It seems to me that these alternatives (Chip & sign, chip and pin, carrying a credit card at all) all compete poorly with the "tap my phone to pay" offerings. I use the latter whenever and wherever it is offered. As I understand it offers greater security than any of the above, and more importantly (life is short) it is much faster. (Though there is one wrinkle. Most point-of-sale systems process phone payments with just the tap. A few of them seem to instead treat it as equivalent to a swipe, and then launch you into a legacy multistep handshake thereafter.)
For reasons I don't understand, the credit card makers have spent many years bringing the new chip cards to market, they include much higher technology than ever offered before, yet the payment process takes much longer. Of course these few seconds don't matter that much per transaction, but think it might be enough to actually make a meaningful difference in staffing levels and line lengths at big stores in December.
I do understand the fees though. The credit card brands and banks have worked themselves, through years of diligent effort, into a business where they can impose a kind of "tax" of 3% on most of the retail economy across the entire US. This is obviously of immense economic value to them, and they will work very hard at every level to maintain it for as long as possible. On the other hand, paying these companies a 3% tax on every retail transaction is... rather surprising in the grand scheme of things, and seems unlikely to persist for that much longer.
It seems to me that these alternatives (Chip & sign, chip and pin, carrying a credit card at all) all compete poorly with the "tap my phone to pay" offerings.
Cards are waterproof, and don't require being charged.
There's also the small issue of millions of people using feature phones for work (sturdier and no need to risk a $200+ smartphone being broken) and carrying a simple card for payments. But who cares about those chumps...
We obviously don't hang around the same people/age group. There is always at least one person in my circle of friends that needs a charger.
Obviously 90% of the time a phone could be used (though I don't agree it's faster than credit card tap, roughly the same speed) and a card can be used as backup, but it makes ditching a credit card completely not really an option.
> There is always at least one person in my circle of friends that needs a charger
If your social circle is anything like mine, it's not some person, it's always one, as in a single person who disproportionately is incapable of maintaining their phone. For the majority of people they're very reliable devices, so this is less "everyone will be inconvenienced sometimes" and more "a few people will be inconvenienced a lot". I recognize that it's still an issue, but those people can keep using cards while the rest of us benefit from tap-to-pay being the preferable option a majority of the time.
I was in New York during Hurricane Sandy. I was staying in a hotel and the power was out. The morning after the storm I went outside to see what was going on. There was a big CNN truck with a dish and a big crowd.
I thought
"maybe the mayor is speaking to the media" and walked over. Turns out the crowd was people charging their phone from the truck. CNN generously left the truck running there for a couple of days.
Autonomous cars will already line up together to get the slipstream efficiency; take it an extra step further and you could have a battery tanker-truck up front giving everyone in the convoy a charge and also making their travel more efficient.
I don't enjoy carrying a fragile $500+ computer on my person at all time and often do without. I frankly don't want to live in a world where I couldn't leave it at home.
I was assuming a chip and pin style card. These, as best as I can tell, seem to have most of the security of a phone-based solution, but with a much smaller attack surface (no internet connection, no cellular radio or baseband processor) and no need for recharging or carrying backup payment methods.
That's why I don't waste $500 on a phone when I can get a great flagship phone that's a couple years old for $100. If it gets broken, it's not that hard to spend another $100 for a replacement. If it gets broken in a year, I get a replacement that's $100 and now a year newer than the last one. So my question to you is: why do you feel the burning need to stay on the cutting edge? Do you always have to have a car that's less than a year old?
Well it would probably push me back to cash. I don't bring my phone if I'm going to be wet, or theres a chance of it getting damaged (swimming, moshpits) but I still might want or need to buy something. I also find it a chore to keep my phone charged all day, and will regularly have it die, and leave it somewhere to be charged while I go out.
If your phone is almost out of juice, you can order an Uber. But if your battery is flat, you can always ask the cabby if they take cards (or just withdraw cash using your card if you're in a city where most of the cabs don't).
Except in my experience cabbies are like "yeah we take credit" and then afterwards "oh my credit card machine is broken, are you sure you don't have cash? I'll drive you to the ATM..."
Cabbies want to dodge that income tax.
And then you tell them "well, thanks for the free ride" and you walk away. I've never had a cab driver balk when I use that and the machine immediately starts working again.
Got in a shouting match with a cabbie once in Chicago for this same thing and when I opened the door to get out after he insisted repeatedly his machine wasn't working, he threatened to kill me if I didn't pay. Then, when I threatened to call the cops, his machine immediately started working.
This probably varies by location, but in nyc cabs are required to have working credit card readers. Thus, insisting on credit card pretty much always works - the alternative is that they admit they illegally picked you up.
In over a decade of life in NYC, never had a problem with taxis incorrectly refusing cards. Happens 90%+ of the time in Philadelphia though, which is why I take Uber or similar whenever possible there.
All a matter of perspective, which is why we can't just arbitrarily declare our conduct beneficial and pretend like that's a license to break the relevant laws.
If one believes that a proposed-but-currently-illegal behavior is beneficial to society, the technically correct way to go about rectifying the situation is to discuss with your local democratic representatives, who can take the issue back to the legislative chamber and work to correct the law. Admittedly, that's pretty impractical at this point.
The taxi driver is also reducing his cost by not paying credit card companies.
Given credit card companies have legal means to pay less percentage tax on much more income than the cab driver and suck money out of taxpayers' pockets in many other ways, I'd offer that screwing over the credit card company might benefit the rest of taxpayers more than the cabbie paying tax does.
If they tell you after giving you a ride that you have to go to an ATM and pay the ATM fee, then they are just passing the cost on to you at a net loss - ATM fees are higher than CC fees on purchases the size of a typical cab fare. I'm not convinced that it's better to funnel money to banks rather than CC companies.
If you're paying ATM fees a) that's on the banks, not on the cab driver, and b) you need to switch banks--I have paid a handful of ATM fees in the last decade and I make in-person purchases almost exclusively in cash.
If there's no bank you have an account at within a reasonable distance, you might not have a choice. Obviously I use free ATMs when I can, but how much control do you have when a cabbie is demanding money?
I moved a year ago so there isn't a bank I have an account at in my current state. But my bank is part of a national network of ATMs. If I use an out-of-network ATM the fee is refunded up to once a month.
Even if the cabbie doesn't give a substantially lower rate if you choose not to pay with credit, there are indirect benefits to the consumer, like keeping more cabbies on the street because it makes the profession more lucrative (and presumably, patrons of cab services want a sufficient supply of cab drivers).
At which point, you get out of the car. They're required to have readers. Tough shit if they break the law in an attempt to dodge paying their share of taxes.
Yep. Neither does cash. And when you pay cash, you're not also feeding marketing databases, unless you choose to. Nor are you required to ask permission of the issuer in order to buy something.
It can be stolen easily. You have to go somewhere to get more of it. You have to make change. It doesn't allow you to automatically track your purchases. You can't get it back from a seller if you are sold fraudulent goods.
Don't forget dropping, temperature sensitivity, bending and (for me) magnetic field sensitivity (which seems to be alarmingly bad but temporary).
It only takes one event to cost you close to $1000 (not sure of phone cost in US). That's a lot more than a new credit card costs.
Wow. Not a comment about you in particular, but about the industry in general. I did a quick search and found this: http://bluproducts.com/android-phones
Really? 66 different phones? Is this entire industry, except for Apple, run by imbeciles? Not that I'm in the target demographic, but I only have a relatively few years left on this earth. I don't want to spend half of them just figuring out the differences between Android phones!
Hasn't the rest of the world learned anything from St. Steven?
> Really? 66 different phones? Is this entire industry, except for Apple, run by imbeciles?
Out of curiosity, I went to find out how many variants Apple is currently selling[1] (model, color, storage). I counted 42 distinct combinations you could possibly choose! I guess not even Apple learned from 'St. Steven', or he was wrong.
Removing the color axis whittles down the model/memory combination to a more manageable 12 options - but the point remains.
What point remains? When you're trying to figure out what phone you want, model is just about the only thing that matters. Apple has 5, of which 3 are current. It's easy to compare them, and nearly impossible to compare a list of 66 different models.
No. Magnetic strips are resistant to 3 tesla, but it does kill them. I assume moving fast across flux lines does it. However chips on the card are good with unlimited exposure to 4.7 tesla as far as I can tell.
Phones turn off and won't reboot for a period of time that is alarming, but so far I haven't seen it kill one. MRI engineers even have instructions to document some scanner work with their iPhones. It may just be the screen turning off so I'll have to test Siri or something to check if it's that. They always work again so far but the 30 minute wait didn't seem good!
Many phones have magnetic switches for use with smart cases. When you close the case cover, a small magnet trips the switch and turns the screen off.
The magnet isn't damaging the phone — at least not at field strengths likely to be encountered in everyday life. Removing the magnetic field should immediately turn the screen back on.
4.7t is pretty strong. It isn't a cover detector as it's mainly iPhones I've seen affected and it lasts long after the phone is removed from the field. However this may be what has caused the effect on some of the other phones I've seen exposed. I'll do some experimenting next time it occurs. GE and Seimens seem to have an array of phones that engineers are equipped with and they are happy to expose them to high fields.
Many people do. It's not once or twice that I've ran out of battery. Once I even purchased a backup power bank to charge my phone. I paid with a bank card.
How is it not an issue? My ability to pay should not rely on my phone's OS and payment app functioning correctly. It should not rely on me having remembered to charge my phone. All of these phone payment systems go through the credit card companies anyway. Printing out the plastic card is not the main service they provide.
I tried Samsung Pay & Android Pay exclusively for a few days and gave up very soon. I even used Google Wallet (NFC) when it first came out.
There were a couple of times when Samsung Pay blocked all payments until an update was applied and the change log had nothing to do with payment functionality but with other useless & unrelated stuff like "better notifications" "better deals". NOTHING, absolutely NOTHING about a security issue, a flaw or a hole that was being used to steal money.
I havent had too many issues with Android Pay but still its the same issue ... instead of a simple swipe and go, and my ability to use my money in anyway I want and I am not at the mercy of an app developer who is acting as a gatekeeper to access my money so he/she/it can control what I need on my phone / my device to use my money whenever I want so they can push their agenda that has nothing to do with me using my money. no thanks.
thats not even including the additional cut the app provider takes and increases my price effectively. I'd rather pay one middleman.
Credit Cards dont need to be "fixed" or "solved". As a customer, its easy to use, widely accepted and my risks are covered 100% by the issuer. I cant say the same for phone payment methods.
I don't consider my risks to be 100% covered. I don't have to pay for fraudulent charges, but I still incur substantial costs in terms of time and hassle when a card is compromised and I have to get a new one. Time on the phone with the bank outlining which charges are legitimate. Time getting them to send me a new card (more complicated if I'm traveling). Time updating all of the automated payments or other accounts where the card number is stored. Hassle when my card is declined in the grocery store because the number was compromised and I didn't know yet. Hassle getting a late fee refunded (or service reinstated) because I forgot to update the card on one account and the automated montly charge failed. Hassle when the card is declined because the bank THINKS it's been compromised (theoretically less likely in a more secure system). And so on.
I've had cards compromised probably a dozen times (most in the forms of "mass compromise," where the bank shuts down my account and sends me a new card even though there were no fraudulent charges on my specific account). I'm glad I didn't have to pay any cash, but it has cost me a lot nonetheless.
I can't understand why virtual card numbers haven't been embraced across the industry. While it wouldn't solve every problem you mentioned it would make the need to update cards with services non-existent. I think it's safe to assume that a virtual card number per service would also allow them to more quickly assess where the breach occurred.
Agree. If Google and Apple can do per-app passwords for apps or websites that don't work with 2-factor authentication it seems like Visa should be able to kick out a per-merchant number for Comcast, Netflix, etc.
If the underlying credit card number is compromised, just change that and leave the virtual in place.
Just a quick chime in here - our system does in fact do that, and though I can't speak with authority about others, my understanding is that they do the same.
The biggest problem with virtual card numbers at the moment is when you show up at the hotel and cannot provide the card you reserved the room with. Notwithstanding that, they are quite successful in some parts of the world.
> Credit Cards dont need to be "fixed" or "solved". As a customer, its easy to use, widely accepted and my risks are covered 100% by the issuer. I cant say the same for phone payment methods.
As a customer, you are paying more for products because credit cards are broken: retailers are passing on fraud-related expenses to you. You are paying for the inefficiencies in the system, even if the costs seem hidden.
I would use Android Pay if Google didn't restrict it to licensed unrooted stock versions of Android. Cyanogenmod supports Marshmallow on my phone where stock is still on KitKat, but I can't use Android Pay with it.
I don't think they've ever been bypassed on custom roms that aren't based on an official rom. Basically it checks all the files in /system to ensure they match with one that's undergone certification. If you have a good rom but just rooted it, there are some tricks although I haven't tested them, but nothing has been done for cyanogenmod or anything else not based on a certified one.
Yes - but since the merchant is the one liable you can assume those costs are being passed down to you either way (key part being the contractual obligation visa/mastercard assert that prohibits the merchant from charging you more for using a credit card). Therefore in the meanwhile you can be covered for fraud and a) get your 1-2% back b) get airline miles - or c) none of the above. Seems like an obvious choice?
Fun fact: The contractual obligation says they can't charge you more for using a credit card. But it doesn't say they can't charge you less for using cash. This is how gas stations get around it. The gas is the higher price, but you get a 10 cent discount for using cash.
Merchants actually can charge more for credit card usage now. It's been permissible since a 2013 lawsuit, except in 9 states where it's prohibited by state law.
It is an insane marketing speak thing. The contractual requirement isn't for no price differences. There may be a discount for using cash, but they can't word it as being charged more for using a card. The two might be equivalent in numerical terms, but it is the language that is important.
Ah, Apologies there were some changes to this recently (2013) which had slipped my mind (they mostly don't affect New England due to state-based restrictions - which is probably why I'd forgotten):
Samsung Pay has worked great for me at a number of locations. The only issue is one of my cards which I think should work wont register and when I try to pay I always get a fingerprint mismatch initially which takes up some time to do a second try
In the UK nearly all cards can be used for contactless payments below a fixed amount (£ 30 at the moment).
Additional security (inconvenience) only kicks in on higher price purchases.
Additionally, there is no time delay for contactless, and chip and pin is extremely fast too.
Contactless is far faster than even unlocking your phone (even if you use a fingerprint unlock), and can usually be done concurrent to the cashier putting your item in a bag or reaching to pass it to you... it is essentially frictionless.
This all works so well I find myself doing something I never though I would... I've abandoned cash. Contactless payments are that good, and fast, and work at the end of the day when my phone is out of battery, and works for every one of my daily casual purchases (travel, food, a book, some toiletries, some groceries, etc).
Same here in Canada, for slightly more (100 CAD, I believe). It's incredibly convenient. So easy to spend money! Tap, tap, tap with just a dumb card.
During a recent trip to the US, they had to swipe my card and make me sign a piece of paper (which I gleefully sign with an "X" as if I were illiterate). It felt so backwards.
I lived in the US then moved to Ontario. I find that about 70% of card readers here have "NO TAP" taped across the top. Since the insert chip, enter code, wait, and approve process actually takes longer than the swipe-and-sign in the US, I've found the time spent, averaged over my actually purchases, to be about the same. It probably has more potential to improve in the future.
Back in Sweden, Chip-and-PIN was so efficient - you can insert your card, enter your pin, and get an authorization all meanwhile the cashier is ringing up your goods. Then when the total is done, you just hit "OK" on the final amount and in seconds you're done.
In pretty much every other country I've visited, you have to do the whole process serially after the total is done, which is quite slow.
Some US establishments seem to have stopped requiring a signature under a certain dollar amount but the tap capability isn't universal and I've noticed that it even varies across locations. So either they're pilot testing or some other factor like franchise vs. corporate are at play.
In the UK and Europe, didn't governments essentially force banks into the modern age in terms of electronic payments that your contactless and contact cards use?
By comparison banks in the US use the debit card & ACH system which has many issues compared to credit cards and European payment systems.
Can't speak for all of Europe, but in Norway, the banks did it of their own accord. They got their heads together in the early 1990s and founded a private company, co-owned by all the banks, that has been stewarding the technology used for inter-bank transfers and card payments.
They've been quite good at this — Norway has had chip and pin since the early 2000s, and contactless payments (using NFC in ordinary cards, not phones) have existed for a few years now. Money transfers are also completely effortless; all you need is the other person's bank account number.
For consumers, the main hurdle remaining is the speed of transfers between banks. They only perform transfers in bulk twice a day (and for years they only did it once a day).
Contactless cards did exist here in the US a number of years ago. I had one from Chase. Then around 2014 when it expired, the replacement card did not have contactless payment anymore. According to this article it was simply a lack of demand: http://www.digitaltransactions.net/news/story/Chase-To-Disco...
You can still get contactless cards from Amex at least (I'm not sure about Chase). But you have to specifically request them (and hope you can find a CS rep who knows what you're asking for). I think it's a bit of a chicken and egg thing - it's hard to get a true measure of demand when people don't even know it's a possibility...
Lack of demand or lack of interest from the banks to invest in the technology/security? I'd love to know why the US adopted "Chip and Signature" rather than "Chip and Pin". Requiring a signature is essentially worthless. My understanding was that it was a combination of US customers not being familiar with using a PIN and concern over where the liability lies if fraud occurs (the assumption being that if someone uses a PIN then the card owner gave them the PIN).
There is an attack on chip-and-PIN cards when the ATM system hasn't been upgraded to chip cards. The problem is that the PIN for chip-and-PIN is same as for ATM withdrawals. The terminal also gets enough information from chip cards to clone the magnetic strip. The result is that compromised terminal can produce cloned cards that can be used to withdraw cash from ATMs.
I don't think chip and signature is a requirement - most places seem to ask for a PIN rather than a signature.
Just swiping the card, however, also works just fine and I now use it everywhere again because I can't be bothered to remember and type in yet another passcode. Just more friction in the process.
An increasing number of terminals now reject the swipe, with the screen stating something like "this card has a chip, please insert and wait". Cashiers are starting to ask, before you swipe, "does your card have a chip?" I even used a terminal yesterday where, after inserting the card, it asked me to identify whether my card was a "Citibank Card" or "Visa Debit Card" (ambiguous, since the card was a Citibank card with a Visa logo). The implementation of this chip rollout in the US is a mess.
The selection was because your card had multiple AID's on it. Some terminals still need some work, and sometimes configuration, to handle AID selection properly. The US Common Debit AID is still not widely supported, which is why many grocery stores still haven't rolled out Chip & PIN support - they don't want to pay the credit card interchange fees because their merchant or terminals don't support the debit AID.
So yes, the chip rollout here in the states is a giant clusterfuck for the time being. It will get better soon, once the hodgepodge of banks and hardware vendors get everything straightened out.
What about the October 2015 liability shift? If grocery stores "still haven't rolled out Chip & PIN support", then they face liability for counterfeit and lost or stolen cards. Issuers can conditionally allow fallback transactions [1], do you know if issuers are generally denying fallback transactions? Is the prompt "this card has a chip, please insert and wait" for a swipe on a card with a chip due to the merchant's policy to avoid the liability shift, or is it due to the issuer denying fallback?
The liability shift only matters if the potential loss outweighs the cost of running all transactions as credit until your issuing bank and hardware support the US Common Debit AID is greater than the potential fraud liability.
For a grocery store <1% per transaction and 3% per transaction is a pretty huge difference, one of my local stores that only takes debit cards still doesn't support chip cards because of the madness with the US Common Debit AID preventing them from enabling the EMV support on their terminals.
> most places seem to ask for a PIN rather than a signature
That is for debit, which is an entirely different thing than credit.
There are no US banks that implement Chip & PIN. Heck, it's nearly impossible to get a Chip & PIN capable card for travel if you have a US issuing bank.
Swipe support will in theory eventually be disabled (e.g. authorizations declined by your issuing bank) at some point in the future when Chip & Signature is being rolled out.
If you're typing your PIN code into a terminal in the US, you are using debit though.
> There are no US banks that implement Chip & PIN. Heck, it's nearly impossible to get a Chip & PIN capable card for travel if you have a US issuing bank.
Not entirely, but your last sentence is true. Some issuers do PIN credit cards. I have one from First Tech Federal Credit Union that uses PIN and touts it as a benefit. When I used it in Europe, it worked exactly as expected and prompted for my PIN just like in the States. There are a handful of smaller issuers that also do PIN primary (mostly credit unions but at least one Florida bank with a card catering to Cuban trade does) and a few more that have PINs but the PIN is secondary so it isn't asked for unless the terminal's configuration insists on it.
Here US, some stores when using a chip credit card (not debit/checking account btw) requires a pin instead of a signature, not sure if they call it a pin but it's 4 digits to verify purchases . . . instead of signature.
I have a MasterCard that takes a pin. I've been asked to enter the pin at several places, including WalMart. It is a credit card, not a debit card.
Frankly, I'm baffles by these claims that US cards don't work with chip and pin because so far, if I use the chip, I have been required to use the pin.
I also have a corporate amex with a pin set up, but I've never used it.
My guess is that the signature thing probably carries more weight as a contract for payment owed; and if that's not actually true it still feels true enough to make it more of a comfort to the retailers/customers.
I had one from Wells Fargo and was pretty sad when my new card didn't have it. I used to love to pay for things without taking my card out of my wallet.
That doesn't make sense, adding the contactless facility mustn't cost more than pennies. As a store owner contactless saves a lot of friction and time at check out. Once the transaction is processed on the terminal surely the whole system upstream is identical.
My experience from the US is... interesting. I tapped-and-paid $700 (not a typo) when visiting NY... and American Express had no idea I was in the US (unless they cooperate with US Border Controll). In the UK, I'm limited to 30 GBP.
Many airlines transmit level 3 purchase data as part of the credit card transaction, which will contain your complete itinerary -- which can be fed into the bank's risk system.
Nobody here has mentioned the Merchant Category Codes, which is what governs the max amount before a transaction is required to have sig or PIN. I'm sure it varies by country too, but I only have experience with the US system.
Yep. I worked for a company that "did" debit/credit card handling at the point of sale ( not clearing ) and the Smart Card guys were right down the hall. This around 1989-1995. The Smart Card guys mostly sold to Europe. It hasn't much caught on here, and I'd say that's mainly due to inertia.
> In the UK nearly all cards can be used for contactless payments below a fixed amount (£ 30 at the moment).
This sounds really interesting.
I've had chip cards in the U.S. for a couple years, but I've never seen someone use a contactless payment card here. Even tap to pay with phone is very uncommon.
Haha, I've done the opposite. I found it was too easy to spend money, that I was doing so without thinking as much of it as I would have in the past. I've gone back to cash as a form of self control
"Of course these few seconds don't matter that much per transaction"
My anecdotal experience has shown this to be an extreme pain in some cases for both consumers and retailers. Any sort of business with frequent CC payments and high volume sees their POS wait time explode.
Two personal examples:
Attended a cinema, where they had to delay the movie time due to long CC processing times.
Bought food at a takeout place, with clear signs instructions (to avoid) and apologies for the delays caused by chip readers.
Contactless is standard on the London tube now - you tap a reader on a barrier with your card or phone, and the barrier opens. Same on exit. The system works out the cost as you go, and the maximum cost of multiple journeys is automatically capped.
Chip and pin definitely would definitely be too slow for this. The barriers have to be fast enough to process huge numbers of people at peak times.
Contactless has eliminated all the usual queuing for tickets and/or prepay card topups - except for tourists.
It also very much changes perceptions. I used to work for a company that manufactured point of sale systems. They found they could improve the amount of time the customer waited by queueing up all the printing of the receipt until the end of the transaction. (This was in the 1980s.) They could save something like 10-20 seconds per customer, which meant they could move 1-2 additional people per checkout per day. (And the store had something like 10-20 registers - it was a huge store.)
However, customers hated it because it felt like it took longer. They would be done with their transaction, done paying, then have to way 10-20 seconds for their receipt to finish printing. So they'd be standing there just waiting to leave with nothing to do. The company had us change it back to printing each line as it was entered into the computer.
Because it serializes the operation, whereas printing as you go operates in parallel.
But the modern thermal receipt printers are pretty fast (the old dot-matrix ones weren't). Epson has one that does 350 mm/sec (13.75 inches per second). So as long as you aren't shopping at CVS with their infamously long receipts, it's not too long of a wait.
> Attended a cinema, where they had to delay the movie time due to long CC processing times. Bought food at a takeout place, with clear signs instructions (to avoid) and apologies for the delays caused by chip readers.
This is a sign of their incompetence. Period
The whole rest of the world uses this without a problem.
No it's not a sign of their incompetence. Planet Money recently did an episode on how much longer it takes chip and pin to work, and also why it took so long to come to the US:
I'm not sure there is no incompetence involved when the same process is much faster basically anywhere outside the US. That is a question not answered (not even asked) in that episode if I remember correctly. I don't mean the human factor (that will be resolved in some time) but the technology used.
Chip card transactions do take a very long time in the US. If I had to guess as to the reason it would not be network or back end processing (seems way way too long, and too consistent to be due to those factors), but probably the time it takes the card to run crypto. Perhaps they use cheap cards with slow cpu but also big keys for fear of attack?
Per parent, this could also be an internet issue. If the POS is processing with a delay, the employee has little control and blaming "incompetence" is ludicrous.
Having first hand experience with dealing with impatient customers because the POS is running slow creates a feeling of entitlement (on the person pointing out how incompetent someone is) and resentment (on the side of the affected employee who is helpless in the situation).
Obviously nobody blames the cashier for the delay (at least I hope). But blaming a slow system on the organization as a whole and the department responsible for the POS in particular is appropriate. It's not like it's impossible to create a fast system.
A one-off internet issue is fine. But in this case it seems that there is something systematically broken.
> blaming a slow system on the organization as a whole and the department responsible for the POS in particular is appropriate. It's not like it's impossible to create a fast system.
After readying your comment, I went through at least 5 different emotions.
I work in the QSR space and deal with the IT side. The idea that IT department can control the speed of the computer/internet/etc. is shared by both, staff and guests. Regardless if that's the case, your comment, in addition to the parent comment are fascinating.
It seems that regardless of the situation, someone has to take the fault and customers will just blame someone regardless. That's totally appropriate (even if its not, doesn't really matter as this is a perception > reality).
Just for that insight, I would up vote your comment twice, if I could.
> The whole rest of the world uses this without a problem.
Not really true. The rest of the world has had it and moved on, and this is a main reason why.
In my country at least, we're now on to tap-to-pay credit and debit cards in recent years, which is faster than the old school swipe and sign and much faster than the chip.
Bay Area is just now getting chip readers active in many places. They started installing them a year ago or so, but many had the slot taped off. The experience now at most places goes something like this:
1. cashier done scanning items
2. person swipes card since reader has a slot to do that on the right side and that's what they usually do
3. machine beeps or displays an error or does nothing
4. cashier has to explain to insert the card
5. person fumbles with card, eventually getting it into slot
6. sometimes people just push it in and pull it out or otherwise don't leave it in long enough since every single POS has a different workflow and dialogue for this, and this error condition requires re-starting the process (GOTO 3)
7. Waiting 3-10+ seconds
8. Sign
9. Hit yes or accept or I agree
10. Wait another few seconds
11. Remove or forget card. Sometimes the machine beeps, sometimes not
12. Done!
Despite all this hassle, we still didn't get chip and pin that I had been complaining about for years, so if someone steals your physical card, they can still use it until you realize. I'm not really sure how this whole process improves security (does the actual CC number no longer enter the POS at any point?) but consumers here are definitely having some growing pains with the new system and the current state of supporting both old and new systems.
With chip-and-signature cards it's much harder (as in currently not practical at all) to clone the card to use it at another POS (at least if the magstripe readers are finally switched off). Cloned cards are a much larger issue than stolen cards.
Whose incompetence? The cinema? They bought a turn-key, off-the-shelf POS package from a vendor. How much control do you think they have over that system? Card processing starts taking a dump, and you would suggest that the minimum-wage cinema worker running the cards do...?
Thank you for the clarification, and apologies for any inaccurate implications. As others point out, I'm willing to give a bit of benefit of the doubt if only because there are parts of the system (Comcast's business connection takes a dump, for example) that even the payment network doesn't have control over.
Though your post makes me wonder: do payment providers have SLAs, or do they just say, "you're locked in with our network and hardware, suck it up"?
Correct. In the US, whenever I insert my card to use the chip, it takes forever (as you watch the Do Not Remove Your Card prompt). When I've used the same card for swiping (not using the chip), it completes right away.
What I love is you have to carefully watch the screen to pull the card out when it's done, otherwise it starts a really harsh a beep that's designed to prevent you from forgetting your card, but is just flat out obnoxious if you haven't.
And the screen's text are fairly similar regardless of what it's asking, and if there was some sort of error inserting it (damn things often trip before the card's fully inserted), then it makes the same gosh damned sound to remove it. I even had one beep to get my attention to not take the card out.
I feel awkward and foolish with it, since it's ostensibly so simple, but so inconsistent. Add in a watching-water-boil time delay, and it's just a great recipe for social anxiety. One wrong move can jam the works. (Like, I once pulled the card out too early when I heard it beep at a Target and the register had to cancel the order and restart.)
That's just really weird, because no where else is it that slow. I know others says 10 seconds, but it is much much faster than that. Here in Denmark tap to pay with credit card, well debit cards mostly, is practically instant. Honestly it's often to fast. I find myself think that I didn't pay because it to fast for me to register.
Tap to pay isn't what's slow in the US, it is the chipped cards that need to be inserted into a POS device. For whatever reason they are absurdly slow. That should be great news for NFC payment services though, Apple/Android pay seem like speed demons in comparison.
> it is the chipped cards that need to be inserted into a POS device.
Weird. In Germany, it's usually very, very fast (recently, using my Number26 CC, payment in three seconds including PIN entry, and ten seconds later I got the push notification on my phone).
But that may also very well be because it's rare here to see outdated terminals. Most retail chains change their card terminals every two or three years, because they listen to their customers who actively demand speedy transactions. Oh, and because stores usually don't own the terminals but rent them (cheapest solutions are at < 20€/month and terminal). Downside: CC fees for merchants can range up to 4%, most of it goes to the CC providers.
>CC fees for merchants can range up to 4%, most of it goes to the CC providers.
It mostly seems smaller merchants simply don't switch their acquirer to get cheaper rates and complain about "high costs". FWIW, credit cards are capped at 0.3% interchange (which is what the bank gets), debit cards at 0.2% since last year. Scheme fees for MasterCard/Visa are peanuts and even AmEx doesn't cost 4%.
That would certainly explain why chains like REWE actually set up their own card acquirer... and yes, with the cheap terminals I actually referred to C4L (disclaimer: not related by work, just a happy customer).
> But that may also very well be because it's rare here to see outdated terminals. Most retail chains change their card terminals every two or three years, because they listen to their customers who actively demand speedy transactions.
The only terminals in the US that take the chipped cards are brand new (because the cards themselves are new and the deadline to accept them isn't quite here yet). I don't know why they are so slow, but they are all brand new machines.
I asked the manager at the local grocery store why they had chip readers but didn't enable them. They want to be ready in case the system becomes less awful. He described exactly the problems mentioned here.
It's so slow that some vendors are electing to stay with swipes. It's evidently cheaper to eat the fraud than slow down lines by ~2x. It probably translates to adding 2x cashiers.
For example, the Wawa chain of convenience stores on the East coast are very good at moving people through the registers. Around 10-15s per transaction sustained throughput is common: one or two items, beep beep good day. If someone pays by check or chip, the whole thing grinds to a halt and everyone taps their foot.
I've seen some grocery stores with double grocery belts, so the cashier can start checking out the next customer while the first one is finishing payment, they just sweep a divider over so the groceries go down the next belt.
This was well before chip-and-pin, they probably did because of the slowness of writing checks.
Though maybe this is all moot with self-checkout since the store doesn't really care that much if it takes you a bit longer to check out. Especially if they can show you ads while you wait.
That's not inherent in the chip technology. Terminals in Sweden do the same processing with the same cards faster than you can blink. They also allow you to insert the card and enter the PIN while items are still being scanned. You just need to confirm the total amount and can directly take your card without waiting.
The chip also enables contactless transactions which is even faster.
Top tip. If you damage your magnetic strip but the chip is fine, don't go to the Coromandel without another payment method. They don't have chip readers there.
I think it depends on the particular POS system. I'm in the US, and some stores let you swipe while your things are being rung up and others make you wait until the end. I also haven't had to wait a long time for my chip to work, but I haven't used it much.
My workplace cafeteria, located in Austin, Texas, just switched the registers to always use the chips on cards. The result: the lines are 2-3x as long, they have hired another cashier, and they have created a cash-only line in order to speed up the process. It's mind-boggling how slow the chips are. The cashiers have started doing two customers at once- while you are waiting for your card to validate, they are ringing up the next order.
Maybe; but it's been ages since I've seen a swiped card transaction go that slow, and the card swipe uses the same card reader hardware, the same network technology, and the same "and so".
As far as I know US banks use the same chip standard as European banks (EMV) and in some countries those transactions are pretty fast (in others less so).
The card swipe doesn't use the same reader hardware as the chip reading (well, it is in the device) and there is more processing going on with more round trips to the bank if using the chip. Likely different parts of the software are used both at the reader and the bank as well.
Canada has them, too, and they're great at restaurants. Great for tipping since they just hand you the device at that point with common percentage options on screen (or the option to customize it).
The American experience of server collects your card, comes back with two receipts, mental arithmetic to figure out the tip, write it down on the receipt, hand the receipt back, and server types in the tip amount just seems clunky in comparison.
In general, though, I carry cash for tips since I know those probably won't be taxed.
Maybe. I don't own a US card but heard of such stories.
But I can tell you that my German card is quite slow in Germany (not as slow as US transaction though) but blazingly fast in Sweden, Denmark, or France.
Normally it's under 10 seconds for me with a chip and PIN debit card, the by far most common card payment method in Germany and the UK. Most credit cards here (Germany) are chip and signature, but they are used less commonly in stores. My credit card has a PIN, but I've never used it.
> It seems to me that these alternatives (Chip & sign, chip and pin, carrying a credit card at all) all compete poorly with the "tap my phone to pay" offerings.
Apple takes a cut for "tap to pay". No one wants to pay extra middlemen.
> For reasons I don't understand, the credit card makers have spent many years bringing the new chip cards to market, they include much higher technology than ever offered before, yet the payment process takes much longer.
It took years to roll out chip and pin because no one wanted to pay for the new terminals (another expensive cost pushed on to someone). It takes longer to approve a transaction because of the challenge response implemented to reduce fraud.
> I do understand the fees though. The credit card brands and banks have worked themselves, through years of diligent effort, into a business where they can impose a kind of "tax" of 3% on most of the retail economy across the entire US.
That is not quite correct. Neither MasterCard nor Visa charge merchants any extra to use ApplePay. In fact, some merchant banks even lower merchant fees if they adopt secure payment methods like ApplePay.
MasterCard and Visa do pay Apple a minuscule fee (15¢ per $100.00, and less in Europe), however, it is smaller than the amount they expect to save due to reduced fraud from folks using ApplePay (and Apple apparently has also agreed to split some fraction of any fraud losses with them).
> Everything has a cost, and someone has to pay it.
In Europe, the interchange fee (what the retailer's bank pays to the card company) is limited to 0.3% for credit cards and 0.2% for debit cards. This came into effect sometime last year.
Are you sure that's not 3% and 2%? When you consider the banks are on the hook for fradulent charges the interchange fee is their buffer to cover this (plus the myriad reward programs most banks offer).
Wow, it's almost as if capping the fees they can charge provides an incentive for the banks to aggressively pursue anti-fraud technologies that benefit everyone.
Naw, never mind this is the USA. Free market is all that matters.
My only problem with Apple Pay and the like is that my cards work perfectly fine and are simple to use. That and I keep forgetting to use it and then when I do I probably cannot.
With regards to merchant fees, I have actually had some merchants say they would be glad to take a check
If it didn't take so long most merchants prefer checks because there are no special fees on them.
As for Apple Pay, it becomes A LOT more compelling if you have an Apple Watch. All of a sudden instead of having to pull your phone out of your pocket you Press the button on the watch, move your wrist in front of the reader, and it's done.
I don't have an Apple Watch but I could definitely see using it for payments if I did. As it is, it's at least as easy and fast for me to pull out a credit card as it is my phone so I haven't seen a reason to pay with my phone.
Unfortunately it has the glitches that everything on the Apple Watch has. Double-press to pay... oh, wait, "Updating card information". Ok, I'll get the card out. Or you try it on the Tube and the barriers just flash "no go" at you, for some unexplained reason. Roll on watchOS 3.
Not that I know the entire implementation but I believe the phone has secure-element hardware that decouples sensitive material from the rest of the device. Therefore, in theory, attacking “the phone” gives you no access to (say) a credit card number. This should be a relatively small attack surface.
Nope, most android phones (that I'm aware of) lack a dedicated HSM. The iPhone 6+ was I believe the first general consumer phone that shipped with a HSM. Being a linux guy through and through, it is/was the reason I got a 6+ and I couldn't be happier. It isn't perfect, but it is a huge improvement over most other things out there.
Motorolla has the horribly overpriced AME 2000 (ick), and Samsung has the knox platform built standard into most of their stuff (which is very good), but they lack a true HSM. If you're an android user and want a HSM for sensitive data, get one of the Microcrypt SD devices. It is as good as you'll get (and still not as good as an iPhone).
Apple Pay generates a unique credit card # for every transaction, ensuring a compromise of one merchants system will never end up in the ability for hackers to use your card for any other transactions.
Unique card # per transaction is the holy grail of security.
Your claims of somehow compromising confidentiality are also provably false.
There is a reliance on the security of the local device that isn't an issue with cards. Primarily this is more of a social engineering concern anyway, rendering most technical solutions useless.
Last year there was an article how Apple Pay was making it easier for scammers to use cards. I believe this particular vector was patched by having to authenticate that you are trully adding your card via bank authorization. However, Mobile Payment is susceptible to fraud and thieves will find a way.
Tap-pay with my Visa card is commonplace in downtown Toronto and faster and easier than doing the same with my phone.
It's enough faster than chip+pin to make a difference. But the weird thing about chip+pin is that it's much slower in NYC than it is in Toronto or elsewhere in Canada. I can see why these mobile-pay systems are gaining ground in the U.S. where chip+pin is poorly supported in the rare places that it's actually supported at all. And I don't see anyone tap-pay'ing with their cards here.
The infrastructure behind the tech makes a big difference for whether there's any room for mobile-pay to actually improve on credit-cards.
Both tap and chip and pin are so fast now in Canada that it's great. The US payment infrastructure is still mostly terrible. In many cases, even with chip cards it's chip and signature!
We don't have pins on our chip cards and as far as I'm aware, no bank is issuing CCs with pins with or without a chip. Debit cards use PINs, but bring a host of other liability problems to the user, and almost universally lack the rewards programs which consumers with good credit take advantage of (because hey, I get 2-3% towards travel expenses while paying the same).
Are you sure? The only information I can find that agrees with you is about debit cards, where PIN means it uses a different payment network. Credit PIN uses the same network as credit signature, so it seems unlikely the fees would be different.
I've been doing this with a MasterCard Paypass-based card for probably close to ten years? Now I have a Visa card that's payWave based, which is essentially the same thing.
The whole Android Pay/Apple Pay thing has been nice from a "more people have the terminal now" thing. But the card's tap function works so well, I can't imagine using my phone.
Here's the deal: Chip-and-PIN is slow to function because it is a two decade old technology. Modern "tap my phone to pay" (Apple/Android Pay) is a lot more secure thanks to tokenization and mandatory PIN/fingerprint use. It is the future, but it's not yet at 100% penetration. Banks can't issue you a new phone when you sign up for an account. So merchants and card networks are squabbling over how to evolve the baseline method of physical cards that will still be around for awhile.
There is no reason to think that the 2-3% tax is going away anytime soon once you understand the network dynamics. The key element that almost everyone overlooks, even people on HN building alternative payment systems, is that that tax mostly gets refunded to consumers via reward programs. It does not just go into Visa or the banks' coffers. They certainly take a healthy slice of it at scale but they key point is, they have aligned themselves with consumer interests. Reward programs keep consumers loyal to the "high tax" system, because the tax mainly goes to them.
This can be demonstrated very simply by comparing credit and debit usage rates. There is already a "low tax" payment method that has near 100% adoption in every consumer pocket and merchant register. It's called debit cards. They work exactly the same as credit cards at the register -- you can even sign for them (and it's no more expensive than PIN thanks to the Durbin amendment). Yet consumers still widely use credit cards. Why? Because no rewards. It's mostly merchants who would benefit from lower interchange fees, at least in the short run.
So this is why Apple Pay et al did not try to build a lower-fee system. It would have misaligned them with consumers. This might shed some light on why Bitcoin never had much of a chance as an alternative consumer payment method.
Tap-to-pay and chip cards all use the same standard, EMV. Most of the problems with chip cards in the US are because of incredibly slow terminals or applications on the smart card themselves. Since the terminals are much faster dealing with tap-to-pay I'm guessing their either just take forever to initialize the smart card, or it's the latter issue (application on the card itself).
I'm curious as to the experience of people taking EMV cards from the US to Europe, is it any faster than in the states on the same terminal hardware?
So that leaves the bottleneck on either the merchant bank, the US card networks, the payment terminal or the retailers internet connection. Still a crapshoot to figure out where the latency comes from, but at least it's not the cards or the issuing banks.
My assumption is that it's the payment terminals. The US tends to have far more dated/low end terminals than I've seen elsewhere. I have a feeling that since retailers are forced to upgrade, they choose the cheapest, most terrible option they can.
I'm not so sure most of the fault lies with the terminals. In April 2016, Visa announced a software/firmware update to card terminals to speed up the awkward waits affecting chip cards [1].
But to your point I found chip terminal manufactuer that claims to have optimized the communications between the chip and the terminal [2].
Rewards are nice, but I use credit because I'd much prefer to use the float on other people's money. If my credit card is owned, I'm not out the money while the bank figures out what's going on. With debit, that money is gone until the investigation is complete.
> The key element that almost everyone overlooks, even people on HN building alternative payment systems, is that that tax mostly gets refunded to consumers via reward programs.
NNNNnno. 1) the price on everything is inflated 3% for what amounts to an archaic and insecure way to process transactions 2) It's not opt-in: that is, with few rare cases, I gain nothing, and in fact, must spend more money to not participate and 3) Even if I do participate, all I can hope for is, at best, 1.5% or so cash back. You might say, "Oh, well that's a fee for convenience and security. OK, then what the hell is that fee I pay for the card every year?
It's bullshit. Get rid of it. Make consumer credit illegal. People are too stupid, greedy and short sighted to consume it well.
None of those points actually refute the simple fact that most of the interchange fee gets refunded to consumers.
As for the theory that prices are inflated by interchange, there are two problems with it. One, reward card users don't experience inflation because most of the interchange is refunded to them. Two, when Australia regulated down interchange, it didn't actually result in lower prices.
> what the hell is that fee I pay for the card every year?
Most cards in the U.S. don't have annual fees. The ones that do usually offer enhanced benefits like richer reward programs.
In the UK at least, contactless payment with your card is pervasive, so Apple Pay and "tap and hope your finger is correctly aligned or you look like a muppet" is a worse experience than my card's much cleaner "tap to pay"
The London underground ticket barriers support both Apple Pay and contactless cards. Using Apple Pay is a guaranteed way to enrage everybody standing behind you in the queue. It's not fast enough. The fingerprint reader isn't perfectly reliable. And I am terrified of dropping my phone and it being trampled.
While the phone is locked, double click the home button and leave your thumb rested on the button for a second. It will set up an Apple Pay payment and leave it ready to go. It lasts for 60 seconds before requiring authorisation again.
So simply preload the transaction as you're walking to the barrier, then touch your phone on the reader. Usually it is fractionally faster than contactless cards.
The extra few seconds or so for a chip transaction don't really matter, as long as I have the ability to insert the card whenever I want, such as before an item is scanned. It's really annoying and unnecessary for a POS to reject an inserted card just because it's too early in the transaction process.
For me, the extra time isn't too much of a burden. It does take longer than a few seconds but that's not my beef with it. My beef is with the problem of "so, what do I do? Insert or swipe?"
Some places require inserting. Some places still use swiping. There's a swipe area and an insert slot. The cashier looks at you like you're new to using credit cards when you don't guess the right method, even though it's different everywhere you go. It's a mess and apparently the chip isn't even a requirement. Screw the chip.
Honestly, I thought things were a whole lot better (from a UX perspective) when you just handed the cashier the card and they operated the card reader for you. They know their system's idiosyncrasies; the customer doesn't.
I'm unhappy that stores have been pushing more and more cashier work onto the customer without adopting an industry standard UI for their payment systems.
I have just read a report of a trip to the US by someone from the UK. He was surprised how long it took to process a chip and pin transaction in the US, you don't notice any delay in machines in the UK.
NPRs Planet Money did a total fluff piece[0] where they talked about how slow chip cards were, and why they couldn't be adopted in the US because of the speed.
In Europe, even when being abroad (if that makes a difference), I have never had any issues with delays or payments, it only takes 1-2 seconds.
Odd. We just got chipcards here in chicago and its consistently close to 30 seconds too, but not because of processing time—that usually takes three/four seconds, but for some reason we also have to tap through several screens on every transaction asking if you want cash back…if you approve the amount…if you want it all on this card…poorly labelled with "yes"/"no" buttons. Maddening.
Not sure about Chicago but in the Bay Area, you only get the cash back prompts when using a debit card, which also sets you up for additional fraud liability and lower rewards kickbacks. I'd suggest getting a chase sapphire or citi DoubleCash card. It'll be faster as well (no idiotic cash back prompts with every transaction).
Tens of seconds is an exaggeration. In my experience it's max 10 seconds.
And that's assuming Apple Pay is recognizing your fingerprint or is coming up at all. Don't get me started if you have multiple cards linked to Apple Pay...
I'll tell you that Apple Pay is significantly better if you have the watch. Since the watch is already authenticated to your phone, there's no fingerprint mess. You just double tap the side button and hold the watch over the payment terminal, it taps you, and you're done. It's extremely convenient.
For extra oddness, Apple Pay is extremely fast everywhere I've used it except my grocery store. There it takes about 30 seconds. I have no idea why. The device tells me I'm done, but for whatever reason the software on the point-of-sale system doesn't decide that the transaction has been paid for for a surprisingly long amount of time.
It is not just the average case, it's the rule in the US. The same terminal will be fast for swipe and NFC transactions while being terribly slow for EMV.
I half-remember an article I read a long time ago about chip and pin cards that mentioned asynchronous communication with the mothership as a big win for the chip.
The example it brought up was that because the chip's identity could be verified through local communication with the chip, purchases could be logged at the terminal and synchronized at any point with the payment processor.
Is there something about the US payment processing market that makes that feature unattractive? Are businesses subsidizing more fraud protection than in other countries by making transactions synchronous and hiring more staff?
What do you mean cache the swipe? You can swipe and have a receipt in your hand before the chip cards tell you to remove your card. They are simply way slower. NFC is similarly speedy in comparison to the chips.
> It seems to me that these alternatives (Chip & sign, chip and pin, carrying a credit card at all) all compete poorly with the "tap my phone to pay" offerings.
Sometimes I need to read comments like this to remind me that Hacker News is full of people who live inside the SF tech bubble where this sentence is considered a reasonable idea, and I shouldn't take HN too seriously.
I still have never seen someone use Apple Pay or android pay in real life. I live in DC. I've used Apple Pay for lyft but it's more annoying than uber just having my card on file.
What's ironic is that the old school mag swipe cards are more convenient than Apple Pay but the new chip cards are so slow that it does open up a convenience gap for Apple Pay to gain mind share.
i would go so far as 80% of the places I go don't accept chip and anything. they all have little stickers on them saying "chip doesn't work, please swipe" or the equivalent. i'm pretty sure they don't even have a plan for implementing it.
Many of the chip enabled machines in the US I've seen are really slow; there local market has huge lines just after launch because the process was so much slower than the swipe.
The funny part is that this all works quite well in Canada. The chip and pin systems there are quick and completely painless. Send like the card companies in the US drug their feet for years, and then picked up some substandard contractors for implementations...
It's been years of improvement in Canada and we started much earlier. Chip and PIN used to be noticeably slower (but I wouldn't call it slow) but now it's very fast. Tap is instantaneous.
Most CC companies made the liability flip for POS terminals in October 2015, some even sooner. They all seem to have held off until October 2017 for gas pumps though.
https://en.wikipedia.org/wiki/EMV#United_States
Gas stations, ahhhh. Gas pump UI and UX was terrible in the 90s and is a joke by modern standards. It makes me almost want to drive off when they make me decline to play the lotto and decline a car wash at the pump.
My understanding is that wall many stores have the hardware, their accounts haven't been set up for chip and signature because the banks and card networks have been slow in getting everyone switched over. So they had to pay for the new terminals, pay for the fraud liability since were past the cut off date, and they still don't get to use the new stuff. I think some people are actually suing the companies over that.
I took impute the US credit card agency's taking forever to deliver the US a safer card alternative like Europe's "chip and pin(EMV)" system to just plain laziness and a lack of desire to invest.
I believe Europe has had this chip and pin technology for something like 20 years so we just finally upgraded to 20 year old technology.
For some reason the credit card cabal decided that after all this time that instead giving the US "the chip and pin which would be compatible with the EU system they gave us "chip and pin" which incidentally takes much longer to process a card, and I am almost never asked to actually sing my transaction. You have to ask WTF on all this?
The rational I hear about why the US went with "chip and sign" rather than "chip and pin" is that they feared that US card holders if they have to memorize pin numbers they would likely stop using there other credit cards(lots of people in the US have 3 or 4) and just use the single one they decided to memorize. Memorizing pins was at odd with encouraging maximal credit card use.
There is definitely an opening in the retail payments market right now. The chip thing is a major problem for high volume retail. That extra time adds up in a very big way, just like latency in a network.
-Instead of getting quicker, payments just got slower
-Apple and Google have the credit card companies on to their payment platforms now
-Minimum wage moving toward $15+ an hour means cashiers need to double speed/efficiency
-Interest rates are extremely low, which means cash flowing transactions is cheaper for any party
The payment terminal is already being leapfrogged at Starbucks with mobile ordering. Retail stores could require identification and payment method in order to enter the store, and then bill you as you walk out using mobile sensors. This wouldn't be any more unusual than needing a membership to get in to Costco. The membership contract could over ride traditional payment transaction rules.
There are tipping points in terms of costs vs lost revenue but I suspect things are going to move away from cash and physical cards really quickly. Like Uber, rather than being a negative, this will be seen as a huge positive by the majority of users.
In Australia Paywave is much faster than phone payments. Anything under $100.00 and you just tap the screen with you're card, wait a second for approval then walk off, no signature or pin needed.
For a couple of years my debit card was paywave. When it worked it was excellent, though it seemed to fail about 20% of the time (I'd end up swiping). Then my bank removed it on their newer cards. I was sad.
We have "tap card to pay" in Denmark. If amount is below 200Dkk (30ish USD) no PIN is needed. Its very fast, very secure and our credit card fees for merchants, are much much lover.
A problem with this is that not everyone has a smart phone, and expecting someone to spend what can be a large sum of cell fees to make purchases is just not reasonable.
While I think the credit card companies in general are running something similar to a mafia protection racket, they are in fact providing value to retailers. By extending credit to consumers they encourage consumers to purchase more from retailers. The question for retailers is: "Does the 2.x% transaction fee cost more than the incremental revenue from customers buying on credit?"
That's a pretty limited view of the credit card value proposition. The credit part is, of course, what it is, but also important is the fact that most people have immediate and secure to all their cash (and credit).
Also, not to be discounted is that it's far from free to handle cash. The delay in settling credit card payments + apparently pretty heavy-handed practises around charge backs is probably a bigger problem than ~2% transaction fees are.
Agreed. I was just trying to point out that the % transaction fee is not just for the currency exchange, but also for the risk involved in providing a line of credit.
VISA does not offer credit. The issuing bank does. VISA is just a payment network that links consumers, merchants, and credit issuers. Actually it is a scheme that involves 4 parties[1].
As far as I understand, the phones rely on real crypto to verify transactions without exposing secrets to the merchant.
The chip and whatever cards despite taking 10 or more seconds are still just transferring the secret to the merchant. So once criminals figure out how to make copies they will be no more secure.
See, all of these "you won't have to carry a card ever" schemes that involve tapping a phone seem to not care that people have other cards to care about. Why bother with all of this effort to move payments onto my phone (which has a battery that dies), when I already have a wallet with my drivers license, public and private health insurance cards, my public transport payment card and my swipe card to get into the office?
The problem is not that a phone is fundamentally better for this stuff, the problem is that you're yet to be provided a card-based alternative that works well.
For transactions under $100, card payments in Australia don't require authorisation (I'm unsure if this is a legal requirement, or if it's just a de-facto standard that most of our banks have adopted). You just wave the card and you're good to go - the payment processes using the same mechanism as tapping a phone so it's just as fast.
It's actually more convenient in most cases as many places don't have their credit card terminals right in front of where you're served, so the cashier has to walk over to a terminal. With a card, I hand it to them and say "just tap" - they handle the rest while I wait and talk with whoever I'm with (or check my phone if I'm on my own). With a phone, I'd have to walk over to the terminal, wait for the cashier to key in the pricing and then hope that Touch ID won't stuff up while I hold it near the contactless reader. I also can't check my phone while I'm doing that, because I need to use it to make the payment.
Tapping cards works so well and is so widely supported that I was able to live just fine with a near-destroyed debit MasterCard (and zero cash) for nearly six months a few years ago. The plastic was coming off and prevented it from being inserted into a terminal, but by 2012/2013 our retail sector had such widespread support for contactless payments that it didn't matter. For the purchases over $100 I made, I tapped and then entered my PIN.
Despite Australia being the highest users of contactless payments in the world (per capita, of course), Apple Pay has had a very slow launch here. It only works for Amex (which no one uses as no one accepts it due to high fees), and MasterCard/VISA cards for one of our big four banks. The banks aren't interested in dealing with Apple due to extra fees that Apple wants to impose, and consumers aren't pressuring the banks or Apple to make a compromise because the current experience is already good enough.
Maybe there's something "magical" that I'm missing out on, but I really don't get why phone-based payments are being so widely hyped. It's already a solved problem.
I'm surprised the discussion isn't focused on the 3% fee, it's almost not discussed. Think about that, that's 3% of all retail transactions for electronic processing. And their not even liable for charge backs, that's paid by the vendor.
Another thing to realize, most credit cards have some kind of reward program that amounts to about a 1% payout. That's coming out of the transaction fees, which if you do the math is actually being paid for by the merchant. If the fees were 2% there would no longer be rewards programs. I find that interesting. The retail world is being taxed to pay the credit xard reward programs of their customers. Makes you think a bit doesn't it ;)
You can also click on the "web" link at the top of this page just under the title of the article. That does a Google search for the article and that lets you in.
Click on he "web" link at the top, under the article title. This kind of comment gets made every time these articles are posted. It's not that hard. Sometimes you gotta use an icognito window, but not always.
I agree, but I usually get around it by going the URL from Google and the referral from Google will work. I really have no idea why this doesn't get them de-listed from Google.
Are there any Americans here who are able to explain why the US is so backwards when compared to European countries?
Visa and Mastercard and the banks all offer Chip and Pin services here in the UK, and have done for years.
I can understand the delay in adopting chip cards, with the ridiculously large number of terminals and cards that would have to be replaced - but I really don't see why when you're performing the migration to cards with a chip, you wouldn't implement PIN at the same time
(I'm a brit who moved to the US.) It is far more common for people to have multiple cards. There are also a lot of affinity cards - associated with airlines, stores, sports teams etc. A random site[1] claims just under 4 cards on average for those who have any cards. A card issuer also requiring that the consumer remember yet another PIN isn't going to find it too useful for expanding their business, just as the consumer is going to prefer less hassle.
Those stats made quite interesting reading - what I felt is missing is the reason /why/ there is such a high multiple-card ownership rate?
I personally have a single debit card, and a single credit card, as do most people I know - is the culture in the US really so different that people need so many cards?
I've visited the US, but do not live there - I never felt properly safe when I was just swiping my card and signing to pay for things. I don't even know if the fraud protection would apply to my European chip and pin card if I paid for things that way.
There are quite simply a lot more banks and other financial institutions that issue credit cards. When I lived in the UK there were essentially 4 banks, plus a dozen building societies (US equivalent: credit union). Today the US has about 6,000 banks and similar number of credit unions.
In order to get customers they have to stand out from their competitors which means marketing, card perks and rewards. With that much activity, it is almost inevitable that people will end up with more cards.
Americans also like their stuff complicated. Look at health care and politics as two examples. What it often manifests itself as is different choices for different circumstances, whereas others would lump it all together. For example you generally don't have a single "bank account", but instead you have a checking account and a savings account, not necessarily at the same bank even! And yes there is federal law around what constitutes a savings account.
When making a purchase, the optimum card to use will vary. For example a store affinity card will likely offer discounts at that store and affiliated ones. Some offer cashback but it varies by category (eg it may be 5% for petrol stations, 2% for restaurants, 1% for supermarkets) with each having its own percentages and other limitations (eg min quantities, max cash back). And if you are saving up airline miles, you may want to use that relevant card instead of the others until hitting your goal.
I try to keep my cards to an absolute minimum but ended up with 4 all from my bank: a debit/atm card, another one tied to my health savings account (which has to be different), a credit card, and a second backup credit card.
This. Amazon card gets better returns for me on Amazon purchases (plus it got stolen half a dozen times so now it only gets used on Amazon...this happened because someone physically pried my locked apartment mailbox open and used that info to order more replacement CCs to their address), other card gets better returns for travel at restaurants, other card gets better returns for everything else, then I have a debit card since some gas stations only accept those. I also carry cash since some places are cash-only, and some parking meters only accept quarters, so I have a stack of those in my car as well.
You're basically leaving money on the table if you're doing most of your transactions on a debit card or in cash in the US. The credit card companies all offer set percentage cash back, rotating categories of higher cash back, and/or heavily discounted miles. Discover and Chase both offer cards with 5% rotating categories that are different between the two and have no yearly fees. Even the cards with a fee often end up being worth it due to the large amount of miles you can rack up with them.
Thats not even getting into the shadier side of card churning for the sign up bonuses or buying gift cards so that you can pay your rent and for other things that have a fee associated with them when you do anything besides a bank transfer.
Not to mention the very common practice of using one card with a very high balance and 0% intro fees to sweep lots of other card balances onto, in order to effectively suspend all your interest for a year.
Indeed. This works even for balances that didn't originate on credit cards - I have a Chase Slate card which has literally never left my house because I only use the account for its 18-month zero-interest offer, which was useful for a small student loan I wanted to pay down quickly.
Many people I know use special card offers similarly. Want those 50,000 airline miles? Better sign up for Delta's Amex, can always cancel after the first year... etc, etc. There are very strong incentives from the card issuers themselves for Americans to carry multiple credit cards, and if you use the cards responsibly you can rack up some serious benefits for no cost.
Your student loans could be paid via credit card without a surcharge? Or is it just that the surcharge was lower than the interest rate and you planned to pay it off in 18 months so it was worthwhile? That's an interesting strategy I haven't seen before.
That's not a fee, that's the interest rate. You would pay 20% over a year of interest. There are many many cards with promotional rates between 0% and 5% per year.
It's the cash advance fee (different from the normal interest rate on the card).
Source: I used it once to get money out like a debit card... without realizing there would be a fee, and got charged the nasty fee. For the card I tried it on at the time, the fee was somewhere between $10–20 on a $100 withdraw. Never tried it again.
Yep, my scenario was exactly like aianus's above. 1% transfer fee was much better than 6% interest since I planned to pay the balance off within the 18-month zero-interest period anyways. The card company issued paper checks specifically for the purpose of a balance transfer.
My bank and college allowed credit card payments, but there was always a percentage fee that was much higher than what you would get back from credit card rewards
In the US, almost every major retailer issues their own branded credit card, and they offer financial incentives for using that card at their stores.
As a card issuer, they get a cut of the interchange fees whenever you shop with their card, even if you're shopping at other stores. That provides both a discount on their own payment processing costs (some of the fees they pay their processors come back to them when their own branded card was used), and an additional revenue stream unrelated to their own store sales.
To entice consumers to sign up for retailer-branded cards, they offer significant discounts or rewards on purchases at that retailer.
Banks can offer rewards programs for use of their branded credit cards as well, but their reward programs can never pay out as much as a retailer-branded rewards program, because the retailer can cut into their profit margin to finance it while the bank's program has to be financed entirely through interchange fees.
It's perfectly rational to sign up for an Amazon card that offers 5% off your Amazon purchases if you shop there often. It's similarly rational to sign up for a similar program at each retailer you shop with often. So a rational consumer can end up holding a number of credit cards, some of them issued by their bank, some issued by retailers, simply in order to minimize their bills.
Beyond all that, there's also people that churn through cards in order to earn rewards for opening new accounts, or whom carry large debts and transfer balances to new cards with introductory 0% interest rates periodically to avoid accruing interest on their debt, essentially using new cards as loan extensions.
Having more credit cards can benefit your credit score in a variety of ways. The fundamental reason for this is, of course, that credit card companies want you to have a lot of cards. They're betting they can make more on your interest payments than it costs to acquire you as a customer.
Some ways having multiple cards can benefit your credit score:
- More cards = higher credit limit = lower utilization percentage when you carry a balance. [0]
- If you're young, opening lots of cards early can make sense because in a few years the "average age of accounts" will only take small hits if you add a new card. Also, if you foresee a mortgage in your future, you can cancel your credit cards and they will still continue to "age" on your credit report
- If you've missed a payment in the past, since payments are calculated as "percentage of on time payments," you can increase that percentage faster by opening more cards and making all payments on time.
- At least according to creditkarma, more accounts actually translate directly to a higher score.
[0] edit - see jdmichal's comment below. utilization = current balance / limit.
> More cards = higher credit limit = lower utilization percentage when you carry a balance.
Just want to mention that, at least some card companies report the current balance and not the carried balance. I have never carried a balance on my card, always pay in full every month, and my report still shows an amount for that card, which is basically whatever random amount I have on the card when they report.
Same. I recently had credit report pulled for a mortgage refinance, and although I pay all my credit card balances in full every month, it still showed several accounts with a "high balance relative to credit limit" or some such thing.
The high transient balance really only affects your credit a few points if you have otherwise excellent credit. It starts to ding you more if you have delinquencies or really high balance to overall limit.
I have half-a-dozen credit and debit cards. Several reasons:
1) Your credit score is negatively impacted if you close a credit card account.
2) Specific cards have specific benefits. For example my insurance company issues a credit card and if I use that card when I rent a car, I not only get automatic collision damage insurance (pretty standard on many cards) but also coverage against "loss of use" charges and other risks with rental cars that many other credit cards don't offer.
3) Some places don't take all cards. My AMEX card gives me hotel points that I use a lot but AMEX isn't accepted everywhere.
4) Many benefit programs have debit cards that are to be used for specific purposes. My HSA has a debit card, but I can only use it for medical expenses and prescription drugs.
Because the need for a particular card can be somewhat unpredictable, (and just to avoid losing them) I end up carrying about six cards in my wallet at all times.
To 1, it actually isn't or at least not as much as you might think. Relevant factors are utilization and average age of your credit accounts, going back 10 years; an account doesn't stop aging when you close it, and it doesn't fall off of your report until 10 years from the closing date. If closing an account decreases your amount of available credit enough that your utilization spikes (over 20%), then you should leave it open. Otherwise it's fine.
Another note on that, if you normally spend more than about 10% of your credit limit across your cards each month, get another card or get one of them to raise your limit. Debt utilization ratio higher than that can also drop your score. Sign up for CreditKarma and keep an eye on it to get the best rates and rewards.
Edit: another alternative is to manually pay your bill every other week to keep the utilization ratio down.
I don't know the answer. I had assumed that it was the act of closing the account that was viewed as a negative and not the reduction in the aggregate credit limit. But I could be wrong.
My wife is a manager of a bank branch and her brother is a credit analyst at another bank, and I've been told the reason it impacts your credit is because you now have less credit available to you, and you're likely now using more of your available credit.
If you have $50 available on one card and $50 on another card, you have $100 of available credit. If you close one of the cards, you now only have $50 of available credit. If one card is maxed out and the other is empty (because you're about to close it), before you close it you are only using 50% of your available credit. Once you close it, you're now using 100% of your available credit, which looks bad.
Americans have been made totally neurotic with card rewards. My mom will dither for probably 10-15 seconds every time she pays for something, which card to put that particular transaction on, in order to extract the best points. Restaurants get a better kickback on card A, gas on card B, airline tickets on card C. It's crazy I hate it.
This is why merchants get hit with anywhere from 2% to 5% fees and have no idea which card cost them so much. And why friends say they're "losing money" if they don't play this game. It's fakaked.
If their efforts were actually productive, which they aren't, it wouldn't bother me so much. Their reward depends on everyone else paying higher costs but not getting the reward
The whole shenanigans is only possible because the issuers have a monopoly where the merchant can't charge the true cost of a transition to each specific consumer. If the consumer was paying for his own kickback, the whole party would end. It works because of obfuscation and free loading off others, especially those who pay by debit card and cash.
There are at least a couple of reasons to have more than one credit card, even if your cards are chip and pin.
1. Chip and pin protects against someone who gets your card number making a fraudulent card with it and using that for card present fraud. It doesn't do very much to protect against someone who gets your card number using it for card not present fraud.
If the chip card also implements tokenization, that protects against losing your card number to attacks on card present payment systems. If it does not implement tokenization, then you can lose your card number if someone hacks into payment terminals or merchant back end systems. Also you can lose your number if an online merchant who keeps your card on file gets hacked.
So, even with chip and pin it can be a good idea to have more than one card, such as one that you only use for card present transactions, and one that you use for online transactions.
2. Cards often offer rewards. At one point I had four cards, because one gave me cash back on gasoline purchases, one gave me cash back on grocery purchases, one had a very low interest rate, and one had a rotating cash back program that changed what category of purchases it rewarded every month.
They all had no annual fees, and I usually paid my bill in full every month, so basically each card was free money to me from the rewards, except for the low interest rate card which I only used if I wanted to make a big purchase that I would take a couple of months or so to pay off.
There are a lot of different cards with different incentives. Shopping at REI? Use the REI credit card for 5% cash back. Groceries? Use this different card for 6% back.
There are advantages to the stores providing the card (data, CC fees, brand loyalty) and very easy for shoppers to apply while in the store.
Additionally, to get a good credit score, you need a high amount of available credit and long lived accounts. There aren't many disadvantages to having multiple accounts assuming you are able to manage your spending.
Single debit card, yes. But many people, including myself, have multiple credit cards for various reasons. (Backup in case of loss/rejection due to anti-fraud error, various types of affinity card rewards that want to spread around for various reasons, etc.) Also, to the degree that many still have AMEX cards, those aren't as widely accepted as Visa/Mastercard.
One American's opinion. I'm in my early 20s and in good financial standing, I have 3 credit cards with airline miles programs. Using them means for the past year I've used a free flight every 3rd flight, and my girlfriend and I will be traveling to Europe RT for $1200 for 2 tickets. I fly a lot, and it's saved me a couple hundred dollars to have a few credit cards, and the inconvenience of keeping < 5% balance on each.
I'd imagine it's because the credit card companies have less restrictions on what they can do here compared to Europe, so they can afford more extravagant offerings.
> Is the culture in the US really so different that people need so many cards?
Varied rewards across cards is a big reason. One card offers 5% cash back on gas and 1% otherwise (so you only use it on gas). Another offers 2% back generally, so you use it for most things.
Also stores convince a lot of Americans to make expensive purchases by starting a store credit card that has no interest for 12+ months.
For debit cards I keep two, but only because my main bank does not offer chipped debit cards yet and I need one that does for travel abroad.
The reason why US consumers have multiple cards (at least intelligent consumers) is because of the various cashback programs.
For example, Costco's Visa card gives me 4% cash back on all gas purchases. Costco's Visa also gives me 3% back on all travel related purchases like hotels, airlines, and restaurants. Citi Double Cash Mastercard gives me 2% back on all other purchases. Discover card runs 5% cash back each quarter on up to $1500 of one category, like online shopping, or home improvement retailers.
It's a bit of a chore to determine which card to use for every transaction, however, if you don't have credit cards, or just use debit cards, you're effectively leaving money on the table.
The lawsuit explains it, I never bought the "Americans are too dumb to remember a PIN" excuse, and it turns out that it's about the money -- PIN transactions cost less than signature transactions so Visa/MC want more signature transactions:
The banks collect higher merchant fees for signature-based credit-card transactions than PIN-based ones.
“While chip-and-PIN authentication is proven to be more secure, it is less profitable for Visa, MasterCard, and their member banks and it provides a greater threat to their market dominance,” the lawsuit claimed.
This is closer to the core issue in my opinion. Wal-Mart and Home Depot do not want to support processing EMV Debit cards as credit. Most debit processing rails require PIN data to process the transaction. Running a debit card using the signature CVM means processing the transaction over credit networks which costs the retailer more and is more profitable for the issuers.
This is the main reason retailers want to use Chip and PIN all the time and drop signature. It would mean they could simply run debit transactions over debit rails all the time which would cost them less. Obviously the issuers want the opposite since processing over debit rails is less profitable for them.
Credit cards compete with other forms of payment, like cash. Making credit cards harder to use makes people shift payments to other forms. Implementing PINs is about balancing the costs of fraud against the costs of shifting those payments. If you cut fraud by X but you lose out on Y > X revenue due to reduced credit card use, it's a net loss. Card companies here apparently think that Y is indeed greater than X.
In Canada, we have a good compromise. Up to $100 (depending on your bank) you can simply use RFID "touch" payments. Fraud is much higher but it increases credit card usage so credit card companies promote it heavily (after all, the possible fraud will be for very small amounts). For larger purchases, a PIN is required. I think it's a good system.
When I travel to the US I'm always surprised by how backwards the approach to credit cards is:
- Waiter grabs my card and walks away with it. (In Canada they'd bring you the machine to your table.)
- In the unlikely scenario that they actually place the card in the chip reader, as opposed to just swiping it, they usually come back to me with a puzzled face. Last time I had the following interaction, "Sir, your card is giving us an error". "What's the error?". "It wants a code". "OK, I'll come and enter it". Then waiter proceeds to ask me for id, inspecting my card, checking the signature on the back carefully, etc. Basically, he thought I was up to no good because my card has a PIN. :)
Is it? From what I understand they basically use their fraud-detection algorithms to determine whether the transaction should go through. That's why, every so often, the tap will fail and you have to do chip & pin.
I once had a chip&pin transaction refuse to go through because I was out of town and used a gas station brand that I almost never use. I called the CC company and they said pretty much that was reason. They monitor all transactions for behaviors out of the norm.
I really enjoyed all the wireless handheld CC terminals in Canada where the transaction felt like I was doing the work, and at my own pace. Much nicer than restaurants here as you describe.
Honestly though I'd rather enter a PIN than use a dull piece of plastic to make an unreadable signature on a feedbackless screen. I punch keys all day but rarely write by hand.
I think you're unusual. Many people struggle with PINs, or at least think they would, which in terms of hurting credit card use amounts to the same thing.
Another issue is that PIN adoption often implies a liability shift. Right now I have zero liability for fraudulent uses of my credit card. Some places place liability on the cardholder if the cardholder didn't take sufficient care to protect their PIN and a fraudulent transaction is made with the PIN. If that happened, I would stop using credit cards unless it was absolutely necessary, and the mere possibility is enough to make me extremely skeptical of any move to require PINs.
By the way, there is no requirement for your signature to be readable or reproducible or even anything resembling your name. Just do a quick freehand scribble. There's no reason for it to be harder than entering a PIN.
It used to be a security thing, but that seems to have completely fallen by the wayside. I think these days it's basically just formally indicating that you're agreeing to make the purchase at hand, so you can't later go back and say that you somehow didn't realize you were handing over money, or that you thought you were paying less than you were charged.
> If signatures don't have to match a previous signature, then what is the point of entering the scribble in the first place?
Here in Japan traditionally identification for things like contracts and bank transactions is done with a seal (custom-carved rubber stamp). A lot of foreigners who move here think it's absolutely bonkers, since what if someone stole it? Isn't it really easy to clone?
Many banks here let you use a signature instead of a seal though, and some foreigners opt for it. They usually switch to using a seal after they have to re-fill a form 4 times in a row to get their signature to match the one on file, since they actually verify the things here!
You also have to hit "yes" or otherwise agree to the amount. I do wonder what legal purpose a "signature" actually serves these days. The doodles definitely do get stored and sent to the processor. Sometimes they're also on the receipt.
With the vast majority of chip and pin schemes the liability for fraudulent transactions still falls on the bank, unless the merchant/processor hasn't implemented chip and pin, in which case it falls on them.
When I think of "chip and PIN" my first thought is of the UK for some reason, and the UK is one of those that tries to put some liability on the cardholder.
In the US, our experience with PINs is mostly around debit cards. Those have significantly weaker fraud protections for debit transactions with a stolen PIN, up to $500 if you don't notice the fraud until after two days, and unlimited if you manage to miss it for two months.
Yes, I'm not sure why it's slow in catching on here. We've had contactless payments for years (I had a card that supported it around 2008) but they're still not common.
I suspect that one is more of a chicken-and-egg problem, with merchants not really caring to adopt it as long as few people have the cards, and card issuers not really caring to issue them as long as few merchants accept them. But I don't really know.
I believe the crux of the lawsuit (and oddly isn't really covered in the article) is that the credit card companies are trying to have their cake and eat it too. Visa & MC have created a new system that is only marginally more secure, but have required retailers to now shoulder the costs of any fraud that occurs on those new cards.
If they'd just adopt chip readers then liability stays with the card companies.
This is actually something that has really puzzled me about the American chip rollout. As of October 2015, any merchant without a chip reader bears full liability for fraudulent chargers. I was sure that this would mean everybody would be switched over on time. Forcing merchants to pay for fraud is a pretty big threat! And yet here we are most of a year later, and I still see tons of stores with no chip readers. Even weirder, I see tons of stores with chip readers that don't work because they haven't activated it on the backend. Why....
Does the Chip and Pin really afford that much protection? Surely it doesn't help with the underlying payment network, i.e. internet payments. The only thing that would really help here would be something like a credit card 2fa required for all transactions (which, to my understanding, the chip provides).
> ridiculously large number of terminals and cards that would have to be replaced
I've heard from some Canadians running a payment processing company that it was the U.S. credit card companies lobbying for decades against it for precisely this expense. Right nextdoor in Canada they've had chipped cards for over a decade.
American consumers aren't responsible for fraud on their credit cards (technically only up $50 or something but in practice not at all). That means that they don't care much about security as compared to the inconvenience of having to remember and use a PIN.
Ah, good point. I guess this circles back to Home Depot's complaint then. All the merchants would have to band together somehow to insist on Chip-and-PIN.
Traditionally Europe had higher fraud rates than America. So the cost to benefit calculus was different. A lot of retailers still don't think it's worth the hassle.
The US is much larger than individual European countries and has an order of magnitude more credit card readers, etc. in circulation. Every single one of those had to be updated to use the new system.
I don't know why you would need to activate them all on the same day (and in fact that did neither happen in the US nor anywhere in Europe). An incremental rollout is always possible and the size of a market does not change anything about that. My European credit card still works with legacy systems deployed somewhere in the world that hadn't been updated. That doesn't change the benefits they got from updating most system here.
Incidentally, the large schemes usually set Europe-wide rules anyway.
Partly that's because the US banks didn't think the EU standard was secure enough. They were proven somewhat right when a fraud ring found a way to bypass some of the authentication[1]. Long story made short: The EU system did something like authorizing the pin to the card using the chip, but not requiring the bank to authenticate, which allowed the terminals to function without a network connection. Criminals inserted the chip from one card over the chip from another, intercepting the pin authentication request to the card and allowing it, and then allowing the transaction to proceed against the regular card. This would not work in the US where all the requests are verified by the bank over the network (which is why it takes longer).
That the US card industry is trying to move away from requiring a pin is somewhat strange, but I think can be explained by different people weighing in at different stages. Engineers nixed the EU type system as not secure enough, and then different company decision makers start pushing for no pin, to make sure they don't see a dip in usage. What you end up with is this.
But you don't have one or the other, you have both. Then you can upgrade slowly. It's not a great example (very small) but that's how it was done in New Zealand.
The good news is that upgrading all these terminals to chip will make chip-and-pin a simple matter of a software update.
I don't know if it was a matter of profit so much as fear of customer alienation. First they get customers used to using the chips. Then they can make them use pins later.
The biggest hurdle will be past once all the chip terminals actually work. It's crazy how many vendors were forced to install these things before the processors were even able to process chip transactions. Most small vendors in this area of the country still are not able to accept chip cards despite having the newer hardware. Thus they are now liable for fraudulent transactions on swiped cards because their processors cannot get their sh*t together.
But once that debacle is resolved, chip and pin should follow as a matter of course.
Frankly, I too wish they had just ripped the bandaid off. After having spent a couple weeks in europe, it is idiotic how many restaurants in non-tourist towns have to scramble to find the one terminal that can print a signature slip for their American guests.
I tried to pay with ApplePay at The Home Depot but their readers wouldn't allow it. If your company is seriously concerned about fraud, maybe allow customers to use available systems that help prevent it.
1) I go to a store and pick up what I need
2) I walk out of the store with everything and take it home
3) Store knows what I took (RFID tags)
4) Store knows who I am (Cameras, gait analysis, face, whatever, fingerprint at the door, phone swipe, credit card swipe, be creative)
5) I receive an e-bill when the vendor identifies me
6) I set up an auto-pay on my e-bill
Honestly, tap-to-pay doesn't seem like any difference at all vs cash or credit to me. Show me something where I don't even need to interact on exiting the store!
RFID didn't work reliably from more than a few inches away and with that many items? Tagging every item including bulk things like produce was a non-starter for merchants due to all the extra labor involved? RFID tags cost much more than the barcode already on product packaging? Check out hardware for this was massively expensive, didn't integrate with existing lane systems smoothly, confused consumers, was largely unavailable due to lack of demand, and was super buggy / unreliable?
Those are all guesses but they all seem likely to me.
Nah, you can always crank up the power in line with the inverse square law. Your other reasons are plausible. RFID tags are fairly cheap, but they can't compete with printing a barcode on a label.
> The original pitch for the RFIDs was that they'd just be able to scan your whole cart.
I'm sure the limiting factor at the moment is the incremental cost to the product. If an RFID tag costs 25¢ would you be willing to spend $1 instead of 50¢ for a can of corn, just for the privilege of not interacting with anyone? You might, but the average customer won't.
RFID is primarily used in application where the tag can be reused. I haven't seen many disposable RFID tags.
I'm sure a few of the engineers knew that would never happen. But it's someone else's job to sell the tech to businesses, and the stock to wallstreet ...
As incredibly convenient as that is, I always feel like I'm stealing stuff from the Apple store.
You walk in, pick something up, fiddle with your phone, and walk out.
The fact that the Apple people know that I bought something and smile or are nice to me on the way out just makes me feel more like they're watching me thinking I stole something.
I feel the same way. It is very bizarre! Reminds me of that scene from Holy Grail when the guards are just smiling and nodding when the prince is trying to escape from the castle.
But how do they know? Someone must know. Is it broadcast to their headsets?
In New Zealand, almost all terminals have had chip readers for years and I've never had any of those issues. In almost every case I just insert a card, type my pin and I'm good.
The German systems are a bit slower than others (and also everyone there, young and old, uses cash more than cards, which is odd), but they essentially work the same way.
America's credit and banking systems are over two decades behind the rest of the planet (including parts of India).
In NZ, Australia, Germany and Indian, people can make person-to-person transfers to anyone, on any bank, within 24-hours, for free, using just their account number and full name (and in Germany a one time use TAN number, which other countries are trying to implement). This is all taken care of at the government banking level. No Square. No PayPal. No Facebook. Just state mandated person-to-person transfers.
1) double tap home before I even get the phone out of my pocket
2) instant beep when it touches the terminal
3) grab receipt
I've had people comment that it takes longer because it feels like it does, since grabbing your phone is quicker than grabbing your wallet and removing your card, then putting the card back in the wallet and putting your wallet back in your pocket. It takes about the same amount of time, but there's more time spent doing nothing since the time in motion is less.
No pin to remember, instead trying on physical presence of my finger. It's much more secure because because nobody can watch over my shoulder and steal my finger.
At this point, what is stopping some other company from coming in and giving all the merchants a square-like payment terminal that doesn't use the credit card networks?
I honestly think this is something that needs to be done as a public works project, or a non-profit.
While a service that doesn't allow chargebacks is very, very merchant friendly, it is super not consumer friendly.
Chargebacks are frequently last resorts for dealing with unscrupulous businesses or places that just don't give a shit once they've sold you what they want to sell you.
That said, chargebacks can also be used vindictively and/or fraudulently. And Visa/MC/etc could do a better job in dispute handling.
The police and the law should protect consumers from fraud.
One major root of the problem is the liability shift from police to the cards and banks. If you're a buyer, you're suppose to file a chargeback, not call the police. If you're the merchant, you're suppose to contest the chargeback, not call the police. In a real sense, it's legalized theft enabled by a card ecosystem sustained by companies with a monopoly that make too much. To think the law favors these companies more than the people is outright disgusting.
For smaller purchases it's not worth it to go to the police or initiate a lawsuit, so people won't. But if they have no recourse they wouldn't buy at all, so payment processors need to offer some easier method of recovery.
If you as a merchant get an invalid chargeback, you can report the buyer to the police.
Right they wouldn't buy at all using these stupid cards. Which is the whole reason the entire industry has had to lobby and tilt the law in their favor. Same with not passing these fees to the buyer. People will always find ways to buy, and we're stuck with fees, risk, inconveniences, and all these band aids that do nothing to resolve the root of the problem. Just more work for everybody.
And for most people it's not worth trying to lift a pack of donuts off a store shelf, but if they do they get arrested and can end up with life in prison where there are three strikes laws. That's what keep the police busy and the prisons full. Credit card fraud is far more common, and usually the perpetrators are not desperate, are mentally well, intelligent and intentional -- far more deserving of punishment if that's what we're after.
Lots of countries have their own homegrown payment processing networks with low, fixed or zero fees. (examples include EFTPOS in Australia/NZ, EC/Girocard in Germany, Dankort in Denmark). These are often co-branded with VISA/MasterCard for use online or outside of the country.
What happened to RFID/contactless? All of my cards had RFID, and then when they were replaced got chipped. No RFID. I called all of the issuers and they said chip only, no RFID option available. It's almost like they want us to use our phones instead of the card itself?
And why are chip transactions so much slower than either swipe or contactless transactions? It really is something of a regression.
Your RFID card is very easy to attack. Recently I heard of an attack where a guy was sneakily putting a RFID card reader against people's pockets on the subway. With this he was able to charge each card $20 without them even having to authorize the transaction. (above $20 usually requires some auth)
Phones authorize the transaction differently and are this still safe to use for tap & pay.
The problem with that kind of attack is that it's easily traceable and easy to spot. That guy needed a merchant account to carry it out. To get that someone had to show their identity to the processor. Also, once it's discovered you can easily find out who else was affected.
It also takes some time to get that money out of the merchant account. I've yet to hear someone actually doing that in practice because it only sounds if you don't think too long about it.
Got any sources? That's a very common urban myth, there have even been some pictures that have gone viral on Twitter. As far as I can tell, every such story that's been actually tracked to the source has fallen apart.
This attack doesn't work because as soon as you're discovered by a few victims, the payment processor is going to roll back all your transactions. Not to mention the massive paper trail you leave behind when you are applying for a merchant account.
Not over the contactless interface, part of the data is different every time the card is tapped. It becomes worthless to 'clone' contactless cards because of that.
Credit card companies use their huge database of merchants and your own transaction history to authorize tap transactions. If anything is too out of the norm for you, the tap won't go through.
Furthermore, nobody is going to pay out on these fraudulent transactions once they're discovered. It's not as if the money is instantly transferred.
Digital currencies enable me to send $10 across the globe for less than a penny and Visa charges $0.30 - I have a hard time imagining a future where the system allows for such a large inefficient gap to remain for long.
Not saying that current digital currencies (bitcoin, etc) will replace Visa. Just that they show that this problem doesn't cost 3% of the transaction to solve.
If banks were to adopt some currency system that utilizes a blockchain-like technology, then I expect the currency would be accepted as cash more ubiquitously, but at that point it's all speculation.
It's interesting how in China they kinda leapfrogged credit cards all together (they still exist, but they're not ubiquitous). Here it's either cash or payments through phones and QR codes using Alipay/Wechat/etc. It's pretty fantastic and there is very little lock in like b/c these aren't hardware-centric technologies. Just download an app, connect it to a bank account and you're good to go (both merchant and customer). So competitors are free to disrupt all they want.
Meanwhile parasites like Visa skim an insane 3% off of the whole US retail economy. How this isn't banned by the government is beyond me... I'm sure it rivals the sales tax in some jurisdictions.
I received a debit card from my relatively small credit union a few days ago. I was very surprised to see that it didn't have a chip in it.
It seems likely that the fees they earn from "signature transactions" must be significant enough that they don't want anyone using it as a chip card.
An alternative answer is that the cost of the cards themselves is so much that they don't want to do it. When I lost my wallet, a different credit union charged me $10 for a replacement card. And neither had a chip. The other banks did it for free.
When this article mentions "signature transactions" it is speaking of "chip and sig(nature)", meaning that you must insert or "dip" the chip-enabled card into a terminal and then sign on the terminal. The signature is submitted to your bank along with the transaction for verification. "chip and PIN" is much the same, except that you must enter a PIN instead of signing, and the PIN is sent to your bank for verification. I would also add that signature verification doesn't really do much, since banks will accept just about anything as your authorized signature. A signature is also not required for transactions under $25 (usually, depends on the merchant and specific minimums that your issuing bank sets).
It is quite weird that you don't have a chip card, since it is mandated to only provide chip enabled cards as of October 2016. I would ask your credit union for the reasoning behind not issuing you one.
Every chip reader in Des Moines uses the same reader hardware, and every software install on them is radically different. Somebody is making bank writing the glitchy touch screen apps.
I've gone to cash whereever possible. I needn't monitor my CC accounts so closely, reconcile them at end-of-month nor worry about stolen cards. Sellers love cash.
Best of all I spend far less - I am more parsimonious if I pay with cash.
I did try Diaspora, but the UI seemed awkward and buggy, and it was slow despite me being the only person on it (maybe Heroku would have been better than a generic VPS).
tl;tr Fuck these cards. Go team Depot. Walmart is suing too. [0]
As someone with one foot in retail, I can honestly say these cards are not doing anyone any favors. Fraud is rampant and there are shoppers that travel the world [0.5] with stolen cards just to spend stolen cards and gift cards [1].
During the transition to chip, Square had liability shift for non-chip cards [2], but we failed to meet the requirements for a few transactions because we insisted on entering the ZIP for security, which requires key entry even at an additional fee. There was no feature to enable ZIP code entry for swipes. In these cases, trying to heighten security with additional measures was the wrong move for us. We should have just let them swipe and Square eat the cost.
Apple has been burying a scandal of its own with Apple Pay fraud. Once after a shopper left, we immediately received negative feedback through Square from someone claiming they didn't just buy anything from our store. Well, when someone has a phone, there is nothing to check. Though Apple Stores seem to have been hit hard, which seems appropriate [3].
The main problems are, 1) as retailers we cannot treat every customer as a crook nor can we profile them [4], 2) if they jump through all the hurdles, we can't then not sell them something even if something seems odd, and 3) in the case of Apple Pay, gift cards, and some swipe transactions, retailers are actually covered so even if buyers appear suspect, there is zero incentive to call them out, 4) the police don't treat it as shoplifting, and 5) some of the worst offenders are not suspicious at all, and can even be contesting their own purchases on purpose.
This is just a fact, but most of the scammers that came through our store were from NY and were black (again, just a fact, not saying anything about race or NY, though something does seem to be going on there [4][5]).
It's difficult to shop at the Home Depot by me. Either none or 1 register with an actual cashier and 4 self-checkouts of which usually only 2 are functional at any given moment. On a weekend I have abandoned my items and left more than once because of the length of the checkout lines. Fortunately a Lowes is opening close by soon. They actually have cashiers at the registers.
What makes you think 3% is low? Why isn't it high? Seems like a huge chunk of a transaction's cost to me.
To clarify, supposed we lived in bizarroland where the transation fee was 7%. bizarrologicallee could post this very same comment, but as "if they had a trust, credit card processing fees would be 15%, not 7%"
Percentage fees make absolutely no sense, and that is the end of the discussion. A flat fee regardless of the transaction amount is the only method that even registers as logical.
I think you mean transaction value ($) rather than transaction volume (#). You are correct, and the value is also the right thing to tax if you are funding 30-60 days of interest-free credit.
Thanks, English is not my first language. After looking at the first few Google hits for "transaction volume" it seems to be confusingly used with both meanings but it's best to be unambiguous.
Unfortunately with the way things are set up right now, a percentage fee is actually the only way it makes sense for processors, who are somewhat at the mercy of banks, who charge a percentage-based fee. So if they charge a flat fee, they run the risk of either losing money if the percentage fee is above their cost, or the business will overpay if the flat fee is a lot more than the percentage fee.
(Note, that applies even to flat percentage fee. That's what happens with companies like Square. They lost their shirt in their flat rate deal with Starbucks, because it cost them more to process the transactions than they made via the flat fee.)
But we don't live in bizarro-land where it's 7%, so we don't have to decide whether 7% or 15% would be profit-maximizing. But we can say for certain it's not 1.95%. The reason I feel that profit-maximizing is closer to 7% is the example of actual monopolies or duopolies.
Western Union, which cut its teeth on being a "an industrialized monopoly dominating the telegraph industry in the late 19th century" and in some areas I feel succeeded in establishing a money transfer monopoly, has rates close to 15% in some cases. Here is an economist talking about its remittance monopoly: http://therealnews.com/t2/index.php?option=com_content&task=...
So in areas where western union might have a literal monopoly, or a duopoly[2], they might set their price at around 12%. This is ridiculously high, and shows a monopoly level of pricing.
1.95% is a level that reflects a fair amount of competition, not at all a trust versus cash. You can argue till the cows come home, but you can see the actual monopoly or duopoly rates on this type of thing for yourself and compare.
For reasons I don't understand, the credit card makers have spent many years bringing the new chip cards to market, they include much higher technology than ever offered before, yet the payment process takes much longer. Of course these few seconds don't matter that much per transaction, but think it might be enough to actually make a meaningful difference in staffing levels and line lengths at big stores in December.
I do understand the fees though. The credit card brands and banks have worked themselves, through years of diligent effort, into a business where they can impose a kind of "tax" of 3% on most of the retail economy across the entire US. This is obviously of immense economic value to them, and they will work very hard at every level to maintain it for as long as possible. On the other hand, paying these companies a 3% tax on every retail transaction is... rather surprising in the grand scheme of things, and seems unlikely to persist for that much longer.