Hacker News new | ask | show | jobs
by mikece 1541 days ago
The credit card companies make so much money that reimbursing fraudulent transactions is almost a rounding error -- which is why they aren't in a rush to spend the money to implement chip and PIN security. Given this attitude I'm guessing someone already ran the cost/benefit analysis of pivoting engineering teams to fix the opt-out website versus just paying a fine -- and that paying lawyers to contest any fine they might ever get came out on the winning side of the ledger.
2 comments
derefr 1541 days ago
You say that as if it would be a CapEx-laden technological hurdle for Visa, MasterCard, etc. to implement chip-and-pin.

But these same companies are already issuing 100% chip-and-pin (plus tap) cards in every market other than the US.

If you want to blame anyone, blame the vendors of US ATMs and POS systems. Without their support, and a willingness to push through a deprecation/replacement of older hardware, chip-and-pin cards are pointless, because nothing reads them. (I would know, as a Canadian with a chip—and-pin card who frequently visits the US.)

link
sbysb 1541 days ago
This must be regional because I have been using a chip-and-pin card for the last 5 years and I cannot for the life of me remember the last time I had to physically swipe the card. Tap support is definitely still spotty but that is something that is more of a convenience than a security issue
link
dave5104 1541 days ago
I also can't remember the last time I had to swipe a card where I am in the US. I also prefer using Apple Pay, and tbh, can't remember the last time I had to use my physical card.
link
twunde 1541 days ago
It's still relatively common to have to swipe cards at gas stations in the US when you're buying gas. And a fair amount of the parking meters may still be on swipe (NYC meters outside of Manhattan come to mind). The places that haven't upgraded are ones with a lot of POS stations to upgrade.
link
jacobmartin 1541 days ago
Yep these two places are very common to be swipe only. I have to go a human teller at <massive and famous hospital> to pay for parking and the cc machine will still only read swipes.
link
Shared404 1541 days ago
Also US based here, and can't remember the last time I had to swipe.

There are even places with no swipe, where we can only use chip.

link
djrogers 1541 days ago
> But these same companies are already issuing 100% chip-and-pin (plus tap) cards in every market other than the US.

Citation please? I haven't seen a non-chip-and-pin card issued here in the US for at least 5 years (probably even longer), and that includes my tiny local bank..

link
aidenn0 1541 days ago
None of my cards are chip-and-pin, they are chip-and-sign (i.e. it's via a chip reader, but no PIN is required to pay)
link
briffle 1541 days ago
Yep, the rules were, for chip and pin fraud, the liablility was no longer on the retailer, but still was for swipe fraud. So there was a HUGE push from retail customers to get chip-and-pin in place to cut down on the amount of chargebacks, etc.

https://pointofsale.com/chip-card-vs-magnetic-stripe-card/

link
anonymousiam 1541 days ago
As recently as three years ago I still had two (ATM/Visa Debit) cards with no chip. They were both issued by credit unions. I know this was after the 10/1/2015 "deadline" (https://www.nbcnews.com/tech/tech-news/what-october-1-chip-a...), but I think debit cards were given a later deadline.
link
BenjiWiebe 1541 days ago
Chip and pin is distinct from chip. I have ~5 credit cards. At least 4 of them support tap to pay.

They all have chips. None of them have chip-and-pin.

link
ksenzee 1541 days ago
Er, how often do you visit? We've had widespread chip-reading terminals in the US for almost a decade.
link
LeifCarrotson 1541 days ago
The ones which are widespread are just "chip-and-choice", where you can use the chip and sign a paper receipt. They usually come with a magstripe backup...the chip is just used to read the card number instead of the magstripe. Pretty worthless.

True chip-and-pin cards and terminals will generate a cryptogram that authenticates the individual transaction. You type in the PIN code, and only then will the terminal communicate with the EMV microchip in the card and allow the transaction to complete.

link
colejohnson66 1541 days ago
Is there a difference in the user experience? Because everywhere I use my debit card, I can’t take it out unless I enter my pin first. I’d assume that means it’s actually communicating with the chip. And even then it takes a few seconds.

The magstripe is there for old POS systems and the off chance the chip can’t be used (dirty contacts), but the reader has to allow you to use the strip. And that only happens after multiple (about 3) failures.

link
sgjohnson 1541 days ago
Doesn’t matter. Chip-and-signature is an EMV compliant way of authorizing a transaction.
link
pjerem 1541 days ago
right. We have Visa / Mastercard cards with chip and pin in France since the 90´s

I always thought that its absence in the US (until pretty recently) was a cultural thing, not a technical thing.

link
Johnny555 1541 days ago
The credit card companies make so much money that reimbursing fraudulent transactions is almost a rounding error

The credit card companies (i.e. Visa) don't reimburse fraud, they leave that to the issuing banks (i.e. Chase, Capital One, etc.... whoever you got your card from)

link
anonymousiam 1541 days ago
American Express handles their own fraud cases. Their cards are generally not issued by banks. I have no association with them other than being a card member since 1982, but their customer service is far better than Visa/MC, and yes, you can get a card from them with no annual fees + perks.
link
xxpor 1541 days ago
The card is still issued by a bank, the bank is called American Express National Bank. Someone has to extend the actual credit.
link
sgjohnson 1541 days ago
Yes, but AmEx is vertically integrated, and they have 0 interest in shitting in their own backyard just to marginally increase the profit margin.

Visa/MC can afford to just not care, because there’s always someone else who’ll pick up the tab. Which simply is not an option for AmEx.

link
Johnny555 1541 days ago
their customer service is far better than Visa/MC

I used to think that (and maybe it was true once), but haven't found that to be the case, I've had far better experience from Chase for my Sapphire card.

My wife recently ran into a problem with a booking through Amex's own travel service, the hotel said they had a reservation, but not payment, but we paid for the room at Amex travel. So we figured no problem, just pay the hotel directly (their rate was even lower than Amex) and call Amex to have them remove their charge.

It took 5 calls over several days to finally talk to someone who could help, and it still took 3 days for the charge to be reversed. And this is for a Platinum card.

link
aidenn0 1541 days ago
IMO AmEx is still better than most banks, but my Chase card has definitely had better service in the past few years. Back in the day Discover had wonderful service, but I stopped carrying one because too many merchants wouldn't accept it.
link
starwind 1541 days ago
I've had problems with AmEx for travel issues but never problems for return protection or charge backs (except in one weird case but they fixed it like a year later). I do travel and dining on my Sapphire and everything else on my AmEx
link
nxm 1541 days ago
Unfortunately at a bigger cost to the merchant, which hurts in case of small businesses
link
starwind 1541 days ago
AmEx has special rates small businesses can apply for that keep the credit card transaction fees pretty competitive
link
selimthegrim 1541 days ago
Does anyone know what AmEx is doing wrt Russia?
link
Johnny555 1541 days ago
Google knows:

https://www.google.com/search?q=what+is+amex+doing+wrt+russi...

American Express Suspends Operations in Russia and Belarus

link