In the UK cards moved to 'chip and pin' in 2006! Fraud in a 'customer present' scenario is very low at our stores. The last fraud in fact was a foreign card that didn't support chip and pin. I can't believe Visa and MasterCard have not made it mandatory world wide...
...except card fraud lossed are recharged to the merchant so perhaps they don't care?
Out of interest there is a special exception for disabled people who cannot use a pin pad btw...
The UK was relatively late to the party, some large retailers here campaigned against it as they were afraid that going online for authorisations would increase the time it took to serve people. I believe that the offline mode was enough to appease them, even now you occasionally run up against offline-only EMV terminals.
I was just looking for a chip-and-pin card that I (as an American) could get for traveling to the UK and apparently there really isn't much out there. I think all of the US cards that support chip and pin prioritize signature over pin.
I also found this Visa page explaining that PIN isn't used in the US because it's too expensive:
I recently traveled to the states from Canada and was amazed at the number of places that didn't even have the infrastructure for chip & pin - I was at a popular tourist spot and it was all iPads & Square Readers.
Weird. The Square readers we have in Australia support both chip-and-pin and contactless (+pin for purchases > $100). Were they only using the cheaper audio-jack swipe readers in the US? (Not allowed here any more)
I've been using Apple Pay recently, and one annoyance I had was that one store when I paid (for a >$2k purchase) didn't ask for my PIN... it asked for a signature. And then of course I was meant to present my card for verification. And I couldn't... what?
Apple Pay lets you spend that much money? I think with Google Pay + my bank the limit is $100 / transaction, after which you have to use your card + pin (which, let's be honest, makes sense.
I can confirm that. I specifically signed up for FirstTech for their Chip and Pin cards. Their Mastercard is quite good for traveling and has Chip and Pin.
It was great when I was traveling in Iceland where pretty much every transaction was made with my card. It's a regional credit union, but I only had to visit a branch in person one time to change the PIN on my card.
First Tech security is pretty top notch. For online trnsacations over a certain amount they would ask for password verification.
I just wished online transactions owned it up for optional two factor online transactions, pin card transactions and SMS verifications for all transactions above $500.
First Tech's membership bar is quite low, I was surprised how easy it was to get my SO an account. The Zelle integration on the mobile app is pretty slick too!
Oh yes, I understood that. I still can't believe they're so rare that you can talk about the "most recent" one. And how would jimnotgym know? Most puzzling.
Note the phrase 'at our stores' in the preceding sentence. We don't know whether it's a couple of stores or a supermarket chain, but either way, it is likely that someone knows within any given enterprise.
Normally, I pay for everything with American Express. Would you recommend I get a different card for London? I wonder if there's a US card that support chip and pin?
A lot of businesses in the UK/Europe do not accept American Express due to higher fees. You would be better off getting a different card preferably that supports contactless payments so you could use it on the tube and buses instead of an Oyster card (remember to touch it on the way out as well).
Upvote and reply, because Revolut is a dream. Prepaid so fraud is minimum risk (no possible overdraft), top up via mobile app, disable the card when you're not using it. It's so convenient that I use it to buy from shady sites (game keys, in game currency etc) and just disable the card once the purchase is complete. I can't believe it's still free.
You'll find a number of places that don't take American Express, so have an alternative with you. If you have Apple or Android Pay, that'll cover you for most purchases under £100 (under £30 in some places with outdated tech).
I traveled all over England this last year with a Chase Visa. No problem the majority of places, but definitely a few places that were inconvenienced by having to pull a signature pad out from under a pile of stuff because no one's used it in months, and a few places that asked me to just pay in cash. I would expect London itself to see enough foreign traffic to be more accepting in this regard, though.
> Normally, I pay for everything with American Express. Would you recommend I get a different card for London? I wonder if there's a US card that support chip and pin?
Amex isn't as widely accepted outside the US. If you have a Visa or Mastercard, bring that.
Almost all credit cards issued in the US now support EMV chips. They almost never support PINs, but that doesn't actually matter because all merchants are required to be able to accept all three.
I've traveled all over the world, and never once has this been an issue. Nobody's even batted an eyelid when I give them a US-issued card. Except, of course, for places which only accept cash, but that's a separate question.
Get an ATM card and take cash out of a machine when you get to London. Seriously, this works well, you get a fair exchange rate, and most places still take cash.
But it is easier to use plastic in the Tube, as others have said.
Honestly, if you have a Visa/Mastercard with no foreign transaction fees then just use Apple Pay/Samsung Pay. It's almost ubiquitously used in the UK, and would be very rare to find somewhere that didn't take it.
Credit cards in general are not too popular in Europe, they're either not accepted at all or only Visa and Mastercard are accepted. A Maestro debit card is your best bet and will work in almost all terminals in Europe.
Paying by card is very common in some countries (Northern Europe, France), paying by credit card is common in some (UK, Ireland), paying by cash is common in others (Germany).
It's not possible to generalize all of Europe for any of these, except to say that all EU/EEA countries have modern systems.
(For example, there are restaurants in Sweden that don't take cash, and restaurants in Germany that don't take any cards, restaurants in Denmark that charge an extra 2% if you use a credit card rather than a debit card, and restaurants in Britain that happily accept the 5% it costs them to accept AmEx.)
Make sure the back of your card is signed, though, and make sure to sign your receipt the same way. I had more store clerks questioning my signature on a 1 week trip to London than in a decade of using a CC in the US.
Contactless is useless for fuel unless you top up with over half a tank remaining. ApplePay / Google Pay work sometimes, but retailers put arbitrary limits on despite payment being authenticated (Pay for my £60 weekly shop in the store but maximum £30 in the petrol station, Sainsburys? I didn't bring my wallet, looks like I'm coming back. Thanks for that.)
Is the UK most advanced? In Australia they can pay for anything up to $100 with tap. Over $100, they can still tap, but then need to enter their PIN into the terminal (i.e. no need to insert the card for PIN entry – a tap is sufficient). We don't have that in the UK.
Similar in Poland. You can always tap and then it asks for PIN or it doesn't. I expect this decision is based on the amount of the purchase and maybe some other factors.
I don't think having a higher limit makes anything more advanced. I'm fine with having a lower limit for cards, and then switching to Apple/Samsung/Google Pay for higher priced transactions.
Most advanced in Europe maybe. I rarely use anything but contactless in the UK (where I live), but often find no option for contactless elsewhere in Europe. I've never had to swipe and sign anywhere in my whole life, though.
AFAIK chip and pin shifts liability for fraud onto the credit customer. While banks may be more than eager to do so, they may also be wary of a customer backlash over this.
In the UK the law remains what it always was - the customer is not liable unless they enabled the fraud. (I'm right now in the process of getting my card replaced after fraudulent charges that I can only assume were put through as though they were chip and pin). In the early days there was a concern that the courts would believe that chip and pin proved the customer was responsible (i.e. that the mere fact of a successful transaction with chip and pin technology necessarily proved the customer had told the fraudster their pin), but it seems fair to say the reality of chip and pin fraud has set in now.
> In the early days there was a concern that the courts would believe that chip and pin proved the customer was responsible (i.e. that the mere fact of a successful transaction with chip and pin technology necessarily proved the customer had told the fraudster their pin), but it seems fair to say the reality of chip and pin fraud has set in now.
This actually was true across Europe for the first few years when EMV chips were rolled out. It took some time before they passed a law which absolved customers of liability for fraud processed as EMV transactions.
There are well-documented cases where liability had been shifted to the customer, and which was only reversed through there being evidence that is not normally available in these cases:
"In one disputed transaction case we assisted in, the customer had his card stolen while on holiday, and then used in an EMV transaction. The issuer refused to refund this customer on the basis that their records showed the PIN was used. Luckily, the customer managed to obtain the merchant receipts, and these contained the TVR. This indicated that the PIN was not used, and the merchant opted to fall back to signature. We decoded the TVR and informed the customer, who was then able to get a refund.
Other customers are less fortunate: it is unusual for the TVR to be included on the receipt, and often the merchant receipt has been destroyed by the time the dispute is being considered."
The law may always have been that the customer is not liable unless they enabled the fraud, but I hope the rules of evidence and/or practices of dispute resolution have changed so that the infallibility of the system is no longer tacitly assumed.
> ...except card fraud lossed are recharged to the merchant so perhaps they don't care?
For a long time after EMV chips were introduced, the liability was actually shifted back to the customer. EMV chips were initially a huge step backwards for customer protection, and it took some years before this was fixed in law across Europe.
Nowadays, if you see a merchant who can't accept EMV chips, it's likely their POS vendor who's liable. The merchant is liable in theory, but some vendors still don't provide EMV-capable terminals, so they've agreed to assume the risk until they do.
I found it odd that Mastercard would say "[...] it has been wanting to make the change for years, but held off until cards embedded with computer chips became common."
Whose responsibility is it to make those cards more common, if not Mastercard's?
In Sweden, cards have only been issued with chips since the early 2000s, and consequently merchants only very rarely use signature purchases. Why they didn't push this sooner in the US is a riddle wrappen in a mystery...
The only place I've seen signatures used recently around here have been in busy bars/nightclubs, where stressed-out bartenders don't want to wait for online validation. I guess they get few enough fraud attempts at cocktails that they don't care too much about validation.
> Whose responsibility is it to make those cards more common, if not Mastercard's?
The issuers. Of course, Mastercard has some influence over them... But they certainly can't unilaterally dictate conditions to them beyond whatever contract they signed.
There's also the fact that, even if issuers handed them out, the machines and merchant processors also have to support them. Which was something that still hasn't completely happened in the US, even with the networks pushing as hard as they could. (Moving fraud liability to the merchants is about the biggest move they could make.)
I'd wager it's less an issue of the cards being commonplace, but instead the card readers and processing companies. I still regularly encounter stores which either don't have a card reader that can accept a chip, or there's a sign indicating that it's not enabled yet.
I was involved with Australia's chip-and-pin switch in 2006. At the time, we were amazed how slow USA was getting rid of magstripe cards and signatures. And that was 12 years ago...
Signatures haven't been required for credit cards in many other countries for quite some time now.
I have often wondered why the US has historically lagged behind for everyday banking. (e.g. email money transfers, chip enabled cards, pin number verification, tap to pay)
It's a bit of a prisoners-dilemma thing: new technology can only be adopted with sufficient coordination, but each individual party is only interested in cooperating if they think they will "win" from it more than their competitors.
The US seems to be a very bad place for consumer advocacy in general. Perhaps it's seen as "anticapitalist". I don't know if the patchwork regulatory environment of the states helps or hinders this?
I don’t know, Australia’s got only four banks which dominate the market and yet they are pretty aggressive in innovative products. We just got instant bank transfers and that required cooperation amongst them to adopt standards and protocols.
To me, the culture of Australia has always been that being clever and helpful trumps being richer or beating the other guy. So there is value in companies being known as offering clever, helpful solutions.
In the US it's almost exclusively about beating the other guy.
In the UK, I don't think you can opt to sign instead of enter a PIN if it's a PIN terminal and your card has a PIN set. Only if it doesn't have a PIN (as with American cards) will it then automatically ask for a signature. Isn't allowing the user to opt to just bypass the PIN a bit of a security hole?
There are a handful of places in the UK that don't have PIN terminals at all and do classic swipe-and-sign transactions, though. The one I encounter most commonly is the onboard cafe car on Great Western Railway trains.
> Isn't allowing the user to opt to just bypass the PIN a bit of a security hole?
That's a valid point of view, but I actually believe that the business is taking (the bulk of) the risk. In case of a chargeback, the business has to prove that I made the purchase, and a PIN is better evidence that I actually made it compared to just a signature.
This means that businesses might accept signature only for relatively low amounts. Indeed, it's not uncommon that neither is needed for amounts under a couple of lunches or so, to make lunch queues quicker. I assume the throughput is sometimes worth the risk.
because legacy tech wants to be amortised over long time periods. If you start implementing things later you can pick the best tech. US banking was among the first to become digital and thus still has to maintain technical choices of the past
The UK were the first in the world to have ATMs, so there is plenty of ageing infrastructure in the UK. But the banks were forced (partly by the EU and partly by fraud) to move to chip and pin and they did relatively quickly.
The resistance to change can be explained much simpler:
It benefits only consumers, while costing the banks and payment providers. It's the same excuses for still having critical banking infrastructure written in COBOL.
> It benefits only consumers, while costing the banks and payment providers
Hogwash. Yes I know all bankers live in extinct volcanoes but one thing they know a lot about is money. It is ridiculously expensive to support the US's conservatism when it comes to finance. The lack of chip and pin pales into insignificance compared to their addiction to paper checks, for example.
It would be completely in the banks' interests if everyone moved to internet banking, NFC cards etc because the running costs and fraud costs are vastly less. The problem is all those pesky, inertia-laden customers.
> The lack of chip and pin pales into insignificance compared to their addiction to paper checks, for example.
Paper checks are indeed a silly cost, but NFC provides banks no gain over chip. Chip provides gain over magnet stripe by basically rendering skimmers ineffective, but only basically in that credit card fraud is still a big business. Instead of skimmers, you use trojans or data leaks. Physical credit cards also sell very cheap on the black market.
In other words, NFC benefits only consumers, not banks. Chip benefits banks a little bit.
> if everyone moved to internet banking, NFC cards etc
Those are very different things. Internet banking benefits banks directly because they can shut down local branches and screw over customers (which they do here—I have to drive to a different city to insert cash, and can only do so within very limited hours).
NFC has no benefit to them (and might slightly increase fraud that the bank will have to cover by allowing ~$40 withdrawals made wirelessly from quite a far distance). Chip presents a pretty tiny benefit to them.
And most certainly, if you have a customer that already use a magnet stripe credit card, giving them an NFC card will result in instant adoption of the feature. We had some statistics when the feature rolled out—it was adopted by everyone with a supported card on the spot. It's much different when you're trying to change a check user to be a credit card user, but that might be more of an issue with the consumer experience with the bank—credit and debit cards over there sound so cumbersome compared to our system where the bank issues both credit and debit cards tied to your account. We don't have the "benefit" card mess.
The benefit of NFC for banks would be an image and PR boost, the bank could say that they are the hip and trendy bank, come to us. Then other banks would have to follow eventually.
Why else would banks in europe adopt NFC or contactless payments?
I am only speaking for a single EU country here. In DK, features such as NFC are released for all banks simultaneously (that is, fully implemented and functioning) through the national payment provider, who is also the issuer for our national credit card type (which is a dual-type card by also being a VISA for international use, and is tied directly to a bank account). I don't think they have a choice, and they certainly gain no PR or image from it.
Now, the national payment provider (a private company) does it because they earn money on terminals, and want to fight to stay relevant in a world of emerging mobile payment solutions such as MobilePay (a Danish mobile payment solution of which over half the population are users).
The only exception to this rule appears to be Apple Pay, which is implemented by some individual banks. I am not sure if this is due to platform differences, or whether it is just the national payment provider fighting back. I'd suspect the latter, as Apply Pay just see our dual-type credit cards as VISA, sending them transaction fees that the national payment provider lose out on.
Other than that, banks here are only differentiated based on their financial solutions, and maybe in some rare cases by their mobile/internet banking solution (all have feature complete variants, but some are nicer than others).
Apple pay and Samsung pay have contact free payments, and it's also more secure than signatures.
But as new payment infrastructure is expensive they will just move if they have to. Perhaps too slow, as their competitor are gnawing at their profit margins.
Also due to some ODD ideas about banks by some of the founders you have not got the nationwide consolidation you did in the EU - the federal nature and relatively weak central government doesn't help either.
With a small number of banks and a stronger central government which can exert pressure you can see why the UK and EU are ahead.
In Canada I have not signed for a credit card transaction in years. Everything is tap to pay and chip-and-pin for larger amounts. Extremely convenient.
When I go to the U.S. I usually have to produce ID when using my credit card. Is this because I am from out of country or do they do this with everyone paying by credit card?
It's because you're from out of country. You'll almost never be asked to produce ID with a standard credit card purchase in the US, unless it's unusual in amount.
I'm in my late 30s and have never once been asked to produce proof of ID in relation to a standard credit card purchase. Whether at a grocery store, restaurant, etc. I've never seen anyone else have to show ID either, maybe once in the 1980s.
I've been doing this for 2 decades. I once had a surreal experience when one store clerk in the US complained that my signature did not match the one in the back of the card. My pleas of "that's not a signature, it's a request to check my ID, which you haven't done" did not move him so I had to request his manager's presence.
It only happened once and that was many (15+) years ago, but if you ever wondered if it could happen, yeah it could. :)
I have both my signature (because it's required for the card to be valid) and "See ID" on the back of my card. I get asked for my ID about half of the time or so. It's rare to be asked at restaurants, but retailers are pretty good at checking.
I've always thought the signature was security theater, asking for a photo ID is way better from a security standpoint.
I do this, and I was very confused to find out that if you try to do this at some government buildings (post office for me) they will completely reject your card and not let you use it.
In the US, the biggest adopters of Apple Pay have been big chain grocery, drug, convenience, etc. stores. For decades, there has been a (somewhat class-based) stigma about holding up the line in these kinds of places by paying with check, government benefits, coins, coupons, or anything else besides cash and credit.
There's also a separate, arguably more deserved stigma about entitled people causing trouble by using unnecessary technology.
These together, along with a reluctance to cause trouble for low-wage clerks, make people reluctant to risk holding up the line by using Apple Pay.
That means fewer people even try Apple Pay, so fewer other businesses see the need to make it available.
It might be faster if it works. If you try it and it doesn’t work and the cashier tries to help and then you have to go back to using a credit card anyway, it’s slow and people get annoyed.
If that reliably didn’t happen, things would be fine. Unfortunately, payment processing in the US (or at least in Maryland where I live) is a mess:
- Point-of-sale devices are frequently broken, with post-it notes taped over the chip slot saying “CHIP READER DISABLED”. I’ve dealt with buggy readers that force you to swipe, then go “Oh that’s a chip card, insert it!”, then when you insert it they go “Chip not supported, reverting to swipe as a backup method”. We’re struggling enough with the basics.
- I’ve seen stores that put a “We accept ApplePay” sign in their window, but when you go in, it’s a gamble as to whether all the dependencies from the reader to the network to the payment processors are working today. When I’ve asked cashiers, their responses range from a despondent “I just don’t know anymore” to a cautious “We have it but I haven’t seen anyone use it in a while.”
- Complicating all of this is the fact that all of the POS devices in my area look identical, whether they support NFC payments or not. I have a hunch that the hardware vendor just ships NFC-capable units to everyone, but only turns them on in certain conditions (maybe related to the type of contract the merchant has?)
If anyone has plumbed the depths of this issue and can explain what’s going on, I’d appreciate it.
The most bizarre one is at a Subway I go to once in a while: they have signs all over saying they accept Android Pay, but when I go to use it the phone vibrates like it worked but the terminal replies "insert chip," or maybe it's "chip required." The cashiers claim it works for other people though. I tried it several times over a year just to see if it was a one-off error, but it always did the same.
I really like Android Pay/mobile payments when they work, the only problem is, I stopped really using it because the success rate is so low. The card readers seem like they aren't that strong, have difficulty sensing the phone, and when it does sense it there seems like a lot of weirdness/try agains. I tried to use it once at a vending machine and I just couldn't figure the thing out, the payment went through but when I selected something nothing happened. Credit card worked fine though.
It was so unimportant when I got a new phone I ended up getting one without NFC.
Oh, I'm pretty sure the “CHIP READER DISABLED” thing is just the merchant didn't set up their account with chip enabled, not any problem with the hardware itself.
> I'm pretty sure the “CHIP READER DISABLED” thing is just the merchant didn't set up their account with chip enabled.
It’s generally the fault of the POS software. In many (most?) cases, enabling EMV on the terminal requires the use of a new API. The POS software has to write code to support EMV.
your cards themselves can disallow contactless payment when a chip reader is present. Discover did this to me when they sent me a chip card - I had been using my discover card contactless for a while with android pay, and all of a sudden it stopped working on all new terminals and started saying "insert chip", assuming the terminal had a chip reader in it. I switched to using my visa card with google pay and it continues to work mostly everywhere, even though I have a chip in my visa card as well.
I find I only use google pay when I'm not in a hurry or when I'm very familiar with the specific reader and it has a long track record of working. If I go somewhere new, I always use my card unless I have time and the store isn't busy.
Exactly. If I'm in the grocery store, I know that I can take my credit card out of my wallet, insert it into the machine (or swipe it), maybe scrawl a wiggly line, and remove the card all in about 10 seconds. Alternatively, I can fiddle with my phone, get it to recognize me, hope it works, etc. which--even if it doesn't always take longer--is certainly less deterministic while the person behind me is probably going through their own version of the internal sigh I have when the person in front of me is fiddling with some non-routine payment method.
About the only time I use Apple Pay is when I'm traveling to Europe because it tends to work faster than when I have to do the non-standard (for there) chip and signature.
> Alternatively, I can fiddle with my phone, get it to recognize me, hope it works, etc. which--even if it doesn't always take longer--is certainly less deterministic while the person behind me is probably going through their own version of the internal sigh I have when the person in front of me is fiddling with some non-routine payment method.
I don't recognise this at all.
Pull phone out of pocket, touch the fingerprint reader to unlock it, wave it at the reader.
Done.
That's quicker than getting my card out of my wallet, let alone swiping and then signing something.
Pull phone out of pocket, touch the reader, nothing happens.
Theory 1: I’m not touching the reader in the right place. Maybe the sensor is on this side or that. Try hovering the phone all over the POS box.
Theory 2: Maybe my phone is not working. Try waving it around again while cashier has this “get your shit together” look on his face. Pull out CC.
Theory 3: The reader supports NFC but not ApplePay, so now I’ve wasted my time. Pull out CC.
Theory 4: Its not even a NFC reader (because there seems to be no standard way of telling by just looking at them). So, now I’ve wasted my time. Pull out CC.
Or the arbitrary transaction limit is set to less than the amount I owe.
At least domestically, I find credit cards almost always straightforward while Apple Pay is hit or miss having the line behind me giving me dirty looks because the entitled tech shit is holding up checkout playing with their gadget.
Never had any of this happen, it's quicker and easier than even using contactless credit cards for me. And it's becoming really commonplace in the UK.
1) You've never unlocked your phone before? How weird.
2) How broken is your phone? Never had this issue (I use android pay multiple times per day)
3) This is unusual, to the point of not being a thing here - Applepay is compatible with contactless EMV, as is Android Pay and there's basically nothing to be done at the merchant end to support it.
4) Of course there's a way to tell, they all have the four lights at the top, either physically or on-screen, plus there's the contactless logo the display on-screen.
These imagined impediments are hilarious though, you should have a sketch show.
I use android pay when it's available in the US, but the first time you encounter any specific reader, there's a learning curve. By "reader", it should be obvious we mean the reader that is in the store that you tap your phone or slide your card into, not the fingerprint reader on your phone.
Most of them look like this: https://en.wikipedia.org/wiki/Payment_terminal#/media/File:P... and will occasionally have a contactless payment icon or an apple/android pay logo on the screen when you walk up to it. In the case of this card reader, the NFC point is at the bottom of the screen and you basically have to rub your phone on the screen to get it to read.
Sometimes they look like this one: https://www.flickr.com/photos/jeepersmedia/14128014654 but that big pad at the top is a lie - those have never actually worked and if there's not a sign on it, the cashier will tell you it's "broken".
I'd say about half of my credit card transactions these days involve me handing a card to someone who swipes it directly into the register - there's no way to possibly use NFC or enter a PIN for debit/etc.
The NFC area is consistently at the top, and is consistently visible. If the standards aren't being followed in the US reader market then clearly that's not going to help anyone, but it's just more evidence that the US credit card technology market is outdated and a very weird outlier.
I've worked for a large retailer who has purchased a sizable number of verifone devices (hundreds of thousands). The devices do have NFC-enabled readers in them to support Apple Pay, however, the contract that the retailer has with Verifone specifically says that Apple Pay is disabled: The retailer does not want to pay for the development cost for enabling Apple Pay in their Point of Sales stack.
It's a great add-on for Verifone: A couple of bits get flipped in fipay and in their backend and boom: Apple Pay (as long as the payment processors support it).
Contactless payment is so widely adopted that it's given me no particular reason to use Google Pay or any other mobile payment system as they're not particularly better from just using my card...
US here, got issued a chipped card about a year ago and noticed quickly that any attempt to swipe with my card would be greeted with an error message and instructions to insert the chip. For all systems I've seen, it seems that if the merchant accepts chips and if the card has a chip, the chip must be used, regardless of any user reluctance.
Most readers I have experimented with in the US will allow a swipe after 3 unsuccesful chip reads (inserting card in opposite direction w/ chip exposed).
Also Australian used to using Paywave. I traveled through Europe in January. My card was accepted without issue in most countries. There were a few countries like Greece where I need to use Pin. Outlier was in the UK where I had to sign and show photo id, which I found strange.
> Outlier was in the UK where I had to sign and show photo id
How long ago was this? Signatures haven't been a thing here for well over a decade. Also is Paywave just contactless? Because we've also had contactless for a fair while.
Most chip readers in the US are incredibly slow. Like 10+ seconds just top read the card. There are faster authentication schemes that some of the readers use, but it's rare that using the chip is very fast, while swiping is always instant.
When I visited the US in late 2014, most places didn’t support contactless payments; a few did, but the operators didn’t necessarily know it, because basically no US cards supported it. I really confused a Subway employee near San Francisco by using it, and stopped to explain how it was that the transaction had gone through without him noticing.
Can anyone explain why credit cards are preferred in the US? In the Netherlands they're basically an obscurity, and I couldn't even pay for my groceries with one. We all have debit cards that charge directly from your bank here.
For consumers, credit cards offer benefits, such as cash back, "point rewards" systems, and so on. The price is the same, credit or debit, so why not credit?
IMO, Most American got used to the life use the money in future. CC is the simplest way to loan money from the bank now, and pay it back in future. Meanwhile, the bank also like this, as lots of people wouldn't able to pay the debt on time with full balance, so they can make money from the interest.
US fraud rates are so low it's cheaper to eat the cost than to change the system. A more interesting question is: why are fraud rates so high elsewhere?
[The] U.S. the third-highest rate of fraud worldwide, and was the only country to remain in the top three from 2014 to 2016.Additional research from the Nilson Report, October 2016 stated that in 2015 alone, the U.S. accounted for 38.7 percent of the worldwide payment card fraud losses
It turns out that a signature on a bank check means nothing. Neither does the payer name on the check. Not the amount in cursive. Nor does the check paper.
The only things that are checked are the digits of the amount, and the account number.
The rest of the check can be complete garbage, and the check will go through and the bank will pay it. Then the banks will blame you, the account holder.
> The only things that are checked are the digits of the amount, and the account number.
Well, the payee is also usually verified to match the destination account, and a few other elements are technically required for it to be a legal financial instrument (even if banks don't spend the time to check them every time). Legally, a check could be written on the back of a napkin and still be valid - as long as it has a few required details.
The thing I've come to learn about checks is that their security features are not necessarily intended to prevent fraud, but rather to legally prove fraud after it has occurred. So no, banks often will not check those things, but anyone with access to the ACH network can reach into anyone's account and move funds around if fraud is suspected (it's basically a shared database with surprisingly little security). It inherently relies on the legal system to sort things out after the fact, which is a completely different approach from what we see in modern information security (where preventing unauthorized access/behavior upfront is the primary concern).
> It inherently relies on the legal system to sort things out after the fact, ...
This is why it’s critical to have transaction alerts for all activity for your financial accounts. Otherwise you could have an ACH slip through that drains your account. You wouldn’t notice till the next time you logged in or, more likely, when you try to use your debit card and realize it’s cleaned out.
On that note, also consider your daily transfer limit.
Often times banks will set these limits unnecessarily high ($10K is common). Alerts are a good way to spot the fraud, but limits cap how much they can take in the mean time. Even if you will ultimately get refunded, it could take months of a slow investigation before that occurs.
I have mine set to double the most we've ever spent in a single month, and I've only had to increase it once (vehicle downpayment).
> The dangerous ones are those that take tiny amounts monthly that you just won't notice.
Wait, what? How are you not going to notice? Every transaction is a line on your statement which, I think, all banks issue monthly.
Besides, if you have a computer, you can download all transactions (to Quicken or similar software) every day or two and verify all your new transactions. If you have a phone, Many banks and cards can even be set up to notify you on each transaction.
If there was fraud on my account I’d know instantly, at worst within two days.
Most statements (at least in the US) have very cryptic descriptions though. For example there might be an entry for EPC #008 for $2.95, and by deduction I can figure out that is the identifier for the coffee kiosk in the lobby of my building, but there is no way I would be be able to identify all transactions. Normally it doesn't really matter except for large transactions which I would remember. I can see a small fraudulent charge going unnoticed.
>>The only things that are checked are the digits of the amount, and the account number.
Ha! Not even that. In the cheque clearing process, about the only thing that ever gets checked (even by automated processes) is the MICR line (account/transit and institution number).
Everything else (EVERYTHING ELSE) is just assumed to match whatever the person entered at the ATM/image capture app/teller window. The bank considers it your problem, as the cheque writer, to catch any issues on your next statement, and then they'll review the image of the cheque (in many jurisdictions now, the physical cheque is destroyed pretty early in the process). You should really never ever give a cheque to someone you don't trust. It's pretty silly, but that's the reality.
Although, fun fact, it's the cursive amount that is the 'official' one if there's a mismatch between that and the digits, since it's much more difficult to subtly adjust that.
Source: work for an institution that processes literally millions of cheques (I'm not in that area, but yeah).
Came here to say this. The "spelled out" amount takes priority if there's a conflict in the two values.
Also worth noting, it doesn't need to be in cursive. I spent all my life struggling with writing in cursive on checks (because it's pretty much the only place I ever do it). One day, someone told me I could print it (it just never occurred to me that this was acceptable) and I've been much happier ever since (during the, you know, 10 times a year I actually write checks).
I'm down to 4 checks per year now. City and County taxes, twice per year. For some reason the local government still uses a credit card processor that adds 3% on top of whatever you pay, and when you're talking about property tax that's painful. The stamp is much cheaper.
I've been printing the amount for years now, as my cursive was never terribly legible to begin with and has decayed from lack of use. The whole point of that field is to make it so someone can't just add some zeros to the end of the value. Just write the value out and draw a line through the rest of the field.
Is this hyperbolic or do they actually add 3% on to your amount? If so that is just disgusting. I can understand it from ticketek or similar, but from a government body?
Better than my apartment building's utility provider (for water and such) -- any payment, even if you're being so direct as to be foolish by sending cash through the mail, incurs a 7% fee.
The government doesn't handle CC purchases directly, they hand it off to a third party. The third party passes on all of the CC overhead plus a bit for themselves to you. It's small government in action.
Yup! I worked for a property management company that was rolling out check scanning (X9 imaging, not ACH/ARC) to 150 locations. In every group that was rolled out there was inevitably at least one person that would scan a batch of checks and enter the amounts really incorrectly.
That has not been my experience. I've had multiple checks rejects for mis-matches between the written out line, and the numeric amount. I've also had checks deducted based on the written amount and the numeric amount ignored.
In the old days, they would print a computer-readable version of the amount on the bottom of the check, right-justified with the account number. Once that was there, most banks just processed that, and ignored the rest of the check.
That's not always true. I bought a car in 2012 and paid by check. Unfortunately I tranposed the cents amount for 89 and 98 in the two number fields. I got a call a few days later saying the check didn't clear because of the mismatch and that I needed to come back ASAP and write a new check with the proper amount in both fields.
For all intents your checking account is a locker full of money that’s unlocked for the taking. The check is nothing more than an archaic means of conveying your “locker number” to someone else’s bank. I highly recommend keeping your checking account balance as low as you can, and either disable overdraft protection on it or point the overdraft protection to a credit account.
The other info on the check isn’t meaningless. It will (should) be examined when there’s some kind of fraud or dispute about a check payment - but it effectively does nothing to prevent fraud or theft.
That figures. Well at least the number isn’t floating around out there. But unfortunately many CUs have just a single digit difference between accounts.
Don't have non-investment money? Investment accounts can hold treasury bills and short to intermediate term bonds and bond mutual funds. Your checking account just needs to hold enough money to pay a month's worth of bills or so.
This is untrue. The signature and the amount in cursive do matter, but not in the way most people think, they matter only after the fact. If a check is unsigned and someone cashes it then you can usually get that money back in small claims court, though not always. Or if the signature doesn't match on a check you can use that to convince your bank that the check is fraudulent. Also, if the amount that the check was cashed for differs from the amount written in cursive, again you have avenues of redress there including small claims court.
As you say, none of this will prevent basically any amount of money from being withdrawn from your account however. But you do absolutely have routes available to you to get your money back. If your bank blamed you instead and didn't let you know what options you had then you had a shitty bank that rolled you, you should get a new bank (or a credit union).
Back in the day, I had a case of the opposite problem: my check to the phone company got cashed for $89.89 rather than the $89.98 that was due, even though I had written both the digits and the spelled-out version of the number indisputably correctly. So PacBell decided to slap me with a $35 fee for not paying my balance off on time. The cancelled check that I had in hand clearly showed that the mistake wasn’t mine, and it also had been imprinted with the wrong amount at some processing step along the way. Needless to say both the bank and PacBell declined to take any responsibility, and it took a lot of time on the phone before getting a sympathetic rep who could reverse the fee “for goodwill“.
Surely this must not be a unique case; what’s supposed to happen in this sort of situation?
It amazes me that cheques are still used. I'm 36 and I've never issued a cheque, I think I was issued a cheque book with my first account but never used it.
I've been going back to written checks lately because of huge timewasting problems with electronic billpay systems - problems like the bank says they transmitted the money go talk to the vendor. The vendor says they never got it, go talk to the bank. Around and around and around.
In the past, I'd wave around the cancelled check and resolve it quickly. With ebanking, it's hours and hours on the phone and sitting in the bank manager's office refusing to leave until they deal with it.
With that particular one, I eventually made the bank issue a "clawback" on the funds they transmitted. Wonder of wonders, this caused the vendor to find the money they'd received :-)
I've never had a problem with Bank of America bill pay in the decade plus of using them. Never had to write a check in my life or have a checkbook. You just put in the name and address of who you want to pay, the amount, and BoA mails a check to them.
The payments clearinghouse in USA is in need of an upgrade but no one wants to pay for it or suffer any downtime or errors. Waiting up to three days is the reason why Paypal/Venmo, credit cards, cash and wire transfers are still so popular but these fast options can carry hefty fees. e.g. Credit cards skim 2% of businesses' revenue, ATMs can charge $3, and wire transfers are 25USD. Banks also benefit from the liquidity problems that can result - it's another reason to apply for credit or leave a larger cash reserve on deposit.
I’m 29. I and many people I know have used checks several times over the past decade. It always surprises me when I read these stories on hn about how checks are dead, but this is not dissimilar to the mentality that self driving cars will be ready any day now.
Maybe this is how life is like in the Valley, but even so I doubt it’s the experience or thought process of the non-tech worker.
I just used a check this month to pay for my earnest money deposit for a house I’m buying. Before that, I’ve had to use either money order or personal check for the deposit and application fee of every apartment I’ve ever rented. Several landlords only accepted checks for the regular rent as well.
They weren’t slumlords (as some of the other commenters here assume), those who took only checks for rent were individuals who rented out a house or apartment building and took good care of it.
I’ve paid my gas bills with checks back when I lived with college roommates.
Checks aren’t as ubiquitous as they once were, but I remember in my life time, growing up, when they were ubiquitous.
Inter-bank (wire) transfers aren't that hard. You just need to ask your bank to do it. Sometimes you have to come in person to do it, sometimes a faxed signature is all you need. I've always been slightly nervous about how easy it is in fact, since anybody can forge a signature and send a fax.
The big caveat is that the Fed likes to sit on the transfer for a day or two, or sometimes more. Very annoying if you are on a deadline for the money.
FWIW, that's mostly a non-issue because of the Direct Debit guarantee:
> If an error is made in the payment of your Direct Debit, by the organisation or your bank or building society, you are entitled to a full and immediate refund of the amount paid from your bank or building society
I'll write a check if charged a fee not to write one. A few years back, I lived in an apartment building that added the 3% processing fee if you paid by credit card and 1% to pay electronically from your checking account. I'd write a check and just drop it off when walking through the lobby. (They eventually dropped the charge for one's checking account.)
The only check I routinely write now is to the gas company. They use Western Union as their payment processing vendor and WU charges $2.95. It's petty, but it's easy enough to write a check.
Landlords only want cashier's checks if they don't trust you. If they don't trust you, they're less likely to rent to you. So requiring cashier's checks is uncommon, barring some extenuating circumstance like you've previously written a bad check or been late.
As a landlord, I always request cash or cashiers check for move in money. I don't want you living there for 3 months for free while I fight your bad check through the court system to get you evicted.
It may sound shocking, but some people will do this. Source: me, landlord since 2001.
In the US, bank transfers are reversible? (Here in Germany, if you sent the money it's basically gone, you can only reverse payments that the other side "pulled" from your account) Always interesting how the types of service available and their rules shape what's used where.
On behalf of the cardholder they do. When a cardholder complains the card company just reverses the payment to the merchant in a 'chargeback', sometimes months later. Then the merchant has to appeal to get it back. So no the credit card companies don't care about fraud.
I was always asked for the deposit in cashier's check form, and I had a credit rating over 800 and a steady high paying job. It's a real hassle when you're new to the area and don't have the bank account moved over. Luckily convenience stores will write them for you but they charge for it.
In the US, they're still a pretty standard way for individuals to pay each other or to settle accounts with service people. I don't write a lot but it's how I would square up with someone for a weekend trip or pay for my housekeeper or furnace servicing. I also "write" checks through my online banking but don't do those by hand.
Some banks allow customers to send cheques/checks printed by the bank, even on a schedule. This makes it easy for the bank customer to routinely pay predictable bills or send someone money on a schedule without having to go through the hassle of setting up direct deposit to their bank account (which is needlessly difficult even transferring money across two customers of the same bank, or across two banks in the same country). But the paper sent is far too revealing. The amount of information printed is remarkably high in order to do something that should be considered routine by now. And cashing or depositing still requires physically depositing paper somewhere like a bank teller's station or some ATMs. Remarkably few places will accept a picture and conduct the transaction from information gleaned from the picture.
I'm 36 too but I've issued hundreds of checks... and also issued some indirectly (Bank of America's bill payments issue paper checks to companies when they don't accept electronic payments)
Fair warning, I used to work for the company that makes BofA’s bill pay product, and it can have a mind of its own. Even payments that should always be electronic will sometimes decide to mail checks for reasons that you’ll never a get a good explanation for.
They can be pretty handy. I don't have a physical checkbook and that causes problems for me once or twice a year. Typically when I am buying motorcycles. Those transactions tend to take place on weekends when my bank is closed and for amounts larger than my ATM cash withdrawal limit. They also tend to occur with parties that do not accept electronic payment methods.
I think the "parties not accepting electronic methods" bit is more surprising to people in places with more modern banking systems...
In Australia you can hardly buy anything anymore with ordinary cheques (you can still use a bank cheque for a car from a dealer or deposit on a house something, but that's the kind that you go to the bank, pay a fee and they print it out).
Hardly any private seller for a car or anything would ever take a cheque though - it's mostly always electronic. This year they're bringing in a real-time system (the current one is free overnight transfer to other banks and immediate for the same bank) which you can send people money immediately with just a mobile number.
The last motorcycle I bought I had to wait two days to go to a physical branch and get a (free!) cashiers check then go back to the shop to buy the bike. We made the deal on a Saturday and the guy asked for a check and I said "It's 2018, I don't have a checkbook" to which he chuckled but it wasn't clear what I would have used instead. Normally I would just carry cash but I don't make habit of holding on to that much cash. There are billpay methods I could use with my bank but they are not instant, anything instant would have cost something like 3% which on ~$5,000.00 is not feasible.
This is how it has always been (tm) here. It's interesting to hear about the glorious future that other countries have. How do you identify the account you are transferring to? I was technically interacting with a business, do they just give me a phone number/email and I use that?
I think my bank is working on a way to do instant transfers but I'm not sure how any of that works.
With BPay, you have a biller code (six character number) and a reference (which is longer, like 12 characters - usually this is like your customer number with that biller, so it doesn’t change). Generally every bill you get will have those details on them. It’s free which is nice.
For a regular transfer, you have a six digit number that identifies the bank/branch, and an account number (variable length, depends on branch). You just always use this method and your bank checks whether it’s a BSB at the same bank and does an instant transfer, and if not clears it through the central bank. I think batches run at 9am and 5pm every business day for that.
For those kind of payments, they’re bringing in two new things this year - a new real-time clearing system for small interbank transfers (that is, under like $100k or $250k or something - larger payments you have to use a special system called RTGS), and ‘PayID’ where you can have a mobile number for an individual or your Australian Business Number for a company, and I think internally it resolves back to the account number / BSB (I guess like a DNS system for banks).
Sounds like the case of a $5,000.00 motorcycle deal on Saturday afternoon still isn't handled "instantly" in the same way a check would be. At least not until the real-time system arrives.
I use checks (USA) for all my bills (including online payment they my bank where they mail the checks for me) because most places either do not accept credit cards or they charge an outrageous fee to accept credit. Lots of local businesses, especially contractors, cleaners, etc, either do not accept credit or highly resist it.
Do you still live with your parents or rent from a slum lord who only takes cash? Most landlords seem to only take cash or checks, it's really only the national apartment companies that take online payments.
Here in Australia I'm not even sure if my real estate agent would accept a cheque for rent at all - I'm pretty sure they told us from the outset that electronic payment was the only option they offer.
Australia, pretty much everyone accepts BPay which is an online direct payment system or direct bank to bank transfers. These both take < 3 business days
Even waiting one day is pretty poor when it comes to funds transfer times, let alone three!
It's a significant burden on commerce, businesses, and individuals to be without their funds for that long. And a big win for greedy banks who boost their balance sheets and profits by holding all those "in transit" funds.
In the UK, the "Faster" payment system, introduced about 10 years ago, means that the vast majority of bank-to-bank funds transfers are completed instantly.
It'll be real-time with the New Payments Platform (NPP) being brought in this year.
BPay is only for bills and stuff - I'm sure my power company don't care that much that if I pay my bill on Friday night it doesn't clear until 9am on Monday morning... (it still counts as the bill being paid on Friday). It usually clears next day on business days anyway.
Also, the bank's balance sheets don't get a "boost" from holding payments. Deposits and other customer funds are strictly a liability to the bank (they owe them back to you), and they don't automatically get interest on them. So they don't have as much incentive as say a company does to pay invoices late to collect more interest.
What's fun is that last I looked the banks still didn't have any actual technology to support this feature. The rules they're obeying explain how the feature works for customers, but the implementation is left for them. And so their actual implementation is blind trust, settlement for the transactions happens at the old rate, hours or days later. The balance updates happen instantly for end users, but if any of the banks is engaged in fraud, that won't be detected until it's probably too late.
I expect this seems like a great cost-benefit trade, right up until a multi-billion fraud wipes out one of the banks, and then suddenly they'll be really excited about something better than "cross your fingers" as a resolution mechanic.
I work for a UK business and we have had a number of queries from our bank because of an unrecognised signature on a cheque written from our account. So some banks in some places di check the signature
> The only things that are checked are the digits of the amount, and the account number.
YMMV. Simple won't let me deposit a check made out to "Me and Wife" in my personal account - I can only deposit it in our joint. They'll permit me to deposit "Me OR Wife".
I had a really negative issue with Simple: a garnishment (wasn't my garnishment -- there's someone with my same first and last name with the same birth date who has a different middle name) that was incorrectly applied to my account. When I presented Simple (and their controlling bank) notification from the garnishing agency that they had garnished the wrong account (and deposited the check from the garnishing state's treasury back into my account), Simple's response was...to garnish my account.
Suffice to say, I went back to my neighborhood bank.
To Simple's credit: Their customer support was beyond fantastic -- they were at the mercy of their controlling bank...who was receiving the garnishment request.
When Simple switched banks last year, I received a check in the mail for $3 and change for the amount that I had left in my account after moving my direct deposits and such over. Just...a massive headache.
Yeah, I'm really baffled as to why people write checks this way, I've schooled a few people on this - always write Person 1 OR Person 2, that way either of them can handle it the way that make most sense for them. Whenever I pointed out the issue with writing "and," I always get "oh, I didn't know that." To me that's obvious?
I suggested that approach, as well as having her file a support request authorizing it through her own Simple account. Apparently their parent bank's policies prevent both.
This was before they had the joint offering, so we had to request a new check. Now we just put stuff in the joint.
Fun fact. You can theoretically write a USA legal bank check on the back side of a napkin and it will be honored. As you point out, it just needs the correct bank routing number and account number.
Most banks now have clauses allowing them to reject non-standard checks. Too many people writing “pay to the order of” on coconuts and pigs and other non-machine-readable items
Probably people who believe that the payment they are making is unjust. Former scum landlord is charging you to repaint the walls because you "ruined them" when they were in fact pristine when you left, just because he doesn't want to foot the bill for finally getting rid of that 70s era mustard yellow color. You could fight it, but he has a lot more time for small claims court than you do, and you now live halfway across the country.
Just last November I miswrote a check where the digits and written amount differed, and it was processed for the written amount, which has traditionally been the controlling value.
I was taught to write the number as $400 23/100 One day about 3 years ago, all such checks started coming through as $4.00, and I wound up with late fees and such. Although the bank denied it, it was pretty obvious they'd just changed their OCR software. I now write the checks as $400.23
That's what I mean. Normalizing input from weakly defined fields is a nightmare. Every time you think you've gotten every edge case someone will come along and prove you wrong. And then your employer is mad at you because you didn't think anybody was still writing their checks with Roman Numerals or something.
Yeah, I once wrote my landlord a check and totally forgot to sign it. The bank cashed it just fine, I was surprised.
It also depends on the teller, how much of a hardass they are going to be about cashing it. I guess I don't know what the protocol is for for mobile deposit, they may or may not have manual review.
Common is a stretch compared to how common they are in the US. Banks in Brazil still give them to costumers, but I’ve never seen anyone use them. In the US, mailing checks around is a common occurrence.
I just want to take a moment, and tell you that you're wrong about what happens and what matters when a check is deposited (or cashed) and then cleared by the issuing account.
The courtesy amount is the digits. The legal amount is the written expression for dollars.
The legal amount matters, and had you taken your bank to court (if you didn't sign your legal rights over to arbitration), the legal amount prevails.
There are rooms full of people working minimum wage night jobs, to verify checks that have values in conflict with each other, associated documents, or are generally illegible. Something like 90% of checks are verified by OCR, and deposited for an amount often within a margin of $2.50 per deposit.
The remaining ten percent are processed by hand, balancing deposit to written amount, usually within the $2.50 same margin. This represents hours of checking transaction amounts for tens of thousands of transactions, as a fraction of the automated processing. The $2.50 is usually reviewed by managers in an end-of-day report.
For maybe a quarter of a million documents processed in one evening by a room full of around fifty people running OCR equipment (made by IBM and Unisys), and performing manual image review and physical document inspection, maybe 200 are kicked out by the machinery and software to be deciphered by hand.
Sometimes people get lazy, and are on the verge of quitting anyway because night jobs suck, and if you argued until you got your way, you were probably dealing with such a situation.
I took my new chip enabled CC to Germany 3 yrs ago and paid for a train ticket with it. The clerk said "ugh an American card" and had me sign some random piece of paper. I felt like an antique.
Most European cards use Chip & PIN with pin preference: If the terminal supports it the card will ask for a chip instead of a signature. Chip-based signature transactions are only used as fallback if the terminal doesn't support pins (which is very uncommon).
Unfortunately most US cards don't use a pin code at all. There are a few issuers that provide you with a pin code, but even in those cases there's typically a signature preference and the pin code is only used as fallback if the terminal doesn't support signatures. So if you're using a US card in Europe pretty much the only places where you can use the pin code are automated terminals (e.g., at train stations). At most other places you're going to have to use a signature.
There are a few US issuers that issue Chip & PIN cards with PIN preference - for example UNFCU and First Tech Credit Union. Those cards work great in Europe, but are sometimes a pain to use in the US. E.g., if you're paying at a restaurant and you have to go with the waiter to the terminal in some backroom, because the terminal asks for the pin. That's not an issue in Europe, as waiters usually carry mobile terminals with them.
> Those cards work great in Europe, but are sometimes a pain to use in the US. E.g., if you're paying at a restaurant and you have to go with the waiter to the terminal in some backroom, because the terminal asks for the pin.
Huh? I have a European card (chip & PIN, PIN preference), and at restaurants in the US I've always signed and never had to go to the terminal in some backroom.
> I have a European card (chip & PIN, PIN preference), and at restaurants in the US I've always signed and never had to go to the terminal in some backroom.
I had that a few times in Asia (think Vietnam). I quite appreciate the times it happened. Instead of taking my credit card then hoping for the best I specifically have to authorize the transaction. In Europe they usually just bring you a portable device.
Depends on the restaurant. Most of the times the terminal doesn't support PINs and so it falls back to signatures. But some restaurants use PIN-capable terminals in which case that issue occurs.
I've had a restaurant in silicon valley (three years ago?) tell me that they couldn't use my card because the machine kept asking for some number and they kept entering zeroes and it didn't work.
That's only for US debit cards where a debit transaction requires a PIN code, but a credit transaction prefers signatures. For credit cards with PIN preference it shouldn't make a difference, as it's up to the card to decide which mode to use (based on the options that are supported by the terminal).
I know some terminals here in the UK lie about their capabilities, for example they'll tell the card they're offline only even if they do support online transactions.
Yeah, When the pin first became popular in canada the technology was already wireless. They have a pretty good range too and i've never had a problem even on the largest of patios or the deepest corner of any underground hipster joint.
In Brazil wireless credit card terminals are also very common, and all I've seen use cell phone radios, so they work anywhere a cell phone from the same telco would work. Once in a while you still see the old wired terminals (which use wired phone lines), they are slower since they have to dial to the backend. And of course there are the terminals wired directly to a POS terminal (but places with these usually have wireless credit card terminals as a backup).
There are a few cards available in the US that do chip + PIN. Debit cards also work.
I have one credit card that I mostly don't use anymore, and keep the account open only because it does chip + PIN so I can use it at train-station kiosks in Europe.
These are mostly examples of inventions like the television that were not in practice some "out of the blue" discovery but instead a product of lots of small innovations at the same time. If the person who is usually acknowledged as "inventor" of these things had instead done something else they would anyway have come into use at about the same time but in a slightly different form and with some different person as inventor.
For your example of "the Internet" that's true only if you squint and choose TCP/IP as "the Internet". But if you take a step back the Network is a more or less an inevitability, I would insist on dating _that_ to at least the Treaty of Bern (1874) and perhaps earlier. Of course Bern moves actual paper letters, rather than just bits, but the central idea is there - the network effect, we must communicate with absolutely everybody, if we let national sovereignty get in the way of that we lose out.
Now if we could only eliminate them for everything else.
Buying and selling houses is excruciating thanks to the number of signatures required.
I went to a closing on behalf of my then-wife who didn’t want to deal with it; because it was her house we were selling, I had to sign all the paperwork on her behalf, which involved a signature plus some additional verbiage. My hand was in pain by the time we were finished.
Most of the time a signature isn’t for verification but rather for acknowledgment.
I don’t give two shits what you put down as a signature, I just want a record that you consciously were present and signed something, so I don’t get accused of trying to pass off something quietly that you never agreed to.
If I have some scribble you made at a time and place, the onus is on you to prove it wasn’t you who did that.
My recent apartment lease was delivered online, but required me to go through every page and click a button that filled in my initials in a cursive font. It’s silly, yes, but I’m sure it’s just there to “prove” that I acknowledged each page individually.
That's the e-equivalent of initialing every page of a contract. The cursive part is funny. Rituals change slowly. People trust moused signatures and fax machine timestamps more than RSA public keys.
If it's DocuSign, they actually let you pick your own font from a list, so you can claim it's "your" handwriting because you chose it. And it's been a while, but I think they let you mouse a signature and initials if you don't like any of the fonts.
The funny thing is that for the last few years, I've been trying to make my own handwriting resemble an italic serif font as much as possible, so I actually do write like a font. But for everything except my signature. I never sign anything the same way twice, and my signature is always just a random scribble. Sometimes it's even an X.
It is, but it means parent will lose any contractual dispute ever on the signature proof part.
Here is how it goes in a dispute. You have A saying B signed a contract, and B saying he didn't. It's A's job to prove he did first, and he indicate there is a signature on there, and it's B's. So now it's B's turn, and he needs to show it isn't his (if he does, then A become accused a making a false, and will need to prove he didn't).
To do that, B needs to prove that he usually signs a different way, so he provides other signatures everywhere to show it. Since parent signs differently everywhere, he cannot show that he has a regular signature that doesn't match the one on paper. In fact, it shows that any scribble CAN be his signature as long as there is one, and thus the court will tend to assume the one on the contract is his.
So parent's strategy is terrible, and you really shouldn't be playing that game, because it doesn't catch you until it really does.
> To do that, B needs to prove that he usually signs a different way, so he provides other signatures everywhere to show it. Since parent signs differently everywhere, he cannot show that he has a regular signature that doesn't match the one on paper.
How often does that work? Presumably a fraudster would copy B's signature from a receipt out of their trash or something (a priori they have no way of knowing that B signs differently every time); how likely is it that someone going to that effort would not get a signature that's a "good enough" match compared to B's normal signature, however careful B is about always signing the same way?
The vast majority of cases where this relevant (99+%) are identity theft, where you got the name / ssn /address through some mail or website or whatever and uses that to contract things on someone else's name.
Also, finding differences in signature is much easier and much more advanced / developed than you would think. Even if you copy mine after seeing it or having a model, the places where you slow down your pen etc... Vary compared to me, and that can be detected.
Is it possible with technology to make a perfect copy? Of course, but then you just move to the next steps of the case, and you already cleared out the majority of bogus cases.
So having a fixed stable signature is a very good thing for you the user, and it always surprise me when I see people who think they played the system when they screw their own protection like parent.
> Also, finding differences in signature is much easier and much more advanced / developed than you would think. Even if you copy mine after seeing it or having a model, the places where you slow down your pen etc... Vary compared to me, and that can be detected.
It's a bit nonsensical that it should fall on a person to prove the negative (that they didn't sign something), as opposed to the party claiming that an action took place having to substantiate their own assertion. But I can believe this ended up being the precedent based on the "golden rule".
It seems like a pragmatic individual solution to address this would be to sign with an X or line or whatever, and diligently keep a log of everything you sign (perhaps facilitated with a phone app, with a conf code to write next to your signature). Then, when the supposed event isn't in your log, it should be back on the aggressor to prove their case.
Provide an index sheet attached to a stack of papers acknowledging documents included (title, version, date on document, page count). Check by each line, one signature overall.
Nope, too easy to argue you signed a bunch of things you did not see. I want each page initialed and important disclaimers signed at the location they appear. Will make it much easier for me in court. Much harder for you.
When we raised money from several VCs (using some of the top legal firms in silicon valley and NYC) all we had to sign was the very last page which had only the signature lines on it.
It could have been attached to anything. And in fact, sometimes, they emailed us the signature page separately for us to sign, scan and send back.
So I don't really think there is really much legal benefit to having stuff on every page to sign.
Just because you don't understand it doesn't mean there isn't a legal benefit.
A paper contract must be done in two copies. Every page numbered and signed by both parties. That's the only way to cover your ass against the other party replacing pages and terms.
I have a genuine question, and because text doesn’t convey emotion I want to be very clear that my curiosity is genuine: what is it that you’re doing that is, by appearance to me, a common transaction (perhaps multiple times per day?) wherein you want to be absolutely sure that the customer assented to lengthy terms and conditions and you’re often going into court (at least so often that you want it to be “easier for” you)?
And, as a follow-up, how does this relate to a signature being used as confirmation of payment? (Or did you mean in relation to the signatures for housing transfers?)
Actually, it's the other way around. The credit card company, and by extension the merchant, have to prove that's your scribble.
Here's one way to think about it. If it was the way you suggest then all an identity theif would have to do is to draw something on the dotted line and all of a sudden you're in a position where you have to prove your innocence.
It depends on how much money is at stake, what the alleged issue is, and what card network and network was used. Amex is infamous for almost always finding in favor of its cardholders, even more so than already cardholder biased CC isuers.
Funnily enough I sold a house from a foreign country at the end of last year, and while I found the process annoying (there are always problems with buying/selling property), the number of signatures wasn't a problem.
One of the problems I came across was the number of things I had to send through the postal system. Apparently scanned documents (signed) weren't good, and using a fax machine wasn't an option either.
So I had to print forms, sign them, and then mail them - always with tight deadlines. Luckily only one piece of mail was lost en route, and it was skipped in the end.
(I also had to mail back the physical bundle of title-deeds, something I was told previously was all electronic these days. Fascinating documents though, I remember when we paid off the property we received them and there are copies of each sale contract/price details since the place was built in around 1890. First sale was for £400, then the next for £1200, and every 1, 5, 20 years it would sell for more. Went for £162,500 when I sold it. That's a huge jump from the starting price!)
I rented a property a couple weeks ago in Massachusetts, USA. The rental agency used a web form for signatures. My new landlord used something that looked like Comic Sans. So, I guess this is a thing now. I was a little surprised.
Yes can we please get rid of tipping and pay waiters and staff what they should be earning? Build the price into the menu and let the market decide the price. Too expensive? You will lose customers. Too cheap? You will have lines out the door and you know you can increase prices.
The rest of the world does not tip (Europe & Asia). Only in North America is this awkward tipping practice still a thing.
Tipping still happens in Europe and SE Asia it's just not silly like North America. In the UK we'd leave a few pounds typically, let's say table bill was 47gbp, you have be a shameless mingebag to collect the 3gbp change if you were happy with the meal and service. But we don't subscribe to the non sense of 10% tip if unhappy, 15-20% if happy, if crap you don't leave a tip or pay service charge.
Sure, and I leave tips the vast majority of the time too - but I've had situations where I had no cash on me, the card machine didn't accept a tip, so I just left without feeling bad about it, it's not a big deal.
Not to you I guess. The server has only a very fixed opportunity to get tipped in a shift. To miss out on one is actually significant. Not to mention depressing.
My point is - in US not tipping felt like being an absolute asshole, to a point where people would be upset - they grew up in a culture that values money above all else and not being tipped is I don't know, an equivalent of being spat in the face? In UK I've never felt that way. I've had perfectly good meals that I didn't tip on, just like I did in France, Spain or Germany and it never felt like the server expected a tip. They might be a bit disappointed that they didn't get one, but that's their problem. I'm disappointed about a lot of things but that doesn't mean I'm entitled to them.
The reaction in the US isn't based upon some cultural obsession with money. Wait staff in the US is paid differently than in other countries. Wait staff in the US is largely paid the minimum hourly rate for tipped employees which is $2.13 an hour. It is expected that the majority of their income will be earned through tips.
There are many states where tipped employees earn the same minimum wage as non-tipped employees. The social expectation remains the same in those places.
Employers are supposed to make up the difference if the total with tips falls below minimum wage, but I don't think enforcement on that is very strict.
So its not up to you to enter a restaurant prepared to pay for the meal? You can do lots about it; in fact nobody else but you can do anything about it.
I'd rant about "this generation is so entitled" but hey that post says it all.
>>So its not up to you to enter a restaurant prepared to pay for the meal?
I have paid for the meal. At the end of my visit I was given a receipt and paid the indicated price - what else do you want? If the server is disappointed they didn't get a tip, then I think I know who is entitled in this relationship, and I have a very strong suspicion it's not me.
>> in fact nobody else but you can do anything about it
I pay my employees a good wage - so why can't the restaurant owner do the same? It's not up to me to make sure that a waiter is satisfied with their job - it's their employers problem, just like I have to take care of my own employees.
There it is - the deliberate explaining away of personal responsibility to make oneself feel better. The last comment gives away how we all know the first is false.
The restaurant owner in America does not pay a good wage, because tipping is a thing and the market adjusted. Not tipping for service is victimizing the least powerful person in the relationship. And the need to make it 'ok' is self-serving doubletalk.
A famous dude said "I will judge you by how you treat the least powerful person in the room"
>>The restaurant owner in America does not pay a good wage, because tipping is a thing and the market adjusted.
The market would adjust itself overnight if everyone stopped tipping, and I'm sure even you can see that.
On my end, what can I do to stop this country becoming more like America in terms of tipping? Well, not tip of course, in which case it won't become expected and necessary to support shitty business practices. Amazon has "suggested" tipping for drivers now. Uber suggests tips. Deliveroo expects tips. It is imperative that if you live in UK you select ZERO on all of these. If you enter any value above zero you are sending a clear signal to Amazon etc that they can pay their drivers shitty wages because the customer is willing to subsidise them. Is an Uber driver going to feel sad they got zero tips that day? You bet they will - and I still couldn't care any less, their personal job satisfaction should not be subsidised by me.
But I've gotten away from my original point - yes, I recognize that in US the market is adjusted for tipping. But my original comment wasn't about US - it was about UK, where - to my relief - tipping isn't a requirement. Fortunately I can still pay only as much as the bill says and not feel bad about it in the slightest, because I know the person serving my table does not rely on my tips to survive. And like I said above - I do tip when the service is good at restaurants. I just don't want it to become a norm like in the US of A.
The point is that in the US, the real price is not advertized, and in the UK tipping is not as obligatory and is therefore not a required part of preparing to pay for the meal. Case in point: I bought a sandwich at Denver airport, that was label roughly $7. I handed them my card and was asked to sign a receipt that added sales tax from multiple government jurisdictions, an airport service fee, and suggested the amount for a 21% tip that it noted in some situations would be mandatory for me to pay. I left no tip but still paid $11 for that sandwich and was not served in any way except for the girl who showed me to where to swipe my own card and handed me the receipt.
In Europe servers are paid more than the equivalent of $2 an hour because the cost of their pay is already factored into the price. I still tip for great service, but increasingly I cannot in any way begin most transactions in the US without hidden fees springing up the whole way.
How do you even know the person you're replying to is of a different generation?
I'm no millennial, but I've frequently not been able to leave a tip while paying for dinner in the UK because I've paid by card and had literally no cash on me. I've felt bad about not leaving a tip for good service, but I know that the servers will at lease make minimum wage before tips, unlike in the US. The whole point of this entire thread of discussion is about how people are switching to card-only payments in some areas and different/changing cultural norms, and while there could have been an interesting discussion about how this impacts other cultural norms like tipping, you instead just call someone an asshole like Grandpa Simpson yelling at a cloud.
The sub-topic was the idea that it 'wasn't my fault' that tipping got inconvenient and so they didn't do it. Lets not rewrite what was just posted. Rewriting a situation to feel better about oneself is symptomatic of the issue here.
Everybody on HN is of a different generation than me. Not rocket science.
I have family who work in food service in the UK. Tips are NOT expected, nor is significant/depressing to miss one. It's common, but certainly not mandatory or "victimizing the least powerful person in the relationship".
Agreed, very much a London thing. Given it's optional at least you can tell them (or a manager) in the UK to take off if service is crap. In Asia, in places where the service charge is added then the service charge is rarely if ever removed, you can be screaming blue at them due to a chain inexcusable lazy fuck ups and they still wont budge on the service charge - loss of face, lack staff empowerment, 'till say no' etc...
The addition of sales tax and service charge is more a frustration than tipping to me, tis why I hate restaurants in Asia that are ++ (10% SC + 7% tax). I'd like to ask them a) under what circumstances do I not have to pay the tax? b) if service is crap are you going to remove the service charge, the answer basically point to everyone pays it. I prefer wysiwyg pricing and tipping for the real extra mile. Also note service charge is rarely distributed fairly to staff that are serving you.
Definitely something I've noticed more in London, though I sometimes see "Suggested gratuity: <amount/percentage>" outside of London (generally not included in the price by default). Incidentally, suggesting a tip (especially including it in the amount by default) makes me much less likely to want to pay one.
When paying by card you can still stick a few pounds or dollars in the sleeve. Even when CC receipts had the open Tip: ____ line most times I would zero it and leave a cash tip when a tip was in order, off the books, not % skimming to cover merchant fees etc..
What I have been told is that they want the tips in cash to not leave a trail for tax authorities to see. If they get the tip in cash they don't report it as income, if the tip is added to the card it get registered as tip and tax have to be paid. So basically tip is not only a way to get around paying the workers a livable salary but also a way to avoid taxes
Eh - you only have to read forums to realize that it's a lot more to do with the taxes.
I have heard more BS excuses from servers on forums: "The government demands we pay tax on these tips, even when we don't get them". No, the government recognizes you're in a cash-heavy industry, and would like you to document things. If you do, you pay tax on the tips you get, not the default amount. Quick way to get banned from said forums? Ask if they are sure to supply documentation when they get tips above and beyond that amount to the IRS.
They also like to claim that "20% is cheap, you should be aiming for 25%"... eh.
It's actually somewhat infantilizing to tip someone, unless they need it to be paid. You would never give a lawyer, consultant or someone else "respected" in society "2 dollars to buy something nice".
Tipping is a very in the face sign of inequality and really needs to die (as soon as the inequality is gone of course).
It must be considered in relation to the size of the transaction; I have given gifts of bottles of wine or Scotch (and in one case, an Echo) to professional service providers who have done a notably good job.
I don’t tip a lawyer $2 on a $2000 matter, but a $75 bottle of Scotch is proportionally similar (in fact, a bit smaller) and not at all inappropriate.
"And one for yourself" is a common phrase in the UK. It's not the norm to tip in pubs/bars though, and it's a literal offer of a drink (or equivalent tip).
Also, from briefly working in a bar, I found that flashing cash around in the expectation of better service is a good way to get ignored -- developing an actual rapport with the staff, or just being friendly, works far better/is more valued.
It's interesting that this opinion is shared by pretty much zero servers.
Servers (I was one) love tipping because, generally speaking, though there may be ups and downs, you are making tremendously more money than you would be otherwise (in the kitchen, for example) and often tax-free.
A lot of complaints about the "awkwardness" of it pop up in threads like this, which just makes me wonder if the increasingly transactional nature of society makes people less socially developed. Otherwise, many of the comments are about "helping" the servers, who, I assure you, do not want this "help."
> Otherwise, many of the comments are about "helping" the servers, who, I assure you, do not want this "help."
I would imagine you are right, in that the servers don't imagine they would earn as much without tips. But what if the choice was between earning as much as they do now (after tax), but predictably every month and without having to suck up to anyone?
Maybe some servers think trying to get extra tips are part of the fun of the job, but I don't see that this is a widespread opinion.
> But what if the choice was between earning as much as they do now (after tax), but predictably every month and without having to suck up to anyone?
This is such a weird way of framing it, I don't really know what to say. As a server, I never "sucked up". I just tried to be personable and helpful, because I like helping people. Now that I'm a programmer am I "sucking up" because I am being personable and helpful with the customers here? Am I "sucking up" to my boss when I show up for work on time or stay late to help the team? It's hard for me not to see in this mentality some kind of aversion to normal social interaction or maybe some kind of pride. Unless you are already self-sufficiently wealthy, you're "sucking up" to someone. If anything, I could be (and sometimes was!) much ruder to a customer than I would have ever been to someone responsible for a multi-million dollar software contract or my direct supervisor.
And yeah, sure, if you could somehow guarantee me that I would make the same amount of money, except consistently on a daily basis, I don't see any problem with that...but why would servers deserves drastically higher wage than kitchen staff or management? Or are we going to mandate a massive hike in the minimum wage and simply suck it up now that going out costs much more, because now the cost of non-server labor dramatically increased? I'm all for a hike, but we're talking about a massive hike.
To be honest I've never had a lawyer or doctor do a job for me and leave me thinking, "oh wow, you really went above and beyond for me and did a great job that left me in a great mood all day!" I had a guy in London who parked our car and carried our luggage up to our room exceptionally fast and spent several minutes giving us great recommendations on where to eat and how to make the best of our time in the city. Tip.
Your concern seems to be with the amount which appears to belittle the person who is receiving it. You have to keep in mind the amount is in proportion to how much you are paying for a product/service.
I guarantee you NO lawyer on earth is going to reject a 15% tip let alone 30%.
Next time you go to a Starbucks or a bar give a 100% to 200% tip and see if the barista/bartender is offended.
Whilst there's no way I'd ever subscribe to current mentality of tipping 10% when unhappy and 15-20% when happy I'm not sure I'd want to remove tipping entirely. It should be exceptional times when one tips, i.e. really got above and beyond - not just doing their job.
There is no expectation of tips in Japanese restaurants. Adding a tip there is often confusing if not insulting. I’m not so sure you’d really miss the practice if you ate there.
Ah so she's worried that she might have to pay her workers more is what she sis really saying - I normally leave a cash tip after paying by card in the UK
For cheap restaurants, where servers are likely earning minimum wage, the tips are a gift to the employer, not to them, since the employer can discount the tips from the wage.
Maybe at the same time as the US lives through the 20th centurty revolution of livable wages, something could be enacted that prevents employers from stealing from employees?
For a long time I would put 'see id' on the signature line of the credit card suggesting that if someone where trying to use it the vendor would ask to see identification and that would alert them if it wasn't me using the card. And then it became clear it was trivial to just print a new card and I stopped even caring about the signature. And now a squiggle is all I leave if they insist.
So now I find I can get impatient when someone is painfully trying to recreate their exact signature using a digital signature pad that could never possibly have the resolution to do it justice.
I haven't signed a credit card in about a decade. I sign the receipts, but not the cards. That's got to be thousands of transactions by now. No one cares.
Also please make handing me a receipt extinct too or only if requested. Especially at drive thru(s) where the receipts become trash I later have to do work .. aka clean up this annoying trash in my car.
Doesn't a drive thru also hand you a disposable bag filled with a bunch of other stuff that's about to become trash- napkins, wrappers, straws, etc...? Just toss it in there dude, try not to let it bother you.
Nope they all hand me the receipt when the hand me back my bank card. Then I have to deal with a bag of food, a drink, placing my bank card back in my wallet and dropping the receipt wherever to drive off quickly!
The receipt needs to go the way of signatures and hopefully soon.
Not sure if you are a UX person, but the receipt in 2018 is bad UX for the customer and the business! Just like signatures have been for years..pointless, frustrating and annoying!
As a business owner - nope, handing receipts should be mandatory by law with heavy fines for not doing so(as it is where I'm from - Poland). I've had so many employees stealing by just not registering the order and pocketing the money - but fortunately, the law that requires that a receipt is produced fixed most of that.
Whether you give the receipt to the customer doesn't really matter for that?
The reason business here have to offer a receipt (but the customer can reject it) is because the customer is supposed to be certain that the transaction is taxed. Typical small businesses with easily hidden turnover (such as restaurants) some times register only e.g. 1/2 purchases, thereby dodging a lot of the taxes. Having to offer a receipt on every purchase makes that harder.
It does, because the tax office very frequently sends undercover inspectors to buy something in your shop, and if they don't get the receipt they will fine you huge sums of money. My employees certainly have it drilled into them that any customer could be an inspector and they have to offer the receipt to everyone.
And yes, of course - the tax office inspectors are doing this to make sure that taxes are paid on each sale - but it has the added benefit of making sure that the money for each sale is actually going in my register, not in the pocket of my employee.
Of course when they get the payment electronically, it's hard to dodge taxes. Where I live I am usually asked whether I want the receipt or not, which is printed in any case.
As soon as there's an electronic equivalent that's universally compatible, as cheap and reliable, and is accepted by insurers/government/corporate expensing. Credit card and checking account statements are getting close but they don't list the items purchased, only the money.
Home Depot emails me a receipt after every credit card transaction with them. Is PDF not an open standard and a piece of data that could be routed appropriately?
Electronic documents can already carry the same force as paper legal documents. What’s the holdup?
Does Home Depot remember your email address based on your credit card number, or do you have to key your email address in every time? I never put it in because I always assume I will have to type in my full email address at every transaction on their somewhat archaic keypads.
Remembers my card number. I just push “email receipt” on the keypad after inserting my chip card. My gmail filter than archives it and labels it “Receipt”.
A paper receipt is still printed, which is annoying, but I toss it right into the trash under the automated checkout device.
Some of us prefer getting receipts. Not only does it let us check that everything is correct, but also to record the information later or to get reimbursed if it's a business expense.
It's going to take time for payments to all go digital but they will. Whipping out your phone and swiping it and then your done is way quicker and easier then the current payment UX we are doing now.
If it's not an itemized receipt its not going to be accepted for an expense report unless the charge is very, very small. (I think my company is less than $25 doesn't require a receipt) I'm not going to screw around with being unable to prove my business expenses and being potentially liable for paying them personally.
Even if they were itemized, I question if my company would accept it over the "official" receipt. Anyway, in this case you are just talking about moving to digital receipts, which is surely convenient, but its not "go[ing] the way of the dodo bird," it's "going digital."
The current failure rate of mobile payments is currently much too high for me, personally, to move them them. I love the idea in theory but currently the execution is poor. Its just embarrassing for me to be standing there fiddling around with my phone for 60 seconds so its not even worth attempting when I know my credit card will always work.
> For nearly a decade, Doug Taylor, a sales manager who travels often for work, has signed credit card receipts with a doodle of a dog wagging its tail.
Well, this story/hoax/experiment from the late 90s was at the time the funniest thing I had ever read online:
I had to sign approval for a field trip for my daughter once. Her teacher returned it with her the next day because it needed to be "a real signature."
I once saw a cashier compare the signature on the back of the card (There is a little field for "signature" on the back of credit cards) - to the one I signed.
When I noticed I hadn't signed my card he said he couldn't accept my purchase, so I had to sign the card first, then he could compare the signature...
In the UK cards still have a signature strip on the back and if a merchant notices you haven't signed your card they legally have to refuse to accept it.
I rarely remember to sign my cards and this tripped me up one time last year when trying to return something to a store which I'd bought online with my credit card.
I had to leave the store, buy a pen, sign the card and re-enter the store.
> I had to leave the store, buy a pen, sign the card and re-enter the store.
That's exactly what I did too. And yes, this was when visiting the UK. I had no idea the strip on the back of the card was for comparison, never seen it used elsewhere. Would be interesting to hear the person who thought that the signature-comparison thing was a good idea explain how they were thinking.
That's why we have PINs. If not everyone can be asked to get ID, and not every store can be asked to get chip+pin gear then stores should still not pretend to do some identification charade based on doodling.
My apartment's leasing office accepts UPS/USPS/FedEx/etc. packages on my behalf when I'm not available. Whenever I go in to pick up a package, they ask me for both my ID and my signature on a tablet. Immediately after I tap the 'Confirm' button, I get an email with a PNG of the signature I just "signed". When I first moved into my apartment, I made some effort to give my regular signature. Nowadays, I just make a couple waves with a single finger movement which looks like nothing out of the alphabet. The mailroom staff really couldn't care less how I sign since they've already looked at my ID.
I always wonder what the point of the signature is in this scenario.
In Australia, all in-person card transactions above the $100 PayWave/PayPass limit require PINs.
Fraud cause from in-person transactions is very low and hence our merchant fees are also very low. 10-20¢ for debit transactions and approx. 1.2% for credit transactions.
If even that. You're usually hard-pressed to find people who charge a transaction fee (that is, not built into the price of the goods/service). I can think of a handful I encounter with any level of semi-regularity.
I was talking about the underlying merchant fees. In the US, it’s not unusual to pay 3% on cars transactions and I can’t help think that a large part of that is to deal with fraud.
After all, Australian banks are some of the most profitable per customer in the world.
The kind of fraud prevented by a PIN enabled chip card is supposedly pretty rare. What would be more useful is a standard for browser attached chip card readers to bring the anti-fraud protections of a chip card to everyday Internet transactions.
I didn't know about the first attack you mentioned, but it still seems to boil down to cloning non-EMV card onto card that behaves like EMV. For this to work I think that the terminal must be horribly misconfigured and then it almost certainly defrauds the merchant and not the original cardholder as I don't see how merchant's bank would ever authorize such transaction.
The second on you mention is based on exploiting flawed RNGs in certain ATM implementations and using that to replay transactions that happened elsewhere. Fix is obvious: don't use flawed RNGs.
Third known attack on EMV is similar to the "accept any PIN" part of the first, but done by MitMing the interface between terminal and card. This relies on the fact, that "No PIN was required" and "Correct PIN entered" produces same transaction certificate. This also can be mitigated by altering the terminal configuration.
Light Blue Touchpaper talked about this all at some length.
On the one hand it's true that all these flaws can be worked around. But on the other hand, how did card companies not bring in cryptographers to help them get this stuff right in the first place? Did they not think it was important?
The TLS journey is illustrative. Originally SSL is hand-rolled crypto. And so SSL 1.0 is so bad it was never really used, their second attempt, SSL 2.0 is still pretty flawed, it's no longer "Herp, I eat paste" bad but even SSL 3.0 still suffers from some pretty bad decisions where clearly engineers who've heard of encryption but aren't experts are making too many cryptographically important decisions.
TLS 1.0 goes to the IETF. So now there's a wider pool looking at this stuff, but firstly it's still trying to be compatible with SSL and secondly these are still just more engineers, not cryptographers. Even in TLS 1.2 actual crypto people only get involved at the end, and they're basically asked (like a poor submission to r/crypto) "Is this OK?" rather than "What would _you_ do here?". It's hard to say "This is not OK" even if your gut instinct is screaming, unless you can prove it. So that's weaker than we'd like.
Finally in TLS 1.3 crypto people are involved from the outset, serious mathematical crypto people who say things like "In this paper we show that under the stated threat model an attacker cannot discover key C in this protocol without having key A if the PRF meets the criteria laid down in reference Z" and they helped produce what we expect to be the most secure version of TLS.
Now, TLS 1.3 took _years_ longer than SSL 2.0, but banks don't do anything quickly anyway. So why didn't EMV take its time and produce something better by hiring in cryptographers to design this stuff? No cryptographer would go "Oh, yeah, just ask for four numbers and if they're all different that's good enough".
This already exists. If EMV specified an X.509 certificate instead of a proprietary one, then we could be doing card-present transactions over the Internet right now thanks to TLS client certificates.
The RSA certificates used in EMV are not used to authorize transactions, but only to authenticate card to the terminal (and optionally to encrypt communication between pin pad and the card). Only effect of using full-blown X.509 for that would be that the certificates will be three times larger. Transactions are "signed" with issuer-specific symmetric algorithm (the specification AFAIK recommends CBC-MAC and HMAC), original motivation for this constructions seems to be backward compatibility in the sense that the algorithm can be designed such that it produces 8 digit decimal numbers that can then pass through various backend systems in field originally intended for swipe card online authorization code.
And by the way nothing technically prevents the issuers to combine EMV application with some PKCS#11 applet with X.509 certificate on the same physical card. EMV is in fact to some extent explicitly overdesigned to allow not only this but even multiple EMV "cards" on same physical chip.
One interesting idea would be to do EMV transaction over the internet by just forwarding the PDUs sent to the card over the internet, but it has lots of subtle usability and security issues to be really practical.
There is definitely nothing that prevents another applet (JavaCard, not PKCS#11 -- that's just a generic interface) from running on smartcards currently running the EMV applet. Or any other smartcard from running more than one applet -- this is a result of ISO7816 more than EMV.
But my point is that if EMV had chosen to use X.509 instead of inventing their own certificate format then we could re-use the existing infrastructure with zero cost.
Passing arbitrary APDUs from webpages to your card isn't a great idea and it will be SLOW since it will require multiple round-trips -- it's already slow enough just reading objects from smartcards. This is the mechanism used by Citrix/MS Remote Desktop, which is to forward a PC/SC connection -- this has a disadvantage that the remote side must have drivers and is also real slow, but the advantage that the resource can be used for anything, just like it were local.
For what it's worth, I'm the author of some smartcard middleware (CACKey) and have worked with the EMV specification and EMV applets to a lesser degree.
> The kind of fraud prevented by a PIN enabled chip card is supposedly pretty rare.
Are lost and stolen cards not a common problem? I suppose if the card holder reports it to the credit card company fast enough, it would prevent fraudulent charges from going through, but it would be nice if the person who found/stole the card(s) wasn't able to just use it without having to enter a PIN to do so.
Both the card and the terminal are able to make a decision about whether this transaction must be "online", a live session. If either insists on being "online" and that's not possible the transaction fails.
If the card is reported stolen, all such online transactions are (should be) blocked, and the risk is up to both the issuer (you could ship cards that insist on all transactions needing to be online, and some cards intended for people who struggle to manage their money do that) and the merchant (you can insist on going online for every transaction).
However, forcing every transaction online is super annoying. Train sat in a tunnel? No card purchased G&T for you until it gets out again. Internet down at the burger shack? No burger until their Internet is back up. Merchants would usually rather risk some fraud for smaller purchases, than lose sales when there's a problem.
"Weird money" causes the same issues, it's rare in the US but some places deliberately issue loads of different money that's all theoretically worth the same but you rarely see some types. In England for example a Scottish or Northern Irish bank note, issued with the name of some company you've never heard of, is still "worth" the same as familiar English notes. Except if you live closer to France than Scotland you've probably never seen one before. Maybe it's fake. Should you, as a shopkeeper, risk taking this weird-looking money? Again, risk of fraud versus risk of a lost sale.
My understanding is that lost and stolen cards are a very small portion of fraud compared to industrial scale skimming, cloning, hacking operations. Lost stolen cards only account for 14% of fraud cases. [0]
Here in NZ we don't sign for credit card transactions - I can't remember the last time I had to sign. Instead you insert your card into the reader and use your PIN to verify the transaction. And if the card reader has contactless payments (PayWave, PayPass, etc) then you don't even need your PIN for transactions less than $80.
Are you sure those are credit card (e.g. Master Card) and not debit (e.g. Maestro) transactions? I’ve noticed outside the USA credit cards are used very rarely while debit cards are used very heavily.
In the USA, we have to sign at most places for any transaction over $50, but not under.
I've definitely had credit cards like that (also note that both MasterCard and Visa offer debit cards in many countries though). The point of sales terminal doesn't care, the only difference between credit and debit cards is on the banking side, and when making ATM withdrawals.
NZ, Aus, UK, are pretty much on the same level banking tech-wise (with UK bank-to-bank transfers being much quicker). Credit cards are common enough, but most people only have one or two, with lower credit limits than in the US.
Yes. My AU credit cards - both Amex and a local bank-issued one via Citibank(?) - allow me to change my PIN through my online account settings. I use my credit card exactly as I use my debit card - tap for paypass/paywave if under AUD$100, or tap/insert and enter a PIN for over $100.
In india, a pin is mandatory for all the purchases even when there were no chip cards.
Uber had some trouble because it could not charge credit cards like they do in US, as our cards needed two factor auth.
For Visa, the merchant should require your card to be signed because a card with no signature is invalid. Other credit card companies are probably the same.
> Unsigned Cards
> While checking card security features, you should also make sure that the card is signed. An unsigned card is considered invalid and should not be accepted. If a customer gives you an unsigned card, the following steps must be taken:
> • Check the cardholder’s ID.
> Ask the cardholder for some form of official government identification, such as a driver’s license or passport. Where permissible by law, the ID serial number and expiration date should be written on the sales receipt before you complete the transaction.
> • Ask the customer to sign the card.
> The card should be signed within your full view, and the signature checked against the customer’s signature on the ID. A refusal to sign means the card is still invalid and cannot be accepted.
> • Ask the customer for a different signed Visa card
> “See ID”
> Some customers write “See ID” or “Ask for ID” in the signature panel, thinking that this is a deterrent against fraud or forgery; that is, if their signature is not on the card, a fraudster will not be able to forge it. In reality, criminals often don’t take the time to practice signatures. They use cards as quickly as possible after a theft and prior to the accounts being blocked. They are actually counting on you not to look at the back of the card and compare signatures; they may even have access to counterfeit identification with a signature in their own handwriting.
> In this situation, follow recommended steps listed above under Unsigned Cards.
They check in certain countries. I live in Sweden, but recently started to travel to Taiwan regularly. I never signed my card in Sweden, but I've been asked to sign it in Taiwan.
Funnily enough, I have been refused to pay a hotel bill with my unsigned card, since the clerk couldn't verify the signature. So he had me - in front of his eyes - first sign my card, then sign the bill, and then he double checked that the signatures were identical (which they're not - my signatures always come out different).
Ha. I stopped doing this in 1993. I only had one person every complain, a cashier at CompUSA in 1994-ish. He wouldn't accept it until I signed the back of the card so I wrote "Please check ID" instead of signing it. He was fine with that.
I worked the night shift at a hotel in college. I turned down a "SEE ID"-signed card once, where the guy started the transaction with "hey loser, got a room?" to amuse his girlfriend. Turns out that's an excellent way to get me to be nitpicky about the rules.
I travel a lot between the US and Europe and the cultures are very different:
In the US I have my real signature at the back of the card but I just draw a straight line when signing the receipt. No one ever complained about that.
In Europe I sign with my real signature (because I know that cashiers there are more strict) and even then sometimes hear complaints that the signature on the receipt doesn't exactly match the one on the card.
None. It's just store policy. If the store can decrease its liability by checking for the presence of a signature they will train employees to do so. In other countries no one ever checks.
Every time I'm in Germany I'm baffled that they use signatures quite often in order to pay... basically copying the signature that's on their cards. It's quite silly as when you'd steal someones card you'd pretty much just be able to use it to pay for things, given you can copy a signature.
It's quite the contract with the Netherlands, but then again about 10 or so years ago I wasn't able to identically copy my signature and was unable to get a new bank card... luckily I didn't have this issue online filling out a form.
In Germany, payments with signature are legally just a direct debit (that's the small contract you sign on the bill, the reason there's so much text on there). If the card was stolen, the merchant takes the risk. The account holder can get the money refunded for a very long time (think 3 months but at least several weeks after the monthly statement).
Most stores have an automatic system where they require pin if a payment has bounced before and in random intervals. But using the direct debit system instead of PIN is so much cheaper that even higher fraud rates don't matter much.
We Australians are two steps ahead - I barely even use a pin now! I use PayWave (NFC) nearly all the time and often businesses find it strange when you want to insert or swipe your card.
When you sign a receipt, you’re not just providing a sample of your signature for comparison against the one on the card. You are signing a document, usually saying that ‘I agree to comply with the terms of the cardholder agreement’
If this is no longer necessary, the card issuers must have determined that they have other legal agreements which cover purchases, and that the signature on each transaction is not necessary.
Also missing is a discussion of why PINs are not seen by the banks as an obvious next step.
Where does it say on the receipt that I am agreeing to the cardholder agreement?
This sounds like the old myth that "if you don't sign the back of your card, you can't be held liable for the debts you incur if you contest it later."
>Where does it say on the receipt that I am agreeing to the cardholder agreement?
It used to be standard ~15-20 years ago. I don't see that verbiage any more.
Fun fact, when I worked in retail in the late 90s, the full card number was not really treated as a secret that needed to be protected - the registers we had had a full audit trail printed on a receipt roll inside the register, every time any transaction was inputted the receipt roll would print the details of the transaction. The full card number was first printed on that. Then it was printed on the signature paper. The receipt itself had the last 4 only.
Obviously on the front with all the other printed text.
If your question is whether it actually does say it, I just pulled the most recent receipt out of my wallet, and this is what is printed right above the blank for my signature: "I agree to pay the above total amount according to the card issuer agreement."
I checked two other receipts from different businesses and they say the same thing.
It might or might not be legally binding or necessary, whether it's there is pretty clear. It is. At least where I live (US), it is.
It depends on the receipt, but many receipts do say that you agree to pay for the purchase in accordance with the cardholder agreement, or some such wording. This has been decreasingly common in recent years, and I don't know the requirements, but it's not gone.
You're right about the old myth you cite. The cardholder agreements are usually accepted either by signing the card or by using it.
The wording is highly dependent on the country. I don't think I've seen that in Australia in a long long time, on the rare occasion that I've had to sign rather than use PIN or contactless, but I've been in Asia for the past three weeks and did a lot of signing for my card with wording that sounds like that.
This is in fact the only reason for a signature, it does fuck all to identify somebody, even if merchants were to check it, which they never do.
But with the amount of CCTV nowadays, that's probably more reliable than a signature.
Also ironic that anybody would describe PINs as the next step, I can't remember a time before PINs were used. Even EMV contactless payments are pretty common now, and provide benefits to the banks (liability shift/less chance of PIN compromise) and customers (quicker).
It's not a tech problem, it's a cultural one. You don't realise how much less friction, less hassle it can be until you've lived it. From my time in the US, it seems like it isn't exposed to outside ideas that much, maybe due to it's size.
I wouldn’t call it a cultural problem: there are many people in the US who really want contactless payments, and there is no group of voters or consumers campaigning against them for “tradition’s sake” (or any reason).
It seems like a legacy tech problem, held up by the same institutional forces that keep large financial systems in COBOL or FORTRAN.
The incentive for the merchant to collect signatures is fighting chargebacks. If there is a disputed transaction and the merchant cannot retrieve a receipt the customer automatically wins regardless of almost any other fact(s). But on purchases of less than $50 it was decided by the market that skipping the signature saved more money in faster checkouts than it saved in dispute resolution.
The EMV standard includes a purchase total verification step where the customer is shown the number and must press OK to confirm. But again speed has been considered more important. That OK? prompt is going away and Quick Chip will first authorize a dummy amount and send the real amount after the transaction is totaled up. It's not like USA market was using PINs for two factor authentication anyway. Restaurants are allowed to adjust purchase totals for tips and closing out tabs.
You already made that agreement when you signed up for the credit card. You havn't needed a signature for _every_ purchase in a long long time. This is just getting rid of them all together.
I've been drawing a horizontal line, sometimes with a slight arch, for years now. I almost never get a reaction and when I do, it is at most a laugh or giggle. Nobody cares (not that they should). Anything I scrawl is (more or less), by fiat, my signature.
I'm glad we can finally stop wasting time (and resources, for physical signatures).
This is especially fun with e-signatures in California: “Electronic signature” means an electronic sound, symbol, or process attached to or logically associated with an electronic record and executed or adopted by a person with the intent to sign the electronic record.
I write "Check I.D.". Merchants have typically been good at asking for some, especially the older ones. Teens and trainees tend to mumble and just process it anyway.
The thought process is that my UK drivers license has my picture, full name, and signature. The merchant looks at the ID and sees my photo next to my name, checks it with the name on the card to see if they match, then checks the signature against that on the ID. Unless a thief has the same name as me, they can't use the card as either the photo or the name won't match. The signature doesn't matter as it will be caught in fraud alerting / rejected by the bank.
One problem with this is that your credit card isn't technically valid unless it's signed with your actual signature. Piss off the wrong clerk who's having a bad day, and it would be completely within their right to deny the sale (or car or hotel rental).
I understand that, and it's a risk I'm willing to take. I'd rather find out that a person is an ass before I give them my money than after. There's always another store, another car dealer, another hotel, another vehicle rental chain. It's likely that the after-sales service will match, or be worse than, the pre-sales service. I'd rather not give them my money at all than have to fight for recompense after the fact.
I don't think that's a reasonable attitude. Ignoring the signature line, even if common, puts a company at much greater risk of eating any fraud committed with it. If an unsigned stolen credit card is recovered, its owner has a very easy claim against any stores that accepted the thief's signature: "obviously they didn't check the back of the card, now did they?" It feels a little entitled to insist that a merchant who wouldn't accept an unsigned card is a bad vendor giving bad service.
An opinion doesn't need to be reasonable. I'm aware it's not the correct way to do things, but it provides me and my money with a little more protection IMHO. No card thief will hand over a card with "Check I.D." written in the signature strip to a clerk, just in case it's one that will ask. If the clerk does as asked, they verify everything is in order. If they process it anyway, it falls back to the remainder of the fraud protections available; heuristic monitoring at the bank / card processor, regularly checking bank statements etc.
One thing I'd like to challenge is that the card isn't valid unless it is signed; Technically the valid signatures for my cards are "Check I.D."; the act of signing makes the card valid, just as if you sign a contract with "Mickey Mouse" you are still contractually bound by its terms. You are treated as assuming the persona of "Mickey Mouse" or "Check I.D." while signing; it's the act that is important.
My usual credit card signature is a zig-zag scrawl because I hate electronic pens. I've been asked to re-sign exactly once, for a $5 purchase - when I made an effort to sign correctly!
Signatures have never had anything to do with identity. They are a physical manifistation of ones willingness to contract. They draw the line between drafts and final contract language. The action counts, not the image.
That signatures are somwtimes compared is secondary, akin to comparing paper types or forensic prints. Contracts are not like a signed bat. They do not become worthless because you forget to cross your T.
Somewhat related, instead of signing the back of your credit card write "ASK FOR ID". Many merchants that otherwise wouldn't ask but look at the back instinctively tend to ask when they see it. I reinforce the behavior by thanking them. The only problem I've encountered is some USPS offices refuse to run a card without a signature on the back.
Actually, doing away with the signature seems a bit odd, given all the machine learning flying around. An electronic signature that records the speed strokes in the signature are made, as well as the final result, is probably a really good way of identifying the purchaser. Of course then a lot of the smaller merchants would have to upgrade their 90's era dial-up credit card processing.
Handwriting analysis was pseudo-scientific to begin with. The payments market has to accommodate illiterate customers, disabled customers, and people who have a broken hand at the moment.
CC networks currently use previous purchasing patterns, location, time of day, etc.
It's the same reasons why biometrics is not a magic security solution. Authentication must be based of something that's hard to fake, cheap to verify, random, and easy to change. What threshold would you set to balance false negatives and false positives? In comparison the private key in your chip card meets all of the criteria.
> An electronic signature that records the speed strokes in the signature are made, as well as the final result, is probably a really good way of identifying the purchaser.
Not so sure about that. If I use a different mouse then my "signature" using those metrics will fail, as I'm basically a completely different (inept) person using other mice. Just an example, but I don't think that e-signatures can be trusted by using machine learning techniques, at least not any that I know of today.
Yes, part of it would require some level of standardization of the electronic pad/pen.
I'm not really suggesting it as "trust" thing, but a better "pin" code that could be combined with the current shopping history/etc metrics being used to detect fraud.
That assumes you are signing things often enough to have a signature that is reliably the same each time, which for me has _never_ been the case.
Also, since developing a disability in my hands, that _can't_ be the case -- there _will_ be variations in stroke speed due to level of pain/stiffness at the time.
Indeed. Chip & PIN system at least in Europe has been a way to shift the abuse risk to the customer away from the banks. It's a lot easier to contest a signature than prove that you haven't been careless with protecting your PIN.
From experience, a signature in the checkout line usually takes about 5-10 seconds. Removing it may seem like a small negligible change for users, but for retailers, it most likely adds up.
Imagine being able to pick up your receipt and leave. What I see being the stalwart of signatures are probably restaurants. They require that extra step with the tip.
The way tipping works in Canada: you get handed the card-reader, and it tells you the subtotal and asks what tip you would like to add. Then, the card-reader asks you to either tap or insert your card.
> From experience, a signature in the checkout line usually takes about 5-10 seconds. Removing it may seem like a small negligible change for users, but for retailers, it most likely adds up.
Your right, can we also remove that stupid bag tax in SF. It easily takes 20 - 30 seconds per transaction.
"Do you want a bag?"
"Ugh, yeah I do"
"Alright that's 50 cents"
"wait, could I get three bags, not two - I don't want my bag to rip"
The grating, low-grade, annoying, time-wasting inconvenience is supposed to continue to irritate the purchaser until they decide to bring their own bags.
Its funny - I do bring bags, but often I get more than one or two items. Aka I'll often get more than planned, as I look for sales.
Regardless, and to the point the whole line is slowed down by this transaction. Meaning every time I went to the store I had to wait an extra few minutes for this.
Moving back to Illinois recently, I find it amazing that the lines most move at least 3× faster. Probably in part due to the more "let's get shit done" attitude of the Midwest, but also the lack of bag related questions.
I then come home with my paper bags and recycle them. It honestly seems like more harm to the environment the waste of time + the polyester bags we buy instead
Or even not a bag at all. I walk into a store, I want a bottle of Coke, and a pack of coconut biscuits. I see a Mars bar, yeah, OK, Mars bar too. I blip them through, shove them in my pockets, walk out. No problem. No bag needed.
In the old days, this is instantly suspicious but now it makes sense to people even if they aren't thinking about the environmental consequences. A bag is say 15 pence, why pay 15 pence extra for three items?
Barcode is how it works in Europe. Recently, also smaller bags for groceries are being taxed in many countries as there are compulsory reduction quotas to be fulfilled.
It's really important for the environment and frankly, the majority of groceries don't need any bag as they have skin.
> It's really important for the environment and frankly, the majority of groceries don't need any bag as they have skin.
I mainly bag things due to blood leaking out of meat packages. It leaks onto carts, baskets, and other food.
I put an extra bag around my meat, but I see others who don't. And some grocery stores don't have plastic bags available in the meat section, I have to go bag to veggies to get a bag to keep blood from getting everywhere!
We have PayWave in Singapore where you can just swipe your credit card for amounts under 100$, but most of the time you have to wait pretty long for the approval to go through, it feels a bit like the time benefit is eaten up by that. Only very few merchants have fast lines, but then it’s really fun!
In Australia, the PayWave system for $100+ purchase will take no longer than signatures if the person doesn't make a mistake. It's just tap your card, press 5 buttons, then a 2-3 seconds processing time and you're off.
The process will naturally become faster as adoption increases and more people get familiar with it.
America is so stuck in legacy tech. Nobody checks signatures. Strong Factor Authentication requires min 2 of 3. India is leapfrogging to biometrics using Aadhar. Europe is current with chip and pin. America is in quill pen stage
Biometrics are terrible, especially if they ever become compromised. You can change a pin code or a password much more easily than you can change your eyeball or fingerprint.
> America is so stuck in legacy tech. Nobody checks signatures.
The USPS sadly still forces credit card users to have signatures on the back. They don't check signatures against the PIN pad / signed receipts, but the clerk will either yell at you or refuse the transaction if you have "Ask For Drivers License" on the back of the card. This has happened to me on more than one occasion.
What I'm suggesting is that if you are taken to court, and you understand what defense to use, they literally will lose the suit and you will win the right to have it removed from
your credit report for good.
I spoke to a lawfirm in PA who has literally won 100% of the time against Capital One in hundreds of debt cases because they can't provide the proper documentation required by law when asked to collect on their debts.
They primarily rely on people being afraid or ignorant of the laws.
This was mind blowing to me when I first realized it and then researched it and saw actual cases in real time be ruled for the defense.
I've noticed the chip and pin systems getting much faster. Safeway in the DC area had a sign that they're speeding it up, and it was really insert, pause, remove. More like swiping.
This is great, since there were certain stores that would require my signature when I was using Apple Pay but not when I used a credit card. Completely negated the convenience benefit of contactless payment.
> ShopKeep and Square, two popular small business payment systems, said they do not plan to immediately update their systems to allow retailers to skip signatures on all transactions. (Both currently allow merchants to disable them on transactions below $25.)
> “We’ll play it a little bit by ear,” said Michael DeSimone, ShopKeep’s chief executive. “Right now, I don’t think there’s a high level of awareness about this. Let’s get the changes in place and see how they work operationally, and then we’ll adapt.”
I can't imagine the hell of a place that must be to work when extending a feature which works at $25 to any sum — or no sum at all — is that hard. I can think of some really good reasons for it to be that difficult, but all of them sound like a terrible working environment.
The only time I ever sign for credit card stuff is when I visit the US. When it comes to banking it feels like the US is always chasing Canada who is always chasing Europe.
On the other hand, a large number of merchants in Germany still don't accept credit cards. Many are even cash-only. Run across them all the time in Munich, whereas not accepting credit cards was rare in the bay area, even at stands at farmer's markets, or at food trucks.
The signature being wrong doesn't actually make the card unusable, and there's statutory liability limits based on reporting the card missing/stolen. There's virtually zero difference for the issuer between chip+signature and chip-only.
This is really about who's responsible if someone else uses your card. The point of chip-and-pin was to shift responsibility for card security to you. If your card is used in a chip-and-pin scenario it must be your fault for not keeping the pin secure. Nearly every chip-and-pin device has a CCTV camera pointed at it, so it's impossible for you to avoid someone seeing your pin.
I live in Australia and I haven't even signed my signed my credit card. Technically I'm supposed to, but I have never had to sign for a transaction in the past decade that I've been using cards.
The article doesn't mention how great this could be for reducing transmission of the common cold! I hate signatures, especially ones at a drugstore where every single person has to use the same digital pen.
Since Square is still requiring signatures though, we can add this to the endless list of things that Jack Dorsey is fucking up.
So this comes up every time the US starts to approach the way credit and debit cards are processed in the rest of the world.
EMV (Euro/Master/Visa) defines the standard for a chip card. [1]
The cards can be configured as chip+signature, chip+pin or both. The priority ordering can be pin only, sig only, pin then sig or sig then pin (and a bunch of other esoteric rules).
Paywave (VISA) and Paypass (Mastercard) are contactless standards for EMV transactions.
The rules for chip+pin transfer the liability to the merchant (and the merchant bank) for fraudulent use. The liability moves from the card issuing bank. It's a "stick" to make the merchants upgrade. That's why merchants are going to at least chip+signature (ie EMV chip reduces fraud). Moving to chip+PIN reduces fraud even further.
The card issuing banks tend to introduce rules about how safe your PIN is and apply rules to your PIN to stop things like repetitive numbers (eg all 1s), sequences, birthdate matches etc.
Chip + PIN was introduced in the EU and other more advanced than the US banking environments (ie, everywhere) a number of years ago. The "liability shift" for Mastercard happened ~2006, Visa was ~2010, later in some places (eg AU was 2015).
It is only just happening in the US (according to Wikipedia it will be completed by 2020-10-01).
Paywave/Paypass implement new rules on when a PIN is required. In AU it is $100. If the amount is below that, then the liability is accepted by the merchant bank (ie the merchant will get paid). If it is >$100, then a PIN is required for the merchant bank to accept the transaction.
In Australia, if you report your card lost/stolen, then you are not responsible for Paywave/pass transactions. If you don't ("an unreasonably long time"), then you are, unless the card issuer (your bank) can chargeback the merchant (ie <120 days).
This applies to the Credit Card networks (Amex/MC/VISA/Discover/JCB/Union etc). MC and Visa also have "debit" cards that use the same network and are treated basically the same for the merchant.
There are other payment networks (eg in AU there is EFTPOS) which is an AU bank owned network that basically does direct debit from cardholder to merchant online. So if you actually insert your card in the reader, you'll get the choice of "CR" (ie the MC/VISA network, SAV (EFTPOS) or CHQ (EFTPOS)).
So an "ANZ Bank Mastercard" can have 3 different accounts attached, the Mastercard CC account, and two different savings accounts. No one really has a "cheque" account anymore. The banks also issue Mastercard/VISA debit cards (that also offer CC/SAV/CHQ, but CC actually means SAV) and their own debit cards (EFTPOS only).
EFTPOS has much lower fees for both merchants and the banks. That's why Apple Pay hasn't been accepted yet by 3 of the 4 major AU banks, because they don't want to lose their sweet EFTPOS network or pay more to MC and VISA. They also don't want to pay Apple (or Google) more fees in the interchange.
For a while, supermarkets were making people with MC/VISA debit cards insert their cards and only allow them to use the SAV/CHQ options so that they didn't have to pay CC transaction fees for EFTPOS debit transactions.
Anyway, the summary of all this is that moving the US away from signatures is painful because of the disjointed and irrational US banking and payment systems as well as the baked in insistence by users on signatures and paper checks (not cheques, 'cos nowhere that spells it correctly still uses them much :) ).
I would, but there are certain institutions that don't accept any other form of payment other than check or money order. Even if they do accept a credit card payment, they add a 3% or greater convenience fee to the amount.
Surely you can do internet banking transfer to the recipient's bank? In New Zealand, we didn't used to have many credit cards so that's how you'd pay your bills, buy a house, pay small businesses, or just about anything that can wait a day.
>Surely you can do internet banking transfer to the recipient's bank?
No, there isn't really a "standard" to do this.
As far as bills go, each company has their own billpay system. Small businesses pretty much all take credit or debit cards now. If they don't you pay by check. I pay my property taxes with a check because if you do an electronic payment with their system they want you to pay like a $3 fee. Buying a house requires you to get a cashier's check.
You can do "billpay" online with your bank, but if their systems aren't "hooked up" to the other party's systems the bank will mail a physical check to the other party. None of it is instant or even fast.
Do you find any that only take check and have to be paid in a timely fashion (like in a line at a store) to complete a transaction?
Last time I changed banks (about 6 years ago) I decided to experiment and not order any checks. Every person I've encountered who needs a check will wait for them, so I just add them to bill pay and have the bank deal with printing and mailing them a check. So far I haven't run into a situation where I was cursing myself for not having actual physical checks.
Can we also standardize the noise the machine makes when the transaction is a success? You know that sound "ENGHH ENGHH ENGHH" that is somehow a positive sound? It's like an alarm clock sound. Why is it not a positive "Ding!" And some will say well it's to remember your card. Well if that's the case, how about force the POS system not to print the receipt until the card is pulled? Or better yet, why does the card have to stay in the machine so long?
Visit Japan and you’ll hear ATMs play a little tune as they hand you money. The sound design everywhere you go is amazingly and thoughtful. America can be way too brutalist.
Sound design in Asia in general is amazing. I remember the sound when the metro arrives in Taiwan (both Taipei and Kaohsiung)being both really fun and effective at informing you. What really impressed me is how even the garbage trucks sing a little lullaby when they pick up the garbage at night.
It is sad we don't pay as much attention to this in Europe and America and usually just go for loud beeps. Sounds can be functional and pleasant at the same time.
If we could only get them to work with microwave makers (or recently inductive "portable" single heating plates) in the US/Europe. New microwaves are IMHO the worst, why does every microwave seem to have a different UX? I often end up just picking the least-button-pressing method in lieu of recommended temp/time settings to avoid diving into multiple sub-menus. Am I the only one who can't stand those beeps? The finished repeated triple-beeps are the jarring cherry on top.
Not sure what to tell you. That’s not my (limited) experience. Certainly you’ve heard the sound design elsewhere — from trains boarding and leaving, to the sound of rice makers and dish washers letting you know they’re ready.
I'd be happy if the text didn't change until it was done. Many of the machines I encounter change the "Wait, don't remove card" text location three or four times, each time you think it is done.
The problem is the text "Don't remove the card" contains the phrase "remove the card". I wish they just used a positive statement like "Keep card inserted" instead, and then changed to "Remove card".
Just another one of those minor accessibility things that would be dead simple to fix if the people in charge gave a shit about usability.
On the other side, many of the machines I use don't even change the text at all: it just keeps saying "leave card inserted" and the cashier tells me "just remove your card... it's long done".
Some places have done this. E.g. Safeway/Vons/Pavilions vs. Trader Joe's, one of them has a neutral sound, the other has that error-sounding notification.
I believe the latter is the generic notification sound and vendors who customized their solutions post-chip swapped it. I just can't remember which is which right now.
This is dependent on the machine reading the card, not the card, or technology, itself. This horrid noise is not present on machines used by many vendors..
Wow. They don’t even require you to enter a PIN number or show your id here for small amounts. Just put the card near the reader (NFC) and go. Now I understand why Apple Pay is a thing
Nothing irritates me more than people taking idioms literally, with the exception of discussions where strictness/correctness is required (e.g. engineers building a bridge, court proceedings, etc.)
...except card fraud lossed are recharged to the merchant so perhaps they don't care?
Out of interest there is a special exception for disabled people who cannot use a pin pad btw...