[sangnoir]

You are correct: but I think all these measures are in place because liability is placed on financial institutions rather than individual victims. The owners of the payment infrastructure are correctly motivated to holistically solve the problem, unlike in the US were the person woth the least power and control is burdened with having to contend with "Identity theft" and losing money by default to make up for the fraud.

[tyoma]

This is plainly untrue. The US has an absurdly consumer friendly legal environment; you simply say you didn’t do the transaction and your money is immediately refunded; it is up to the payment infra to eat the losses.

The reason mag stripe and associated technologies stuck around is precisely because US banks were good enough at real-time fraud detection that the cost of fraud was << cost of replacing every card and strongaming every merchant into buying new payment terminals. Eventually they relented since the US became the place to cash out non-US cards.

And identity theft is absolutely a thing in Europe. As a random example, here is Sweden: https://globalinitiative.net/analysis/21752-2/

[sangnoir]

> The US has an absurdly consumer friendly legal environment; you simply say you didn’t do the transaction and your money is immediately refunded;

US consumer laws don't hold a candle to European ones - it's not even close.

Have you ever gone through this process yourself, or are you stating the idealized version of what should happen? I'd like to hear the bank you were dealing with, because mine tried to give me the run around ("It's not fraudulent because your PIN was used"), and I had to fight them over many calls to get a "temporary refund" by threatening to involve a state ombudsman. Later on, I got a letter in the mail that said the investigation was complete, and the refund was now permanent, only to have the refund yanked again months later.

Caping for American banks in this day and age is weird. They are mostly terrible and will rather have their clients take the financial hit before they do - even if they have to lie or frustrated you with long holds & multiple calls unless you show them you mean business.

[rrrrrrrrrrrryan]

Most Americans use credit cards rather than debit cards for their regular spending, and the additional protections of a credit card is a big reason why. They're treated differently under American law.

The idea is that if someone steals your debit card and buys a bunch of stuff, they've stolen your money, but if someone steals your credit card and buys a bunch of stuff, they've stolen the bank's money, and the bank is on the hook for it - not you.

IIRC with debit card fraud you've got like 60 days and the bank can put some of the burden of proof on you, but for a credit card you can literally just say "I didn't buy that" 5 months later and the bank basically has to give you your money back. If you abuse this, the worst thing that can happen is the bank closes your card and cancels their relationship with you, but you won't be on the hook for the spending itself. Because of this additional liability, U.S. banks got really good at early detection of fraud and irregular spending, and Americans don't really give a huge shit about keeping their credit cards safe because there aren't really any major consequences.

[sangnoir]

> Most Americans use credit cards rather than debit cards for their regular spending, and the additional protections of a credit card is a big reason why.

Which was my point exactly: European debit card users are more protected than American debit card users when their money is on the line

[tyoma]

Yes for credit transactions and yes for pinless debit and it was as simple as a phonecall. In the credit instance they called me and pre-emptively issued a new card.

I am sorry you had such a terrible experience, but mine has been completely different.

US banking regs are actually more consumer friendly than Europe, and I have sources. Security Engineering 2nd ed, chap 10 section 10.4.3: https://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c10.pdf