No. of Recommendations: 2
I love Apple Pay. No PIN. Fast. Easy to use. No card needed. The merchant gets none of my information. Works online too. Security equivalent to access to my iPhone or Apple Watch.

And when the Apple credit comes out this month I'll get 2% back on all Apple Pay transactions with no annual fee.

The only drawback is that not all merchants do Apple Pay yet.

-IGU-
Print the post Back To Top
No. of Recommendations: 3
What are the risks with contactless cards?

You might want to read through this information about contactless cards put out by Visa https://usa.visa.com/pay-with-visa/contactless-payments/cont... and Mastercard https://newsroom.mastercard.com/2018/01/17/dispelling-the-my...

I have considered trying to obtain a chip and pin card instead of my existing chip and signature cards.

Chip AND signature? HAHAHAHA I am rarely asked for a signature any longer when I insert my chip card into the terminal. I do still have to sign at restaurants where the wait staff takes the card, but at the restaurants where they have the terminals on the table, and the terminals are chip-enabled - no signature there, either. The only places where I regularly have to sign are the places where the terminals aren't chip-enabled, so I have to swipe the mag strip.

AJ
Print the post Back To Top
No. of Recommendations: 1
You might want to read through this information about contactless cards put out by Visa https://usa.visa.com/pay-with-visa/contactless-payments/cont...... and Mastercard https://newsroom.mastercard.com/2018/01/17/dispelling-the-my......

Read it and am unconvinced. They haven't dispelled anything other than name and other data isn't transferred in a contactless transaction. I am not certain how secure the one time code is. It is better than no one time code.

I have considered trying to obtain a chip and pin card instead of my existing chip and signature cards.

Chip AND signature? HAHAHAHA I am rarely asked for a signature any longer when I insert my chip card into the terminal. I do still have to sign at restaurants where the wait staff takes the card, but at the restaurants where they have the terminals on the table, and the terminals are chip-enabled - no signature there, either. The only places where I regularly have to sign are the places where the terminals aren't chip-enabled, so I have to swipe the mag strip.

AJ


Signature isn't required for most small transactions. The table top terminals at the restaurants here require a signature. Signing with a finger makes for a very strange signature but not as bad as trying to sign with a mouse.
Print the post Back To Top
No. of Recommendations: 2
I am not certain how secure the one time code is. It is better than no one time code.

If you don't trust one time codes, then you shouldn't trust chip card transactions, because the chip card protocols are all based on one time codes.

The table top terminals at the restaurants here require a signature.

Even the ones that allow chip transactions, rather than mag strip swipes? The ones that only allow you to swipe still require signature. The ones that allow chip transactions (a recent change) don't require a signature.

AJ
Print the post Back To Top
No. of Recommendations: 2
vkg,

You wrote, What are the risks with contactless cards?

Current contactless cards use cryptographic authentication technology similar to cards with chips; but instead of the reader making physical contact with the contact points on the chip, they communicate over near-field RF, similar to RFID. All this authentication technology does is guaranteed to the issuer that the merchant was (momentarily) in physical possession of an authentic card from that issuer for that account.

In my opinion there are still a handful of serious security issues with contactless credit cards. The most serious one is that someone with a sophisticated (probably phone) app could in theory use it to make a purchase by simply waving their phone / reader over your wallet / purse without you realizing it's being read. Using contactless payment technology on a cell phone doesn't generally suffer from the same problem because you have to launch the payment app and select a card for payment - so it requires a physical act to confirm the payment. A contactless card doesn't have that requirement as anyone in close proximity could initiate the payment.

Personally I'd never accept a contactless card from an issuer. I have other issues with using a phone for payments; but I might eventually consider that. My main concern about using a phone for payment is two-fold:

1. I'm not sure I trust that my phone can't be compromised if I lose it, and
2. I'm not certain that I trust that all the different payment technologies themselves have been validated as secure.

In particular I've worked for Samsung on their phones in the past. If they tell you something is secure, I wouldn't trust it. Also if they discover that an older model of something has been compromised, I wouldn't trust that they will (or even can) fix it. But my personal phone is a Samsung so I'm probably not going there any time soon even though it's technically capable of it.

- Joel
Print the post Back To Top
No. of Recommendations: 1
I am not certain how secure the one time code is. It is better than no one time code.

If you don't trust one time codes, then you shouldn't trust chip card transactions, because the chip card protocols are all based on one time codes.


The question is if RFID skimmed information sufficient to associate the one time code.

The table top terminals at the restaurants here require a signature.

Even the ones that allow chip transactions, rather than mag strip swipes? The ones that only allow you to swipe still require signature. The ones that allow chip transactions (a recent change) don't require a signature.

AJ


Yes, I used a chip card yesterday at a table top terminal yesterday and it required a signature.
Print the post Back To Top
No. of Recommendations: 3
I used a chip card yesterday at a table top terminal yesterday and it required a signature.

Sometimes the signature requirement is based on a value -
Some places are $25, some $50... Transactions below that limit do not require signatures.

and those are different than square transactions, which (IME) always ask fr a signature, at which no one eveer looks.
I tend to draw little stick figure pictures or smiley faces when faced with the "sign with your finger" option.

peace & payment methods
t
Print the post Back To Top
No. of Recommendations: 1
But my personal phone is a Samsung so I'm probably not going there any time soon even though it's technically capable of it.


Same.

I don't even like the chipped cards. In locations where the readers are equipped to handle sliders and chipped cards, I'm annoyed by the fact that they force me to use the chip if the card has it. It was easier to just swipe the card in the slot. With the chip, I've got to insert the end of the card and wait for a month while it thinks. The swipe never made me wait.

Paying with a phone is just as much trouble as using the chip.

Give me back my swipe cards. Faster than using the chips, and faster than using the cell phone. Screw extra security, I want the least effort.

xtn
Print the post Back To Top
No. of Recommendations: 2
With the chip, I've got to insert the end of the card and wait for a month while it thinks.

I think most of any delay is dependent on the merchant's payment system & their POS terminals age. Most newer POS terminals are pretty quick, at least in pulling your data from the card. The major grocers' systems seem pretty responsive to me. I get an approval while the checker continues to scan items. Heck I then get phone e-notices from card confirming the purchase almost instantly as I gather my bags. Most major, newer gas station terminals are pretty quick too.

I grant there are smaller operators/owners who's equipment causes the card and wait for a month while it thinks. But I think the old terminals are getting fewer & fewer. That may be due to increased liability to the operator on the older terms.

And I have seen & experienced "swiped" readers fail to do so (read the strip) unless you use the plastic bag "hack" to get it to read, i.e.- scanning the card wrapped with a plastic bag. Why that works & who figured it out is beyond me but that's been my experience. Along with this non-reading NOT happening on my chipped cards.... So far!
Print the post Back To Top
No. of Recommendations: 3
xtn,

You wrote, Give me back my swipe cards. Faster than using the chips, and faster than using the cell phone. Screw extra security, I want the least effort.

Right... I don't find them all that painful. And the POS systems seem to be getting better, at least around here.

The additional security actually benefits the merchants most because banks mostly make the merchants eat credit card fraud. The chip is used to cryptographically authenticate a transaction by signing it with a key that only the bank and the chip know. This should guarantee that the card is authentic - assuming a hacker doesn't expose a bank's database.

This benefits the merchant because it proves that the merchant was in possession of a legitimate card at the time of the transaction. That makes it tough to dispute the charge, because only the NSA could afford the devoted resources needed to duplicate a chipped card. (Even then they'd need to be in possession of the card for a while.) So now the merchant now has proof that the card was authentic making it difficult for the bank to justify a charge-back on the basis of fraud.

This one change effectively ends a huge fraction of all credit card fraud. Once every brick and mortar merchant requires chipped cards, the banks will need to figure out how to do something similar for online merchants.

In any case, it's still faster than paying cash. And way faster than writing a check.

- Joel
Print the post Back To Top
No. of Recommendations: 2
kitsapkidd,

You wrote, I think most of any delay is dependent on the merchant's payment system & their POS terminals age. ...

I think this maybe two-fold. First, some POS systems are probably still connecting via some kind of dial-up link. Second, I *think* the original scheme involved the reader cryptographically signing the entire transaction record, which requires the chip be inserted into the reader. I've not looked into it, but I suspect they've gone to signing some kind of preamble instead just to authenticate that they were in possession of the chip. I think the actual charge amount / transaction record is no longer being signed.

The second part is evident by the fact that you can remove your card these days before the merchant is done ringing up your transaction. Since the card is required to generate that signature, they couldn't be signing the entire transaction record ... or anything with the charge total. Anything that is not signed can in theory be modified without detection during the transmittal.

If I'm right that actually creates a small security vulnerability. While it proves the merchant was in possession of the card, it doesn't prevent someone in the middle from modifying the charge amount. This is a much harder attack to accomplish and it doesn't actually do the same kind of thing you usually think of as credit card fraud; but it might let a clever hacker steal from the bank and/or merchant without any obvious or at least immediate repercussions. Still, attacking the system in this way is probably a much smaller threat so they may have understood the issue and decided to make the change for the sake of convenience.

- Joel
Print the post Back To Top
No. of Recommendations: 1
In any case, it's still faster than paying cash.


A little bit I guess, but only if you want to wait for change.

xtn
Print the post Back To Top
No. of Recommendations: 3
Morning All

What I don’t understand - and never have - is why America has not embraced the “chip and PIN” solution used for credit cards in the rest of the world. No signature required. Instead, you insert your card into the reader, type in your PIN and the payment to the vendor is verified instantaneously by your bank. In restaurants in Europe, card readers are brought to your table, not hard-wired in, and your card never leaves your sight. Yes, it requires an active connection to the internet but everywhere has Wi-fi. (I’ve even seen cellphones used to provide that at craft fairs.)

We do have contactless cards and the UK spending limit per transaction is £30 (less than $40 USD), but you always have the option of paying via chip-and-PIN. I know of places that sell metal-lined card holders, to prevent skimming, but I have never actually met anyone whose card has been skimmed. (Stollen and used, yes; skimmed no.)

- Pam
Print the post Back To Top
No. of Recommendations: 0
why America has not embraced the “chip and PIN” solution used for credit cards in the rest of the world.

Personally, I would hate to have to type in a PIN for each credit card transaction because it means I would have to remember the PIN for each of my cards, as would DH. We each have a couple of personal credit cards plus a shared card for his business, so we'd have to set and know PINs as well which I would find quite cumbersome.

I'm happy to just stick the chip side of the card in and let the machine do its work. I do not want to see one more step added.
Print the post Back To Top
No. of Recommendations: 1
What I don’t understand - and never have - is why America has not embraced the “chip and PIN” solution used for credit cards in the rest of the world.

Issuers concerns that it would decrease the use of credit cards.
Print the post Back To Top
No. of Recommendations: 2
Personally, I would hate to have to type in a PIN for each credit card transaction because it means I would have to remember the PIN for each of my cards, as would DH. We each have a couple of personal credit cards plus a shared card for his business, so we'd have to set and know PINs as well which I would find quite cumbersome.

Errr... no. Every card I’ve ever had allows for you to change your PIN from the one issued. You just need to go to a cash machine, tap in the original PIN and select the option to change it.

- Pam
Print the post Back To Top
No. of Recommendations: 1
What I don’t understand - and never have - is why America has not embraced the “chip and PIN” solution used for credit cards in the rest of the world.

Issuers concerns that it would decrease the use of credit cards.


But that’s silly. Credit card usage has grown exponentially, world wide, because it’s deemed safer and more convenient than carrying cash and most countries require chip-and-PIN. Apple-pay and Android-pay mean you don’t even have to carry your credit card, just your phone. In Sweden, the majority of purchases are made electronically - there’s even speculation about how long it will be before cash is fazed out of use - and most people use their credit card, not their debit card, because credit cards carry extra consumer rights.

- Pam
Print the post Back To Top
No. of Recommendations: 1
Every card I’ve ever had allows for you to change your PIN from the one issued. You just need to go to a cash machine, tap in the original PIN and select the option to change it.


I understood that, but do you have the same PIN on all your credit cards? That would not seem very secure to me, so how do you remember the PIN on your various cards? I have 4 credit cards in my wallet with some used more than others, and DH has a similar number. I would find it very hard to remember the various PINs for each of those cards, even assuming that I had changed it.

Do you only have one card? I can see where only having one would not be as cumbersome.

I stand by my statement that I do not want a PIN as well as a chip for any of my cards, and if that were required, I would not use that particular card.
Print the post Back To Top
No. of Recommendations: 2
Issuers concerns that it would decrease the use of credit cards.

But that’s silly.


Just because it is silly doesn't mean it isn't true.
Print the post Back To Top
No. of Recommendations: 2
I love Apple Pay. No PIN. Fast. Easy to use. No card needed. The merchant gets none of my information. Works online too. Security equivalent to access to my iPhone or Apple Watch.

And when the Apple credit comes out this month I'll get 2% back on all Apple Pay transactions with no annual fee.

The only drawback is that not all merchants do Apple Pay yet.

-IGU-
Print the post Back To Top