Why aren’t chip credit cards stopping “card present” fraud in the US?
-
@scottalanmiller said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@coliver said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
Isn't this because we don't require "chip and pin" and just require chip? That was one of the big critisims of this system when it was first being pushed out.
Yes, it's basically a scam. The "just chip" system is just swiping by another name. It's meant to confuse and mislead American customers, IMO, and has absolutely nothing to do with security like they do in Europe.
Agreed, although it is supposed to do a one-time-code type of transaction... but that's obviously not well implemented or doesn't work.
-
@coliver said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@scottalanmiller said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@coliver said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
Isn't this because we don't require "chip and pin" and just require chip? That was one of the big critisims of this system when it was first being pushed out.
Yes, it's basically a scam. The "just chip" system is just swiping by another name. It's meant to confuse and mislead American customers, IMO, and has absolutely nothing to do with security like they do in Europe.
Agreed, although it is supposed to do a one-time-code type of transaction... but that's obviously not well implemented or doesn't work.
"One time code" means nothing when the code isnt required for next time!
-
@mlnews said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
Fraud is on the rise despite a move to chip cards.
A security analysis firm called Gemini Advisory recently posted a report saying that credit card fraud is actually on the rise in the US. That's surprising, because the US is three years out from a big chip-based card rollout. Chip-based cards were supposed to limit card fraud in the US, which was out of control compared to similar fraud in countries that already used EMV (the name of the chip card standard)....
I remember reading comments from the American payment industry folks that basically said Americans were too stupid to do Chip & PIN. We've had it here for a very long time with TAP being a relatively recent addition. TAP is limited to $50 or $100 depending on merchant and product. It makes transactions fast versus any other method.
Swipe needs to be banned. Period.
Next up: RFID protection wallets. A must-have for frequent travelers.
-
@PhlipElder said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@mlnews said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
Fraud is on the rise despite a move to chip cards.
A security analysis firm called Gemini Advisory recently posted a report saying that credit card fraud is actually on the rise in the US. That's surprising, because the US is three years out from a big chip-based card rollout. Chip-based cards were supposed to limit card fraud in the US, which was out of control compared to similar fraud in countries that already used EMV (the name of the chip card standard)....
I remember reading comments from the American payment industry folks that basically said Americans were too stupid to do Chip & PIN. We've had it here for a very long time with TAP being a relatively recent addition. TAP is limited to $50 or $100 depending on merchant and product. It makes transactions fast versus any other method.
Swipe needs to be banned. Period.
Next up: RFID protection wallets. A must-have for frequent travelers.
TL;DR Because People of Walmart
-
@PhlipElder said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
Swipe needs to be banned. Period.
I would love a swipe + pin setup. I think that would be the best of all worlds. Fast, easy, secure.... for the most part.
-
@coliver said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@PhlipElder said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
Swipe needs to be banned. Period.
I would love a swipe + pin setup. I think that would be the best of all worlds. Fast, easy, secure.... for the most part.
Nope. That magnetic stripe needs to disappear. Skimmers are easy. It's really tough to "skim" a CHIP setup.
-
@PhlipElder said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@coliver said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@PhlipElder said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
Swipe needs to be banned. Period.
I would love a swipe + pin setup. I think that would be the best of all worlds. Fast, easy, secure.... for the most part.
Nope. That magnetic stripe needs to disappear. Skimmers are easy. It's really tough to "skim" a CHIP setup.
Oh, I think I'm talking about something else? Tap? where you just tap the card to the reader?
I agree swipe needs to die and then we can take the credit card form factor down a touch.
-
@nadnerB said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
A significant majority of cards here in Au have a "tap 'n' go" feature. There are idiots the put a nail punch into the chip several times to "disable" the "tap 'n' go" feature to make their card "more secure"... which send them right back to magnetic strip swiping... #MeatwareMayhem
Even when it's important to them, the end user refuses to educate themselves.
While I'm not surprised to hear about hole punching - I've never heard about it - what, do they just not want to be more secure? Why kill the chip?
-
@Dashrender said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@nadnerB said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
A significant majority of cards here in Au have a "tap 'n' go" feature. There are idiots the put a nail punch into the chip several times to "disable" the "tap 'n' go" feature to make their card "more secure"... which send them right back to magnetic strip swiping... #MeatwareMayhem
Even when it's important to them, the end user refuses to educate themselves.
While I'm not surprised to hear about hole punching - I've never heard about it - what, do they just not want to be more secure? Why kill the chip?
Because part of the chip is RFID capabilities. Stupid humans still.
-
@JaredBusch said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@Dashrender said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@nadnerB said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
A significant majority of cards here in Au have a "tap 'n' go" feature. There are idiots the put a nail punch into the chip several times to "disable" the "tap 'n' go" feature to make their card "more secure"... which send them right back to magnetic strip swiping... #MeatwareMayhem
Even when it's important to them, the end user refuses to educate themselves.
While I'm not surprised to hear about hole punching - I've never heard about it - what, do they just not want to be more secure? Why kill the chip?
Because part of the chip is RFID capabilities. Stupid humans still.
Our CCs have the chip on one side and the RFID radio on the other. There's usually a little wave in the CC's plastic where the RFID chip is sitting below.
-
@coliver said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
Isn't this because we don't require "chip and pin" and just require chip? That was one of the big critisims of this system when it was first being pushed out.
Well - the chip itself still does a signature, even if anyone can use the card and get the signature to work because of the lack of a PIN. So if the chip was required, you'd be required to have the card.
The way I read the article is that swiping is still so prevalent that hackers are getting and using the swipe information.
-
@PhlipElder said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@mlnews said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
Fraud is on the rise despite a move to chip cards.
A security analysis firm called Gemini Advisory recently posted a report saying that credit card fraud is actually on the rise in the US. That's surprising, because the US is three years out from a big chip-based card rollout. Chip-based cards were supposed to limit card fraud in the US, which was out of control compared to similar fraud in countries that already used EMV (the name of the chip card standard)....
I remember reading comments from the American payment industry folks that basically said Americans were too stupid to do Chip & PIN. We've had it here for a very long time with TAP being a relatively recent addition. TAP is limited to $50 or $100 depending on merchant and product. It makes transactions fast versus any other method.
Swipe needs to be banned. Period.
Next up: RFID protection wallets. A must-have for frequent travelers.
I don't agree with the stupid part per se, but people's unwillingness to learn something new - remember a pin for 20 different CCs, so they would just make them all the same PIN if able to change them, there by significantly reducing their security....
I wonder if the number of cards per person is significantly different in the US compared to other countries?
As for TAP - is it really any more secure than swiping? I have no idea if there is actual communication between the card and the scanner to generate a one time key or not?
-
@coliver said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@PhlipElder said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
Swipe needs to be banned. Period.
I would love a swipe + pin setup. I think that would be the best of all worlds. Fast, easy, secure.... for the most part.
How would that work? There would be no tech connection with a swipe to make the pin valuable. If the PIN is basically just a signature - then a MiTM could easily steal the PIN and use swipe all day long.
-
@JaredBusch said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@Dashrender said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@nadnerB said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
A significant majority of cards here in Au have a "tap 'n' go" feature. There are idiots the put a nail punch into the chip several times to "disable" the "tap 'n' go" feature to make their card "more secure"... which send them right back to magnetic strip swiping... #MeatwareMayhem
Even when it's important to them, the end user refuses to educate themselves.
While I'm not surprised to hear about hole punching - I've never heard about it - what, do they just not want to be more secure? Why kill the chip?
Because part of the chip is RFID capabilities. Stupid humans still.
I guess when I read his comment I thought the hole punch people were only trying to disable the chip, and not TAP, but their overzealous punching also caused damage to the TAP chip..
-
@Dashrender said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@coliver said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@PhlipElder said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
Swipe needs to be banned. Period.
I would love a swipe + pin setup. I think that would be the best of all worlds. Fast, easy, secure.... for the most part.
How would that work? There would be no tech connection with a swipe to make the pin valuable. If the PIN is basically just a signature - then a MiTM could easily steal the PIN and use swipe all day long.
I meant tap+pin.
-
@Dashrender said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@JaredBusch said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@Dashrender said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@nadnerB said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
A significant majority of cards here in Au have a "tap 'n' go" feature. There are idiots the put a nail punch into the chip several times to "disable" the "tap 'n' go" feature to make their card "more secure"... which send them right back to magnetic strip swiping... #MeatwareMayhem
Even when it's important to them, the end user refuses to educate themselves.
While I'm not surprised to hear about hole punching - I've never heard about it - what, do they just not want to be more secure? Why kill the chip?
Because part of the chip is RFID capabilities. Stupid humans still.
I guess when I read his comment I thought the hole punch people were only trying to disable the chip, and not TAP, but their overzealous punching also caused damage to the TAP chip..
The RFID is not a separate chip. It still uses the same chip. The antenna may be on the other side, but the brains are all in the one chip.
-
@JaredBusch said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@Dashrender said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@JaredBusch said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@Dashrender said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
@nadnerB said in Why aren’t chip credit cards stopping “card present” fraud in the US?:
A significant majority of cards here in Au have a "tap 'n' go" feature. There are idiots the put a nail punch into the chip several times to "disable" the "tap 'n' go" feature to make their card "more secure"... which send them right back to magnetic strip swiping... #MeatwareMayhem
Even when it's important to them, the end user refuses to educate themselves.
While I'm not surprised to hear about hole punching - I've never heard about it - what, do they just not want to be more secure? Why kill the chip?
Because part of the chip is RFID capabilities. Stupid humans still.
I guess when I read his comment I thought the hole punch people were only trying to disable the chip, and not TAP, but their overzealous punching also caused damage to the TAP chip..
The RFID is not a separate chip. It still uses the same chip. The antenna may be on the other side, but the brains are all in the one chip.
OK I'd like to think this is right - as it would totally make sense.
the problem I have with it is that tapping takes a fraction of the time to authenticate a transaction compared to plugging the card into a reader - is the wireless read just that much faster? or is TAP really not doing an challenge response situation like chip is?