> took forever to adopt EMV in the US and other idiocies
Totally agree with your comment, but I'll go a little bit on a tangent here.
I am an European, all my cards have always had a chip, I have not even seen a card without a chip until I visited the United States. All this reluctance to adopt chips seems so ridiculous to me.
But then I spent more time in the United States and with magnetic stripe cards, and boy do I love the better experience.
Let's see, in the US I can swipe a card at any moment of the transaction, and this physical act takes less than a second.
With chip, in most European countries not only I have to wait for the cashier to scan everything, but I also have to wait for the cashier to press a magic button that says "card payment"; only then does the POS become active.
Then I have to plug the card in, different POS terminals require the card to be put in different orientations, wait 3 seconds for the terminal to do whatever, insert PIN, wait another 5-30 seconds until the transaction runs, and then get my card back.
Or let's look at NFC. I still have to wait for the cashier to scan everything and push the magic button, I have to press the card 3 seconds on the POS until the NFC chip is read. Since there's no feedback, I have no idea if I keep the card in the right place until it beeps. After that, it still takes the same 5-20 seconds until it's done. The only advantage of NFC is that I don't have to plug my card in the terminal, but since the progress feedback is worse, I am not sure how that is any improvement at all.
The user experience is so much worse. Why wouldn't I want a magstripe-only card? Yes, it's (vastly) more insecure, but I am not liable for fraud. I don't have anything to lose.
That has less to do with chip vs stripe, and more to do with how those terminals interface with the POS.
Swiping the stripe at any point during the transaction is tantamount to handing over your card to the cashier and never looking at the bill.
Here is the thing, the stripe holds nothing more than your card number in machine readable form. On the other hand the chip is doing a full on chain of trust review before giving the final ok to the card issuer.
As for not liable, have fun yakking with their lawyers if you ever need to dispute a transaction...
> As for not liable, have fun yakking with their lawyers if you ever need to dispute a transaction...
When I dispute a transaction, I click a button in a web interface, and it's instant, I don't have to talk to anyone, certainly not lawyers.
At another bank I have to call, but when I had to call, it also was instant, no question asked.
VISA/Mastercard have very strict rules about how transaction disputes must happen and how long they can take, rules that are very much in the cardholder's benefit, rather than the banks.
So much worse with NFC, where I can just tap my card (or my phone) against the reader and be done.
Further, you always had to wait for the cashier to scan everything in the UK. The 'magic button' is an implementation detail and not native to the technology.
But apart from that, sure, you want an easily-cloneable passive technology because it saves you a few seconds under some circumstances.
No. Convenience doesn't trump everything, economics does. Banks with better security can offer cheaper services to merchants, and the merchants lower prices to the customer.
You don't lose money with the stripe in the US because the banks eat the (massive) losses. Here they don't, because of the better tech. You can still use the stripe, but the merchant takes the liability. It's up to them. Guess why they don't...
So no, convenience doesn't trump everything.
Oh, and in the US you have to wait and sign a piece of paper, eating into your precious time.
> Banks with better security can offer cheaper services to merchants
Yeah, like we know that will ever happen.
> economics
Then let the banks allow people to chose what type of card they want, allow merchants to charge different price based on the type of card, allow merchants to implement paying before scanning, etc. Basically, allow the economy to work. The system works the way it works (in any country) because of fixed regulations. There's no economy. Neither consumers not merchants have any say in how anything works.
> Oh, and in the US you have to wait and sign a piece of paper, eating into your precious time.
Usually you "sign" on some electronic POS, but this time is comparable to the time spent entering the PIN, still much less than the extra time required to wait for the chip transaction to go through at the end of shopping session.
I did! Just a few days ago! And it's a chip card, but doesn't matter since the skimmer used the information in the magstripe online.
> Your card is cancelled and you have to wait some days for a replacement (requiring also that you update it everywhere)
The new card arrived minutes ago! And that only because they had to send it to a different country. I would have gotten one the same day if I wouldn't have been abroad.
This is the reason why I have multiple cards, and why I never mix up the cards I use online, with the cards I use physically at the store. Since the card that was skimmed was one that I used physically, I didn't have to change it anywhere. And in the meantime, I had backup cards. Always have backup cards and backup banks.
> The money you lost (in case of debit) will get back to you, after an investigation.
Nope. The money was returned instantly. In fact, the bank realised what was going on and reversed all transaction before even calling me.
If my bank didn't do these basic things I would chose a different bank.
You know in Europe people don't have many cards. Some people use a prepaid one for online transactions (not only for fraud but also for "things I suspect I might get overcharged")
(I also don't want to swipe my card before I know how much they're charging for it, so I'll wait for everything to give them my card)
Don't dismiss it as "the bank pays for it", I know banks get big profits, but guess where they money come from.
> I did! Just a few days ago! And it's a chip card, but doesn't matter since the skimmer used the information in the magstripe online.
None of my cards have magstripes, that was phased out years ago, so skimming is only a problem because you still haven't migrated away from those. It's not a problem with the chip cards.
Even if you got all the information on the card, my cards all require a second-factor for all online transactions.
> This is the reason why I have multiple cards, and why I never mix up the cards I use online, with the cards I use physically at the store.
An inconvenience that is only required because the security of your cards is less than optimal.
Where do you live? There have been chip-only debit cards all around the world, but I am not aware of anywhere in the world where they have chip-only credit cards (except maybe in Korea, not sure).
Good luck showing up at a hotel without a credit card, or good luck trying to rent a car.
> my cards all require a second-factor for all online transactions.
Good God, what annoyance. My banks also tried to offer me this "service". I am sure going to wake up in the middle of the night just to approve Amazon's request to take my money for some product that I ordered during the day.
Not to mention the whole plethora of online services I use that charge me monthly at random times.
Looking at my CC bills, I use CCs online multiple times a day. I'm so happy I don't have to approve each one of those. Good thing I could opt-out of 3DSecure too, which in the case of my bank uses SMS, which never arrives in time (or at all) while I am abroad.
> An inconvenience that is only required because the security of your cards is less than optimal.
There's no inconvenience. Even ignoring security, not having multiple cards and multiple banks is completely unresponsible. It increases availability for so many reasons. The security aspect of it is just bonus.
What is inconvenient is not being able to buy stuff in the US, or rent hotels and cars. Different people have very different definitions of inconvenient, I guess.
I am sure going to wake up in the middle of the night
just to approve Amazon's request to take my money for
some product that I ordered during the day.
Credit and debit card transactions use a two-step process - first of all the charge is approved (between the customer, bank and retailer) and later the charge is transferred. The latter process requires no customer intervention.
In face-to-face retailing the two steps happen within seconds of each other, but they don't /have/ to. They can also charge slightly different amounts - for example if your card is swiped for a restaurant bill before you've chosen what tip you're leaving, or if your order comes in two shipments as it's partly back-ordered.
Any two-factor authentication for online use happens as soon as you give your card details, regardless of whether the retailer waits until the box is shipped before transferring the charge.
> Credit and debit card transactions use a two-step process - first of all the charge is approved (between the customer, bank and retailer) and later the charge is transferred. The latter process requires no customer intervention.
Yes, and Amazon does not do the 1st step when you order something. It does it some random time later (usually hours).
> insert PIN, wait another 5-30 seconds until the transaction runs, and then get my card back.
Never had to wait that long (unless there is some issue at the bank but usually it just stops working all together when that happens) here in Finland. Also if you use a credit card instead of debit for payments under X euros it doesn't even call the bank just checks on the machine if the pin matches the chip.
Unfortunately EMV here in the states is still in its infancy, and it can and does take that long to process a transaction. What I find extremely frustrating is I can use Apple Pay (which still uses EMV under the hood, just the contactless variant) and be done with my payment in under 2 seconds - meanwhile actually dipping my physical card will take a minimum of 5 seconds and up to 30 depending on the situation.
The payment industry in the US did not properly prepare for the EMV transition, and it's pissing everyone off.
Well, having to wear a safety belt is also an inferior experience but we do it for safety
True, swiping is faster (but you have to scribble something on a paper or an e-screen where the end result usually resembles nothing like your signature) :)
I can agree with the criticism there but the tradeoff doesn't bother me (too much)
> having to wear a safety belt is also an inferior experience but we do it for safety
We do it for our safety, but chip cards are for bank's safety. Consumers are not liable for fraud anyway, only the bank wins.
Let me put it another way. Americans consumers love their magstripe; they wouldn't if they lost money. At the end of the day, chip or magstripe, the consumer has the same amount of money in his bank account.
Right now the banks bear the cost of fraud. They are moving a small amount of that cost to the consumer through by annoying him with imposing a poor UI upon him. Why should the consumer accept that?
> Why do you think US credit card transaction fees to merchants are so damn high?
Because until recently, the law was that merchants were not allowed to charge discriminatively based on cash vs. card. Since americans love their CCs and unlike in Europe, CCs are a massive part of retail sales, it was not too difficult for the credit card mafia to impose whatever fees on merchants.
Here in Europe, fees are capped through regulations, not out of credit card companies good will.
I mention this because chip cards can only protect against using a physical clone of a card, while the vast majority of fraud happens online, where the card is not present and the chip is not used at all.
The fraud profile is the same in Europe and the US, yet the fees are vastly different. That has nothing to do with chip vs. magstripe.
The fraud profile is absolutely not the same in the EU and the US, where cloned cards are frequently used to withdraw cash and make physical purchases.
Yes, fees in the EU are capped by law, but to think cards are not used just as much used in places like the UK as they are in the US ... Have you been living under a rock for 30 years?
And no, the chip doesn't protect online, other features do.
One way or another, the US consumer pays for the much higher levels of fraud that the stripe allows.
You do realize that e.g. in Germany you are indeed liable if your account has been used for fraud? If by that process you participate in money laundering you'll get sued by the state. Sure you'll probably go free, but the burden is on you.
nfc: i hold my card up the the screen, a progress bar takes 2 second to light up and i just wait for the transaction to go through. i've had way more issues with failing magnetic strips.
Totally agree with your comment, but I'll go a little bit on a tangent here.
I am an European, all my cards have always had a chip, I have not even seen a card without a chip until I visited the United States. All this reluctance to adopt chips seems so ridiculous to me.
But then I spent more time in the United States and with magnetic stripe cards, and boy do I love the better experience.
Let's see, in the US I can swipe a card at any moment of the transaction, and this physical act takes less than a second.
With chip, in most European countries not only I have to wait for the cashier to scan everything, but I also have to wait for the cashier to press a magic button that says "card payment"; only then does the POS become active.
Then I have to plug the card in, different POS terminals require the card to be put in different orientations, wait 3 seconds for the terminal to do whatever, insert PIN, wait another 5-30 seconds until the transaction runs, and then get my card back.
Or let's look at NFC. I still have to wait for the cashier to scan everything and push the magic button, I have to press the card 3 seconds on the POS until the NFC chip is read. Since there's no feedback, I have no idea if I keep the card in the right place until it beeps. After that, it still takes the same 5-20 seconds until it's done. The only advantage of NFC is that I don't have to plug my card in the terminal, but since the progress feedback is worse, I am not sure how that is any improvement at all.
The user experience is so much worse. Why wouldn't I want a magstripe-only card? Yes, it's (vastly) more insecure, but I am not liable for fraud. I don't have anything to lose.