?

Log in

entries friends calendar profile Metphistopheles Previous Previous Next Next
The Fable of the Tortoise and the Tortoise - Blather. Rants. Repeat.
A Møøse once bit my sister ...
captainsblog
captainsblog
The Fable of the Tortoise and the Tortoise

The world of electronic-supported payment transactions changed substantially two days ago. You might have missed it, because it seems that nobody involved in the process seemed to give a shit.

Dominus vobiscum nabisco. Espiritu sanctum. De gustibus. Me gustibus. You gustibus. We missed the bus. They missed the bus. Summa cum laude. Magna cum laude. The radio's too laude. Adeste fidelis. Centra fidelis. High fidelis. Post meridian. Ante meridian. Uncle meridian. All of the little meridians. Magna carta. Master charga.

The quote is from Johnny Dangerously, which Eleanor brought out last night and we finished watching a little while ago. It's that last reference thatsa the mosta relevant: Master Chargas, and Visas, work mucha more differenta in the US today than they did on 30 September. Or not.

You go to Wegmans. You buy dishwasher soap at Wegmans. (My law school professor. who I'm mocking here, didn't understand the market and said "you buy dishwasher at Weg-mannnns.") To pay, you swipe your payment method; if it's under 50 bucks, you're APPROVED! without further action. A penny beyond, you sign on the terminal (I typically sign the words "WITH PEN" because that's what the terminal tells me to do;)  If it turns out that Johnny Dangerously stole or cloned my card? Until Thursday, my bank ate the charge. But as of October 1, the liability shifted to any merchant which did not process a newly-issued "chipped" card with a compliant chippy cardy readery.

Wegmans has them- has had them for years. Because, Canadians. They long ago adopted the "EMV protocol" which stores the card's data on a chip rather than on a magnetic stripe, and which, coupled with other anti-fraud things on the chip, makes it much harder for hackers to take you down just by knowing your 16-digit number.

American banks, you'd think, would have been quick to adopt the new type of card standard to shift liability over to the merchants. They have not. Between us, we have at least five cards (debit or credit) which allow us to buy anything within our credit limits or current bank balances; not a one of them put a chipped card into our wallets by the October 1 changeover date.  One site offers the best explanation of why, and it has to do with the alternative uses of the same pieces of plastic which also require the much more secure use of a four-digit PIN:

Visa and MasterCard could have resolved this problem by forcing card issuers to use chip ‘n’ PIN only; but they never did.

Why some card issuers have chosen to require only a signature instead of a PIN is up for interpretation. “We can’t speak for all banks but one reason a bank may be issuing signature-preferring cards today is because cardholders are used to signing for most card purchases and adding a PIN would add cost and complexity,” Vanderhoof told WIRED. “This approach allows them to get chip cards in consumers hands quickly and start protecting against counterfeit card fraud, and then they may take the opportunity to introduce PIN-preferring cards later down the line.”

Avivah Litan, an analyst with Gartner Research who specializes in card fraud among other things, says this argument is bogus.

“This argument that [signatures are] more convenient for consumers is … not a legitimate argument if you look at the evidence with the consumer experience in Canada and other countries. The PIN has not been a barrier,” she notes.

Not to mention, Brewer adds, that cardholders are already used to using PINs at ATMs and four-digit passcodes to unlock their mobile phones. If there’s any confusion on the part of cardholders about using the new cards, he notes, it’s due to the fact that card issuers have been poor at communicating how the chip cards are different from old cards. According to a recent survey of 1,000 cardholders, the majority who received new chip cards from their card issuers didn’t know why they had received them. And only about 30 percent were even aware that the US was in the process of migrating to EMV technology.

Instead, Litan suggests there’s another reason why banks in particular want to use signatures with the new cards instead of PINs. “Because if the PIN [and card are] stolen, then that PIN [and card] can be used at the ATM machine, where banks are responsible for the fraud,” she told WIRED. Cards that don’t have a PIN associated with them can’t be used at ATMs, but can be used in stores, where the merchants share liability. “They’re more interested in protecting themselves than they are in helping the retailers out.”

So Wegmans, and, yes, Walmart, will endure more lost profits because Chase and Citi  and their ilk are afraid of 1-2-3-4 PINs that would expose them to greater losses if script kiddies got a hold of an account-linked debit card.  Banks and merchants have been fighting over this sort of thing for years, mainly over pennies and mills of fees which vary based on whether you sign for a purchase or use a PIN. As of October 1, the stakes got even higher, and neither party seems to be rushing to protect its own turf.

Therefore, if you have a credit or debit card with a Visa or Mastercard logo on it, check where your issuer stands.  If necessary, go in, as I did the other day, and ask for a new chipped card. It'll at least minimize the need for you to have to screw around figuring out where-all that card is authorized to deduct for gym memberships, Netflix fees, whatever, the next time some major retailer gets h!ck3d.

3 comments or Leave a comment
Comments
bill_sheehan From: bill_sheehan Date: October 4th, 2015 01:47 am (UTC) (Link)
Fraud is a cost of doing business.

The banks want to ensure that cost is borne by someone else. The customer will cut up his cards as quick as boiled asparagus if he's on the hook for it. That just leaves the merchant.

The merchant sees a silver lining: payment data is information, grist for the mighty CRM mill that tells them Owen buys diapers and beer on Wednesday evenings. And then some clever bastard comes up with a payment method like Apple Pay that denies the store that data.

They'll make it up on the bananas.
xiphias From: xiphias Date: October 4th, 2015 12:38 pm (UTC) (Link)
Our chip cards came in the mail a couple days before the deadline. I have been able to use the chip card once so far, at Walgreens, to pick up my prescriptions. Fortunately, the pharmacist was able to talk me through the process -- you have to stick the card in the slot, then LEAVE it in the slot while it checks the validity of the card.

Pretty easy.

Would be just as easy if I'd typed on the PIN pad instead of signing.
yesididit2 From: yesididit2 Date: October 5th, 2015 03:46 pm (UTC) (Link)
thank you for including where that quote came from. i read it and i was like I KNOW THIS! where on earth do i know this from? i havent watched johnny dangerously in years and years. my favorite part was when they kept peeling the color off the car and ended up with the blue baby duckies or something like that.

the majority who received new chip cards from their card issuers didn’t know why they had received them.
... i'm one of those. wondering why i'm suddenly getting mailed new credit cards with a chip in them and WTF this chip is for. i vaguely remembered something about more security, but nothing about how that works or why they're more secure. aaaaand since i didnt understand why, i havent activated either of the two new chip credit cards i've received.

i think i prefer that the credit card company be liable rather than the retailer.
3 comments or Leave a comment