Swiping left on magnetic stripes

drclau 2021-08-16 20:12:07 +0000 UTC [ - ]

Why does it take so long? Where’s the bottleneck?

Where I lived over the last years (two countries in Europe), I don’t even have to use the physical card. I just use contactless payments with the phone. Prior to that, it was contactless with card. Even ATMs work with contactless (not all, yet). Prior to that, it was chip. I honestly don’t even recall the time when the magnetic stripe was needed.

(edit) Think of this: I made an account with one of these neo banks, ordered the card too, and it took me over a year to activate it. I still don’t use it. I just installed the virtual card into the phone’s wallet and used the account like that.

Animats 2021-08-17 07:12:06 +0000 UTC [ - ]

Where’s the bottleneck?

Gas stations. The gas station industry has been avoiding upgrading pumps. It's expensive. Retail checkouts usually just need a replacement of the desktop unit, but gas pumps require actual modification. They got a 3-year delay, until October 2020. Then April 17, 2021. Then they got hit by the coronavirus epidemic.

The upgrade has to be done by a qualified installer; you don't want someone who doesn't know what each wire does mucking about with the electrical innards of a gasoline pump. There isn't a huge supply of trained gas pump upgraders. There are many pump variations, and some can't be upgraded at all. Gas pumps often don't have an Internet connection, just a 2-wire twisted pair running RS-422 or something. The chip card readers, inevitably, want full Internet connectivity. Which means getting CAT-5 out to the pump. Which sometimes runs into CAT-5 length limitations. The older systems sometimes worked over dial-up. Average cost per pump is about $6,000.

Gilbarco/Veeder-Root has a product which is basically a pair of DSL modems to allow using the existing 2-wire connection to carry the Internet out to the pump.[1] Amusingly, they'll give you this for free if you buy their product for running ads on the pump.

And, of course, it's all "cloud-enabled".

And that's why there's such a holdup.

[1] https://www.youtube.com/watch?v=RtMxhmJh8V0

ehnto 2021-08-17 07:42:32 +0000 UTC [ - ]

Gas stations also have a disincentive to have you pay at the pump. They want you to walk in and buy from the mini-market, at least here in Australia the petrol was a loss-leader for a long time. They made all their money from the in store mini-market. All petrol stations here are essentially convenience stores with a gas station attached to get you in the door.

We have had pay at the pump before, but they got rid of it, and even brand new stations don't have it so it's not just upgrading the pumps.

mintplant 2021-08-17 10:25:12 +0000 UTC [ - ]

This may be the case in Australia, but it's very much not in the US. Pay-at-pump is ubiquitous. Barring outliers like Oregon, people are not used to having to interact with another person or walk away from their cars in the process of filling up their tanks. Gas stations do tend to have colocated convenience stores, but going in one is an optional part of the experience.

2021-08-17 11:34:22 +0000 UTC [ - ]

devilbunny 2021-08-17 16:21:32 +0000 UTC [ - ]

In the US, it's much more the norm to start the fuel running, then go inside and buy whatever you need, and come back out to find that your car is full and you can simply drive off. Do Australian pumps not have the little latch to allow fuel to keep running without someone squeezing the handle the entire time?

EvanAnderson 2021-08-17 18:09:02 +0000 UTC [ - ]

Too many stations in my area of the US (western Ohio) allow this. I was a cashier at my family's independent gas station for a number of years, and it always pissed off customers when we stopped the dispenser when they walked away / got in their car / etc. It's a legitimate safety and environmental hazard (some hold-open latches don't disengage reliably on some filler necks leading to gasoline rolling out of the tank onto the ground). People get used to lax non-safety conscious stations and then act like jerks to the employees in stations who do care.

ehnto 2021-08-17 16:23:29 +0000 UTC [ - ]

Yeah you're not allowed to leave the pump running unattended as far as I know, you have to hold down the pump at all gas stations I've been to.

AnIdiotOnTheNet 2021-08-17 11:51:33 +0000 UTC [ - ]

A lot of gas stations now have a screen on the pump that plays ads at you to make up for the fact that you're not coming in. Fortunately there's a mute button and it usually works.

bellyfullofbac 2021-08-17 14:50:41 +0000 UTC [ - ]

I wonder why there isn't a "Buy now" button, they're already charging your credit card, they'd just need to hire someone to run the item from inside the store to you at your car. Add some sensors like body temperature monitoring; Sweating person who looks like they like their sweets? "5% off this ice cream if you hit 'Buy!' within the next 30 seconds!".

Damn, I think this is an idea. At least for developing countries, were labor is cheap, the runner is the expensive part of this concept.

TheSpiceIsLife 2021-08-17 16:31:06 +0000 UTC [ - ]

This isn’t the case in Tasmania, since nearly nothing is open here 24hrs almost all fuel stations have a pay station located by the building, rather than at each pump.

Recently one independent has built a few fuel only prepaid only fuel stops, no minimart and no staff.

cbm-vic-20 2021-08-17 13:17:19 +0000 UTC [ - ]

This should be a good incentive for "gas stations" to set up and maintain SAE CCS DC Fast charging for electric vehicles. Put a couple of small tables and a cafe, and people would stick around for the 30 minutes to get a good charge.

aerostable_slug 2021-08-17 15:19:39 +0000 UTC [ - ]

That was the premise for CHAdeMO. Stop and have a cup of coffee and read the paper in a Starbucks-esque environment. Perhaps even mingle with one's fellow man.

I don't think it will really work outside of very specific demographics who a.) want to get coffee and read the paper/rss feeds, and b.) have 30 minutes to spend on a charge-centric event (as in you went there to charge, not to get coffee and croissant).

8fingerlouie 2021-08-17 07:15:19 +0000 UTC [ - ]

In Europe (Scandinavia at least), Gas stations use contactless, and most gas/oil companies have a dedicated app (think loyalty card) that can also handle payment for you over the internet.

It uses GPS, so when you open the app at a gas station it already knows where you are, and simply asks you which pump you want to unlock.

kook_throwaway 2021-08-17 09:28:12 +0000 UTC [ - ]

Installing gas station spyware sounds to fill up sounds like hell.

jacobr 2021-08-17 09:58:41 +0000 UTC [ - ]

It only knows your location when you open the app, why is that a problem?

kook_throwaway 2021-08-17 14:28:20 +0000 UTC [ - ]

I assume they will require an account of some sort, and their DB will inevitably be breached to leak it who knows where. It knows more about me than my location. Probably. I don't know what all the proprietary software running on my portable sensor suite does or knows.

And almost without fail corporate one-off apps are bloated piles of contracted out and barely maintained garbage taking up too much space when a couple of forms and a few Mb of graphics/logos would do. Lastly very few actually work well or reliably, logging me out after needless updates seems to be a common pattern.

8fingerlouie 2021-08-17 22:24:21 +0000 UTC [ - ]

They require an account yes, but don’t kid yourself, every time you use a credit card to purchase something, your habits are being tracked by the merchant, using your very identifiable card number.

As for garbage apps, the one I use is well maintained, 53.7 MB binary, so not much on the side of tracking considering it contains ALL of their gas stations with pump details, paid parking lots and car washes. I had to check if it actually used an account, because I don’t remember ever signing in to it.

So good apps do exist.

Kye 2021-08-17 12:24:20 +0000 UTC [ - ]

It's probably not a problem in a place like that with some kind of privacy regulation. Import the concept to the US and it'll be outsourced to some company with sketchy security that'll find all its user data leaked in a year because they'll face no social, economic, or legal consequences for not preventing it. If they're not selling the data themselves.

djrogers 2021-08-17 17:15:14 +0000 UTC [ - ]

Both of which will still require pumps to be replaced.

kibibyte 2021-08-17 07:45:17 +0000 UTC [ - ]

It never occurred to me how much infrastructure there was in a gas station. Talking about the 99% invisible, really.

bjowen 2021-08-17 11:13:22 +0000 UTC [ - ]

That’s a great answer. My observation (watching from a card issuer across the pond) has been that it’s also integrated checkout/POS infrastructure at a number of large retailers - supermarkets, department stores, pharmacies as well as automated fuel dispensers and ATM†. The USA lagged for probably 15 years before there was any significant penetration of chip + PIN and contactless payments. Once the first large retailer replaced its fleet in ~2017 it’s been accelerating.

Since the USA makes up fully half of global card payments, MC and Visa were never going to ditch mag stripe until there was 80% penetration.

†Many AFDs seem to be configured to reject international cards which may explain why they’re not well represented in my sample set.

dvdkon 2021-08-17 07:42:51 +0000 UTC [ - ]

That's interesting, maybe we adopted contactless payments faster in part because in our gas stations you'd usually pay inside the shop. I have to think that was only one of many reasons, though.

dkdbejwi383 2021-08-17 07:58:04 +0000 UTC [ - ]

Partly that, and the USA's much higher car dependence in general. I'd wager the average adult in the USA spends more time in a petrol station than the average European.

VilleO 2021-08-17 08:53:24 +0000 UTC [ - ]

Quick googling gave me average US car consumption 25 mpg vs 57 mpg in EU.

Edit: Bad googling, sorry. 57 mpg was proposed for new cars.

dkdbejwi383 2021-08-17 10:04:46 +0000 UTC [ - ]

Hmm, I wasn't even thinking about fuel efficiency, but that's interesting.

I meant, for anyone that missed it, that commuting by bus/train/tram/metro is much more common in urban areas in Europe than in the USA.

phinnaeus 2021-08-17 09:16:13 +0000 UTC [ - ]

Compound that with driving more and it's a lot more time spent filling up.

rutthenut 2021-08-17 09:46:48 +0000 UTC [ - ]

Wow! Average 57 mpg in Europe - really? Even for diesels, that sounds extremely optimistic; is that from manufacturer-supplied figures?

US gallons happen to be smaller too, fwiw

iarenaza 2021-08-17 11:04:27 +0000 UTC [ - ]

Well, my 7 years old Mercedes A 180 CDI 2012 model (Diesel engine) averages 53 mpg (4.4 l/100Km) still today (see my old comment with all the details for the these numbers at https://news.ycombinator.com/item?id=14552816). The manufacturer-supplied official numbers are even better (3.3 to 3.6 l/100Km, or about 65 to 71 mpg).

NB: the above mpg numbers are computed using US gallons (3.785 litres)

rutthenut 2021-08-17 13:41:28 +0000 UTC [ - ]

Useful economy figures, for sure. It's the average across Europe that I'd find really surprising, given how many older vehicles there will be, and not all diesels

camgunz 2021-08-17 14:52:54 +0000 UTC [ - ]

Super smart, yeah. BTW if we're gonna replace tons of gas pumps, can we make it illegal to play TV/ads on them? Lord I hate it so much.

tbihl 2021-08-17 15:37:25 +0000 UTC [ - ]

Try the buttons around the display. That almost always solves the problem. If none of them work, stop pumping gas and leave. That always solves the problem.

EvanAnderson 2021-08-17 18:12:01 +0000 UTC [ - ]

The fuel dispenser industry, from an IT perspective, is a racket. My family owns a small independent gas station and recently did a POS replacement. The proprietary protocols for communicating to dispensers and controllers makes for crazy vendor lock-in and ridiculous installation fees, hardware prices, and ongoing support fees.

wiz21c 2021-08-17 10:04:07 +0000 UTC [ - ]

That's not a problem. We should be leaving oil anyway, so upgrading infrastructure is useless.

</cynical>

irrational 2021-08-17 07:25:53 +0000 UTC [ - ]

Also some retail places. Home Depot is a huge retailer in the USA, but they will not accept contactless payments. I assume it has something to do with having to pay a higher percent per transaction.

djrogers 2021-08-17 17:17:49 +0000 UTC [ - ]

The dumb thing is they have the tech to do it - when they rolled out their new chip readers several years ago, I was in a store where they had accidentally left the contactless reader on for a day or two, and was able to use ApplePay.

Next time I went back the reader just feigned ignorance.

mikecoles 2021-08-17 14:34:08 +0000 UTC [ - ]

Wormhole attack? Not sure if this is still a possibility though as distance base timeouts could be employed.

https://arxiv.org/pdf/1904.10623.pdf

lotsofpulp 2021-08-17 08:49:12 +0000 UTC [ - ]

Contactless is not more expensive per transaction.

supertrope 2021-08-18 00:40:48 +0000 UTC [ - ]

Initially only “credit” networks like Visa/MC supported tap to pay with interchange fees of 1 to 2.5%. The low fee debit networks did not. Regulated debit is as cheap as 21c + 0.05%. A lot of retailers have thin profit margins of 5%. So contactless adoption would mean more high interchange “credit” transactions and fewer low interchange debit transactions. Thus the retailer resistance to contactless.

2021-08-17 07:39:17 +0000 UTC [ - ]

aidenn0 2021-08-16 20:16:34 +0000 UTC [ - ]

The USA is a big holdup. I just traveled across the country and there are still filling (petrol) stations where the only card reader is stripe. See also other comments about the stripe being a fallback for chip as chip readers on POS terminals seem to be more fragile than magnetic stripe readers.

FWIW, Contactless is very hit-or-miss for me in the US; about 1/3 the time it just doesn't work at all (even with multiple retries), and that's when the terminal has one. Was picking up something at the corner store the other day, realized I didn't have my wallet and contactless just didn't work with the phone at all for some reason.

ryandrake 2021-08-16 20:25:52 +0000 UTC [ - ]

Yea, the Achilles Heel of contactless (or phone/NFC) in the USA is the uncertainty that it's supported and the terrible UX for failure cases. How many times have you had this happen?

Your groceries are all rung up and the POS terminal is waiting. You dig out your phone or contactless card and try to invoke the contactless payment system. Nothing's happening. You wave it around a little. Still nothing. Grocery cashier is looking at you like you're an idiot nerd, saying "That thing doesn't work. Just stick the card in the slot." Now I dig in my wallet looking for my chip card as the whole line behind me huffs about how much of a moron I am. Stick it in the POS terminal, and it waits... and waits... and waits... and finally, loudly proclaims BONK BONK BONK transaction approved. Everyone other than me is saying "Finally, we can move on".

Contrast that with mag swipe: Pull out the card. Swipe it (which takes 500ms). Done.

wcarss 2021-08-16 20:45:07 +0000 UTC [ - ]

Coming from Canada: my last experience with the stripe, >3-4 years ago, was more like: pull out the card. Swipe it (it doesn't work), Swipe it (it doesn't work), Swipe it slowly (it doesn't work), wrap a garbage bag around it and Swipe it slowly (it doesn't work), Swipe it one last time -- hey, it works! Then, physically sign my name on some piece of paper with a gross pen they had lying around.

vs my last 100 contactless payments: pull out the card, tap. Almost instant happy beep.

I once actually got stuck at La Guardia because of the chip/stripe divide. I hadn't thought to get enough US cash out in advance, and all I had was my Canadian CC and Debit cards. I'd used nothing but the chip on the CC for > a year and didn't realize the magnetic stripe was completely worn off!

I tried several money-changers and ATMs there, and even called my bank -- no options at all. I finally found $5 CAD in my backpack and changed it to USD for bus fare, then caught a local bus to a nearby actual bank, where they were finally able to use my ID and the card number to authorize an advance. It was a heck of a day.

Denatonium 2021-08-17 11:05:57 +0000 UTC [ - ]

Some US chip-enabled ATMs still insist on reading the magstripe first, and then tell you to reinsert if the card tells it that it's a chip card. If the ATM doesn't swallow your card, you can often swipe ANY chip-enabled card and then insert your preferred card when it tells you to reinsert.

koolba 2021-08-17 10:07:24 +0000 UTC [ - ]

> ... wrap a garbage bag around it and Swipe it slowly (it doesn't work), ...

Garbage bag? You mean one of those paper thin plastic bags that many big cities in the USA have all but banned?

Does that actually help with the mag strip being read or was that a joke regarding the cards being complete garbage?

Spare_account 2021-08-17 11:27:55 +0000 UTC [ - ]

It's a real-world solution that is widely-known but not widely understood.

https://old.reddit.com/r/explainlikeimfive/comments/1ycw61/e...

No idea if this explanation is legit, but I can anecdotally confirm that the trick has permitted a purchase in one case in my own direct experience.

kevin_thibedeau 2021-08-17 08:35:19 +0000 UTC [ - ]

The stripes used to be embedded in the plastic and much more durable. Now we get cruddy surface printed stripes that aren't a reliable backup.

onion2k 2021-08-17 05:22:57 +0000 UTC [ - ]

Here in the UK everywhere accepts chip and contactless. It rarely fails, and when it does everyone assumes its the card reader rather than the card. It's common for people to claim they'll stop shopping in places where the card readers fail, which means there's an incentive for retailers to keep them well maintained.

dazc 2021-08-17 07:08:43 +0000 UTC [ - ]

Anecdotally, the machines fail quite often in cabs.

onion2k 2021-08-17 07:21:09 +0000 UTC [ - ]

I've always suspected they don't, but the cab driver says it's not working so you pay cash that they don't to declare as income in order to minimize their tax liability. I have no real basis for this suspicion though, besides knowing that taxi drivers were notorious for tax dodging before card readers were common (like most cash-based businesses really).

coremoff 2021-08-17 10:37:03 +0000 UTC [ - ]

FYI my understanding is that, in London at least, cabs aren't allowed to operated with a broken card reader; if that happens to you, tell them that you have no cash and either it will suddenly magically work or you'll get a free ride (this has happened to me).

GordonS 2021-08-17 12:59:55 +0000 UTC [ - ]

When I ask to pay by card in the UK or Norway, it's 50/50 whether the driver claims the card machine is broken. If you say you don't have cash, they're like "oh, well, let's try just in case", and lo and behold, it works every time.

nsizx 2021-08-17 08:00:32 +0000 UTC [ - ]

Same in restaurants. They hate it when you pay with your card. They love untaxed income and I don't blame them.

bovermyer 2021-08-16 20:32:30 +0000 UTC [ - ]

I dunno, I've had plenty of instances where swiping a card doesn't work. Sometimes I'd have to put a plastic bag around the card and _then_ swipe it.

secabeen 2021-08-16 20:38:54 +0000 UTC [ - ]

I've had that too, but when that happens, it's obvious to others; they can see you swiping again and again. Failed NFC just looks like you're standing there.

MR4D 2021-08-16 22:28:29 +0000 UTC [ - ]

> Failed NFC just looks like you're standing there.

Or worse...it feels like you're just standing there. God, I hate that!

asdff 2021-08-16 20:44:58 +0000 UTC [ - ]

Wrapping it in receipt paper works great too

bluGill 2021-08-16 20:37:57 +0000 UTC [ - ]

Those exist, but they are somewhat rare overall. The chip does take a lot longer than it should in most cases (I'll give them 2 seconds - which is enough time to cross satellites in geosynchronous orbit, for land based internet connections 50ms is plenty of time).

lotsofpulp 2021-08-17 09:00:46 +0000 UTC [ - ]

All of my cards have the tap to pay symbol, so all I do is tap the card and it works pretty much every time. If it does not, then I insert it into the chip reader.

Since cards can have tap to pay, chip, and stripe all on the same card, I do not see the uncertainty in merchants supporting it to be an Achilles heel since you will have the card anyway. It might be an Achilles heel for Apple Pay/Google Pay, but not contactless/tap to pay in general.

aidenn0 2021-08-17 16:22:00 +0000 UTC [ - ]

I have run into terminals where if you do tap to pay and it fails, it won't accept the chip until the cashier re-runs the transaction. This has caused me to just not use tap to pay.

marak830 2021-08-17 02:24:01 +0000 UTC [ - ]

I haven't had a failure in the last 5 years of using contactless payment(in Japan).

It can be done, and is being successfully done in many places.

kube-system 2021-08-17 05:22:12 +0000 UTC [ - ]

It’s not a problem with the tech — just a matter of time and adoption. Swipe cards used to be just as problematic back in the day. Many places didn’t accept them either, and then if they did, it took a lengthy dial-up connection to process. Sometimes it would fail and retry multiples times, and if it still didn’t work, the cashier would grab one of these out from under the counter: https://images-na.ssl-images-amazon.com/images/I/41xAsDSTsXL...

Now those are slow. But hey, this is back in the time when people would write checks at the checkout.

SilverRed 2021-08-17 07:06:30 +0000 UTC [ - ]

It's astounding how slow the rollout is in the US. I'm 22 and in Australia and I have never used a magnetic strip card and have used the insert chip method less than 10 times. Not a single card machine does not support contactless and only weird edge cases like refunds require you to insert your card.

irrational 2021-08-17 07:31:45 +0000 UTC [ - ]

Don’t be surprised. The almighty dollar rules here. If they have to pay a dollar to upgrade the infrastructure to support contactless payments, they won’t do it until they absolutely have to. And even then, if there is a payment machine that doesn’t support contactless payments and it is 5 cents cheaper than one that does, they will go with the one that is cheaper. Multiply that by all the hundreds of thousands of different stores. There is a huge national retailer near me that recently replaced all of their sales terminals. I thought that finally I’d be able to use contactless payments. Nope. The new machines don’t accept contactless payments.

throwaheyy 2021-08-17 14:09:03 +0000 UTC [ - ]

I live in US, use contactless everywhere, and never have this trouble. But I just look for the (standard?) design pattern that indicates contactless is enabled - either text on a screen saying ”… or tap”, or the row of 4 blue LEDs across the top of the reader.

unwind 2021-08-17 07:45:51 +0000 UTC [ - ]

I can hardly imagine configuring my everyday carry so that a payment card is more accessible than my phone.

The latter is like 20 times more frequently used, and I speak as someone who does not use it to pay (at least not directly). Very odd premise, to me.

fomine3 2021-08-17 04:07:06 +0000 UTC [ - ]

How could NFC payment fail? Is payment terminal rotten?

notsureaboutpg 2021-08-17 05:03:40 +0000 UTC [ - ]

I live in the US. This happens to me often. About 50% of my contactless payments fail. The "genius" automatic fraud detection always seems to think it's fraud. Why a fraudster would buy $10 worth of fruits at a grocery store next to my listed address, I don't know. It's not that the terminals are bad. The payment companies use historical data to determine the "right" amount of contactless payments and so we can never really progress.

Kiro 2021-08-17 06:44:44 +0000 UTC [ - ]

The few times contactless has not worked you just put in the same card in the chip slot (why would it be two different cards?).

Besides, I don't see how your situation is an argument for mag swipe. Are you saying contactless fails more than mag swipes? Or that mag swipe is faster than contactless/chip? Absolutely not my experience in either way.

sokoloff 2021-08-17 10:39:41 +0000 UTC [ - ]

> why would it be two different cards?

For me contactless is my phone or watch.

syshum 2021-08-16 20:35:21 +0000 UTC [ - ]

Atleast you are not the person still writing a paper check.....

I switched to curb side pickup, I hope I never have to enter a grocery store again

gregmac 2021-08-17 03:08:47 +0000 UTC [ - ]

> Contactless is very hit-or-miss for me in the US; about 1/3 the time it just doesn't work at all

That's a shockingly high number. I'm in Canada, and I'd take a rough guess that maybe 1-2% of taps fail on first try. Most of the time it works on a second try -- and I actually think that usually happens when the POS system is slow and you tap too early.

And in cases where it really is just not working, the fallback is chip + PIN, which is 100% success rate. I'm sure there's cases where a card gets damaged and it wouldn't work, but it's not like the magnetic strip will survive that.

I don't think I've used the actual magnetic strip in at least a decade, except when I've been travelling in the US.

lotsofpulp 2021-08-17 09:05:01 +0000 UTC [ - ]

I am in the US and I have been using tap to pay for a few years now with consistent success. And as you wrote, if it does not, you just insert the chip. But that seems rare.

nulbyte 2021-08-17 11:27:28 +0000 UTC [ - ]

I've come across a few places that accept contactless, but specifically reject Google and Apple Pay, and until recently, none of my cards had contactless built in, so Google Pay was the only way to do contactless. But, I have a Samsung phone with MST, so I can fake a swipe. Amusingly, the terminals that won't do contactless Google Pay happily accept the same with the magnetic reader.

anakaine 2021-08-16 20:23:29 +0000 UTC [ - ]

On your point about contact less being hit-or-miss, this very much goes away when you have a number of options for vendors to choose from on the market, with terminals being supplied mainly by banks who want the business. Both competition and a lack of desire to deal with merchants having issues with the payment system provided lead to increases in reliability.

The overseas market has been saturated with chips for 10-15 years, and contact less for 5+, probably notably more.

jalk 2021-08-16 20:42:42 +0000 UTC [ - ]

I have asked in several stores (in Denmark) where contactless doesn’t work, but the terminal has the required hardware - The merchant has to pay a fee to enable contactless. My auto mechanic bitched loudly about it, until I told him he wanted $200 for enabling “daytime running lights” in my rear lights, which is also just “flipping a bit”

orangepanda 2021-08-17 06:15:55 +0000 UTC [ - ]

I just now realised that's the meaning behind name Stripe (the payment processor)

a254613e 2021-08-17 05:50:43 +0000 UTC [ - ]

Not just US. Take for example Germany, the largest country in EU and most places are cash-only. Although due to coronavirus adoption of different payment methods (apple pay, contactless, card, etc) has been increasing.

EVa5I7bHFq9mnYK 2021-08-19 07:09:24 +0000 UTC [ - ]

They just have a bit more experience with the government that has too much control over individuals. If cash is gone, govt has complete 100% control.

detaro 2021-08-17 08:15:40 +0000 UTC [ - ]

I'd actually be curious about the numbers/actual ratio. I can't think of a single chain of stores that takes cash only, which will make up a huge percentage. On the other hand, restaurants, food stalls, ... are hit and miss.

VonGallifrey 2021-08-17 09:46:16 +0000 UTC [ - ]

I can't remember the last time I went to a restaurant or bar that didn't have Card payment and NFC options here in Germany.

Food stalls I agree are more hit or miss.

ginko 2021-08-17 07:13:20 +0000 UTC [ - ]

That's different though. It's one thing to only support ancient tech for cashless payment and another to stay cash-only. I wouldn't call that backwards. It's just a choice.

akg_67 2021-08-17 06:29:30 +0000 UTC [ - ]

What is wrong with cash? It is one of the most fail proof form of payment. Stripe fail, chip fail, NFC fail, internet connection fail, phone line fail. But cash work almost all the time.

In last year, I have bailed out quite a few people stuck in the checkout lines because whatever hi tech form of payment, they were using, didn’t work and had no cash.

Broken_Hippo 2021-08-17 08:13:34 +0000 UTC [ - ]

I live in Norway, and cannot remember the last time my card wouldn't work - period. Not just with the reasons stated.

When I lived in the states and worked retail, your cash wouldn't be accepted at a lot of stores if the power was out (or if internet/phone lines caused the registers to fail). To complicate things, I worked in a pharmacy, so accepting cash for the medicine without it going through the system might have actually been illegal.

kalleboo 2021-08-17 15:21:08 +0000 UTC [ - ]

You have to remember to get it out of the ATM. I ran out of cash like a week or two ago and have been too lazy or forgetful to stop by an ATM to get it.

Not to mention to use an ATM you need a card already to begin with, might as well just pay with that card directly?

bserge 2021-08-17 08:13:51 +0000 UTC [ - ]

Notes get wet, rip, and fall out of pockets. Everything fails.

herbst 2021-08-17 09:42:08 +0000 UTC [ - ]

In Switzerland we have both. You can pay cash nearly everywhere, or contact less, or using our own transaction system 'twint' usually over the phone linked to any bank account (or even prepaid kinda like PayPal)

2021-08-17 09:58:42 +0000 UTC [ - ]

vidanay 2021-08-16 21:47:57 +0000 UTC [ - ]

I've been in a retailer within the last two years that still used paper and and imprint machine to process credit cards.

skookum 2021-08-16 23:25:29 +0000 UTC [ - ]

I last had this happen 4 years ago at a pharmacy that was having network issues. But now I no longer have any cards with embossed letters so the imprinting fallback would not longer work for me. I supposed they could fill in the slip manually which seems equivalent to a card-not-present transaction but without the instant confirmation?

aidenn0 2021-08-17 02:20:17 +0000 UTC [ - ]

Can confirm; I had a slip filled in manually when the computer system was down and my card lacks embossing.

chousuke 2021-08-16 21:17:40 +0000 UTC [ - ]

Living in Europe, I genuinely had no idea cards with magnetic stripes were still in use. I thought everything used chips nowadays.

I still prefer my card for contactless payments though; using my phone is not really much more convenient since my phone case holds the card anyway and it at least works consistently.

watermelon0 2021-08-17 06:11:53 +0000 UTC [ - ]

It's more convenient if you need to pay more than 25 EUR (or whatever the limit is where you live), where you need to use your PIN with contactless card.

2021-08-17 06:33:09 +0000 UTC [ - ]

hvidgaard 2021-08-18 08:06:34 +0000 UTC [ - ]

Mag strip or chip, you still need your pin here. With contactless there is a limit of 50-100 EUR, and when you use Apple Pay you never have to provide a pin.

LeonidasXIV 2021-08-17 08:54:22 +0000 UTC [ - ]

Or you use contactless payment with your phone which then does not have a 25 EUR limit (actually I think these days it is more like 50 EUR) since the phone supplies some form of authentication, which a plain contactless card can't.

watermelon0 2021-08-17 11:56:18 +0000 UTC [ - ]

Maybe I wrongly worded it, but I meant the same thing.

Accacin 2021-08-17 08:48:59 +0000 UTC [ - ]

My Monzo card has a magstripe still, but I have to enable it in the app if I want to use it.

poopypoopington 2021-08-16 20:19:06 +0000 UTC [ - ]

To play devil's advocate – who cares? We've had magnetic strips for decades and they work fine. Yes, they're insecure but anti-fraud measures taken by the bank can mitigate that. If this helps more stores accept payments without having a painful transition isn't that worth it? I use Apple Pay most places but I don't mind having to use a strip once in a while or if others do.

Johnie 2021-08-16 20:20:57 +0000 UTC [ - ]

Think about who is paying for that fraud. Prior to EMV liability shift, Banks paid for the fraud. After Liability Shift, merchants are paying for fraud using magstripe.

Merchants don't want to be responsible for the fraud, so they are incentivized to get rid of the mag stripe.

syshum 2021-08-16 20:40:07 +0000 UTC [ - ]

Depends on the transaction, but merchants can absolutely be liable for fraud before the EMV shift...

Also the rate of mag fraud is still pretty low, more Online Fraud which was ALWAYS liable to the merchant and did not see to do much ti incentivize any changes there.

Causing 90% of your customers pain to save less than 1% on fraud is likely going to cost merchants more than just paying for the fraud, which is also the math online merchants used. Online merchants that have huge fraud prevention lost more customers than the fraud....

Hell I remember one time a online merchant wanted me to submit more info after the sale for anti-fraud... I cancelled the order and bought from someone else

xattt 2021-08-16 20:32:45 +0000 UTC [ - ]

I really doubt that banks will pass on the savings onto the consumer of fraud mitigation once EMV is fully implemented.

SilverRed 2021-08-17 07:08:11 +0000 UTC [ - ]

Who cares? Just taking the profits away from criminals would be good enough.

hocuspocus 2021-08-17 08:26:23 +0000 UTC [ - ]

Force them. The EU has successfully capped interchange fees in 4-party schemes.

djrogers 2021-08-17 17:21:35 +0000 UTC [ - ]

In both of those cases, consumers are paying for fraud.

FridayoLeary 2021-08-16 20:24:54 +0000 UTC [ - ]

>painful transition

How painful could it possibly be to go and buy a new card reader? Why doesn't the payments provider offer them as part of the service? They are not so expensive.

jjk166 2021-08-16 21:36:20 +0000 UTC [ - ]

The reader may be cheap, but the things its integrated with aren't. If it costs $20k to replace a gas pump and you have a half dozen pumps, the cost of replacing them might be comparable to the value of the gas station. A grocery store point of sale system is even more expensive, around $40k a pop. Maybe you're lucky and the manufacturer of your current setup has made it in such a way that the card reader can be swapped out without replacing the entire thing, but that's a big if.

It's not like this is an investment that will lead to more customers or new revenue, this is a big expense just to stay afloat. Getting financing for such an expenditure is extremely difficult. At least in a mixed ecosystem you might be able to recoup some of the cost selling your old equipment, but no one's going to buy it if it's going to stop working soon.

SilverRed 2021-08-17 07:09:52 +0000 UTC [ - ]

>the manufacturer of your current setup has made it in such a way that the card reader can be swapped out without replacing the entire thing, but that's a big if.

This seems to be universal in Australia. Even the mega store self serve integrated systems have a separate machine mounted on for processing card payments.

jjk166 2021-08-17 12:36:04 +0000 UTC [ - ]

Even if the machine is physically separated, it still needs to be integrated. At the very least, you need a way of telling the machine what is owed and a method for the machine to communicate back that the amount has been payed, and it can't be easily spoofed. Nowadays there is a lot more customer specific integration as well (deals, rebates, signing people up for mailing lists, etc). There are about a dozen different communication standards for POS systems, and some POS systems support more than one, but there are also boatloads of proprietary communications protocols floating around. Presumably you're replacing the POS system with one from the same manufacturer, so the communication protocol is likely to be supported, but that doesn't mean any custom software you have on your system will run as is.

And even if you can hotswap a POS system, they're still expensive. A machine plus software is about $4000 per lane, and that's when you're not a captive market. Even small retailers typically have enough lanes that this is a significant expense. People in this thread are giving prices for Square readers which 1) are not at all sufficient for most businesses and 2) are sold at a loss while Square makes its money on transaction fees and subscription services (the same is true for the rest of the Square clones). It's like comparing a home projector to a movie theater projector.

bjowen 2021-08-17 11:45:41 +0000 UTC [ - ]

Visa and MC put Australia in the Asia-Pacific region, and the regional rules and fees have been gradually changed (2004ish onwards) to favour chip payments. There still had to be an extravagant amount of re-work for ATMs and compromises to suit some of the major players in Oz, whose quirks dictate the norms for the rest of the market.

MichaelZuo 2021-08-16 23:06:51 +0000 UTC [ - ]

It is weird that a lot of folks in the thread ignore the very real costs of transition. If there was a nationwide subsidy system for retailers from merchants and banks for fraud reduction en masse, then the transition would be smoother. But since there isn’t it’s partially an iterated prisoner’s dilemma.

2021-08-16 20:30:03 +0000 UTC [ - ]

kalleboo 2021-08-17 16:09:00 +0000 UTC [ - ]

The fatter margins in card processing in the US can pay for more fraud than in other countries where regulators have limited card processing interchange fees (e.g. 3% is common in the US, 0.3% is regulated in the EU)

nulbyte 2021-08-17 11:32:39 +0000 UTC [ - ]

> but anti-fraud measures taken by the bank can mitigate that.

Not really. Anti-fraud measures by the banks usually amount to taking the hit themselves, unless they actually catch the culprit. And that's only in the case of actual fraud. In other instances, the banks' algorithm screws up and blocks your card for a legitimate transaction. Then there's the hassle of replacing your card.

In the U.S., the bank where I have my checking account can print cards in the branch, but many more make you wait for the ever-worsening postal service to deliver you a new one.

Johnny555 2021-08-17 05:10:55 +0000 UTC [ - ]

Yes, they're insecure but anti-fraud measures taken by the bank can mitigate that

But the bank doesn't pay me for my inconvenience in noticing and reporting the fraud, and then the time to move my recurring payments to a new card.

I wish contactless payments worked with my card more places, especially gas stations.

bjowen 2021-08-17 11:37:35 +0000 UTC [ - ]

Anti-fraud measures for inherently insecure mag stripe are really tilted in favour of the big operators who can afford a well-skilled fraud shop or a provider who’ll happily charge millions per year in licence fees. The difference in fraud-to-total-dollars-transacted between a big player vs something like a credit union can be 20x, especially if there’s a major counterfeiting campaign. And it’s generally considered a social good not to make things easy for organised crime.

ohazi 2021-08-16 20:51:28 +0000 UTC [ - ]

From the card companies' perspective, the alternative to magstripe isn't contactless, it's contact (the smart card IC embedded in the physical card).

In the US, the card companies convinced merchants to adopt the EMV contact standard by implementing a liability shift that would make the merchants liable for card-present magstripe fraud after a certain date. For merchants using POS terminals, the liability shift happened in 2015, and for gas stations it happened a few months ago (after several delays). EMV contact coverage needs to be essentially 100% before they'll consider getting rid of magstripe completely.

Contactless is an entirely optional sideshow, and is not required by anyone anywhere. It has lots of issues (they somehow managed to make it less secure than magstripe(!), which is kind of appaling) and there are no plans to ever have it supersede EMV contact as the baseline standard.

yarcob 2021-08-17 10:41:56 +0000 UTC [ - ]

Contactless is not less secure than magstripe. I don't know where you got that from.

You can't make a fake contactless card, because each card has a private key that you can't extract. But it's trivial to make a fake magnetic stripe card.

One type of fraud with EU credit cards works like this: Criminal collects credit card numbers and pins by adding a hidden magnetic stripe reader to an ATM and a video camera, then create a fake magnetic card, and then withdraw money with fake card + PIN somewhere abroad where magnetic stripes are still allowed.

For this reason, my bank disables withdrawals from abroad by default, and you need to manually enable world wide payments in the online banking app.

ohazi 2021-08-18 02:38:11 +0000 UTC [ - ]

You're correct that you can't easily clone an NFC card from RF interactions alone, but beyond that just about every other aspect of these cards is worse.

Most contactless cards can be asked to transmit the cardholder's name, credit card number, and expiration date, and the card will happily do so, wirelessly. This is often enough to make fraudulent online transactions.

It's trivially easy to build a device that does this using a microcontroller and a coil of wire. You don't need to have a payment processor's encryption key, you can just make one up and the card will reply. You can walk around in a crowded area with such a device and capture responses from hundreds of cards in under an hour.

Electronic devices that clone your contactless card are usually better, as they generally require some sort of interaction before they'll respond -- actual physical contactless cards might as well be a megaphone attached to your credit card number.

If you can capture a genuine transaction between a POS terminal and a contactless card, and if the transaction amount is below the card's floor limit, the transaction can often be replayed or relayed to a different terminal.

With a cheap amplifier, this can be done reliably from low single digit ft away. The floor limit is usually somewhere around $20-$100 below which the terminal doesn't ask for a PIN or go online.

yarcob 2021-08-18 10:15:06 +0000 UTC [ - ]

> You can't clone a NFC card from RF alone

You imply that it is possible to clone NFC cards with other means. Is that really possible? Crypto chips are usually hardened against all kinds of attacks, and I would assume that NFC cards are resistant to cloning even if you have physical access to the chip. I'd be curious to learn more about that if my assumption is incorrect.

Regarding replay attacks, do you have a source on that? I would assume that even offline POS terminals would use a nonce to prevent replay attacks. Is that assumption incorrect?

And finally, you can extract card holder name and card number from most cards just by looking at them. Claiming that NFC cards are somehow worse than mag stripe cards in that regard is just FUD.

ohazi 2021-08-18 21:10:41 +0000 UTC [ - ]

> You imply that it is possible to clone NFC cards with other means. Is that really possible?

I mean, sure, it's always possible, but probing a secure microcontroller with needles and an electron microscope isn't really what I meant.

I was referring to what the various mobile wallet applications do behind the scenes when they allow you to "import" a plastic card and then use it as a contactless payment source via your phone's NFC radio. They're not actually cloning the private key inside the card, they're using various banking APIs to ask for a new key that, for all intents and purposes, will act exactly like the key on the physical card.

They're supposed to ask for extra info so that they're super ultra sure the person importing the card is the legitimate cardholder, but this is not always very thorough. What kind of info do they typically ask for? Numbers printed on the card that you can acquire wirelessly by accidentally bumping into someone. If you're lucky, they'll try to do two-factor via SMS or email with information that they have on file, but I've seen some that don't bother.

> Regarding replay attacks, do you have a source on that? I would assume that even offline POS terminals would use a nonce to prevent replay attacks. Is that assumption incorrect?

I worked on an EMV contact + contactless implementation several years ago, and at the time contactless replay attacks were easy to demonstrate. Things may have improved since then, but the protocol was not very good (supposedly due to constraints from early NFC cards that were small and anemic), and I think they would need to redo most of it and kill backwards compatibility to mitigate the risk completely.

https://www.youtube.com/watch?v=e023wGfVaE0

https://www.cs.bham.ac.uk/~tpc/Relay/

https://www.hackster.io/news/this-tiny-10-device-can-perform...

https://link.springer.com/chapter/10.1007/978-3-319-39814-3_...

https://en.wikipedia.org/wiki/Contactless_payment#Security

From what I can tell, there was a lot of discourse around these problems around 2015-2018. There were demonstrations and exploits galore. But the standards were already out and none of the banks or card issuers wanted to change anything. Security researchers got bored and moved on. I don't see any evidence that replay and relay attack vectors have been fixed, or that they aren't exploited in the wild, just that the banks seem to consider the risk acceptable.

> And finally, you can extract card holder name and card number from most cards just by looking at them. Claiming that NFC cards are somehow worse than mag stripe cards in that regard is just FUD.

So you'll let me rifle through your wallet and write down the card numbers and expiration dates? Would the average person let me do this? Of course they wouldn't, because basically everybody knows that they need to prevent random people from seeing the various numbers printed on their payment cards.

Is the average person aware that I can capture these markings by "accidentally" bumping into their back pocket on the subway?

It's not FUD, it's a (subtly?) different issue, one that the public largely doesn't understand yet.

What's frustrating about contactless cards is that there isn't even a good solution once you do understand the problem. Metal shields sewn into your wallet only hide the problem. The card will still respond if you shoot enough energy at it, and you'll still be able to pick up the response if you have a sensitive enough receiver.

watermelon0 2021-08-17 06:19:49 +0000 UTC [ - ]

Contactless payment is also needed for Google Pay/Apple Pay (and others), which are more secure than chip and pin.

bjowen 2021-08-17 11:52:20 +0000 UTC [ - ]

Eh? No, it’s part of the EMV standard and uses the same triple-DES crypto. There have been contactless implementations with poor security, including some truly weird contactless-mag stripe devices, but they are not the current standard or widespread in most markets.

ohazi 2021-08-18 02:41:59 +0000 UTC [ - ]

I said baseline standard. EMV contact is the baseline standard. EMV contactless is optional.

If you want to issue a new card today, it must have a chip, but it doesn't need to have contactless. There are currently no (public) plans to change this.

djhworld 2021-08-16 20:25:29 +0000 UTC [ - ]

> I honestly don’t even recall the time when the magnetic stripe was needed.

Every time I've been to the US it's still magnetic stripe in places like restaurants/bars where the wait staff whisk your card away and then 4 days later the charge ends up appearing on your card.

I saw chip and pin (or sometimes the odd chip and sign) appearing in the big shops/chains like walgreens though so I guess it's slowly changing.

It felt a bit like what the UK was like 15-20 years ago.

mullen 2021-08-16 21:19:04 +0000 UTC [ - ]

The Pandemic has really changed how credit cards are handled here. Pre-Pandemic, Tap and Pay was fairly rare, but now, it is everywhere (Nearly 90% by my informal count). The odd thing I noticed is that the smaller the market, the more likely the store/shop uses Tap and Pay. American's are also using their phone more to pay.

kube-system 2021-08-17 05:38:38 +0000 UTC [ - ]

For us ‘Mericans, all credit card transactions at a chip reader are chip+signature. We typically only have PIN numbers configured for debit cards. And most of those can be processed successfully without providing the PIN by pressing the credit button on the terminal.

barsonme 2021-08-17 06:55:59 +0000 UTC [ - ]

Although, in many cases signatures aren’t necessary. Anecdotally, I can only recall having to sign a handful of times in the last five or so years. (Edit: outside of restaurants.)

Also: it’s important to remember that running a debit card as credit isn’t the same thing as using debit. At most banks, your credit limit for debit cards (weird sentence, yeah) is very low: like $500 or so. If you call (and have sufficient funds), they’ll often temporarily raise it for you. (It’s how I paid for school on a debit card when the school could only run it as credit.)

aj3 2021-08-17 06:54:24 +0000 UTC [ - ]

No wonder people hate it then.

2021-08-16 20:32:49 +0000 UTC [ - ]

gruez 2021-08-16 20:15:01 +0000 UTC [ - ]

>I honestly don’t even recall the time when the magnetic strip was needed.

for when you fly over to the US and need to use your card

SAI_Peregrinus 2021-08-16 20:24:37 +0000 UTC [ - ]

I'm in the US. The only places I've seen in the last year or so that still use the magnetic stripes are gas stations, and all the ones I usually go to take the chip.

MisterBastahrd 2021-08-16 20:40:14 +0000 UTC [ - ]

Alternatively, I have never in the US been subject to a situation where if a chip didn't work that the magstrip wasn't allowed.

throwawayboise 2021-08-16 20:20:04 +0000 UTC [ - ]

The holdouts have long been the gas station fuel pumps. Though that is finally changing at least where I am many stations now support chip and tap card payments.

xahrepap 2021-08-16 20:26:17 +0000 UTC [ - ]

Gas stations around me (Utah) have all replaced their magstripe with a dual magstripe/chip reader. It drives me nuts though, because you still have to insert your card ALL THE WAY IN as if you're using the mag stripe, and then it decides which one to use.

Are gas stations not a big target for skimmers? Why didn't they design it to avoid the magstripe-skimmers? have two inserts or something, I don't care. But now we're a FULL generation of gas station pumps away from being free'd from skimmers. I just don't understand.

Also, don't get me started on the audio/video ads at the pump these days. They're the worst. I'd rather have to pay inside than have "while you're pumping" ads.

nitrogen 2021-08-16 20:35:59 +0000 UTC [ - ]

A lot of pumps with the chip readers also have contactless readers, but the on-screen prompts still just say "insert card". If your chip card is also contactless, you should be able to just hold it in front of the contactless reader and save both time and wear.

Scoundreller 2021-08-16 20:33:47 +0000 UTC [ - ]

What I like about the gas station ones, at least where I am, is that they use Zero insertion force contacts instead of brush contacts, so they won’t wear out the connector or your card. You can hear the machine click up and down as it engages.

jwineinger 2021-08-16 20:30:44 +0000 UTC [ - ]

In my area (Minneapolis), Costco is the only fuel station I've seen with actual tap to pay (and it handles the Costco membership check as well).

karlshea 2021-08-17 06:24:47 +0000 UTC [ - ]

Some BPs have tap here too. I've seen the hardware at a couple of Speedways but it didn't work last I tried.

chrisdhal 2021-08-17 12:40:23 +0000 UTC [ - ]

Speedway should have them now (the ones by me in New Brighton do) as do most KwikTrips.

zz865 2021-08-16 20:18:03 +0000 UTC [ - ]

Assuming US starts to let people in again.

klipt 2021-08-16 22:58:29 +0000 UTC [ - ]

There's a specific list of countries you can't travel from. Spend 2 weeks in any country not on that list and you're allowed in.

tamaharbor 2021-08-16 22:14:10 +0000 UTC [ - ]

Use the southern entrance.

dmd 2021-08-16 23:26:14 +0000 UTC [ - ]

Because here in the US there are still gas stations using embossed credit card systems who get confused when your card doesn't have raised numbers on it.

ddek 2021-08-16 20:15:49 +0000 UTC [ - ]

The only reason I’ve started using my card lately is because Face ID is harder with a mask on.

drclau 2021-08-16 20:23:38 +0000 UTC [ - ]

Just in case you have an Apple Watch and weren’t aware, or you plan to get one, there’s this feature that made my life easier:

Unlock your iPhone with Apple Watch when you're wearing a face mask

https://support.apple.com/en-us/HT212208

jdminhbg 2021-08-17 05:42:30 +0000 UTC [ - ]

This will unlock your phone but not authorize Apple Pay. So the Watch is much more convenient for payments in mask mandate areas. I find it more convenient to tap when unmasked too but that’s more personal preference.

2021-08-17 16:13:23 +0000 UTC [ - ]

kalleboo 2021-08-17 16:13:47 +0000 UTC [ - ]

If you have an Apple Watch, you can just pay with the watch

salamandersauce 2021-08-16 20:15:37 +0000 UTC [ - ]

America. They dragged their heels switching to chips.

xwdv 2021-08-16 20:20:51 +0000 UTC [ - ]

More like the security wasn’t necessary due to decreased liabilities.

stingraycharles 2021-08-16 20:16:21 +0000 UTC [ - ]

There’s always that old book shop that doesn’t have the latest and greatest yet. And this type of support is typically enforced by contracts; eg if you buy some device that accepts MasterCard, they promise it will be supported for at least 10 years.

jmharvey 2021-08-16 20:29:51 +0000 UTC [ - ]

I've been trying to shift to contactless payments recently, and my anecdotal experience has been the opposite: mom-and-pop shops usually have some kind of terminal from a dedicated payments company (verifone, square, etc) that's been updated in the last few years, while big behemoths (e.g. Lowe's, Fedex, USPS) are the holdouts clinging to bespoke antiquated payments hardware.

ComodoHacker 2021-08-17 07:35:01 +0000 UTC [ - ]

>Why does it take so long?

I guess one reason is global compatibility. For a global system to hold its promise, a card issued in one country (including developing ones) should be serviceable anywhere else.

moviuro 2021-08-16 20:46:00 +0000 UTC [ - ]

Highway tolls didn't have contactless in France until 2016 at best. It's getting better now.

https://www.autoplus.fr/securite-routiere/peages-le-paiement... - only 20 contactless toll gates in all of France in 2016 (gates, not tolls).

kergonath 2021-08-16 21:17:15 +0000 UTC [ - ]

They seem to be everywhere now.

France was the earliest adopter for chip and chip+pin, but they have been somewhat late to the contactless party (for a EU country).

robcohen 2021-08-16 20:14:52 +0000 UTC [ - ]

It really is mind blowing to me. Especially in a pandemic, why why why require a signature for anything? This is one of the few things that would reduce exposure that we already have a technical solution for. I just don’t understand.

gruez 2021-08-16 20:24:59 +0000 UTC [ - ]

>Especially in a pandemic, why why why require a signature for anything? This is one of the few things that would reduce exposure that we already have a technical solution for.

Turns out infection from surfaces is basically a non-issue.

https://www.nytimes.com/2021/04/08/health/coronavirus-hygien...

Johnny555 2021-08-17 05:15:13 +0000 UTC [ - ]

Coronavirus isn't the only virus to be concerned with, Norovirus is a well known one that can spread through surfaces, which is why it can be so rampant on cruise ships -- and it can live for weeks on surfaces.

https://www.cdc.gov/norovirus/about/transmission.html

coldtea 2021-08-17 08:25:03 +0000 UTC [ - ]

Yes, but microphobia is more annoying than most viruses, and keeping the immune system unprepared due to lack of exposure is potentially fatal, so perhaps they don't want to encourage those...

dom96 2021-08-16 23:48:55 +0000 UTC [ - ]

Got any non-paywalled sources handy?

gruez 2021-08-17 01:47:38 +0000 UTC [ - ]

Normally I'd link to archive.is, but they put everything behind a captcha wall, which I'm not keen to solve.

You can bypass the paywall with scripts disabled, but the key excerpts are:

>But the era of “hygiene theater” may have come to an unofficial end this week, when the C.D.C. updated its surface cleaning guidelines (https://www.cdc.gov/coronavirus/2019-ncov/community/disinfec...) and noted that the risk of contracting the virus from touching a contaminated surface was less than 1 in 10,000 (https://www.cdc.gov/coronavirus/2019-ncov/more/science-and-r...).

>“People can be affected with the virus that causes Covid-19 through contact with contaminated surfaces and objects,” Dr. Rochelle Walensky, the director of the C.D.C., said at a White House briefing on Monday. “However, evidence has demonstrated that the risk by this route of infection of transmission is actually low.”

barbazoo 2021-08-16 20:23:44 +0000 UTC [ - ]

As others have said, it doesn't have to be. Much of the world has long moved on from mag stripes and signatures.

cinntaile 2021-08-16 20:20:36 +0000 UTC [ - ]

Surfaces don't matter much for covid, it's very unlikely you'll catch it that way.

kook_throwaway 2021-08-17 09:27:30 +0000 UTC [ - ]

Contactless on tbe is near impossible if you want to escape from google.

brnt 2021-08-16 21:13:56 +0000 UTC [ - ]

Havnt used a magnetic strip in a decade. It's something from childhood!

bpodgursky 2021-08-16 20:22:31 +0000 UTC [ - ]

I heard that gas station pumps were a big blocker for a while.

siruncledrew 2021-08-16 20:22:59 +0000 UTC [ - ]

I think the merchants are the bottleneck in this case

cyanydeez 2021-08-17 01:39:19 +0000 UTC [ - ]

backwoods.

bamboozled 2021-08-16 22:08:47 +0000 UTC [ - ]

Try visiting Japan, it's like 1989, everywhere you go.

coldtea 2021-08-17 08:27:36 +0000 UTC [ - ]

Except for the excellent infrastructure, public transit, trains, roads, quality of food, safety, lack of junkies and meth addicts and mass homelessness, and so on, whereas its the US that is increasingly like 1880 almost everywhere you go...

w3ll_w3ll_w3ll 2021-08-16 20:08:24 +0000 UTC [ - ]

"The magnetic stripe will start to disappear in 2024 from Mastercard payment cards in regions, such as Europe, where chip cards are already widely used. Banks in the U.S. will no longer be required to issue chip cards with a magnetic stripe, starting in 2027.

By 2029, no new Mastercard credit or debit cards will be issued with a magnetic stripe. Prepaid cards in the U.S. and Canada are currently exempt from this change."

paxys 2021-08-16 20:43:42 +0000 UTC [ - ]

My, really setting themselves aggressive targets huh.

scoopertrooper 2021-08-17 05:39:04 +0000 UTC [ - ]

At least in Australia the magnetic stripe is already gone for all intents and purposes. I can't remember the last time I used it. The American schedule may be a little aggressive though, you guys still use cheques extensively.

toast0 2021-08-17 06:31:11 +0000 UTC [ - ]

> The American schedule may be a little aggressive though, you guys still use cheques extensively.

Naw, we use checks, much more convenient than cheques.

barsonme 2021-08-17 07:02:53 +0000 UTC [ - ]

Define extensively. Anybody who pays with checks in situations where credit cards or cash can be used is gonna get funny looks, unless they’re a little old lady.

scoopertrooper 2021-08-18 01:49:54 +0000 UTC [ - ]

The difference is that in Australia literally zero retail businesses will ever accept a cheque under any circumstance and all government payments are made using electronic transfers. I haven't been issued a cheque book from my bank in over decade and I've maybe cashed 3 in my 30+ years alive.

I actually can't think of a single place outside of a bank where you can use a cheque and even then it's a challenge to actually exchange it for cash. Most banks in Australia have trouble coming up with $10,000 - even busy branches in the CBD of a major city.

Now, granted I haven't been to America, but I do read things on the internet. From what I understand, your financial system is held together by a system of pneumatic tubes passing cheques around, though I hear there is some experiment with telegram machines.

herbst 2021-08-17 09:47:59 +0000 UTC [ - ]

Compare that to every single bank refusing to pay out my $150 check. Most banks even having no idea if this is actually still a thing, some had to get their boss to ask because they never had this situation before.

I still have that check because it's literally worth nothing around here.

VonGallifrey 2021-08-17 09:54:33 +0000 UTC [ - ]

In my mind the fact that checks are used in any situation is definitely "extensive" use.

I have never in my live used a check or seen one outside of movies.

swiley 2021-08-17 10:04:43 +0000 UTC [ - ]

The cash register at the CVS on the corner here already takes paypal, I wonder if I'll be able to pay with crypto by 2024.

yarcob 2021-08-17 08:49:04 +0000 UTC [ - ]

If you want to do it faster, you need government regulation. Magnetic stripes have been phased out in the EU for a couple of years. And additionally online card payments all require 2FA in EU.

As a result, there's barely any credit card fraud in Europe.

You can't expect the industry to invest in infrastructure if dealing with fraud is cheaper in the short term. You need to force them.

deelowe 2021-08-17 13:22:51 +0000 UTC [ - ]

Government regulation is what's pushing it already. Credit card companies are liable for fraud. Mag stripe has become extremely insecure now that just about anyone can build a reader. So the CC companies are moving to chip and rfid based systems.

The bad news is that these new systems are considered so secure that the CC companies have much more limited liability. So that's likely to be a problem eventually.

hamburgerwah 2021-08-16 20:17:35 +0000 UTC [ - ]

Still a LOT of merchants that need to upgrade equipment to do chip cards including some large franchises. There is a real problem that chip reading devices do not yet have anywhere near the longevity that magswipe use does. Machines go out of service for repair and cleaning after as little as a month of use in busy locations. Magstripe machines typically lasted 12 months plus before needing attention.

derefr 2021-08-16 20:38:47 +0000 UTC [ - ]

Who cares about inserting chips into the machine? We're already well past that, to contactless payment — tapping the chipped card against the terminal like an NFC door tag. It still uses the chip, and can still require your PIN (depending on your bank); you just don't stick the card in the machine to do it. MTBF = approximately forever.

Inserting the chip is a fallback, or for high-value transactions. Both use-cases are low-volume enough that a POS terminal's chip-slot reader should see relatively little use/wear.

theshrike79 2021-08-17 05:16:10 +0000 UTC [ - ]

In Finland they motivated the stores to upgrade by telling them that after date X they would be responsible for any fraudulent transactions done with a magstrip.

The transition went really fucking fast after that =)

hamburgerwah 2021-08-17 09:05:04 +0000 UTC [ - ]

This has been the case in the US for two years. Lots of merchants including some very large one don't really care. Fraud is relatively small in comparison to technology and maintenance costs.

lotsofpulp 2021-08-17 09:09:57 +0000 UTC [ - ]

This already happened in the US a few years ago.

anakaine 2021-08-16 20:30:05 +0000 UTC [ - ]

This is just not true. It is even less true for readers that support contactless payment.

Kiro 2021-08-16 20:28:12 +0000 UTC [ - ]

Where do you live? I haven't seen a card terminal that can't do chip in like 15 years. The old terminals that need to be upgraded are the ones that can't do contactless but even those are rare. A card terminal that can only do magnetic seems really alien and ancient.

barsonme 2021-08-17 07:06:42 +0000 UTC [ - ]

Lots of Jimmy Johns in my area (circa 2012) only had swipe readers for some reason. But around 2014 they started upgrading to chip readers.

nikau 2021-08-17 05:27:57 +0000 UTC [ - ]

Why aren't they using nfc?

modeless 2021-08-16 20:03:16 +0000 UTC [ - ]

I'll believe it when I see it. I heard signatures were going away years ago and yet I keep getting asked for signatures.

bryanthompson 2021-08-16 20:14:22 +0000 UTC [ - ]

There are some reasons it still exists, however, it is no longer required and merchants/POS systems ought to start phasing it out.

In the US, the way we do tip on receipt is a lot more natural if you're asking for a signature. Without a signature, you're just handing someone a tip option, which is awkward with our current way of doing things.

Some merchants opt to keep signature enabled because it gives them a fuzzy feeling and it's a point of closure to a transaction.

nicoburns 2021-08-16 20:39:02 +0000 UTC [ - ]

Lot's of payment terminals in the UK allow the customer to input the service charge themselves before they enter their PIN. Otherwise the waiter/waitress typically asks you how much you want to pay before typing in the amount. If you're splitting the bill then they need to do that anyway.

derefr 2021-08-16 20:44:19 +0000 UTC [ - ]

Here in Canada, portable POS terminals usually have a screen before "TAP/INSERT CARD" that says "Add tip?" and offers vendor-set default options, usually either 10%/12%/15% or 12%/15%/20%. The fourth option is always "custom", which allows people to enter 0 if they wish. (There are also payment flows that have an initial "Yes/No" on the "Add Tip?" question, in cases where a tip may or may not make sense, e.g. a bakery/deli that offers both high-touch dine-in and extremely-low-touch "we just take it from the fridge and give it to you" take-out service.)

Since Canada and the US have basically the same tipping culture, these POS systems seem to be already tailored for adoption in the US market (or at least, being cloned by US POS mfgrs.) Not sure why they haven't been.

syshum 2021-08-16 20:44:17 +0000 UTC [ - ]

>>Otherwise the waiter/waitress typically asks you how much you want to pay before typing in the amount.

That is never going to work in the US. Very few people would be comfortable with that.

jdminhbg 2021-08-17 05:48:08 +0000 UTC [ - ]

> In the US, the way we do tip on receipt is a lot more natural if you're asking for a signature. Without a signature, you're just handing someone a tip option, which is awkward with our current way of doing things.

Most places I go now have a receipt option step that serves as a justification for the tip screen, rather than the signature. Tapping “No Receipt” for a $5 beer purchase is only a little faster and less ridiculous than signing for it.

anakaine 2021-08-16 20:34:49 +0000 UTC [ - ]

For those abroad, even the notion of tipping can be absurd. Using that notion as a point of support for a payment system the levies fraud responsibilities onto the merchant and is very easy to circumvent, and the reason most other places moved to chip+pin, or contactless a long time ago is even more amusing.

I understand what you're saying, and how its locally relevant, but from the outside looking in the US is a long way behind on keeping up with the tech in this space.

yosito 2021-08-17 06:06:00 +0000 UTC [ - ]

> In the US, the way we do tip on receipt is a lot more natural

American in Hungary. Here tipping isn't expected like it is in the US. But when you pay, they bring the terminal to your table with the check, then you tell them that you want to add a tip and how much, and they type the total into the terminal before you tap your phone or card. Perfectly natural.

barsonme 2021-08-17 07:09:55 +0000 UTC [ - ]

You omitted a very important part of their comment:

> if you're asking for a signature.

djhworld 2021-08-16 20:31:30 +0000 UTC [ - ]

When I was over there I constantly got confused around the tipping system and how some bars keep a tab open for you (by take your card and putting it in a little book at the back and then you pay/tip at the end)

I didn't trust that so I ended up just signing the receipt and adding the tip to the bottom and keeping my card in my wallet. Needless to say I think the bar staff got a lot of tips that night!

learc83 2021-08-16 20:39:10 +0000 UTC [ - ]

>Needless to say I think the bar staff got a lot of tips that night!

You generally tip based on percentage or the number of drinks, so it shouldn't matter too much unless you're doing it by percentage and rounding up the nearest dollar.

kuroguro 2021-08-16 20:08:48 +0000 UTC [ - ]

Haven't had to sign anything for 15+ years, newer cards don't even have the space for signatures (Europe/MasterCard).

I do have to do the mag-swipe maybe once a year, if the chip reader is acting up (still no signature, it asks for the PIN).

fastball 2021-08-17 05:47:51 +0000 UTC [ - ]

My Apple Card doesn't have a space for a signature but it also doesn't have a PIN. Does have a chip though, a combination I find routinely frustrating. Just let me use a PIN if the card has a chip!

ollien 2021-08-16 20:13:41 +0000 UTC [ - ]

I just got a new credit card recently. There definitely still is the space for signatures in the US. I actually once had a store turn me away because I didn't sign it.

lrem 2021-08-16 20:20:41 +0000 UTC [ - ]

Got a new Mastercard in Europe this year, still with signature space. Same for Visa from two banks.

kuroguro 2021-08-16 20:27:46 +0000 UTC [ - ]

Couldn't find the exact card, but here's an example from my neighbors if anyone's interested. I guess it's not a thing everywhere yet.

https://www.swedbank.lt/img/private/d2d/cards/3dSecure/816x2...

_edit_

They dropped the requirement in 2018

https://www.mastercard.com/news/press/2018/signing-off-maste...

w3ll_w3ll_w3ll 2021-08-16 21:40:33 +0000 UTC [ - ]

Nice video!

kzrdude 2021-08-16 20:36:54 +0000 UTC [ - ]

Got a new mastercard (debit) without signature field and a mastercard (credit) with embossed numbers and signature field. It makes sense with the debit/credit split.

tyingq 2021-08-16 20:11:05 +0000 UTC [ - ]

I think some of it is just them not marketing features. I was unaware that my card would do the NFC/no-pin-needed thing until I paid attention to someone in front of me in line one day.

tiffanyh 2021-08-16 20:27:20 +0000 UTC [ - ]

Signature requirement has gone away in the US (and Mastercard was also the first to do that was well).

Just so many merchants are accomplished to asking for it (or haven't updated their terminals to code for not asking for it) - which is why you still encounter it.

swiley 2021-08-16 20:13:22 +0000 UTC [ - ]

Signatures are for you, not the card company. This is why I sign with a nonce.

modeless 2021-08-16 20:18:28 +0000 UTC [ - ]

No, they're for the merchant. They don't benefit me at all. But merchants were supposed to stop requiring them by now.

swiley 2021-08-16 20:22:56 +0000 UTC [ - ]

They're supposed to help you locate fraudulent transactions after your card is stolen. I guess that benefits the merchant because it makes you less likely to mark legitimate transactions as fraudulent.

modeless 2021-08-16 21:06:34 +0000 UTC [ - ]

No, you can't see the signatures, so they don't help you locate fraudulent transactions. What they do is provide a defense for the merchant against you. If you try to say you didn't authorize the charge, then the merchant can produce the signature as proof that you did. The signature is never evidence that you weren't there. Even if it is someone else's name, that doesn't prove anything, so it never benefits you.

derefr 2021-08-16 20:47:42 +0000 UTC [ - ]

In a world where that was actually the goal, you'd presumably be able to see a little image of the signature used, beside each card-provided charge in on your credit card in your online banking portal.

drawfloat 2021-08-16 20:35:13 +0000 UTC [ - ]

What’s his name?

tpmx 2021-08-16 20:09:58 +0000 UTC [ - ]

So most of my current cards (in Europe) have 3 interaction methods:

In order of decreasing readability/communication reliability:

1. Magnetic stripe

2. NFC

3. EMV

The EMV ("chip") method is the least insecure, but lately all of my cards have been started oxidating. And it seems like the pogo pins in almost all readers also started wearing out too. Chip reader failures have become very common lately.

It's very common that I have to both clean the card before using it and also bend it while pushing it into the reader to counteract the worn out pogo pins in the in-store reader. Super annoying.

NFC has been a saver, but because of the banks security risk (it's cleartext, after all) you can't really use it all of the time.

The magnetic stripe seems like it never seems to stop working. I've assumed I can't use it outside of my native country, though, perhaps incorrectly.

w3ll_w3ll_w3ll 2021-08-16 20:13:20 +0000 UTC [ - ]

NFC (EMV Mode) is partially encrypted and much more secure than magnetic stripe

tpmx 2021-08-16 20:27:24 +0000 UTC [ - ]

I wasn't aware of that mode. Is there a way of figuring out if your card has NFC (EMV Mode), or is just blasting out the CC number/expiration date when powered up via induction?

bryanthompson 2021-08-16 20:40:38 +0000 UTC [ - ]

Almost all NFC you find these days is going to be a form of EMV and is encrypted.

There was a form of contactless magstripe (MSD) that was not encrypted and has been phased out of usage as of like, late 2019 via card update bulletins.

Reventlov 2021-08-16 20:34:26 +0000 UTC [ - ]

Note that the CC number / expiration date are not used for contactless payment, and should not be enough to make a payment online.

firebaze 2021-08-16 20:13:40 +0000 UTC [ - ]

I can't remember ever having paid using the magnetic stripe in Europe since 2010 (having been to Spain, Italy, France, Netherlands, Romania and living in Germany), before I didn't use a credit card at all since it wasn't very popular here.

Honestly curios: where (and when) did you make that observation?

tpmx 2021-08-16 20:14:59 +0000 UTC [ - ]

I made that observation from using a loyalty card from a grocery chain that only has a magnetic stripe. ~10 years from the same card now.

(Sorry, this was unclear from the first iteration of the observation.)

firebaze 2021-08-16 20:25:51 +0000 UTC [ - ]

Thanks for the clarification!

ddek 2021-08-16 20:18:06 +0000 UTC [ - ]

I’m young enough to literally never have paid by swiping.

Except for my exchange year in Texas.

Symbiote 2021-08-16 22:24:28 +0000 UTC [ - ]

Same here, but Britain introduced EMV cards in 2004 (France and I think Australia were earlier, but with the previous version).

So you can have never paid by swiping and be well over 30.

theshrike79 2021-08-17 05:18:02 +0000 UTC [ - ]

It's a wonder if you can actually pay by card in Germany :D They're hardcore cash users for some weird reason.

herbst 2021-08-17 09:56:40 +0000 UTC [ - ]

And yet you can pay with card nearly everywhere but in small kiosks.

Reventlov 2021-08-16 20:17:42 +0000 UTC [ - ]

>it's cleartext, after all

What do you mean by "cleartext" exactly ? When I pay using my card with NFC, it's not really cleartext.

tpmx 2021-08-16 20:34:36 +0000 UTC [ - ]

Real-world demo: https://play.google.com/store/apps/details?id=com.github.dev...

Reventlov 2021-08-16 20:38:20 +0000 UTC [ - ]

Well… This kind of data you access with this app is not used to do contact-less payments.

tpmx 2021-08-16 21:00:55 +0000 UTC [ - ]

Show me? (Genuinly curious; I'm not claiming to be an expert in this field.)

the_mitsuhiko 2021-08-16 20:12:16 +0000 UTC [ - ]

To echo my other comment: my chip broke on my debit card and the card refused to work with magstripe only (and it was broken in a way were the NFC thing also no longer functioned). So not sure if the magstripe has any functionality in the SEPA region based on that experience.

sean1524 2021-08-16 20:15:31 +0000 UTC [ - ]

I think the magstripe is disabled in my region, I've never managed to use it on any of my cards. I tried testing it out to see if it even was functional. Surely they must work as I've heard quite a few stories of card skimmers...

the_mitsuhiko 2021-08-16 20:18:03 +0000 UTC [ - ]

There is definitely a card number on the magstripe on it, but i think you cannot make a transaction with it in the SEPA region. So you need to "clone" that card and make a transaction with it in a non SEPA region country and that is disabled by default on debit cards (not credit cards though).

kalleboo 2021-08-17 11:41:16 +0000 UTC [ - ]

Banks can reject magstripe use when it knows both the card and the card reader should have chip support.

I believe this is to help discourage downgrade attacks.

FridayoLeary 2021-08-16 20:11:42 +0000 UTC [ - ]

You can request a new card from your bank, you will get it probably within a week. Problems solved.

tpmx 2021-08-16 20:12:58 +0000 UTC [ - ]

Sure, but it doesn't solve the worn out card EMV reader problem.

przemub 2021-08-16 20:18:34 +0000 UTC [ - ]

Huh, wherever I try to use a magnetic stripe, the terminal would ask me that I have to use the chip. Even if a transaction failed when I used the chip.

kergonath 2021-08-16 20:34:31 +0000 UTC [ - ]

I have never had to use the mag stripe, ever. Failures happen sometimes with the chip as you mention, but it usually works on the second try.

fortylove 2021-08-17 07:19:53 +0000 UTC [ - ]

Does this mean that we can finally have smaller credit cards, if they only need to be big enough to hold the chip? (Assuming payment slots can somehow handle multiple card sizes, eventually...)

Wildgoose 2021-08-17 11:54:21 +0000 UTC [ - ]

I have a McLear Ring which embeds the contactless chip in a ceramic ring I wear on my little finger. No need to mess about fishing a card out of your pocket or wallet, it's just there.

It comes with its own bank account which you simply top up.

Works really well.

https://mclear.com

aimor 2021-08-17 06:09:07 +0000 UTC [ - ]

This might sound like a stretch, but I wish I could just pay without having my phone or card or cash or anything else on me. In general I'm growing weary of authentication hell, but specifically with how it all seems to come back to requiring my phone. I really wouldn't mind just keying in my account number and pin to make a payment, but of course that's just username + password and I suppose unacceptably risky. The solution I expect is for Amazon to recognized my face and bill me.

basicplus2 2021-08-17 06:12:52 +0000 UTC [ - ]

Get one of these.. halo ring

https://www.bankwest.com.au/personal/ways-to-pay/bankwest-ha...

deelowe 2021-08-17 13:25:47 +0000 UTC [ - ]

> The solution I expect is for Amazon to recognized my face and bill me.

I'm just going to go live in the woods. We grown way too comfortable as a society.

avnigo 2021-08-17 13:58:23 +0000 UTC [ - ]

Amazon wants to scan your palm.

https://techcrunch.com/2021/08/02/amazon-credit-palm-biometr...

akmarinov 2021-08-16 20:54:58 +0000 UTC [ - ]

I’m from Europe and honestly I’ve never used a magnetic strip to pay with a card. Looks really cool though.

skookum 2021-08-16 23:20:06 +0000 UTC [ - ]

If you think the magnetic strip looks cool, wait until you see a credit card imprinter!

the_mitsuhiko 2021-08-16 20:10:49 +0000 UTC [ - ]

I'm pretty sure the magstripe is already somewhat disabled over here. My debit mastercard refuses to work outside of the European union unless I disable the geo locking in the banking app, and when my chip was broken the readers kept telling me to put the chip in.

paulgerhardt 2021-08-16 20:15:27 +0000 UTC [ - ]

That’s just a bit on the mag strip that encodes if your card has a chip present.

You can flip it with a writer and use the magnet strip again if you want.

It’s quicker as one doesn’t have to wait for the Javacard OS on the chip to boot up and handshake. (Ie swipe and walk away vs insert, wait 4 seconds, remove).

Wouldn’t do this on my debit card but it’s fine on credit cards with chargeback protection.

Symbiote 2021-08-16 22:35:22 +0000 UTC [ - ]

Isn't that going to lead to the transaction being denied, either by the bank (which knows there's a chip), or even the reader (does it know that all cards beginning WXYZ have chips, for example?)?

daveoc64 2021-08-17 06:37:00 +0000 UTC [ - ]

That is what should happen, but not all banks implement every fraud countermeasure.

the_mitsuhiko 2021-08-16 20:21:17 +0000 UTC [ - ]

Interesting. That said, no desire to do this. I do effectively 100% of my transactions by watch now and that beats any alternative.

aidenn0 2021-08-16 20:13:03 +0000 UTC [ - ]

In the US, many POS terminals refuse to use the stripe until there have been 3 failed chip reads.

pjmlp 2021-08-16 20:13:26 +0000 UTC [ - ]

My debit cards only work with the chip, although the stripe is physically present, it doesn't contain any data (apparently).

metafunctor 2021-08-17 18:40:51 +0000 UTC [ - ]

My MasterCard even has the raised numbers, and an unfilled spot for my signature. I remember a long time ago, some places still used a manual contraption to impress the digits on carbon copy paper. I wonder why they've retained that unused ability for decades.

Not that it matters much. I've made payments with almost 100% Apple Pay for years — a lot of the time I don't even carry the physical card with me.

Johnny555 2021-08-17 05:21:50 +0000 UTC [ - ]

I use my credit card at brick and mortar merchants less and less -- even my local gas station accepts Android/Apple Pay (and presumably contactless card taps, but I couldn't get it to work with my card). Even the cafe I frequent switched to readers (I think they were Square) associated with an iPad so I add a tip and pay with my phone at the table.

But what are they doing to secure online payments? Last time my card number was stolen, all of the fradulent charges were at online merchants.

tpetry 2021-08-17 05:49:19 +0000 UTC [ - ]

Online transactions can be secured by solutions like 3D Secure. In the european union for european countries such solutions are already required for dome transactions. But US companies hesitate to enforce them as they make buying less convenient but much more secure. Or the CCV printed at the back of a credit card, this is impossible for bank cards in europe. But mastercard and visa prefer the convenient approach.

It would be a nice if one of the new fintech startups added the option in the account settings to enforce 3D Secure for all online transactions.

peteretep 2021-08-17 05:46:56 +0000 UTC [ - ]

> what are they doing to secure online payments?

https://en.m.wikipedia.org/wiki/3-D_Secure

Waterluvian 2021-08-16 20:10:20 +0000 UTC [ - ]

Haven’t used the magnetic strip in years in Canada.

It just isn’t a thing anymore.

leotravis10 2021-08-16 21:27:48 +0000 UTC [ - ]

> Prepaid cards in the U.S. and Canada are currently exempt from this change.

I'm telling you all, prepaid cards are a scam. Why? One of the reasons besides massive fees and shady tactics for most are because they're so far behind the times. Most don't even have a chip for example. Look at a Netspend card (using it as a prime example) and compare it to any bank card today.

perardi 2021-08-16 20:34:34 +0000 UTC [ - ]

Why wouldn’t everywhere be supporting contactless payments by this point?

And that’s not me being snippy, because perplexingly, Mariano’s, a grocery store chain in Chicago owned by Kroger’s, does not support NFC payments. (I assume Kroger’s stores proper don’t either.) You have to swipe, use the chip, or use the dedicated Kroger Pay app to scan a QR code to use your digital wallet. (Yes, really. Took them forever to even support chips instead of magstripes.)

I have absolutely no idea why they do this. Is there a higher interchange fee for contactless? Kroger’s isn’t some mom-and-pop convenience store—they’re the largest supermarket company by revenue.

yakz 2021-08-16 20:53:49 +0000 UTC [ - ]

I've been shopping at Kroger regularly for decades and my guess is that it might have something to do with the timing around their last major payment terminal upgrade. They upgraded before NFC payments were very popular but fairly close to when they really needed to support chip cards (my recollection was that the payment networks were saying they would no longer insure against fraud without a chip terminal), and it seems like for whatever reason they went with a terminal that didn't support it.

I remember being annoyed with seeing all of the seemingly brand-new hardware being installed at multiple locations that very obviously lacked NFC payment support.

paxys 2021-08-16 20:45:28 +0000 UTC [ - ]

Because these chains have decades old point of sales systems which no one wants to touch. It isn't simply a matter of swapping out one card reader for another.

leesalminen 2021-08-16 20:58:37 +0000 UTC [ - ]

Kroger brand stores have terminals that support contactless. Their self checkout lanes get new hardware and/or software every couple of years.

I’ve worked with many payment gateways over the years and enabling contactless on a stack that already did EMV never required a code change on the POS system. The terminal just passes the same data along to the POS.

I’m convinced there’s some fees at play here. The standout to me is how they push Kroger Pay - that’s to save on processing fees.

yakz 2021-08-16 20:57:25 +0000 UTC [ - ]

They did swap out all of the payment terminals, though. Just for ones without that functionality. However, I could believe that they selected the hardware because they were stuck with choices that were compatible with other systems. Kroger is a big company with quite a lot of resources, though.

pitterpatter 2021-08-17 06:53:45 +0000 UTC [ - ]

The QFC (which is Kroger's AFAIK) near me finally started allowing NFC payments sometime in 2020. Part of me wonders if covid and wanting less contact motivated that because the actual terminals themselves didn't change but rather they just enabled the NFC functionality.

dane-pgp 2021-08-16 20:16:46 +0000 UTC [ - ]

> By 2033, no Mastercard credit and debit cards will have magnetic stripes

I wouldn't be surprised if, by 2033, people will be identified using biometrics everywhere, so you can pay with your hand print or face scan.

judge2020 2021-08-16 20:24:02 +0000 UTC [ - ]

Maybe FedNow could take over the mobile payment industry depending on how truly instant it is, and become similar the role WePay takes in China.

https://www.frbservices.org/financial-services/fednow/about....

whimsicalism 2021-08-16 20:32:08 +0000 UTC [ - ]

WePay and Alipay have their dual in CashApp and Venmo. The only difference being that Alipay has a lot more institutional support, ie. you can scan your QR code at the grocery store - not the case with Venmo (yet).

asdff 2021-08-16 20:51:41 +0000 UTC [ - ]

Venmo offers debit and you can add the card to your wallet

lotsofpulp 2021-08-17 09:12:53 +0000 UTC [ - ]

I do not understand the purpose of Venmo. It seems like an unnecessary middleman.

whimsicalism 2021-08-17 15:37:42 +0000 UTC [ - ]

How do I easily pay a friend? Are you just going to say Zelle?

lotsofpulp 2021-08-17 15:55:34 +0000 UTC [ - ]

Yes. Are there any advantages of Venmo over Zelle?

whimsicalism 2021-08-17 16:00:27 +0000 UTC [ - ]

Zelle took a long time to be developed, so it has essentially no network effects - most people don't have Zelle.

Zelle can only be used by people who have banks that support Zelle, which many people do not (my bank for instance does not support Zelle, nor does my SO's - so we have no way of using Zelle to transfer money between each other.)

Zelle doesn't allow you to use credit card AFAIK. Zelle doesn't have QR code AFAIK.

lotsofpulp 2021-08-17 16:35:33 +0000 UTC [ - ]

Interesting. I would expect most people in the US to have Zelle due to the market share of the big banks, and the extensive list of Zelle participants:

https://www.zellepay.com/get-started

As far as I know, you do not have to do anything other than let your bank know the phone number/email to associate with the account you want to send/receive money to.

whimsicalism 2021-08-17 16:45:15 +0000 UTC [ - ]

> As far as I know, you do not have to do anything other than let your bank know the phone number/email to associate with the account you want to send/receive money to.

Yes, if your bank supports Zelle (which as I said, mine doesn't).

You can look at the numbers around this - way more people know about and use venmo than zelle.

KingMachiavelli 2021-08-16 20:44:32 +0000 UTC [ - ]

Even in the US, I can't remember when I last had to use the magstrip. [1] I could probabbly degauss the magnetic strip and not have any issues. If you have a chip debit card that you never use... it probably isn't a bad idea to make the card chip only.

What I actually want is a specific bank alert if the card is used without the chip. Currently I just make any transaction over $20 send an email.

[1] I guess at resturants where they actually take the card for a minute, I don't know if it's chip or magstrip transaction.

JoshTriplett 2021-08-16 20:30:49 +0000 UTC [ - ]

In recent years, I've had more transactions using the embossed numbers than I've had using the magnetic stripe. I've had a few taxis in various countries dig out and use one of the slide-across carbon-paper impression machines, once they got through the second or third round of "are you sure you won't pay with cash?". I've had fewer cases of "our chip reader doesn't work, please swipe the card instead".

mensetmanusman 2021-08-16 20:16:18 +0000 UTC [ - ]

I hope that means Home Depot and Target have to accept tap to pay…

fullstop 2021-08-16 20:28:17 +0000 UTC [ - ]

Target, at least in the USA, supports tap & pay. Home Depot is still holding out, though.

lotsofpulp 2021-08-17 09:14:38 +0000 UTC [ - ]

Home Depot, Lowe’s, and Walmart do not support tap to pay yet. They are the only major retailers I have been to recently that still do not.

mensetmanusman 2021-08-16 20:34:26 +0000 UTC [ - ]

Do mobile devices work? The Target here does not accept Apple Pay…

fullstop 2021-08-16 20:37:52 +0000 UTC [ - ]

Yes, I use my Android device. They list Apple Pay as being supported. [1]

1. https://help.target.com/help/subcategoryarticle?childcat=Acc...

barbazoo 2021-08-16 20:25:59 +0000 UTC [ - ]

Home depot in Canada does.

pitterpatter 2021-08-17 06:55:27 +0000 UTC [ - ]

Canada was a lot quicker on the uptake with both chips and tap for whatever reason.

wvenable 2021-08-17 07:27:00 +0000 UTC [ - ]

Less than a dozen major banks makes it pretty easily to roll out these systems in Canada.

pitterpatter 2021-08-17 08:58:20 +0000 UTC [ - ]

Good point. I also imagine just altogether less hardware to replace overall given the much smaller population.

2021-08-16 21:05:21 +0000 UTC [ - ]

kalleboo 2021-08-17 11:58:29 +0000 UTC [ - ]

One thing I've been curious about is how long have ATMs been using chip readers? Do they use NFC readers now? The ATMs I've used all still pull they card in and dispense it, so you can't really see what technology they're using internally.

gnicholas 2021-08-16 20:11:35 +0000 UTC [ - ]

I sometimes keep my credit card near my iPhone. I have wondered about the impact on credit cards of the new MagSafe magnets in iPhones. I guess if there aren't magnetic strips anymore, I won't have to worry about it. OTOH, there won't be any backup if the chip doesn't work, which it doesn't always.

brundolf 2021-08-16 20:12:30 +0000 UTC [ - ]

There will still be NFC (on the card and, potentially, your phone). That's what I end up using most often these days anyway

gnicholas 2021-08-16 20:47:06 +0000 UTC [ - ]

I don't actually have NFC on any of my cards, though I do use it on my phone.

avnigo 2021-08-17 13:51:25 +0000 UTC [ - ]

> The arrival of the magnetic stripe changed all that [...] offering more security...

Is this what we'd call security through obscurity? I was under the impression that data on magnetic stripe was not encrypted.

nashashmi 2021-08-16 20:21:06 +0000 UTC [ - ]

Of the three modes nfc is my favorite, takes less time, but also works less reliably. Chip takes the longest time. And I keep removing it early out of habit. And stripe is the least used. But works the best.

kergonath 2021-08-16 20:44:38 +0000 UTC [ - ]

Yeah, it was very confusing the first time I went to the US for more than a couple of days. When getting some cash, I was used to putting the card in ATMs and leave it there during the operation. In the US, the ATM did nothing before I took the card out.

When I came back I kept pulling the card early.

asdff 2021-08-16 20:53:13 +0000 UTC [ - ]

That is to help you so you don't forget your card in the ATM after you finish your business.

wrboyce 2021-08-17 00:52:48 +0000 UTC [ - ]

In the UK (and most of Europe afaik) the card is ejected immediately before the cash; the ejecting of the card indicates your authenticated session has ended.

asdff 2021-08-17 05:46:13 +0000 UTC [ - ]

There are some in the U.S. that do this, but it still didn't stop my friend from leaving his card in the ATM and having to go through a process with the bank and wait for a new card to show. Better to just make sure you have it by stopping you from doing anything else until you have it imo.

kergonath 2021-08-18 14:20:43 +0000 UTC [ - ]

I have never, ever heard someone saying they forgot their card in the handfuls of European countries where I have been. I have heard complaints about the ATM "eating" the card (not restituting it; this happens sometimes for various reasons). You'd have to try very hard to do it (like take the card out, because otherwise you won't get any cash, and then sticking it back in, or just leaving without taking either cash or card). This just is not a problem.

wrboyce 2021-08-17 21:43:48 +0000 UTC [ - ]

To drive the point home: you can’t have your cash until you have taken the card… I really do feel this is better in every way.

champtar 2021-08-16 22:16:18 +0000 UTC [ - ]

Do they mandate chip + pin yet ? Some years ago I got a Credit Card in the USA with chip but without pin, thus unusable in some places in Europe.

hellbannedguy 2021-08-16 20:13:55 +0000 UTC [ - ]

Yea--hooray, it shouid have been done years ago.

I would rather see MasterCard lower their fees, and take 100% liability for stolen numbers/information.

2021-08-16 20:12:08 +0000 UTC [ - ]

kzrdude 2021-08-16 20:40:20 +0000 UTC [ - ]

I've wondered if I shouldn't just rip off the magnetic stripe - I never use it, and it's just a security risk.

aj3 2021-08-17 07:17:11 +0000 UTC [ - ]

It's a security risk even if you don't use it. Someone just seeing your card briefly could copy it as the stripe has the same info that's printed on it.

Incidentally, this discussion is filled with people who have no idea how payments are authorized.

protomyth 2021-08-16 20:13:11 +0000 UTC [ - ]

I wonder what the statistics are on gas station pumps in the US for magnetic card versus other methods?

2021-08-16 20:06:43 +0000 UTC [ - ]

laptop-man 2021-08-16 20:18:36 +0000 UTC [ - ]

most stores in my town (pop 500, US, mi) still take personal checks. mag reader is needed for fuel pump. a few times needed in store when ship reader wasn't working.

fny 2021-08-17 05:02:24 +0000 UTC [ - ]

What a sad day. Swipes were far more user friendly and the failure rate with reading these chips is unreal.

Here's to hoping the next "upgrade" isn't a nightmare.

deepspace 2021-08-17 05:36:03 +0000 UTC [ - ]

What country are you in? In the past 10 or so years, I have NEVER had a failure with a Chip-and-Pin transaction or a contactless transaction in Canada.

grecy 2021-08-17 05:20:27 +0000 UTC [ - ]

I've been exclusively using the chip in my Credit and Debit Cards for at least a decade - every transaction works, every time for the life of the card. I've used them from Botswana to Egypt to Morocco to Canada through Central and South America and Australia.

They work perfectly.

kube-system 2021-08-17 05:11:33 +0000 UTC [ - ]

Contactless works pretty well in my experience and doesn’t put any physical wear on the card. There’s a couple big retailers still holding out, but most places I go seem to have it enabled these days.

herbst 2021-08-17 09:58:57 +0000 UTC [ - ]

The only bottleneck I am aware of are the sometimes way to slow internet connections these terminals use. My cards just work

pitterpatter 2021-08-17 06:45:30 +0000 UTC [ - ]

How so? There's no swipe motion you need to get right; just slide in the card and done?

PostThisTooFast 2021-08-17 06:39:35 +0000 UTC [ - ]

OK Gramps.

PostThisTooFast 2021-08-17 06:38:35 +0000 UTC [ - ]

I love how these assholes are patting themselves on the back for being 20 years behind the rest of the industrialized world.

Fuck you, BastarCard.

latchkey 2021-08-16 20:43:50 +0000 UTC [ - ]

I'd prefer we just phase out MasterCard. I went to a restaurant the other day. QR code on the receipt. Scan that and it opens up Toast. Toast then connects to Apple Pay, which then connects to my credit card. No less than 3 middlemen to pay the restaurant, is absurd.

QRCode -> Wallet on my phone holding stablecoin on a L2 like polygon (which is collecting APY through DeFi) -> Restaurant

larrybud 2021-08-16 21:23:22 +0000 UTC [ - ]

While your point is valid regarding a crazy number of middlemen, I've also paid via the QR code on the receipt at a number of restaurants recently and I love it! No need to flag down a server when it's time to pay; I just scan it on my phone, click on apple pay, enter the tip, and I'm done!

latchkey 2021-08-16 22:25:49 +0000 UTC [ - ]

Don't get me wrong, I love it too. I didn't suggest getting rid of the QR code, just the backend flow of middlemen taking fees from the restaurant.

numbsafari 2021-08-16 20:48:43 +0000 UTC [ - ]

Hello Strawman.

Does anyone actually pay the way you described? Honestly?

I either swipe my card or hand it to them to do it for me and call it a day.

I don't have to worry about some cryptojockey screwing up a DeFi contract scheme and all my money being stolen in a non-FDIC insured account. I have fraud protections against card theft.

It ain't perfect, but it's not the electronic equivalent of walking around with me lucky charms in my fanny pack, ripe for the mugging, either.