Hacker News new | ask | show | jobs
by kotaKat 1062 days ago
The US still has a heavy reliance on magstripe, even though we rolled out EMV, and many cards still have it, and you can just take a stripe dump regardless.

The actual user of the stolen card dump will cause the terminal to allow a magstripe fallback (typically with a bad chip on a fake card that won't read) -- "aw jeez my stupid chip isn't reading" is still every much a valid excuse to a cashier to go to magstripe.
2 comments
loeg 1062 days ago
I think there are also just lots of POS systems in the US that aren't on EMV yet. Major retailers are on EMV but random old rural businesses probably aren't.
link
reaperducer 1062 days ago
Some big chains still haven't switched.

I was in a major home improvement store a few weeks ago, and it was swipe-only. Either Home Depot or Lowe's.

link
gorkish 1062 days ago
Lowe's. Lord help the poor souls who maintain that system; it looks like the kind of thing that's just chock full of COBOL.
link
lowmagnet 1062 days ago
wal-mart has emv, but no radio-based payment
link
MBCook 1062 days ago
Plus lots of cards without EMV at all, usually gift cards or until recently EBT.
link
macNchz 1062 days ago
Makes me think about intentionally corrupting the magstripe on my cards. I wonder if that’d cause any issues.

I can’t remember having to fall back from the chip to a swipe in ages, and I have a couple of cards, so I could keep one as a backup with a working stripe just in case (long ago I found myself far from home and low on gas, with no cash, a dead cell phone and a “suspicious transaction” blocked credit card, and I’d rather not repeat that experience).

link
throwaway42968 1062 days ago
It's only an issue with EMV Fallback, which you'd probably not need if you have a backup card that is good. Basically if the chip or near-field antenna on your card fail, the fallback is to collect a magnetic stripe read. Properly-configured readers don't need the stripe read to complete a transaction.
link
gorkish 1062 days ago
Properly configured merchants don't even need the payment terminal to complete a transaction. They should be able to key the card number if all else fails. I say corrupt your magstrip if it makes you feel better.
link