Skip to main content
No. of Recommendations: 2
kitsapkidd,

You wrote, I think most of any delay is dependent on the merchant's payment system & their POS terminals age. ...

I think this maybe two-fold. First, some POS systems are probably still connecting via some kind of dial-up link. Second, I *think* the original scheme involved the reader cryptographically signing the entire transaction record, which requires the chip be inserted into the reader. I've not looked into it, but I suspect they've gone to signing some kind of preamble instead just to authenticate that they were in possession of the chip. I think the actual charge amount / transaction record is no longer being signed.

The second part is evident by the fact that you can remove your card these days before the merchant is done ringing up your transaction. Since the card is required to generate that signature, they couldn't be signing the entire transaction record ... or anything with the charge total. Anything that is not signed can in theory be modified without detection during the transmittal.

If I'm right that actually creates a small security vulnerability. While it proves the merchant was in possession of the card, it doesn't prevent someone in the middle from modifying the charge amount. This is a much harder attack to accomplish and it doesn't actually do the same kind of thing you usually think of as credit card fraud; but it might let a clever hacker steal from the bank and/or merchant without any obvious or at least immediate repercussions. Still, attacking the system in this way is probably a much smaller threat so they may have understood the issue and decided to make the change for the sake of convenience.

- Joel
Print the post  

Announcements

UGC Disclosure Notice Regarding Credit Card Posts
Community board discussions about credit cards are not provided or commissioned by banks who may have advertising relationships with The Motley Fool. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.
TMF Credit Center
The Motley Fool Credit Center arms you with real tools and simple messages, that will help you in every credit situation.
What was Your Dumbest Investment?
Share it with us -- and learn from others' stories of flubs.
When Life Gives You Lemons
We all have had hardships and made poor decisions. The important thing is how we respond and grow. Read the story of a Fool who started from nothing, and looks to gain everything.
Contact Us
Contact Customer Service and other Fool departments here.
Work for Fools?
Winner of the Washingtonian great places to work, and Glassdoor #1 Company to Work For 2015! Have access to all of TMF's online and email products for FREE, and be paid for your contributions to TMF! Click the link and start your Fool career.