back to article Shoe stores top US credit card EMV-ready leaderboard of fail

Only 27 percent of US merchants and 40 percent of consumers in that country will be ready for the self-imposed EMV (Europay, MasterCard and Visa) chip-card payment deadline Thursday. The cut-off is designed to curb rampant fraud in the country that makes hay of the use of magnetic stripes for credit card payments, far easier …

  1. Phil O'Sophical Silver badge

    who will still sign to confirm purchases

    Why? I've never seen any shop or restaurant in the US check a signature. I've even, once, accidentally signed my name to a card issue in someone slse';s name, and no-one noticed, not even the card issuer.

    1. Voland's right hand Silver badge

      The idea is different

      The idea of signing is different. Forging a signature is a specific legal offense which in most legislations lands you directly into the high-penalty fraud bucket. It is not a check - it is to deep-six you after the fact if you fake the sig.

  2. Anonymous Coward
    Anonymous Coward

    Behind the times

    It's incredible that the US is only just starting to implement chip & PIN, something that's been widespread in Europe for a decade. You would've thought the costs of fraud would be a good incentive to speed up the process.

    1. This post has been deleted by its author

      1. Anonymous Coward
        Anonymous Coward

        Re: Behind the times

        I've read numerous accounts where banks claim that if the PIN was used, it must be the consumer's fault.

        IIRC this was attempted early in the EMV rollout, but has largely stopped due to legislation shifting the burden of proof back to the banks / card-issuers. Previously some issuers had taken the position that it was impossible to use the PIN fraudulently, so the cardholder must be liable (since then there have been several documented large scale attacks on EMV, so the banks are unlikely to get away with this in the future).

    2. Mark 85

      Re: Behind the times

      Profit is the motive... like security in IT. It costs them money and since it's "short term profits vs. long term consequences" take guess which one wins the management approval.

  3. Anonymous Coward
    Anonymous Coward

    pinsecure

    "Ink will eventually be swapped for more secure PINs."

    FSVO more secure. At least with signing you get to leave your fingerprints on a bit of paper so decent chance of proving fraudulent transaction was not signed by you. Very little chance with PIN fraud (& shoulder surfing a PIN takes less skill than signature forgery).

    Your only chance on PIN fraud is store having CCTV proving you were not present, or cast iron proof you were elsewhere at the time.

    1. Fuzz

      Re: pinsecure

      And after the would be fraudster has "shoulder surfed" your PIN how do they make use of this information? In order for the PIN to be any use they have to steal your card. This means they have to follow you from the shop where they have surfed the PIN until they can somehow obtain the card from you.

      With a mag stripe card and signature all the fraudster needs to do is get a skim of your card, the signature is worthless and cards are easily copied.

      Good luck getting a bank to perform a forensic inspection of the receipt.

    2. Lars Silver badge
      Flame

      Re: pinsecure

      PIN or no PIN, you will still sign. The PIN is an replacement, an addition, to the magnetic strip. And it makes it a lot more difficult to make a copy of your card. And that is all there is to it. And the strip is worthless without the pin chip. It's more secure.

    3. Eddy Ito

      Re: pinsecure

      Paper? They've all got that digitizer scratch pad with something like 30 x 9 pixel resolution with a dead spot near the middle. Assuming it's over the signature required limit.

  4. Slx

    France introduced it (well the predecessor to EMV) 22 years ago in 1993.

    The problem is that card fraud isn't a victimless crime, it's being paid for by bank charges and insurance premiums and a lot of the proceeds of it are going to fuel organised crime and who knows what else...

    Personally, I think the whole concept of credit cards being operated on the basis of giving someone an account number they can charge something to, with very little control, is absolutely insane in this day and age.

    We should be using some form of push-payments. Retailers have no need to hold credit card account details. All they should be getting is a payment and a reference number.

  5. mark 120

    If they'd done this years ago, we wouldn't now have the mess that is PCI-DSS. But because America can't secure its data properly, the whole world has to suffer.

  6. Anonymous Coward
    Anonymous Coward

    The USA is a Country of 50 different countries

    Some of the banking laws date back to prohibition. Moving more than a few thousand $$$ over state lines in Cash could land you in Federal Pokey for a long time.

    Every state (and county) have different laws and the banking system is IMHO a disaster waiting to happen.

    It is like going back 25+ years with thoudands of local banks (some goodness there) but the system is so fragmented that it is pretty easy to bypass many of the security checks.

    Then yesterday a merchant would not accept a $50 bill for a $30 transaction.

    "We don't take fifties". They didn't take EMV and wanted me to sign that old imprinted credit card slip.

    IMHO, the USA is fast heading for 4th world status.

    1. channel extended
      Trollface

      Re: The USA is a Country of 50 different countries

      Each and almost all of those are third world countries already.

  7. gregthecanuck

    These guys better pull themselves up by their bootstraps else they get a good tongue-lashing!!

  8. PT

    What is this "shift of liabilities" of which you speak? When I used to accept credit card payments, if a customer complained of fraud (usually a lost card), the bank's first action was to yank the money back instantly out of my merchant account and tell me about it later. Even when I had paper to prove the customer was a lying sack of shit they never gave the money back, claiming that a few hundred dollars was "too small a transaction" to bother about.

    On the other side of the coin, when someone on the other side of the world charged a plane ticket to one of my cards, the bank (hello, HSBC!) took 8 weeks to refund the transaction and then had the nerve to make me pay the merchant discount.

    Bank liability? I don't even think they've heard of it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like