Visa Claims Chip Cards Reduced Fraud By 70%

An anonymous reader quotes Ars Technica: Although only 59 percent of US storefronts have terminals that accept chip cards, fraud has dropped 70 percent from September 2015 to December 2017 for those retailers that have completed the chip upgrade, according to Visa.

There are a few ways to interpret those numbers. First, it seems like two years has resulted in staggeringly little progress in encouraging storefronts to shift from magnetic stripe to chip-embedded cards, given that in early 2016, 37 percent of US storefronts were able to process chip cards. On the other hand, fraud dropping 70 percent for retailers who install chip cards seems great. Chip-embedded cards aren't un-hackable, but they do make it harder to steal card numbers en masse as we saw in the Target's 2013 breach.

Re:So full of shit

[zm]

When they first deployed the chip cards, I had mine for all of two weeks before it was compromised by the wait staff at one of the restaurants I frequent :|

So the wait staff managed to duplicate the chip in your card? Where do you eat?

Re:Gas stations

[Mashiki]

Every gas station in Canada uses chip & pin, most were rolled out a year and change before it became mandatory up here. The real problem up here since everything is chip & pin is actually banks and ATM's that are owned by banks but deployed in variety stores and so on. Hitting banks is the big one right now, the fakes are getting damned elaborate too replacing the entire front bezel to pull the card data and pin.

Re: only 59 percent of US storefronts have termina

They aren't mandatory but they do charge higher fees to process the transaction if you don't use the chip. Online card purchases still act like swipe cards since all you have is the basic info so it's not like they can just force all transactions to work like using the chip.

Re:So full of shit

[Mashiki]

So you handed them your pin, and it's their fault? You understand how this works right? You plug your card into the terminal, then enter your pin. If it was compromised, then it was a plain old skim because the business hadn't rolled over to chip & pin and were exempt from requiring *you* from entering it.

Well, yea...

[jtara]

"Martha? Would you ring up Woodrow 2-4-2 and ask the president of the bank to wire $10,000 to Sparky up in Reno out of my account? It's 5-4-7-9. Thanks!

Re: only 59 percent of US storefronts have termina

[Woldscum]

They are not mandatory. BUT the retailer is now on the hook for fraud. Not the CC co. or the processor. The retailer also must buy the new equipment. If the CC co.s really wanted to stop fraud. They would provide the readers themselves. Payback would be less than a year.

Re: only 59 percent of US storefronts have termina

[Mattatron]

But they DON'T want to prevent fraud, they want to prevent liability, which they they have.

Re:So full of shit

[SNRatio]

In the US typically it is chip only, no PIN. Plus the card could have just been swiped. As pointed out in the article, 41% of storefronts don't have chipreaders.

Re: only 59 percent of US storefronts have termina

Can I please have it this way instead? "Visa caused 70% of fraud by not implementing decades old system earlier than they did."

The glass can be half empty.

Re: So full of shit

[Mashiki]

In the US, very few chip cards come with chip PIN's (these are distinct from credit card ATM PIN's for cash advances); most have you sign something or nothing at all.

Here's how it works up here. Bank card + pin = direct withdrawal from your bank account(see Interac system). CC, again requires a pin. CC+Pin = billing directly to your CC. You don't sign for things up here unless there's a widespread terminal failure and the company still has an old fashioned carbon-copy style credit device available.

Re:So full of shit

[Jason1729]

Why would your card ever be out of sight at a restaurant (or anywhere)? The chip processor is a handheld wireless device about 1.5 x 3 x 6 inches. The card slides into the bottom and you take the whole device to privately enter your pin.

Re: only 59 percent of US storefronts have termina

[Z00L00K]

Same thing in Europe - chip cards rules since at least 10 years now.

Just minor problems that are easy to resolve by cleaning the chip contacts against the shirt whenever there's a problem.

This seems to be pretty much a symptom where the US is - way behind on a lot of things these days compared to 50 years ago when the US was the leader in technology.

Re: only 59 percent of US storefronts have termina

[viperidaenz]

My first smartphone was an i-mate SP2 in 2004.
i-mate is an Irish company. It was built by HTC, a Taiwanese company.

Nokia, Philips and Sony invented NFC, none of which are American companies. One Finnish, one Dutch and one Japanese.

ARM is a UK company, which powers pretty much every smartphone ever.

Where is 'Murica in all this innovation?

Re: only 59 percent of US storefronts have termina

[AK+Marc]

Funny when Americans think that wirelessly powered computers used for strong crypto embedded in plastic cards are "just plastic cards".

It's not the ancient plastic cards that are technology, it's the computer embedded into them, and the crypto, NFC, wireless power and other things used around them that make them technology. Is it just because the US is the last in the world to start supporting this that it's "backwards"?

Re:Gas stations

[viperidaenz]

At least some cards with chips store the card number on the chip unencrypted.
In a previous job my keyboard had a card reader on it for reading certificates from ID cards. I played around with Java's smartcardio package and read my credit card. Saw the card number right there. Some also give out the number to NFC readers.

The bit that prevents fraud is not keeping the card number secret, it's signing tokens with asymmetric encryption. You can't read the private keys from the chip.