They're just not happy about the liability shift strong-arming them into this. But honestly? They SHOULD be liable when they're the roadblocks preventing customers from having good security. They're dragging their feet on this because it's an externality--they don't care if their customers get screwed, as can be seen with, e.g. the Target hack, but they do see a cost for newer, more secure equipment.
EMV has nothing to do with protecting consumers, and has zero effect on security for the consumer. Steal the card, and you can use it, same as before (since it's almost entirely chip & signature rather than chip & PIN) The consumer isn't protected buy the technology, the consumer is protected by the law, with a $50 limit on liability on a stolen card.
EMV is about protecting the banks and processing companies, who have nearly all the liability for fraud, and secondarily protecting merchants, because when fully implemented, EMV with P2P encryption means the merchant never sees the card info at all, and has nothing on their network to steal. All the worst breaches in recent years have been of retailers' networks, stealing millions (or 100 million+) card numbers at a time. And if the retailer is PCI compliant (as Target was, apparently), the banks eat the loss. EMV/P2P encryption eliminates that vector. That is the point of it.
And the upgrade is very, very much in the merchants' best interests because of that.
You're smoking dope, and they're feeding you a line. The software has to be certified, but even then, not by deployment. And for a small business, that's handled by the point of sale vendor, not the merchant. If your local grocery chain is doing their own processing software, they're not pushing on getting their stuff certified, and that's entirely on them.
There is a point about not extending the deadline - again - for those merchants who had the hardware but couldn't get the software from the POS vendors, but it's a small point unless the business is so poorly run that it gets a lot of fraudulent activity to begin with.
It isn't being forced on them. They have the alternative of not accepting CC transactions, which is something many businesses do.
They also have the choice continuing to use the old equipment, but they then accept responsibility for fraudulent transactions that could have been prevented by using chip cards. Hell, as far as I know, they still have the option of imprinting paper slips and depositing them at the bank like checks, but the costs all end up on the merchant, as they should.
At some point we need to have progress, and magstripes need to die. Many technical standards have deadlines where old features stop being supported.
Mag stripes will be around for at least a decade, and probably two or three. But they'll be slowly phased out over the next few years for most people most of the time.
The merchants have had plenty of time to upgrade,
Sort of, but not really. Unless you're Walmart or Home Depot, you don't write your own processing software, you rely on your point of sale vendor, and very few point of sale vendors were ready by October of last year. Many small businesses simply did not have the option to start doing EMV by the deadline.
and plenty of warning that the end was coming. Most merchants support the change, since it is the merchants that pay the biggest price for fraud. That is why the plaintiffs are having problems organizing a class action. It is only a few whiners that are complaining.
Liability issues aside, any merchant complaining about EMV (with point of point encryption) is an idiot. EMV isn't about protecting consumers from fraud against their card (hence the chip & signature instead of chip & PIN), it's about protecting banks and merchant services from idiotic merchants who can't keep their network secure. Implement EMV with P2P encryption, and the merchant never sees the card in at all, and if someone breaks into their network, there's nothing to steal. Makes PCI compliance easier, and pretty much eliminates the chance of the merchant having to pay six figures to investigate a breach.
Citizens stop acting like jackasses when they too are being filmed.
You haven't watched the show Cops then. I've never seen a black person with their hands up.
That wouldn't be very entertaining television, now would it? If they showed the routine stuff where people act like grownups, the show would have been cancelled by episode 3.
There's no way in hell he will ever get enough investors to build a fleet of Mars transports without government - taxpayer - money. If you believe otherwise, I have a bridge for sale, real cheap.
No, it's not. At this stage, it's his investors' money (he's never done anything without heavy subsidies). To actually launch, it will be the taxpayers' money. If he's talking about a fleet of ships convoying together, he's talking hundreds of billions of dollars - per trip. That's not, was never, could never be, Elon's money.
He also stated that one of the qualifications to go is that you have to be able to answer YES to the question, are you prepared to die - he expects it to be VERY dangerous.
I respect his ambition and his vision.
Which is the biggest reason (of many, starting with 90% of the needed technology existing yet) why it will never happen. He can't do it without NASA's assistance, and NASA will never sign on to suicide missions, no matter what they say in press releases.
in how much they're going to compensate businesses that go offline every time there's a major update. Older versions of Windows Updates used BITS, which was, by default, limited to four concurrent connections. Win 10 uses some bastardized "embrace and extend" crap that opens, literally - I have counted - four hundred or more concurrent connections, eating up 100% of all available bandwidth, and knocking everything else on your network offline. And since this has been going on for months, with people complaining the entire time, it's clearly by intent.
I suspect that the Win 10 computers would be just fine if they weren't going through our VPN, which is also knocked down while this is going on, meaning only non-spyware versions stop working.
Windows 10 is malware, in and of itself. It is literally impossible to use for anything that matters.
The idea behind the internet was to make a massive, decentralized system that wasn't under control of anyone.
That may have been the idea behind it, but centralized control has been in place since the DNS system was put in. Yeah, in theory, you can do stuff by IP address, but in practice, that hasn't actually worked since Apache added virtual servers. No, the web isn't the internet, but it's the only internet most people actually use any more.
Naw, that's just ridiculous. Snowden is not stupid and he did not keep the stuff with him.
Snowden: I'd like sanctuary in Russia. The Americans want to kill me. Think how embarrassing it'd be if you gave me refuge.
Russian Immigration Official: We want copies of everything you stole form them.
S: I don't have it with me.
RIO: Well, get back to us when you do. In the meantime, there's the door.
S: Well, here's what I got. That's all there is.
RIO: I don't believe you, and even if I did, that's not worth the trouble of taking you in, since you'll be a parasite living off the dole for the rest of your life. Go away.
S: Well, maybe there's more.
RIO: Lie to us again, and we'll stuff you onto a plane back to the US at gunpoint, and crow about how gullible you were to give us everything you stole, and thought we'd let you stay here.
Without offering any opinion on whether what Snowden did was good, bad, or potato, my first though here is:
The odds that Snowden was given refuge in Russia without turning over 100% of what he took are about the same as the odds of him getting his pardon: zero.
Which is better than him putting it all up on the internet, I suppose. While I'm sure there's national security intelligence in that data dump of great interest to Russia, they will do their best (which is very good) to coerce him into not revealing any of that to anyone else.
As often as I leave my credit cards at home, whether I'm going to buy something or not. I bought a mobile phone so that I could take it with me. I can't drive without my license, so leaving the wallet at home would be a bad idea, too.
I have a flip phone. It's still bigger than my wallet.
my phone is much slimmer than my wallet and lighter
your wallet can be stolen and "hacked into" also...cash spent and credit cards used
how did you get your credit card? through postal mail?....
and do those credit card companies send you "checks" to use against your account with the credit card number helpfully written at the bottom for anyone that intercepts or loses or delivers to wrong block your postal mail? (I call those identity theft kits)
I'm sure these other countries doing this stuff since 2004 have some tech we can look at to lessen the problems you fear...
In none of those cases am I responsible for anything past the first $50. I don't know, and can't find out, who is responsible if a phone with some kind of digital wallet installed is stolen and hacked. Apparently, you don't know either, or you'd be crowing about it, or you do know, and hope I don't find out. What do these company have to hide?
All the crap in my wallet is still smaller and lighter than a smart phone. or even than my flip phone, for that matter.
I am curious a to who is responsible if someone steals your phone and hacks their way into it, and uses it to buy stuff. Once the new standards go into effect in October, I suspect that will be the consumer using the phone, because that's the lowest level of security (not using the chip). With a credit card, it might be the merchant (if they're not using EMV), if might be the merchant service, is might be my bank, but it won't be me.
Go do a search for Terry Childs, who did not work for UCSF, but did work for the city of San Francisco. Don't think for one second that all of the employees being laid off are unaware of who he is, what he did, and how long a prison sentence he served.
I'll bet you they've been specifically reminded of him, in fact.
There is a specific legal process for forming a union. It takes longer than these guys have left. Unions picketing for jobs that they haven't had for months generally just look stupid. (This does not always stop them, of course.)
You're assuming the outsourced labor is actually cheaper. It often, perhaps even usually, is not.
When management is told that it will be, and fall for it again, and again, and again, this is not a place a competent employee wants to work in the first place.
I got say, if I were one of the two candidates who knew their ass from a hole in the ground, and I found that out, I'd consider that I'd dodges a bullet, and be very, very glad of it.
Best to avoid jobs that bad in the first place, even if you're begging for change on a street corner.
It's not just that. Most people live at, or near, their income level. Society encourages this in many ways, and young people in particular are vulnerable to it because they lack the experience with the slings and arrows of unemployment in the face of established debt and other costs, so they don't sock away as is prudent.
If you're living that way, that is a choice you make. No one else. If you don't save money for bad times, you will suffer when bad times arrive - and they most certainly will. If you don't make enough to save, give up smoking pot and weekend raves, and learn job skills that pay better. Rather than doing what everyone else is doing, or what stupid television shows tell you is normal, take control of your own life, and accept responsibility for your own decisions.
When you make bad decisions, you accept the bad results. The most bad decisions you make, the more bad results you have to live with.
(And young people are, generally speaking, in a far better position to be suddenly unemployed, as they generally have far less in the way of responsibilities, and generally have more support from family and friends available.)
The only leverage that matters, on either side, is the power to decide "I'm not going to do business with these people." There may be incentives to not do so - one can get awfully hungry on unemployment - but unless they literally threaten you with violence, you can just tell them "No, I'm not interested in working for you."
If you cannot turn down a bad offer from a crappy company, you are so mentally broken you need to be institutionalized.
Slashdot Mirror
They're just not happy about the liability shift strong-arming them into this. But honestly? They SHOULD be liable when they're the roadblocks preventing customers from having good security. They're dragging their feet on this because it's an externality--they don't care if their customers get screwed, as can be seen with, e.g. the Target hack, but they do see a cost for newer, more secure equipment.
EMV has nothing to do with protecting consumers, and has zero effect on security for the consumer. Steal the card, and you can use it, same as before (since it's almost entirely chip & signature rather than chip & PIN) The consumer isn't protected buy the technology, the consumer is protected by the law, with a $50 limit on liability on a stolen card.
EMV is about protecting the banks and processing companies, who have nearly all the liability for fraud, and secondarily protecting merchants, because when fully implemented, EMV with P2P encryption means the merchant never sees the card info at all, and has nothing on their network to steal. All the worst breaches in recent years have been of retailers' networks, stealing millions (or 100 million+) card numbers at a time. And if the retailer is PCI compliant (as Target was, apparently), the banks eat the loss. EMV/P2P encryption eliminates that vector. That is the point of it.
And the upgrade is very, very much in the merchants' best interests because of that.
You're smoking dope, and they're feeding you a line. The software has to be certified, but even then, not by deployment. And for a small business, that's handled by the point of sale vendor, not the merchant. If your local grocery chain is doing their own processing software, they're not pushing on getting their stuff certified, and that's entirely on them.
There is a point about not extending the deadline - again - for those merchants who had the hardware but couldn't get the software from the POS vendors, but it's a small point unless the business is so poorly run that it gets a lot of fraudulent activity to begin with.
It isn't being forced on them. They have the alternative of not accepting CC transactions, which is something many businesses do.
They also have the choice continuing to use the old equipment, but they then accept responsibility for fraudulent transactions that could have been prevented by using chip cards. Hell, as far as I know, they still have the option of imprinting paper slips and depositing them at the bank like checks, but the costs all end up on the merchant, as they should.
At some point we need to have progress, and magstripes need to die. Many technical standards have deadlines where old features stop being supported.
Mag stripes will be around for at least a decade, and probably two or three. But they'll be slowly phased out over the next few years for most people most of the time.
The merchants have had plenty of time to upgrade,
Sort of, but not really. Unless you're Walmart or Home Depot, you don't write your own processing software, you rely on your point of sale vendor, and very few point of sale vendors were ready by October of last year. Many small businesses simply did not have the option to start doing EMV by the deadline.
and plenty of warning that the end was coming. Most merchants support the change, since it is the merchants that pay the biggest price for fraud. That is why the plaintiffs are having problems organizing a class action. It is only a few whiners that are complaining.
Liability issues aside, any merchant complaining about EMV (with point of point encryption) is an idiot. EMV isn't about protecting consumers from fraud against their card (hence the chip & signature instead of chip & PIN), it's about protecting banks and merchant services from idiotic merchants who can't keep their network secure. Implement EMV with P2P encryption, and the merchant never sees the card in at all, and if someone breaks into their network, there's nothing to steal. Makes PCI compliance easier, and pretty much eliminates the chance of the merchant having to pay six figures to investigate a breach.
Citizens stop acting like jackasses when they too are being filmed.
You haven't watched the show Cops then. I've never seen a black person with their hands up.
That wouldn't be very entertaining television, now would it? If they showed the routine stuff where people act like grownups, the show would have been cancelled by episode 3.
There's no way in hell he will ever get enough investors to build a fleet of Mars transports without government - taxpayer - money. If you believe otherwise, I have a bridge for sale, real cheap.
I agree, but it's Elon's money.
No, it's not. At this stage, it's his investors' money (he's never done anything without heavy subsidies). To actually launch, it will be the taxpayers' money. If he's talking about a fleet of ships convoying together, he's talking hundreds of billions of dollars - per trip. That's not, was never, could never be, Elon's money.
So 200+ ships at billions of dollars each? Yeah, that's gonna happen.
He also stated that one of the qualifications to go is that you have to be able to answer YES to the question, are you prepared to die - he expects it to be VERY dangerous.
I respect his ambition and his vision.
Which is the biggest reason (of many, starting with 90% of the needed technology existing yet) why it will never happen. He can't do it without NASA's assistance, and NASA will never sign on to suicide missions, no matter what they say in press releases.
I thought it was a Monty Python sketch, only with rockets instead of castles.
in how much they're going to compensate businesses that go offline every time there's a major update. Older versions of Windows Updates used BITS, which was, by default, limited to four concurrent connections. Win 10 uses some bastardized "embrace and extend" crap that opens, literally - I have counted - four hundred or more concurrent connections, eating up 100% of all available bandwidth, and knocking everything else on your network offline. And since this has been going on for months, with people complaining the entire time, it's clearly by intent.
I suspect that the Win 10 computers would be just fine if they weren't going through our VPN, which is also knocked down while this is going on, meaning only non-spyware versions stop working.
Windows 10 is malware, in and of itself. It is literally impossible to use for anything that matters.
The idea behind the internet was to make a massive, decentralized system that wasn't under control of anyone.
That may have been the idea behind it, but centralized control has been in place since the DNS system was put in. Yeah, in theory, you can do stuff by IP address, but in practice, that hasn't actually worked since Apache added virtual servers. No, the web isn't the internet, but it's the only internet most people actually use any more.
Naw, that's just ridiculous. Snowden is not stupid and he did not keep the stuff with him.
Snowden: I'd like sanctuary in Russia. The Americans want to kill me. Think how embarrassing it'd be if you gave me refuge.
Russian Immigration Official: We want copies of everything you stole form them.
S: I don't have it with me.
RIO: Well, get back to us when you do. In the meantime, there's the door.
S: Well, here's what I got. That's all there is.
RIO: I don't believe you, and even if I did, that's not worth the trouble of taking you in, since you'll be a parasite living off the dole for the rest of your life. Go away.
S: Well, maybe there's more.
RIO: Lie to us again, and we'll stuff you onto a plane back to the US at gunpoint, and crow about how gullible you were to give us everything you stole, and thought we'd let you stay here.
Without offering any opinion on whether what Snowden did was good, bad, or potato, my first though here is:
The odds that Snowden was given refuge in Russia without turning over 100% of what he took are about the same as the odds of him getting his pardon: zero.
Which is better than him putting it all up on the internet, I suppose. While I'm sure there's national security intelligence in that data dump of great interest to Russia, they will do their best (which is very good) to coerce him into not revealing any of that to anyone else.
As often as I leave my credit cards at home, whether I'm going to buy something or not. I bought a mobile phone so that I could take it with me. I can't drive without my license, so leaving the wallet at home would be a bad idea, too.
Do people really leave home without either?
what you have one of those apple phones?,
I have a flip phone. It's still bigger than my wallet.
my phone is much slimmer than my wallet and lighter
your wallet can be stolen and "hacked into" also...cash spent and credit cards used
how did you get your credit card? through postal mail?....
and do those credit card companies send you "checks" to use against your account with the credit card number helpfully written at the bottom for anyone that intercepts or loses or delivers to wrong block your postal mail? (I call those identity theft kits)
I'm sure these other countries doing this stuff since 2004 have some tech we can look at to lessen the problems you fear...
In none of those cases am I responsible for anything past the first $50. I don't know, and can't find out, who is responsible if a phone with some kind of digital wallet installed is stolen and hacked. Apparently, you don't know either, or you'd be crowing about it, or you do know, and hope I don't find out. What do these company have to hide?
All the crap in my wallet is still smaller and lighter than a smart phone. or even than my flip phone, for that matter.
I am curious a to who is responsible if someone steals your phone and hacks their way into it, and uses it to buy stuff. Once the new standards go into effect in October, I suspect that will be the consumer using the phone, because that's the lowest level of security (not using the chip). With a credit card, it might be the merchant (if they're not using EMV), if might be the merchant service, is might be my bank, but it won't be me.
I'll bet I can hack your phone app easier than you can hack my credit card.
Fool me once, shame on you. Fool me twice, shame on me.
I could walk away today and live for about a year on savings, etc. Without touching my 401k.
But then, I made a choice, long ago, to not live hand-to-mouth. My choice, an no employer was invited to participate in making it.
Go do a search for Terry Childs, who did not work for UCSF, but did work for the city of San Francisco. Don't think for one second that all of the employees being laid off are unaware of who he is, what he did, and how long a prison sentence he served.
I'll bet you they've been specifically reminded of him, in fact.
There is a specific legal process for forming a union. It takes longer than these guys have left. Unions picketing for jobs that they haven't had for months generally just look stupid. (This does not always stop them, of course.)
You're assuming the outsourced labor is actually cheaper. It often, perhaps even usually, is not.
When management is told that it will be, and fall for it again, and again, and again, this is not a place a competent employee wants to work in the first place.
I got say, if I were one of the two candidates who knew their ass from a hole in the ground, and I found that out, I'd consider that I'd dodges a bullet, and be very, very glad of it.
Best to avoid jobs that bad in the first place, even if you're begging for change on a street corner.
It's not just that. Most people live at, or near, their income level. Society encourages this in many ways, and young people in particular are vulnerable to it because they lack the experience with the slings and arrows of unemployment in the face of established debt and other costs, so they don't sock away as is prudent.
If you're living that way, that is a choice you make. No one else. If you don't save money for bad times, you will suffer when bad times arrive - and they most certainly will. If you don't make enough to save, give up smoking pot and weekend raves, and learn job skills that pay better. Rather than doing what everyone else is doing, or what stupid television shows tell you is normal, take control of your own life, and accept responsibility for your own decisions.
When you make bad decisions, you accept the bad results. The most bad decisions you make, the more bad results you have to live with.
(And young people are, generally speaking, in a far better position to be suddenly unemployed, as they generally have far less in the way of responsibilities, and generally have more support from family and friends available.)
The only leverage that matters, on either side, is the power to decide "I'm not going to do business with these people." There may be incentives to not do so - one can get awfully hungry on unemployment - but unless they literally threaten you with violence, you can just tell them "No, I'm not interested in working for you."
If you cannot turn down a bad offer from a crappy company, you are so mentally broken you need to be institutionalized.