[elric]

The last time I had to swipe a card in Belgium was in the 1990s. That was swipe-and-pin. At no point in my life have I ever had to sign a manual signature for a payment.

Lately contactless payments (with and without pin) have been gaining in popularity. Most payment terminals now support them. I'm sure there's a market for Stripe Reader in the US, but I can't imagine there being one over here. Unless they're a lot cheaper than the current providers; or they start accepting a lot more payment methods.

[toomanybeersies]

The first and only time I've ever had to swipe and sign was on an AirAsia flight a few years ago.

I had never actually bothered to sign my car, which was apparently a problem for the flight attendants, even though my passport (with a matching signature) had the same name, and obviously did my ticket. But by whatever logic, they were happy with me signing the card there and then.

It amazes me that swipe and sign was ever considered vaguely secure. Most teenagers learn how to forge their parents signature during their high school years.

[yitchelle]

I signed on a LCD screen just a week ago in Germany for a card payment in Germany. It is surprising common here.

However, contactless payments are gaining popularity very fast here. Actually contactless in general in Germany is rising very rapidly. I think this is due to hygiene fears.

[elric]

I agree that the pandemic has been a big driver of contactless payments. I dislike them myself. NFC terminals get confused as hell if there are multiple contactless cards nearby (there are 6 in my wallet, none of which I use..). Inserting a card in the terminal and entering my pin is only a few seconds slower and it feels more secure.

We used to have a chip-without-pin payment scheme for small amounts, called Proton, but it never really caught on and got scrapped a few years back.

[rjmunro]

What do you mean by using your PIN "feels more secure". It's more secure for the retailer, but it's less secure for you.

Any time you have to enter your PIN you are putting yourself at risk of someone seeing it. It could even be a fake PIN pad, so covering with your other hand won't help. If they can then steal the card from you, they can spend freely at merchants and withdraw cash at any ATM up to 2X your daily limit (once at 23:59, once at 00:01).

If they steal your card without a PIN, they can use it contactlessly only for small transactions up to the contactless limit, and only for a limited amount before the card will stop working (if you make too many contactless transactions in a row, the bank will refuse one and demand a PIN transaction). (At least in the UK), you are not liable for the contactless transactions made after your card was stolen.

[elric]

You raise a good point about the limits -- although the contactless limits have been raised here due to the pandemic. But I think you're underestimating the physical security of the payment infrastructure. Card terminals (here at least) are extremely secure. They are highly tamper resistant; they cannot access the network if they've been tampered with.

These NFC terminals on the other hand, I have my doubts about many of them. Especially the ones that are basically glorified phones.

Stealing a PIN and a card would be a targeted attack (or an extremely lucky break). When that happens, depending on the bank, taking out money might even be dumbest course of action. Many banks have online services that can be accessed using a card reader (and the card, and the pin). Limits there tend to be much higher, and there won't be an ATM camera filming you.

[rjmunro]

The tamper resistance is less important if you don't have to enter your PIN. The protocols are secured from the card to the bank - the card has a CPU on board.

Tampering with the NFC reader doesn't really get you anything. Tampering with a PIN pad does let you copy someones PIN.

[_fizz_buzz_]

At Bauhaus? They always want me to sign.

[yitchelle]

No, it was at a petrol station. I think it was Esso.

[lukaesch]

Fun fact: Esso is pronounced as SO which is the German brand of the US company Standard Oil