Why would US be so late in the payment processing game?
  
  The only time I had to sign it's when I'm travelling to US. Never understood why they want a ZIP code at gas stations. Well i'm from Canada so that doesn't work well.
2. Re:Dark Ages by Dutch+Gun · 2018-01-14 06:41 · Score: 3, Informative
  
  A ZIP code is just a bit of additional authentication that pre-dates a proper chip-and-pin system. It's a simple "what you know" test that a credit card thief may not know. Gas purchasing is apparently a very common use of stolen credit cards. As soon as chip readers are more ubiquitous, hopefully that stop-gap measure will go away.
  The sooner we can get rid of the idiocy of signing as an authentication or verification, the better. It's just outdated and is nothing but security theatre at this point.
  Also, apparently the rule for Canadians is this:
  
  If prompted for your ZIP code, just enter the three digits of your postal code plus two zeros. So for example, if your postal code is A2B 3C4, the 5 digit number you should enter is 23400
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
3. Re:Dark Ages by Tokolosh · 2018-01-14 07:21 · Score: 1
  
  I still see 'Muricans pull out cheque books at the supermarket!
  
  --
  Prove anything by multiplying Huge Number times Tiny Number
4. Re:Dark Ages by fahrbot-bot · 2018-01-14 07:44 · Score: 1
  
  Yep the US is still in the dark ages of signatures compared to the rest of the world.
  Ironically, most people didn't know how to write in the dark ages.
  
  --
  It must have been something you assimilated. . . .
5. Re:Dark Ages by DogDude · 2018-01-14 08:00 · Score: 1
  
  Why would US be so late in the payment processing game?
  
  Because our government is bought and paid for, already. There are no laws or rules or regulations about accepting credit or debit cards in the US. It's all up to Visa/Mastercard.
  
  --
  I don't respond to AC's.
6. Re:Dark Ages by thogard · 2018-01-14 15:43 · Score: 1
  
  The zip code is because gas pumps are the easiest thing to put card skimmers in. Having a separate PIN (aka zip code) for them keeps your real PIN for ending up in the hands of hackers.
7. Re:Dark Ages by Anonymous Coward · 2018-01-15 02:06 · Score: 0
  
  I haven't owned a cheque book in 10 years. Never needed one
8. Re:Dark Ages by Anonymous Coward · 2018-01-15 23:03 · Score: 0
  
  I'm in my thirties and I don't think I've ever even seen a cheque.
9. Re:Dark Ages by j-beda · 2018-01-21 15:27 · Score: 1
  
  The only time I had to sign it's when I'm traveling to US. Never understood why they want a ZIP code at gas stations. Well I'm from Canada so that doesn't work well.
  Just use the three numbers and add three zeros - if your postal code is A1B 2C3 you can enter 123000 as the zip code and it probably will work.
  Here is a note from back in 2013 - https://www.theglobeandmail.co...
Re: Ironic by Anonymous Coward · 2018-01-14 06:12 · Score: 0

That would be true is they werenâ(TM)t useless and peopleâs signature didnâ(TM)t change.
Slated to begin in April 2018 by Vektuz · 2018-01-14 06:27 · Score: 4, Informative

From TFA, for those asking instead of reading, April 2018 is when the signature requirement will cease.

Most supermarkets already have some sort of deal where signature is only required on purchases larger than $50 anyway.
Re:Ironic by dfm3 · 2018-01-14 06:29 · Score: 2

No, the signature is not a form of verification, so there's nothing to "defeat". If the customer never inputs the correct pin, ultimately the transaction will be declined. No cashier is going to put up with you trying 10,000 possible combinations until you brute force the right one.

Signatures are a holdover from the old days, and serve no more than to give the retailer a way to prove that both the card and a person were present at the time of sale (say, if a transaction were disputed). Note I said a person and not necessarily an authorized person; back in the signature days the burden of proof was on the retailer to determine that the person using the card was actually the authorized user, but this was rarely done in practice. basically, a signature was proof that a purchase was not a "card not present" transaction.

Case in point, many years ago I was at a register and had swiped my card a second before noticing that an item had been rung up wrong (double charged), so I asked if I could just refuse to sign the electronic pad and "decline" the transaction. The answer from a manager was no, the lack of a signature would make no difference as the transaction happened automatically as soon as the card was read.
Re:Ironic by Anonymous Coward · 2018-01-14 06:40 · Score: 0

The card's chip locks after 3 incorrect tries, even if across different card readers. Then you have to contact your bank.
Progress in the crime arms race... by Baron_Yam · 2018-01-14 06:48 · Score: 1

>Fraud declined, mugging did not change a bit.
We had a problem (maybe still do???) with card cloners being installed over gas station pumps, with the criminals picking up card data and PINs wirelessly. I'm not sure how the tech worked to clone the cards, but an interesting problem.
I think the carjackings and home invasions died down when the criminals learned how to circumvent the computer lockouts. It takes a bit more than crossing a couple of wires now, but they can still steal your car without you.
>why go through the hassle of having to spy on someone's PIN when you can simply forge a signature?
I think the point is that the PIN replaces the signature and there's no option anymore. Of course, you can still order stuff online with just a few numbers memorized off a card. I imagine that still happens quite a bit.
1. Re: Progress in the crime arms race... by Anonymous Coward · 2018-01-14 07:11 · Score: 1
  
  Mag stripe capture, not chip and pin. replay attacks are prevented by EMV.
2. Re: Progress in the crime arms race... by Anonymous Coward · 2018-01-15 03:33 · Score: 0
  
  Some of them are simply image capture of the card surface.
  This provides the card number, cardholder's name, and CVV2. The cardholder's name can then be looked up against public records databases for a likely bill-to address and phone number, and any amount of online crap can be ordered until the card hits its limit or gets a security flag by the issuer.
Wow, you guys are in the past by Rix · 2018-01-14 06:49 · Score: 1

Chip and pin is still around in Canada, but the vast majority of the time we just tap the card.
PIN no need for chip by markdavis · 2018-01-14 07:10 · Score: 5, Insightful

>"In Canada, Australia and most of Europe, credit cards have long abandoned the signature for the EMV chip and a PIN to authenticate the transaction, like one does with a debit card."
We never needed a "chip" in the first place. Many millions of dollars wasted to overhaul everything- replacing readers, putting in chips, replacing all cards, updating interfaces and software- and still no PIN! A PIN code is a password. If required, without it, a card would be useless (at least in physical transactions, which is all we are really talking about anyway, since on-line can't use "chip readers"). Doesn't matter if it is a valid card, a stolen card, or a "made up" (cloned) card- put in the wrong PIN too many times and POOF, the account is frozen.
A password/PIN is required for my phone, my Email, my work account, Slashdot, my bank card, voicemail, calling to discuss my cable TV account, just about everything.... except credit cards??? Do they REALLY think people can't handle at least a freaking 4 digit number password in 2018?
>"Businesses that accepted EMV cards reported a 66 percent decline in fraud in the first two years of EMV deployment,"
Add a PIN, and then get a 99% decline in in-person fraud. Again, chip security does NOTHING for online security. Develop a PIN for use online and watch fraud drop tremendously there, too.
1. Re:PIN no need for chip by markdavis · 2018-01-14 07:13 · Score: 1
  
  Oh, followup to self- although we can't seem to manage a PIN code, nearly every gas pump asks for my 5-digit zip code as an effective security measure against lost/stolen cards. So someone, please tell me why this would be so difficult???????!
2. Re:PIN no need for chip by jader3rd · 2018-01-14 07:27 · Score: 1
  
  a card would be useless
  The move away from mag stripes to chip in the US wasn't due to stolen cards, it was due to insecure card readers. True, patches had been released for the card readers that the merchants hadn't deployed, but still. Instead of another round of cat and mouse they finally decided to take the plunge and start deploying chip readers. A chip with no pin is more secure than a mag stripe with no pin, because now there's less of an attack area with the card reader.
  So stolen card remains an equal issue, but hacked card reader is less of an issue.
  A pin would also be useful for situations where family members are using your card and you want them to stop. This is currently happening with my wifes family, and I asked why her mom just doesn't change her pin. My wife said the reason is that there's no way her mom would remember a new pin. That is the reason why my brother-in-law is able to buy all the stuff he does. He borrows his mom's card, and mom isn't going to change the pin.
3. Re:PIN no need for chip by ledow · 2018-01-14 07:40 · Score: 4, Informative
  
  Your PIN is your signing key. It encrypts the data to the bank such that only they can read it, think of it like that.
  Just transmitting card number + PIN is no more secure than just card number + expiry date, really.
  But transmitting card number + nonce generated a secure chip on the card, signed with the user PIN and an internal incrementing number from the chip itself and presented to the bank? Now replay attacks are useless and even knowing card number + the PIN itself doesn't help.
  You now have to physically have THAT card itself to make it work (worst you could do is a "cardholder not present" transaction otherwise, which doesn't need the PIN anyway). In the same way, your example of card number + postcode (also used in other countries) shouldn't be enough on its own either.
  Though I hate Chip And PIN for many reasons, yours aren't any of them, and it's undeniable that nobody bothers or is even capable of verifying signatures at all. And it has significantly reduced fraud.
  Until, that is, we went stupid and put NFC payments on the same card so any kind of temporary physical proximity is enough to charge, even without the user knowing. But that's another matter entirely.
  And I don't know about you, but my card provider has online challenges at online stores if I don't use the card very often there or if it's an unusual transaction - by way of asking for a password that I NEVER use at a cash machine or anywhere else - only online. Verified By Visa and/or Master SecureCode.
  Your problem is that you don't understand what the PIN is actually doing. Asking for a PIN doesn't work how you think - you use the PIN to unlock the chip on the card which is than able to sign a transaction and give a signature (AuthCode) that you then give to the vendor from where the bank can confirm the transaction came from your card itself.
  Because unless you want to give everyone on the planet a way to present data to the secure chip and read responses (probably not good for customer ease of use) by way of some kind of chip reader that plugs into every possible smartphone and every computer, then it's not useful to have every online transaction require a PIN any more than an expiry date or postcode. And, in fact, is why those online system exist with an ENTIRELY DIFFERENT code that only works online. Hell, they even present a custom challenge so you know you're not being tricked into entering your code online on a fake site (i.e. only Verified By Visa and I know what text it should be putting in the box that asks me to verify my code).
  Rather than complain about something you don't understand, use it and test it and investigate it. The reason Chip & PIN is there and works is because someone sat down, thought of all the use cases, thought of the attacks, and designed a single cheap chip that could solve most of them effectively enough for pennies-per-card (I've never been charged for a replacement credit card in my life, and chip-bearing smart-cards are so cheap as to be throwaway items if you have any dealings with them in access control / banking / code-signing / etc. applications).
  I haven't even signed my last four / five cards (all of which reached their expiry dates), because NOBODY uses the signature and nobody even queries it any more. That's how long other countries have been using Chip & PIN.
  Plus... you DO NOT want some cheap random bit of hardware interfacing with your card and just needing to send it a PIN that you type in plaintext onto it to unlock. You'd hope that such devices would at least have to have some kind of bank / merchant secure certificate to sign their part of the transaction to help you a) stop people just playing with credit cards using hobbyist electronics, b) require some form of device certification to be able to talk to your card, c) provide some security over the interface, d) provide some accountability should someone just start cloning a particular card reader that you issue out.
  Chip & PIN has many holes. But you don't see that because you don't even understand the purpose of the PIN in the first place.
4. Re:PIN no need for chip by Wrath0fb0b · 2018-01-14 07:42 · Score: 2
  
  The PIN is typically verified on the card itself, not transmitted to the back end. The card has protection such that N={3 or 5} incorrect PIN entries will lock the chip, and it will not vend a signature over the transaction until it sees the correct PIN. That protection is implemented in the card software itself.
  [ Well, actually, there are both online-PIN and offline-PIN scenarios. But most of Europe is offline-PIN. US Debit transactions are online PIN, but that has its own issues.]
  
  Develop a PIN for use online and watch fraud drop tremendously there, too.
  Either that or the first compromised sit would get both your PIN and your card # in one go. How do you think they harvest CC #s anyway? And how would recurring payments work, would the cable company have to persist my PIN into their $0.05 SQL database so they can enter the monthly charge?
5. Re:PIN no need for chip by viperidaenz · 2018-01-14 07:45 · Score: 1
  
  Develop a PIN for use online and watch fraud drop tremendously there, too.
  One of them is called "Verified by Visa"
6. Re: PIN no need for chip by Anonymous Coward · 2018-01-14 08:45 · Score: 0
  
  They already exist but itâ(TM)s up to the merchant to use them.
  https://www.visa.com.au/pay-with-visa/security/secure-online-shopping.html
7. Re:PIN no need for chip by DogDude · 2018-01-14 09:56 · Score: 1
  
  Add a PIN, and then get a 99% decline in in-person fraud. Again, chip security does NOTHING for online security. Develop a PIN for use online and watch fraud drop tremendously there, too.
  
  Visa/Mastercard write the laws. The credit card laws in the US say that the merchants are responsible fro any and all fraud. Visa/MC simply don't care, and have no reason to.
  
  --
  I don't respond to AC's.
8. Re:PIN no need for chip by Anonymous Coward · 2018-01-14 10:58 · Score: 0
  
  No they don't really think that. Because we manage a 4-digit PIN just fine with our ATM cards. No idea why they don't implement the exact same thing for credit cards.
9. Re:PIN no need for chip by thegarbz · 2018-01-14 20:57 · Score: 1
  
  Until, that is, we went stupid and put NFC payments on the same card so any kind of temporary physical proximity is enough to charge, even without the user knowing.
  You don't implement NFC + pin? My bank makes it opt in to not use the pin for NFC transactions below €25 with the explicit point that I would be liable for the €25 of fraud.
  Then there's the random asking for the pin periodically anyway, and asking for the chip periodically as a security measure too (I think it asks for the pin every 5 transactions even if they are below the pin threshold).
10. Re:PIN no need for chip by thegarbz · 2018-01-14 20:58 · Score: 1
  
  nearly every gas pump asks for my 5-digit zip code as an effective security measure against lost/stolen cards
  Effective ... I don't think you know what that word means.
11. Re:PIN no need for chip by Cederic · 2018-01-14 21:58 · Score: 2
  
  I fucking hate filling a car in the US because of this. I don't have a fucking zip code, I can't enter one, and I don't know how much fucking fuel this shitty hire car needs so I can't easily tell the guy at the desk how much I want to prepay.
  Makes filling the car a seriously fucking stressful activity for me. Why the fuck can't I just put fuel in the car, walk in and pay? Works everywhere else in the fucking world.
12. Re:PIN no need for chip by markdavis · 2018-01-14 22:12 · Score: 1
  
  It means when your card is lost or stolen, the perp often will have no idea what your zip code is and thus cannot use the card. I said it was effective, I didn't say it was 100% effective.
13. Re:PIN no need for chip by DarenN · 2018-01-14 23:04 · Score: 1
  
  You must be joking!
  The primary reason for the move is that mag-stripe skimming and cloning is so simple that it's costing the merchants and the card networks billions. The only people who don't care are the customers (because it doesn't affect them) and the acquiring banks (because they don't eat the charges). The delays in adopting are all about cost. The US was the first place to go with card payments, so you guys have the oldest infrastructure, and unlike most of Europe where the issuing banks also acquire and so can direct the market more, most acquiring banks in the US are specialists and don't necessarily issue.
  This lead to a situation where the owner of the hardware has no incentive to upgrade to EMV, and it doesn't cost them anything. The Merchants, Card Networks, and Issuers are all affected but the the customers aren't. So the Acquiring banks want someone else to pay for the update, the Merchants don't want to pay extra, the Issuers and Card Networks won't pay because it's not their hardware and the customers don't like change anyway so there's no pressure from that direction. The EMV adoption forum spent years pissing and moaning about the cost, until the networks (primarily Mastercard and Visa) just said "on and from this date we are no longer accepting any liability for non EMV card-present fraud" and then spent the bulk of the rest of the time complaining that they didn't have enough time to implement Chip and PIN, so we ended up with Chip and Signature which was surprisingly effective - it basically negates card cloning fraud (except for some sophisticated, expensive and difficult to scale methods) - but does not prevent stolen-card fraud.
  European banks hate their customers using cards in the US, because they are so frequently cloned and scammed. Going to the US you need two cards and cash - one backup card for when the first is cloned and has to be cancelled, and cash in case you're unlucky enough to have it happen twice.
  
  --
  Rational thought is the only true freedom
14. Re:PIN no need for chip by Anonymous Coward · 2018-01-14 23:31 · Score: 0
  
  I haven't even signed my last four / five cards (all of which reached their expiry dates), because NOBODY uses the signature and nobody even queries it any more.
  
  At my bank they require the signature, not for verification, but as a confirmation that I agree with the terms and conditions for using that card. They check if my card is signed If they see it for any reason, even if I only use the card to give them my account number.
15. Re:PIN no need for chip by thegarbz · 2018-01-15 01:48 · Score: 1
  
  So not only do you not know how the PIN system works, but you also have no idea of the purpose of the zip code. The ZIP code does nothing to prevent someone buying something. All it does is settle assign fault between you and the merchant in the eyes of the bank.
  Just because you get refunded doesn't mean fraud hasn't taken place and that someone isn't out of pocket for stolen goods. the ZIP codes are precisely 0% effective at preventing fraudulent transactions.
16. Re:PIN no need for chip by Anonymous Coward · 2018-01-15 02:12 · Score: 0
  
  The ZIP code does nothing to prevent someone buying something.
  It prevents foreigners buying gas conveniently at the pump. They have to walk over to prepay and they have to estimate how much gas they will need.
17. Re:PIN no need for chip by edtice1559 · 2018-01-15 02:34 · Score: 1
  
  This simply isn't true. When you buy gas at a gas pump, the ZIP is submitted along with the mag stripe data and, if it doesn't match, the transaction is declined. I can speak to this first hand as we recently moved and I accidentally (due to habit) entered my old zip code and wasn't able to get the pump to activate until I entered the correct ZIP.
18. Re:PIN no need for chip by edtice1559 · 2018-01-15 02:34 · Score: 1
  
  This is true just about everywhere in the world. I have a US card and, when I go to Canada, I simply can't pay at the pump.
19. Re:PIN no need for chip by thegarbz · 2018-01-15 03:45 · Score: 1
  
  This simply isn't true. When you buy gas at a gas pump, the ZIP is submitted along with the mag stripe data and, if it doesn't match, the transaction is declined.
  
  You found a rare edge case. I used to think it was done for marketing purposes so I entered random ones. Never been denied gas. Mind you if I went to the trouble of stealing a credit card, filling up my tank would be low on the list of expensive purchases, and filling up the tank is about the only time I've ever been asked for a zip code.
  Again worthless for fraud prevention.
20. Re:PIN no need for chip by thegarbz · 2018-01-15 03:49 · Score: 1
  
  Well that's a USA vs non USA thing. Travelling around the world I've never had a problem using a non-USA based card in any country other than the USA. I mean it's obvious when you think about it. Our cards are 85mm long and yours are 3.35inches. Totally incompatible :-)
21. Re:PIN no need for chip by markdavis · 2018-01-15 11:03 · Score: 1
  
  It isn't a rare case. I have entered wrong zip codes by accident several times from several vendors over several years and every time was denied the ability to use the card until the correct zip code was entered.
  And gas is one of the most used fraud cases for stolen/lost cards. Not sure why, but probably because the purchase is valuable enough (large tank of high octane can be $70+) and you don't have to interact with a teller.
22. Re:PIN no need for chip by Anonymous Coward · 2018-01-15 22:55 · Score: 0
  
  Except that in the rest of the world you always pay after filling up if you pay at the shop. Prepaying exists only in the US and Canada as far as I am aware.
23. Re:PIN no need for chip by edtice1559 · 2018-01-16 02:02 · Score: 1
  
  The gas purchase is also useful because you can test whether the card is valid or not with a very low risk. I've never seen a gas station attendant come running out if somebody uses a card and it gets declined.
Re:Ironic by MachineShedFred · 2018-01-14 07:24 · Score: 1

Except all the signature does today is give you that warm fuzzy feeling that you're authorizing something, without it actually being used for a single thing.
I'd like to thank Visa / MasterCard / American Express for committing to not waste my time asking for something they don't use, and the terminals are amazingly bad at capturing anyway.

--
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
EMV was broken back in 2010 by davecb · 2018-01-14 07:36 · Score: 0

See Chip and PIN is broken, https://www.lightbluetouchpape...
A follow-up was Chip and Skim: cloning EMV cards with the pre-play attack, https://www.lightbluetouchpape...
This is Ross Anderson's security group at Cambridge, UK, who were the first folks to note that the signature requirement was so the customer was protected, not the bank.

--
davecb@spamcop.net
1. Re:EMV was broken back in 2010 by Cederic · 2018-01-14 21:38 · Score: 1
  
  Chip & Pin is not infallible but are you seriously suggesting its more vulnerable to fraud than scribbling on a bit of paper that nobody reads?
2. Re:EMV was broken back in 2010 by davecb · 2018-01-15 01:21 · Score: 1
  
  No, it isn't. The signature is only there to prove that YOU aren't commiting fraud, so you get a refund of the money taken from you.
  
  --
  davecb@spamcop.net
3. Re:EMV was broken back in 2010 by Cederic · 2018-01-15 02:50 · Score: 1
  
  Given clause 3(b) of https://www.legislation.gov.uk... the use of Chip & Pin makes no fucking difference in the UK.
  It's not like signatures are hard to forge.
It's only a matter of time by Anonymous Coward · 2018-01-14 07:36 · Score: 0

It's only a matter of time until the theft rate goes right back up. It only went down because crooks don't have the tools to bypass it yet - they exist, they're not expensive, and easy enough to use, they're just not in widespread use yet because there's still enough money in magstripe cards.
The rollout of the chip system has been nothing short of a disaster in the US. Half the places that do have the new equipment have the chip readers disabled, because they simply don't work. In places where they have them turned on, it's coinflip odds that the machine will reject the chip, and I have to use the magstripe anyway. Even when it does work, it still takes forever, and since there's no PIN, it's not actually doing anything to improve the security of the transaction. To top it off, my card has already been copied and used (physical transaction at a gas station, even though I still had my card) since the chip rollout, and had to be replaced.
They're easy to bypass, easy to duplicate, and have been nothing but a hassle and expense for everyone involved.
1. Re:It's only a matter of time by hyades1 · 2018-01-14 15:37 · Score: 1
  
  The chip cards work just fine everywhere but in the US, it would seem, and have for years now. And where chip cards are in use, theft is down.
  You people have to get used to the idea that as far as the civilized nations on the planet are concerned, you are one of the "shithole countries". The rest of the world is leaving you in the dirt.
  
  --
  I've calculated my velocity with such exquisite precision that I have no idea where I am.
2. Re:It's only a matter of time by Anonymous Coward · 2018-01-14 21:18 · Score: 0
  
  Yep! This conversation is so 20th century. Make America Great (Again) & get an up to date banking system :-).
3. Re:It's only a matter of time by hyades1 · 2018-01-15 05:16 · Score: 1
  
  Excellent point
  
  --
  I've calculated my velocity with such exquisite precision that I have no idea where I am.
Signing is for your protection, not the bank's by davecb · 2018-01-14 07:41 · Score: 1, Insightful

If you sign, you can prove it if someone forges your signature.
It's not for the bank or the merchant: merchants want to get rid of them, so they won't have to repay false charges.
PINs and the like are way too insecure: for example, see https://www.lightbluetouchpape...

--
davecb@spamcop.net
1. Re:Signing is for your protection, not the bank's by Solandri · 2018-01-14 11:28 · Score: 5, Interesting
  
  You've got it backwards. If the customer initiates a chargeback, the credit card company assumes the customer is telling the truth. It's not up to the customer to prove the charge was fraudulent. It's up to the merchant to prove the charge was legit. And the easiest way for a merchant to do that is to send the credit card processor a copy of the signature on the receipt. If the receipt matches the customer's signature on file, case closed - it's not fraud. (If the signature doesn't match or there is no signature, the credit card company may or may not decline the chargeback. Merchants can submit other info - address, phone number, etc. - that are not on the card but which the card issuer has on file. That's why gas station pumps ask you to type in your zip code when you use a credit card. But in my experience as a retail business, any customer chargeback where we weren't able to produce a signed receipt or if the signature was faint or illegible, we automatically lost.)
  
  Merchants want to get rid of signatures because it's what the credit card companies use to shift the cost of fraud onto the merchants. Think about it. There are two possible ways for credit card fraud to happen. Either you gave away/lost your card, or the credit card processor allowed a charge that it shouldn't have. The merchant has no way of knowing if a card is fraudulent. All they see is a card, stick it into the reader, and the machine tells them the transaction was approved or declined. The credit card companies got laws passed which prohibit merchants even from requiring ID before they have to accept a card. They can ask for ID, but it's illegal to refuse a credit card transaction just because the customer doesn't have or doesn't want to show ID. But somehow the credit card companies have managed to make the party which has no control over fraud (merchants) pay for fraud. (The exorbitant interest fees you pay credit card companies pay for delinquent customers, not fraud.)
  
  This is why the state of credit card security is so deplorable. Online banking is very secure. Online bill pay is very secure. Wire transfers are very secure. But credit cards security sucks because the parties which can do something about security (the credit card companies and processors) aren't the ones paying for fraud. So they've had little to no incentive to improve credit card security for decades because it hasn't cost them a dime. The merchants have been paying for all the fraud. And whatever the merchant pays for, you pay for via higher prices.
  
  Chip & PIN has its problems, but it's still much more secure than Chip & Sign. And problems with the current Chip & PIN implementation can easily be fixed without altering the process (just need to modify the algorithm the chip uses).
2. Re:Signing is for your protection, not the bank's by Anonymous Coward · 2018-01-14 12:25 · Score: 0
  
  And whatever the merchant pays for, you pay for via higher prices.
  I suspect that no matter who nominally pays for the fraud, ultimately it is (or will be) the consumer who pays for it.
3. Re:Signing is for your protection, not the bank's by davecb · 2018-01-14 12:43 · Score: 2
  
  You wrote "Merchants want to get rid of signatures because it's what the credit card companies use to shift the cost of fraud onto the merchants. " That's the main point I was trying to make.
  
  --
  davecb@spamcop.net
4. Re:Signing is for your protection, not the bank's by Bert64 · 2018-01-14 21:37 · Score: 1
  
  You can't prove anything of the sort...
  Whenever i'm expected to sign, i just make a random mark on the paper or pad, if someone else did the same there would be no way to tell.
  If you sign the back of the card and try to make the same mark every time, someone committing fraud can just copy what's on the back of the card.
  A pin proves that you know the pin, it doesn't prove who you are. It's like a password, and is a relatively weak form of authentication - a signature provides no authentication at all.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
5. Re:Signing is for your protection, not the bank's by NormalVisual · 2018-01-14 21:37 · Score: 1
  
  And whatever the merchant pays for, you pay for via higher prices.
  
  Which in turn means higher transaction fees for the card issuer.
  
  --
  Please stand clear of the doors, por favor mantenganse alejado de las puertas
6. Re:Signing is for your protection, not the bank's by houghi · 2018-01-15 00:51 · Score: 2
  
  The sate of CC security is deplorable in the US. I live in Europe and what we see is that the most insecure country is the USofA and not even because of the fact that is is used in more places, because it isn't. The reason is that they do not have implemented the PIN system.
  They have done so in every country in the world. There are merchants in those other countries as well. All the same excuses have been thought of as well, yet everywhere they where able to push it through.
  It is so bad that many banks and others have decided that if you go to the US, you need to ask that your card be activated. It is the ONLY country where they do that. None. Not some poor country in Africa, not any country elsewhere, just the US, because it is so unsafe.
  Now you could say that the US merchants would need to buy a new machine. This is also valid for the rest of the world. The price of these devices is around 25EUR and more expensive and cheaper versions exist. In Europe these will be given to the merchant and paid by the fee.
  The thing is that in Europe these machines will be used for any electronic payment. I myself can pay at the supermarket with my Credit Cards, bank card, meal voucher (I get 8EUR per working day for food. Standard practice in Belgium) store voucher, gift voucher and even can combine them if I like.
  Normally when I go to somewhere in Europe, I do not even bother to take cash with me. Just pay everything by card. Luckily I was in the US with a friend who lived there, because I was flabbergasted by the fact that you needed to pay cash for so many things.
  Parking and toll roads stand out the most. In Europe at these you can pay electronically.
  And there is no difference in the procedure in payment on what card you use, just if they are accepted. So no difference in usage. This has been the case for at least 10-15 years, so it is clearly unwillingness from the US.
  As to the merchant not knowing if the card is fraudulent or not, the payments are mostly done online. So verification goes back and forth. (Yes, there are exceptions, as always) so the moment you block your card, the merchant will know. This means there is still a small window that the card is valid.
  The other problem with the US system is that beacause of that, many airlines still do accptence without e.g. 3d Secure where you get an SMS to confirm that you are you. This would reduce the fraud seriously. I think they are working of making that obligatory.
  
  --
  Don't fight for your country, if your country does not fight for you.
7. Re:Signing is for your protection, not the bank's by davecb · 2018-01-15 01:38 · Score: 2
  
  You can't prove anything of the sort... .
  As to the specific assertion above, signatures are used by the court in deciding if the credit-cared holder must pay, or if it is fraudulent. See CanlII, Western Currency Exchange Ltd. v. National Bank of Canada, 2002 ABPC 147 at https://www.canlii.org/en/ab/a...
  
  --
  davecb@spamcop.net
8. Re:Signing is for your protection, not the bank's by Wulf2k · 2018-01-15 03:07 · Score: 1
  
  "The credit card companies got laws passed which prohibit merchants even from requiring ID"
  They didn't get laws passed, they wrote it into the contract you're required to sign when you want to start accepting credit card payments.
  They could have just as easily required all merchants to wear purple hats before accepting a charge as long as everybody was willing to sign it.
maybe because I don't sign my own name... by Anonymous Coward · 2018-01-14 07:45 · Score: 0

and it always gets approved anyways...
US Gas stations by ruddk · 2018-01-14 08:12 · Score: 1

It has been annoying that I can't use my credit card at US gas stations since I have a foreign Mastercard and VISA and live in a 4 digit zip code. So they won't accept it at the pump.
I have heard that Shell have replaced all their readers with the ones that can read the chip because there were a demand that all gas stations updated their readers.
But now they have extended their deadline to 2020. :/ Oh well, I will in the states soon again so I will try to fill up at Shell to see if it works. :)
https://usa.visa.com/visa-ever...

--
L'Idiot
1. Re:US Gas stations by Anonymous Coward · 2018-01-14 12:36 · Score: 0
  
  It has been annoying that I can't use my credit card at US gas stations since I have a foreign Mastercard and VISA and live in a 4 digit zip code. So they won't accept it at the pump.
  Chip readers are pretty common around here, though perhaps not at the pumps. Either way, I'd bet you could find a gas station with a reader inside.
  The signature is of course useless. One post suggested that a pin would be validated via the chip in the card. That makes sense, or at the very least it should never be transmitted clear.
  Either way, chip + pin + correct cryptography and all the rest is the way we should be going. I begin to think we need to require chip readers to do online shopping as well, and maybe to set aside a computer we keep a minimal and more secure OS build for online shopping and banking.
2. Re:US Gas stations by ruddk · 2018-01-15 00:24 · Score: 1
  
  I usually have to go inside and make a pre-paid amount using the credit card, like $50 and then when that is approved, I can fill up the car. I then only get charged for the amount of gas I actually filled into the car.
  It can be a problem at night time when it is closed, then they sometimes accept my card at the pump and at other times, I can't fill up at all.
  I know a few gas stations the places where I have been many times where I always could fill up, one is a Conoco.
  
  --
  L'Idiot
Chip and pin is STILL more secure than signing by aepervius · 2018-01-14 08:22 · Score: 3, Insightful

Signing means only somebody need to know your signature and imitate it, and as far as I can tell it isn't for fraud and signature comparison, as yourself can fake a signature, no this is about accepting the sale as a contract. The CC company does not care at all about comparing signature for fraud as it is utterly stupid (Not difficult for most people to imitate it, especially that you are supposed to sign your card in the back, therefore signature CANNOT be a security device , as it is known by the card holder). Stealing pins and the attack mentioned OTOH ask for a big sophistication. So for your "way too insecure" I think I will trust chip and pin any time of the day over signature.

--
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
1. Re:Chip and pin is STILL more secure than signing by davecb · 2018-01-14 12:40 · Score: 1
  
  Seek legal advice
  
  --
  davecb@spamcop.net
Cheque? by dohzer · 2018-01-14 11:25 · Score: 1

Can't say I've had anyone ever check my signature before.
Plus it changes on a daily basis.
Zero security.
Seriously? by Anonymous Coward · 2018-01-14 12:59 · Score: 0

I can't recall the last time a cashier actually validated my signature. The signatures mean nothing. They offer no security whatsoever. Heck, I've been putting "See ID" on the back of my cards, and still, no one checks. It's a joke.
Anybody know why? by onkelonkel · 2018-01-14 18:03 · Score: 1

Does anybody know why? Why is the USA having such a hard time getting chip and PIN working? It seems very odd to me that the US is so far behind the rest of the world.

We have had chip and PIN here for about 8 or 10 years. I think I saw my first American portable chip terminal last summer at the Minneapolis airport. Up till then the servers still walked away with your card (how sketchy is that!), and then brought a piece of paper for you to write your name on.

--
None of them can see the clouds; The polished wings don't care.
1. Re:Anybody know why? by Anonymous Coward · 2018-01-15 01:16 · Score: 0
  
  It's mostly the banks' fault. They didn't want PINs because they knew the chip alone would remove a good chunk of fraud (see article: 66% in some cases). So even if there are fraudulent transactions without the PINs, it's still less than it used to be.
  The other part of it, presumably, is that people are too stupid to use chip + PIN, and switching to chip + PIN would have been more difficult than just switching to chip. At this point the card readers that accept chips will also be able to accept PINs (no additional hardware/software cost), so it's really up to banks to roll out PINs. Knowing the US, at this point it's likely the banks will charge a premium to have a card with Ultra Super Security using a chip + PIN.
  Never underestimate American exceptionalism. The average American imagines most other countries are "shitholes" or just barely better (including most of Europe), and that every change that happens in America must somehow be innovative and expensive. That other places around the world have been using chip + PIN for a decade, at no extra cost to users, isn't even on the average American's radar. They'll still pay a premium for the privilege. They'll pay millions for something that should be given for free, and they'll vote to lower business taxes so that those millions make it into the pockets of bank executives.
2. Re:Anybody know why? by JoeDuncan · 2018-01-15 05:48 · Score: 1
  
  Because USians are stupid and have been gutting their public education for decades to become stupider?
Re:Ironic by Anonymous Coward · 2018-01-14 22:10 · Score: 0

Except all the signature does today is give you that warm fuzzy feeling that you're authorizing something, without it actually being used for a single thing.

Rather like signing the back of a check.
Re:Ironic by Bert64 · 2018-01-14 22:19 · Score: 1

The signature doesn't prove anything at all..
The retailer can always claim that *someone* was present at the time, they can then draw an arbitrary signature later.
The PIN proves that *someone* was present at the time of the transaction, *and* that they knew the correct PIN.

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Hey USians! by JoeDuncan · 2018-01-15 05:47 · Score: 1

Welcome to the new millennium!
Just wait *another* two decades and "tap" cards will totally blow your minds!