[est1895]

Some article here about Microchips on the new Credit Cards.

http://pro.whitepages.com/blog/fraud-train-is-coming/?utm_source=outbrain&utm_medium=cpc&utm_campaign=ecomm-q4-15&utm_term=promoted-content&utm_content=pro-ecom-infographic

[z64555]

Hm? the chips have been around for quite some time (since '94 or so), its that shiny brass looking stamp on the face of the card. EMV standard

What's more interesting is the card spoofing fraud.

[Bobboau]

yeah, I'm not a fan of this technology. It's user experience has much to be desired.

[Klaustrophobia]

Learn how Whitepages Pro can help you process orders faster while helping to fight the rise in fraud.

I think that pretty much sums this article up.

On a more general note, I don't really get the point of chips.  So I insert the card instead of sliding it.  How does that help prevent anyone other than me using it?  Is it supposed to be more resistant to skimming?  If so, that's probably only because it's newer and tools aren't readily available.  Yet.  That will change.

[Phantom Hoover]

Wait, is this article actually predicting calamity because you're switching to chip and PIN? Jesus christ, those have been standard in the UK for a decade and we haven't been swept away by a tide of fraud.

The major benefit, AIUI, is that you can't use the card at all without knowing the PIN; so if you keep it safe, skimming is outright impossible.

[MP-Ryan]

Wait, is this article actually predicting calamity because you're switching to chip and PIN? Jesus christ, those have been standard in the UK for a decade and we haven't been swept away by a tide of fraud.

The major benefit, AIUI, is that you can't use the card at all without knowing the PIN; so if you keep it safe, skimming is outright impossible.

Lordy.  Canada has also been on this tech for years; it's not even remotely inconvenient and it greatly enhances security.  I cannot fathom why the US has not seen widespread adoption ages ago.

[Mongoose]

I'd imagine the simple reason we took so long is because money, i.e. no one wanted to pay to update all of their card-reading equipment.

[Klaustrophobia]

It's just chip.  There is no PIN involved, at least as it stands now.  The new card they sent me can function either identically to 'normal' credit cards with the swipe, or insert it into the machine, sign the pad, and take it out.  That's why I said insert instead of swipe.  And no, not a single cashier in the history of EVER has asked to compare signatures.  Hell I haven't even signed any of my cards since the very first one.

[Phantom Hoover]

I don't actually know how EMVs work but you could make an unskimmable bank card quite easily by putting a cryptographic key on the chip and having it sign any transactions passed to it. You can't do that with a magnetic strip.

e: yeah that's pretty much how EMVs work.

[NGTM-1R]

I remember my father actually had a card with a chip for some time in the early '90s. He was annoyed when it went away because the crypto did too.

I'd imagine the simple reason we took so long is because money, i.e. no one wanted to pay to update all of their card-reading equipment.

Pretty much. Only when the fraud cut too high into the profits did things change.

And no, not a single cashier in the history of EVER has asked to compare signatures.  Hell I haven't even signed any of my cards since the very first one.

I have a friend who was only ever asked about a signature when he drew a penis for one.

Breasts and butts were okay, though.

[rev_posix]

It's just chip.  There is no PIN involved, at least as it stands now.  The new card they sent me can function either identically to 'normal' credit cards with the swipe, or insert it into the machine, sign the pad, and take it out.  That's why I said insert instead of swipe.

I'm supposed to be getting one of these things on my next card(s) as well.  Seriously debating taking a razor to it to try and disable/kill the pad.  If I was interested in something like this, I'd be using the NFC function on my phone with google wallet.

And no, not a single cashier in the history of EVER has asked to compare signatures.  Hell I haven't even signed any of my cards since the very first one.

I rarely have cashiers ask to check mine, even tho I have written in caps next to my signature *CHECK ID*.

Some of the reasons for this, I think:

• The cashier simply doesn't care
• There is a rule in the US that retailers don't have to get a signature/check for anything under $AMOUNT, which is think is around 25-30 (I don't recall the exact amount)
• Many people seem to be annoyed by being 'challenged' and 'delayed' by the check

Hell, even tho the rules allow a cashier to reject a card that doesn't have a signature, it seems a lot of them only care that something is there, and even then some cashiers don't even care that much. 

[Phantom Hoover]

It's just chip.  There is no PIN involved, at least as it stands now.  The new card they sent me can function either identically to 'normal' credit cards with the swipe, or insert it into the machine, sign the pad, and take it out.  That's why I said insert instead of swipe.

I'm supposed to be getting one of these things on my next card(s) as well.  Seriously debating taking a razor to it to try and disable/kill the pad.  If I was interested in something like this, I'd be using the NFC function on my phone with google wallet.

why

what the hell is it about a ****ing microchip that terrifies you so deeply

[Scotty]

Hell, even tho the rules allow a cashier to reject a card that doesn't have a signature, it seems a lot of them only care that something is there, and even then some cashiers don't even care that much. 

As a cashier, it's not that we don't care, it's that while you may not be upset by it, there are people who will pitch fits and it's simply not worth the headache.  Especially since we don't get to see what you wrote in the first place.  The signature is more useful to your issuing company than it is to a POC purchase site.

[rev_posix]

what the hell is it about a ****ing microchip that terrifies you so deeply

Nothing about the chip itself 'terrifies' me.

The ability of the various corporations that are more concerned about short term cost savings when it comes to developing these things than actually providing decent to good security, that's what worries me.

I don't really trust the CC companies to put my best interests first.  You can have it done quickly, cheaply, or correctly, pick two.  History tends to show that the various companies will take quickly and cheaply over any other choice that has correctly as one of the two options.

[/quote]

As a cashier, it's not that we don't care, it's that while you may not be upset by it, there are people who will pitch fits and it's simply not worth the headache.  Especially since we don't get to see what you wrote in the first place.  The signature is more useful to your issuing company than it is to a POC purchase site.

I figured this was one of the reasons, thanks for validating that it's a current thing.  I did retail for around 5+ years, and I remember that the number of people that were actually thankful that I payed attention to it was minuscule, most just rolled their eyes or acted like I was insulting them.

[z64555]

Signature on the card is there because, in the event that electronic devices fail, a retail chain may still accept a credit card as payment by using the card number and comparing the card holder's signature on paper against the signature that's on the card.

From what I know, we cannot accept a credit card whose written signature doesn't match to that on the signature on the card, nor can we accept a card from somebody who isn't the card owner.

...But then again I don't think many people bother with a bunch of that stuff. Identify fraud only happens in the movies, right? </sarcasm>

[Phantom Hoover]

what the hell is it about a ****ing microchip that terrifies you so deeply

Nothing about the chip itself 'terrifies' me.

The ability of the various corporations that are more concerned about short term cost savings when it comes to developing these things than actually providing decent to good security, that's what worries me.

I don't really trust the CC companies to put my best interests first.  You can have it done quickly, cheaply, or correctly, pick two.  History tends to show that the various companies will take quickly and cheaply over any other choice that has correctly as one of the two options.

Then why trust them with your money at all? Why are you so keen on having your transactions done with an easily-skimmed magnetic strip and so violently opposed to using a far more secure chip?

[jr2]

what the hell is it about a ****ing microchip that terrifies you so deeply

Nothing about the chip itself 'terrifies' me.

The ability of the various corporations that are more concerned about short term cost savings when it comes to developing these things than actually providing decent to good security, that's what worries me.

I don't really trust the CC companies to put my best interests first.  You can have it done quickly, cheaply, or correctly, pick two.  History tends to show that the various companies will take quickly and cheaply over any other choice that has correctly as one of the two options.

Then why trust them with your money at all? Why are you so keen on having your transactions done with an easily-skimmed magnetic strip and so violently opposed to using a far more secure chip?

I think PH is trying to say the 'quickly and cheaply' option was the magnetic strip, which is now being (slowly, haltingly) replaced by a better option.

[rev_posix]

Then why trust them with your money at all? Why are you so keen on having your transactions done with an easily-skimmed magnetic strip and so violently opposed to using a far more secure chip?

I wouldn't say that I'm 'violently opposed' to them, but no, I don't fully trust them with my money.

I have a debit card, yes, it's a near necessity in the states, and I try to watch for readers that look 'odd'.  I have notifications set up for any transactions that are submitted, no one has access to my account except for my employer for payroll deposits (didn't have too much of a choice on that one), and of the CC accounts I have, only two are 'activated'/signed and on my person when I am out doing things.  They do not leave my sight.

I fully admit that it may seem paranoid.  Heck, my refusal to allow auto-withdrawal from my account(s) has seemingly broken a few brains along the way.  But thus far, I have not had my ID stolen or any unauthorized attempts on my accounts, unlike my mother who has had it happen at least twice.

I also remember when bluetooth first came out, and how a lot of proof of concepts were shown 'in the wild' allowing for eavesdropping and such, well past the specified range and what most people thought was possible.  If it uses RF...

It's also basic computer security.  If you don't have a need for it, turn it off/disable it.

I think PH is trying to say the 'quickly and cheaply' option was the magnetic strip, which is now being (slowly, haltingly) replaced by a better option.

Oh, I get that.  I just have little faith that the companies will implement said chip in a way that will make it a better/safer option.

[Phantom Hoover]

This isn't new, untested technology or anything, it's been the standard for up to a decade in other countries and it's passed the test of time. Can you not even see why it's in your interest, as a security-conscious consumer, to use a payment method that can't be skimmed?

[Klaustrophobia]

But what stops it from being skimmed?  Just the fact that there aren't easily obtained devices to do it yet?  What stops someone from creating a reader that reads the exact same info as the payment processor and copying it to be loaded onto another chip?