Swiping left on magnetic stripes
w3ll_w3ll_w3ll 2021-08-16 20:08:24 +0000 UTC [ - ]
By 2029, no new Mastercard credit or debit cards will be issued with a magnetic stripe. Prepaid cards in the U.S. and Canada are currently exempt from this change."
paxys 2021-08-16 20:43:42 +0000 UTC [ - ]
scoopertrooper 2021-08-17 05:39:04 +0000 UTC [ - ]
toast0 2021-08-17 06:31:11 +0000 UTC [ - ]
Naw, we use checks, much more convenient than cheques.
barsonme 2021-08-17 07:02:53 +0000 UTC [ - ]
scoopertrooper 2021-08-18 01:49:54 +0000 UTC [ - ]
I actually can't think of a single place outside of a bank where you can use a cheque and even then it's a challenge to actually exchange it for cash. Most banks in Australia have trouble coming up with $10,000 - even busy branches in the CBD of a major city.
Now, granted I haven't been to America, but I do read things on the internet. From what I understand, your financial system is held together by a system of pneumatic tubes passing cheques around, though I hear there is some experiment with telegram machines.
herbst 2021-08-17 09:47:59 +0000 UTC [ - ]
I still have that check because it's literally worth nothing around here.
VonGallifrey 2021-08-17 09:54:33 +0000 UTC [ - ]
I have never in my live used a check or seen one outside of movies.
swiley 2021-08-17 10:04:43 +0000 UTC [ - ]
yarcob 2021-08-17 08:49:04 +0000 UTC [ - ]
As a result, there's barely any credit card fraud in Europe.
You can't expect the industry to invest in infrastructure if dealing with fraud is cheaper in the short term. You need to force them.
deelowe 2021-08-17 13:22:51 +0000 UTC [ - ]
The bad news is that these new systems are considered so secure that the CC companies have much more limited liability. So that's likely to be a problem eventually.
hamburgerwah 2021-08-16 20:17:35 +0000 UTC [ - ]
derefr 2021-08-16 20:38:47 +0000 UTC [ - ]
Inserting the chip is a fallback, or for high-value transactions. Both use-cases are low-volume enough that a POS terminal's chip-slot reader should see relatively little use/wear.
theshrike79 2021-08-17 05:16:10 +0000 UTC [ - ]
The transition went really fucking fast after that =)
hamburgerwah 2021-08-17 09:05:04 +0000 UTC [ - ]
anakaine 2021-08-16 20:30:05 +0000 UTC [ - ]
Kiro 2021-08-16 20:28:12 +0000 UTC [ - ]
barsonme 2021-08-17 07:06:42 +0000 UTC [ - ]
modeless 2021-08-16 20:03:16 +0000 UTC [ - ]
bryanthompson 2021-08-16 20:14:22 +0000 UTC [ - ]
In the US, the way we do tip on receipt is a lot more natural if you're asking for a signature. Without a signature, you're just handing someone a tip option, which is awkward with our current way of doing things.
Some merchants opt to keep signature enabled because it gives them a fuzzy feeling and it's a point of closure to a transaction.
nicoburns 2021-08-16 20:39:02 +0000 UTC [ - ]
derefr 2021-08-16 20:44:19 +0000 UTC [ - ]
Since Canada and the US have basically the same tipping culture, these POS systems seem to be already tailored for adoption in the US market (or at least, being cloned by US POS mfgrs.) Not sure why they haven't been.
syshum 2021-08-16 20:44:17 +0000 UTC [ - ]
That is never going to work in the US. Very few people would be comfortable with that.
jdminhbg 2021-08-17 05:48:08 +0000 UTC [ - ]
Most places I go now have a receipt option step that serves as a justification for the tip screen, rather than the signature. Tapping “No Receipt” for a $5 beer purchase is only a little faster and less ridiculous than signing for it.
anakaine 2021-08-16 20:34:49 +0000 UTC [ - ]
I understand what you're saying, and how its locally relevant, but from the outside looking in the US is a long way behind on keeping up with the tech in this space.
yosito 2021-08-17 06:06:00 +0000 UTC [ - ]
American in Hungary. Here tipping isn't expected like it is in the US. But when you pay, they bring the terminal to your table with the check, then you tell them that you want to add a tip and how much, and they type the total into the terminal before you tap your phone or card. Perfectly natural.
barsonme 2021-08-17 07:09:55 +0000 UTC [ - ]
> if you're asking for a signature.
djhworld 2021-08-16 20:31:30 +0000 UTC [ - ]
I didn't trust that so I ended up just signing the receipt and adding the tip to the bottom and keeping my card in my wallet. Needless to say I think the bar staff got a lot of tips that night!
learc83 2021-08-16 20:39:10 +0000 UTC [ - ]
You generally tip based on percentage or the number of drinks, so it shouldn't matter too much unless you're doing it by percentage and rounding up the nearest dollar.
kuroguro 2021-08-16 20:08:48 +0000 UTC [ - ]
I do have to do the mag-swipe maybe once a year, if the chip reader is acting up (still no signature, it asks for the PIN).
fastball 2021-08-17 05:47:51 +0000 UTC [ - ]
ollien 2021-08-16 20:13:41 +0000 UTC [ - ]
lrem 2021-08-16 20:20:41 +0000 UTC [ - ]
kuroguro 2021-08-16 20:27:46 +0000 UTC [ - ]
https://www.swedbank.lt/img/private/d2d/cards/3dSecure/816x2...
_edit_
They dropped the requirement in 2018
https://www.mastercard.com/news/press/2018/signing-off-maste...
kzrdude 2021-08-16 20:36:54 +0000 UTC [ - ]
tyingq 2021-08-16 20:11:05 +0000 UTC [ - ]
tiffanyh 2021-08-16 20:27:20 +0000 UTC [ - ]
Just so many merchants are accomplished to asking for it (or haven't updated their terminals to code for not asking for it) - which is why you still encounter it.
swiley 2021-08-16 20:13:22 +0000 UTC [ - ]
modeless 2021-08-16 20:18:28 +0000 UTC [ - ]
swiley 2021-08-16 20:22:56 +0000 UTC [ - ]
modeless 2021-08-16 21:06:34 +0000 UTC [ - ]
derefr 2021-08-16 20:47:42 +0000 UTC [ - ]
tpmx 2021-08-16 20:09:58 +0000 UTC [ - ]
In order of decreasing readability/communication reliability:
1. Magnetic stripe
2. NFC
3. EMV
The EMV ("chip") method is the least insecure, but lately all of my cards have been started oxidating. And it seems like the pogo pins in almost all readers also started wearing out too. Chip reader failures have become very common lately.
It's very common that I have to both clean the card before using it and also bend it while pushing it into the reader to counteract the worn out pogo pins in the in-store reader. Super annoying.
NFC has been a saver, but because of the banks security risk (it's cleartext, after all) you can't really use it all of the time.
The magnetic stripe seems like it never seems to stop working. I've assumed I can't use it outside of my native country, though, perhaps incorrectly.
w3ll_w3ll_w3ll 2021-08-16 20:13:20 +0000 UTC [ - ]
tpmx 2021-08-16 20:27:24 +0000 UTC [ - ]
bryanthompson 2021-08-16 20:40:38 +0000 UTC [ - ]
There was a form of contactless magstripe (MSD) that was not encrypted and has been phased out of usage as of like, late 2019 via card update bulletins.
Reventlov 2021-08-16 20:34:26 +0000 UTC [ - ]
firebaze 2021-08-16 20:13:40 +0000 UTC [ - ]
Honestly curios: where (and when) did you make that observation?
tpmx 2021-08-16 20:14:59 +0000 UTC [ - ]
(Sorry, this was unclear from the first iteration of the observation.)
ddek 2021-08-16 20:18:06 +0000 UTC [ - ]
Except for my exchange year in Texas.
Symbiote 2021-08-16 22:24:28 +0000 UTC [ - ]
So you can have never paid by swiping and be well over 30.
theshrike79 2021-08-17 05:18:02 +0000 UTC [ - ]
herbst 2021-08-17 09:56:40 +0000 UTC [ - ]
Reventlov 2021-08-16 20:17:42 +0000 UTC [ - ]
What do you mean by "cleartext" exactly ? When I pay using my card with NFC, it's not really cleartext.
tpmx 2021-08-16 20:34:36 +0000 UTC [ - ]
the_mitsuhiko 2021-08-16 20:12:16 +0000 UTC [ - ]
sean1524 2021-08-16 20:15:31 +0000 UTC [ - ]
the_mitsuhiko 2021-08-16 20:18:03 +0000 UTC [ - ]
kalleboo 2021-08-17 11:41:16 +0000 UTC [ - ]
I believe this is to help discourage downgrade attacks.
FridayoLeary 2021-08-16 20:11:42 +0000 UTC [ - ]
tpmx 2021-08-16 20:12:58 +0000 UTC [ - ]
przemub 2021-08-16 20:18:34 +0000 UTC [ - ]
kergonath 2021-08-16 20:34:31 +0000 UTC [ - ]
fortylove 2021-08-17 07:19:53 +0000 UTC [ - ]
Wildgoose 2021-08-17 11:54:21 +0000 UTC [ - ]
It comes with its own bank account which you simply top up.
Works really well.
aimor 2021-08-17 06:09:07 +0000 UTC [ - ]
basicplus2 2021-08-17 06:12:52 +0000 UTC [ - ]
https://www.bankwest.com.au/personal/ways-to-pay/bankwest-ha...
deelowe 2021-08-17 13:25:47 +0000 UTC [ - ]
I'm just going to go live in the woods. We grown way too comfortable as a society.
avnigo 2021-08-17 13:58:23 +0000 UTC [ - ]
https://techcrunch.com/2021/08/02/amazon-credit-palm-biometr...
akmarinov 2021-08-16 20:54:58 +0000 UTC [ - ]
skookum 2021-08-16 23:20:06 +0000 UTC [ - ]
the_mitsuhiko 2021-08-16 20:10:49 +0000 UTC [ - ]
paulgerhardt 2021-08-16 20:15:27 +0000 UTC [ - ]
You can flip it with a writer and use the magnet strip again if you want.
It’s quicker as one doesn’t have to wait for the Javacard OS on the chip to boot up and handshake. (Ie swipe and walk away vs insert, wait 4 seconds, remove).
Wouldn’t do this on my debit card but it’s fine on credit cards with chargeback protection.
Symbiote 2021-08-16 22:35:22 +0000 UTC [ - ]
daveoc64 2021-08-17 06:37:00 +0000 UTC [ - ]
the_mitsuhiko 2021-08-16 20:21:17 +0000 UTC [ - ]
aidenn0 2021-08-16 20:13:03 +0000 UTC [ - ]
pjmlp 2021-08-16 20:13:26 +0000 UTC [ - ]
metafunctor 2021-08-17 18:40:51 +0000 UTC [ - ]
Not that it matters much. I've made payments with almost 100% Apple Pay for years — a lot of the time I don't even carry the physical card with me.
Johnny555 2021-08-17 05:21:50 +0000 UTC [ - ]
But what are they doing to secure online payments? Last time my card number was stolen, all of the fradulent charges were at online merchants.
tpetry 2021-08-17 05:49:19 +0000 UTC [ - ]
It would be a nice if one of the new fintech startups added the option in the account settings to enforce 3D Secure for all online transactions.
Waterluvian 2021-08-16 20:10:20 +0000 UTC [ - ]
It just isn’t a thing anymore.
leotravis10 2021-08-16 21:27:48 +0000 UTC [ - ]
I'm telling you all, prepaid cards are a scam. Why? One of the reasons besides massive fees and shady tactics for most are because they're so far behind the times. Most don't even have a chip for example. Look at a Netspend card (using it as a prime example) and compare it to any bank card today.
perardi 2021-08-16 20:34:34 +0000 UTC [ - ]
And that’s not me being snippy, because perplexingly, Mariano’s, a grocery store chain in Chicago owned by Kroger’s, does not support NFC payments. (I assume Kroger’s stores proper don’t either.) You have to swipe, use the chip, or use the dedicated Kroger Pay app to scan a QR code to use your digital wallet. (Yes, really. Took them forever to even support chips instead of magstripes.)
I have absolutely no idea why they do this. Is there a higher interchange fee for contactless? Kroger’s isn’t some mom-and-pop convenience store—they’re the largest supermarket company by revenue.
yakz 2021-08-16 20:53:49 +0000 UTC [ - ]
I remember being annoyed with seeing all of the seemingly brand-new hardware being installed at multiple locations that very obviously lacked NFC payment support.
paxys 2021-08-16 20:45:28 +0000 UTC [ - ]
leesalminen 2021-08-16 20:58:37 +0000 UTC [ - ]
I’ve worked with many payment gateways over the years and enabling contactless on a stack that already did EMV never required a code change on the POS system. The terminal just passes the same data along to the POS.
I’m convinced there’s some fees at play here. The standout to me is how they push Kroger Pay - that’s to save on processing fees.
yakz 2021-08-16 20:57:25 +0000 UTC [ - ]
pitterpatter 2021-08-17 06:53:45 +0000 UTC [ - ]
dane-pgp 2021-08-16 20:16:46 +0000 UTC [ - ]
I wouldn't be surprised if, by 2033, people will be identified using biometrics everywhere, so you can pay with your hand print or face scan.
judge2020 2021-08-16 20:24:02 +0000 UTC [ - ]
https://www.frbservices.org/financial-services/fednow/about....
whimsicalism 2021-08-16 20:32:08 +0000 UTC [ - ]
asdff 2021-08-16 20:51:41 +0000 UTC [ - ]
lotsofpulp 2021-08-17 09:12:53 +0000 UTC [ - ]
whimsicalism 2021-08-17 15:37:42 +0000 UTC [ - ]
lotsofpulp 2021-08-17 15:55:34 +0000 UTC [ - ]
whimsicalism 2021-08-17 16:00:27 +0000 UTC [ - ]
Zelle can only be used by people who have banks that support Zelle, which many people do not (my bank for instance does not support Zelle, nor does my SO's - so we have no way of using Zelle to transfer money between each other.)
Zelle doesn't allow you to use credit card AFAIK. Zelle doesn't have QR code AFAIK.
lotsofpulp 2021-08-17 16:35:33 +0000 UTC [ - ]
https://www.zellepay.com/get-started
As far as I know, you do not have to do anything other than let your bank know the phone number/email to associate with the account you want to send/receive money to.
whimsicalism 2021-08-17 16:45:15 +0000 UTC [ - ]
Yes, if your bank supports Zelle (which as I said, mine doesn't).
You can look at the numbers around this - way more people know about and use venmo than zelle.
KingMachiavelli 2021-08-16 20:44:32 +0000 UTC [ - ]
What I actually want is a specific bank alert if the card is used without the chip. Currently I just make any transaction over $20 send an email.
[1] I guess at resturants where they actually take the card for a minute, I don't know if it's chip or magstrip transaction.
JoshTriplett 2021-08-16 20:30:49 +0000 UTC [ - ]
mensetmanusman 2021-08-16 20:16:18 +0000 UTC [ - ]
fullstop 2021-08-16 20:28:17 +0000 UTC [ - ]
lotsofpulp 2021-08-17 09:14:38 +0000 UTC [ - ]
mensetmanusman 2021-08-16 20:34:26 +0000 UTC [ - ]
fullstop 2021-08-16 20:37:52 +0000 UTC [ - ]
1. https://help.target.com/help/subcategoryarticle?childcat=Acc...
barbazoo 2021-08-16 20:25:59 +0000 UTC [ - ]
pitterpatter 2021-08-17 06:55:27 +0000 UTC [ - ]
wvenable 2021-08-17 07:27:00 +0000 UTC [ - ]
pitterpatter 2021-08-17 08:58:20 +0000 UTC [ - ]
kalleboo 2021-08-17 11:58:29 +0000 UTC [ - ]
gnicholas 2021-08-16 20:11:35 +0000 UTC [ - ]
avnigo 2021-08-17 13:51:25 +0000 UTC [ - ]
Is this what we'd call security through obscurity? I was under the impression that data on magnetic stripe was not encrypted.
nashashmi 2021-08-16 20:21:06 +0000 UTC [ - ]
kergonath 2021-08-16 20:44:38 +0000 UTC [ - ]
When I came back I kept pulling the card early.
asdff 2021-08-16 20:53:13 +0000 UTC [ - ]
wrboyce 2021-08-17 00:52:48 +0000 UTC [ - ]
asdff 2021-08-17 05:46:13 +0000 UTC [ - ]
kergonath 2021-08-18 14:20:43 +0000 UTC [ - ]
wrboyce 2021-08-17 21:43:48 +0000 UTC [ - ]
champtar 2021-08-16 22:16:18 +0000 UTC [ - ]
hellbannedguy 2021-08-16 20:13:55 +0000 UTC [ - ]
I would rather see MasterCard lower their fees, and take 100% liability for stolen numbers/information.
kzrdude 2021-08-16 20:40:20 +0000 UTC [ - ]
aj3 2021-08-17 07:17:11 +0000 UTC [ - ]
Incidentally, this discussion is filled with people who have no idea how payments are authorized.
protomyth 2021-08-16 20:13:11 +0000 UTC [ - ]
laptop-man 2021-08-16 20:18:36 +0000 UTC [ - ]
fny 2021-08-17 05:02:24 +0000 UTC [ - ]
Here's to hoping the next "upgrade" isn't a nightmare.
deepspace 2021-08-17 05:36:03 +0000 UTC [ - ]
grecy 2021-08-17 05:20:27 +0000 UTC [ - ]
They work perfectly.
kube-system 2021-08-17 05:11:33 +0000 UTC [ - ]
herbst 2021-08-17 09:58:57 +0000 UTC [ - ]
pitterpatter 2021-08-17 06:45:30 +0000 UTC [ - ]
PostThisTooFast 2021-08-17 06:38:35 +0000 UTC [ - ]
Fuck you, BastarCard.
latchkey 2021-08-16 20:43:50 +0000 UTC [ - ]
QRCode -> Wallet on my phone holding stablecoin on a L2 like polygon (which is collecting APY through DeFi) -> Restaurant
larrybud 2021-08-16 21:23:22 +0000 UTC [ - ]
latchkey 2021-08-16 22:25:49 +0000 UTC [ - ]
numbsafari 2021-08-16 20:48:43 +0000 UTC [ - ]
Does anyone actually pay the way you described? Honestly?
I either swipe my card or hand it to them to do it for me and call it a day.
I don't have to worry about some cryptojockey screwing up a DeFi contract scheme and all my money being stolen in a non-FDIC insured account. I have fraud protections against card theft.
It ain't perfect, but it's not the electronic equivalent of walking around with me lucky charms in my fanny pack, ripe for the mugging, either.
drclau 2021-08-16 20:12:07 +0000 UTC [ - ]
Where I lived over the last years (two countries in Europe), I don’t even have to use the physical card. I just use contactless payments with the phone. Prior to that, it was contactless with card. Even ATMs work with contactless (not all, yet). Prior to that, it was chip. I honestly don’t even recall the time when the magnetic stripe was needed.
(edit) Think of this: I made an account with one of these neo banks, ordered the card too, and it took me over a year to activate it. I still don’t use it. I just installed the virtual card into the phone’s wallet and used the account like that.
Animats 2021-08-17 07:12:06 +0000 UTC [ - ]
Gas stations. The gas station industry has been avoiding upgrading pumps. It's expensive. Retail checkouts usually just need a replacement of the desktop unit, but gas pumps require actual modification. They got a 3-year delay, until October 2020. Then April 17, 2021. Then they got hit by the coronavirus epidemic.
The upgrade has to be done by a qualified installer; you don't want someone who doesn't know what each wire does mucking about with the electrical innards of a gasoline pump. There isn't a huge supply of trained gas pump upgraders. There are many pump variations, and some can't be upgraded at all. Gas pumps often don't have an Internet connection, just a 2-wire twisted pair running RS-422 or something. The chip card readers, inevitably, want full Internet connectivity. Which means getting CAT-5 out to the pump. Which sometimes runs into CAT-5 length limitations. The older systems sometimes worked over dial-up. Average cost per pump is about $6,000.
Gilbarco/Veeder-Root has a product which is basically a pair of DSL modems to allow using the existing 2-wire connection to carry the Internet out to the pump.[1] Amusingly, they'll give you this for free if you buy their product for running ads on the pump.
And, of course, it's all "cloud-enabled".
And that's why there's such a holdup.
[1] https://www.youtube.com/watch?v=RtMxhmJh8V0
ehnto 2021-08-17 07:42:32 +0000 UTC [ - ]
We have had pay at the pump before, but they got rid of it, and even brand new stations don't have it so it's not just upgrading the pumps.
mintplant 2021-08-17 10:25:12 +0000 UTC [ - ]
2021-08-17 11:34:22 +0000 UTC [ - ]
devilbunny 2021-08-17 16:21:32 +0000 UTC [ - ]
EvanAnderson 2021-08-17 18:09:02 +0000 UTC [ - ]
ehnto 2021-08-17 16:23:29 +0000 UTC [ - ]
AnIdiotOnTheNet 2021-08-17 11:51:33 +0000 UTC [ - ]
bellyfullofbac 2021-08-17 14:50:41 +0000 UTC [ - ]
Damn, I think this is an idea. At least for developing countries, were labor is cheap, the runner is the expensive part of this concept.
TheSpiceIsLife 2021-08-17 16:31:06 +0000 UTC [ - ]
Recently one independent has built a few fuel only prepaid only fuel stops, no minimart and no staff.
cbm-vic-20 2021-08-17 13:17:19 +0000 UTC [ - ]
aerostable_slug 2021-08-17 15:19:39 +0000 UTC [ - ]
I don't think it will really work outside of very specific demographics who a.) want to get coffee and read the paper/rss feeds, and b.) have 30 minutes to spend on a charge-centric event (as in you went there to charge, not to get coffee and croissant).
8fingerlouie 2021-08-17 07:15:19 +0000 UTC [ - ]
It uses GPS, so when you open the app at a gas station it already knows where you are, and simply asks you which pump you want to unlock.
kook_throwaway 2021-08-17 09:28:12 +0000 UTC [ - ]
jacobr 2021-08-17 09:58:41 +0000 UTC [ - ]
kook_throwaway 2021-08-17 14:28:20 +0000 UTC [ - ]
And almost without fail corporate one-off apps are bloated piles of contracted out and barely maintained garbage taking up too much space when a couple of forms and a few Mb of graphics/logos would do. Lastly very few actually work well or reliably, logging me out after needless updates seems to be a common pattern.
8fingerlouie 2021-08-17 22:24:21 +0000 UTC [ - ]
As for garbage apps, the one I use is well maintained, 53.7 MB binary, so not much on the side of tracking considering it contains ALL of their gas stations with pump details, paid parking lots and car washes. I had to check if it actually used an account, because I don’t remember ever signing in to it.
So good apps do exist.
Kye 2021-08-17 12:24:20 +0000 UTC [ - ]
djrogers 2021-08-17 17:15:14 +0000 UTC [ - ]
kibibyte 2021-08-17 07:45:17 +0000 UTC [ - ]
bjowen 2021-08-17 11:13:22 +0000 UTC [ - ]
Since the USA makes up fully half of global card payments, MC and Visa were never going to ditch mag stripe until there was 80% penetration.
†Many AFDs seem to be configured to reject international cards which may explain why they’re not well represented in my sample set.
dvdkon 2021-08-17 07:42:51 +0000 UTC [ - ]
dkdbejwi383 2021-08-17 07:58:04 +0000 UTC [ - ]
VilleO 2021-08-17 08:53:24 +0000 UTC [ - ]
Edit: Bad googling, sorry. 57 mpg was proposed for new cars.
dkdbejwi383 2021-08-17 10:04:46 +0000 UTC [ - ]
I meant, for anyone that missed it, that commuting by bus/train/tram/metro is much more common in urban areas in Europe than in the USA.
phinnaeus 2021-08-17 09:16:13 +0000 UTC [ - ]
rutthenut 2021-08-17 09:46:48 +0000 UTC [ - ]
US gallons happen to be smaller too, fwiw
iarenaza 2021-08-17 11:04:27 +0000 UTC [ - ]
NB: the above mpg numbers are computed using US gallons (3.785 litres)
rutthenut 2021-08-17 13:41:28 +0000 UTC [ - ]
camgunz 2021-08-17 14:52:54 +0000 UTC [ - ]
tbihl 2021-08-17 15:37:25 +0000 UTC [ - ]
EvanAnderson 2021-08-17 18:12:01 +0000 UTC [ - ]
wiz21c 2021-08-17 10:04:07 +0000 UTC [ - ]
</cynical>
irrational 2021-08-17 07:25:53 +0000 UTC [ - ]
djrogers 2021-08-17 17:17:49 +0000 UTC [ - ]
Next time I went back the reader just feigned ignorance.
mikecoles 2021-08-17 14:34:08 +0000 UTC [ - ]
https://arxiv.org/pdf/1904.10623.pdf
lotsofpulp 2021-08-17 08:49:12 +0000 UTC [ - ]
supertrope 2021-08-18 00:40:48 +0000 UTC [ - ]
2021-08-17 07:39:17 +0000 UTC [ - ]
aidenn0 2021-08-16 20:16:34 +0000 UTC [ - ]
FWIW, Contactless is very hit-or-miss for me in the US; about 1/3 the time it just doesn't work at all (even with multiple retries), and that's when the terminal has one. Was picking up something at the corner store the other day, realized I didn't have my wallet and contactless just didn't work with the phone at all for some reason.
ryandrake 2021-08-16 20:25:52 +0000 UTC [ - ]
Your groceries are all rung up and the POS terminal is waiting. You dig out your phone or contactless card and try to invoke the contactless payment system. Nothing's happening. You wave it around a little. Still nothing. Grocery cashier is looking at you like you're an idiot nerd, saying "That thing doesn't work. Just stick the card in the slot." Now I dig in my wallet looking for my chip card as the whole line behind me huffs about how much of a moron I am. Stick it in the POS terminal, and it waits... and waits... and waits... and finally, loudly proclaims BONK BONK BONK transaction approved. Everyone other than me is saying "Finally, we can move on".
Contrast that with mag swipe: Pull out the card. Swipe it (which takes 500ms). Done.
wcarss 2021-08-16 20:45:07 +0000 UTC [ - ]
vs my last 100 contactless payments: pull out the card, tap. Almost instant happy beep.
I once actually got stuck at La Guardia because of the chip/stripe divide. I hadn't thought to get enough US cash out in advance, and all I had was my Canadian CC and Debit cards. I'd used nothing but the chip on the CC for > a year and didn't realize the magnetic stripe was completely worn off!
I tried several money-changers and ATMs there, and even called my bank -- no options at all. I finally found $5 CAD in my backpack and changed it to USD for bus fare, then caught a local bus to a nearby actual bank, where they were finally able to use my ID and the card number to authorize an advance. It was a heck of a day.
Denatonium 2021-08-17 11:05:57 +0000 UTC [ - ]
koolba 2021-08-17 10:07:24 +0000 UTC [ - ]
Garbage bag? You mean one of those paper thin plastic bags that many big cities in the USA have all but banned?
Does that actually help with the mag strip being read or was that a joke regarding the cards being complete garbage?
Spare_account 2021-08-17 11:27:55 +0000 UTC [ - ]
https://old.reddit.com/r/explainlikeimfive/comments/1ycw61/e...
No idea if this explanation is legit, but I can anecdotally confirm that the trick has permitted a purchase in one case in my own direct experience.
kevin_thibedeau 2021-08-17 08:35:19 +0000 UTC [ - ]
onion2k 2021-08-17 05:22:57 +0000 UTC [ - ]
dazc 2021-08-17 07:08:43 +0000 UTC [ - ]
onion2k 2021-08-17 07:21:09 +0000 UTC [ - ]
coremoff 2021-08-17 10:37:03 +0000 UTC [ - ]
GordonS 2021-08-17 12:59:55 +0000 UTC [ - ]
nsizx 2021-08-17 08:00:32 +0000 UTC [ - ]
bovermyer 2021-08-16 20:32:30 +0000 UTC [ - ]
secabeen 2021-08-16 20:38:54 +0000 UTC [ - ]
MR4D 2021-08-16 22:28:29 +0000 UTC [ - ]
Or worse...it feels like you're just standing there. God, I hate that!
asdff 2021-08-16 20:44:58 +0000 UTC [ - ]
bluGill 2021-08-16 20:37:57 +0000 UTC [ - ]
lotsofpulp 2021-08-17 09:00:46 +0000 UTC [ - ]
Since cards can have tap to pay, chip, and stripe all on the same card, I do not see the uncertainty in merchants supporting it to be an Achilles heel since you will have the card anyway. It might be an Achilles heel for Apple Pay/Google Pay, but not contactless/tap to pay in general.
aidenn0 2021-08-17 16:22:00 +0000 UTC [ - ]
marak830 2021-08-17 02:24:01 +0000 UTC [ - ]
It can be done, and is being successfully done in many places.
kube-system 2021-08-17 05:22:12 +0000 UTC [ - ]
Now those are slow. But hey, this is back in the time when people would write checks at the checkout.
SilverRed 2021-08-17 07:06:30 +0000 UTC [ - ]
irrational 2021-08-17 07:31:45 +0000 UTC [ - ]
throwaheyy 2021-08-17 14:09:03 +0000 UTC [ - ]
unwind 2021-08-17 07:45:51 +0000 UTC [ - ]
The latter is like 20 times more frequently used, and I speak as someone who does not use it to pay (at least not directly). Very odd premise, to me.
fomine3 2021-08-17 04:07:06 +0000 UTC [ - ]
notsureaboutpg 2021-08-17 05:03:40 +0000 UTC [ - ]
Kiro 2021-08-17 06:44:44 +0000 UTC [ - ]
Besides, I don't see how your situation is an argument for mag swipe. Are you saying contactless fails more than mag swipes? Or that mag swipe is faster than contactless/chip? Absolutely not my experience in either way.
sokoloff 2021-08-17 10:39:41 +0000 UTC [ - ]
For me contactless is my phone or watch.
syshum 2021-08-16 20:35:21 +0000 UTC [ - ]
I switched to curb side pickup, I hope I never have to enter a grocery store again
gregmac 2021-08-17 03:08:47 +0000 UTC [ - ]
That's a shockingly high number. I'm in Canada, and I'd take a rough guess that maybe 1-2% of taps fail on first try. Most of the time it works on a second try -- and I actually think that usually happens when the POS system is slow and you tap too early.
And in cases where it really is just not working, the fallback is chip + PIN, which is 100% success rate. I'm sure there's cases where a card gets damaged and it wouldn't work, but it's not like the magnetic strip will survive that.
I don't think I've used the actual magnetic strip in at least a decade, except when I've been travelling in the US.
lotsofpulp 2021-08-17 09:05:01 +0000 UTC [ - ]
nulbyte 2021-08-17 11:27:28 +0000 UTC [ - ]
anakaine 2021-08-16 20:23:29 +0000 UTC [ - ]
The overseas market has been saturated with chips for 10-15 years, and contact less for 5+, probably notably more.
jalk 2021-08-16 20:42:42 +0000 UTC [ - ]
orangepanda 2021-08-17 06:15:55 +0000 UTC [ - ]
a254613e 2021-08-17 05:50:43 +0000 UTC [ - ]
EVa5I7bHFq9mnYK 2021-08-19 07:09:24 +0000 UTC [ - ]
detaro 2021-08-17 08:15:40 +0000 UTC [ - ]
VonGallifrey 2021-08-17 09:46:16 +0000 UTC [ - ]
Food stalls I agree are more hit or miss.
ginko 2021-08-17 07:13:20 +0000 UTC [ - ]
akg_67 2021-08-17 06:29:30 +0000 UTC [ - ]
In last year, I have bailed out quite a few people stuck in the checkout lines because whatever hi tech form of payment, they were using, didn’t work and had no cash.
Broken_Hippo 2021-08-17 08:13:34 +0000 UTC [ - ]
When I lived in the states and worked retail, your cash wouldn't be accepted at a lot of stores if the power was out (or if internet/phone lines caused the registers to fail). To complicate things, I worked in a pharmacy, so accepting cash for the medicine without it going through the system might have actually been illegal.
kalleboo 2021-08-17 15:21:08 +0000 UTC [ - ]
Not to mention to use an ATM you need a card already to begin with, might as well just pay with that card directly?
bserge 2021-08-17 08:13:51 +0000 UTC [ - ]
herbst 2021-08-17 09:42:08 +0000 UTC [ - ]
2021-08-17 09:58:42 +0000 UTC [ - ]
vidanay 2021-08-16 21:47:57 +0000 UTC [ - ]
skookum 2021-08-16 23:25:29 +0000 UTC [ - ]
aidenn0 2021-08-17 02:20:17 +0000 UTC [ - ]
chousuke 2021-08-16 21:17:40 +0000 UTC [ - ]
I still prefer my card for contactless payments though; using my phone is not really much more convenient since my phone case holds the card anyway and it at least works consistently.
watermelon0 2021-08-17 06:11:53 +0000 UTC [ - ]
2021-08-17 06:33:09 +0000 UTC [ - ]
hvidgaard 2021-08-18 08:06:34 +0000 UTC [ - ]
LeonidasXIV 2021-08-17 08:54:22 +0000 UTC [ - ]
watermelon0 2021-08-17 11:56:18 +0000 UTC [ - ]
Accacin 2021-08-17 08:48:59 +0000 UTC [ - ]
poopypoopington 2021-08-16 20:19:06 +0000 UTC [ - ]
Johnie 2021-08-16 20:20:57 +0000 UTC [ - ]
Merchants don't want to be responsible for the fraud, so they are incentivized to get rid of the mag stripe.
syshum 2021-08-16 20:40:07 +0000 UTC [ - ]
Also the rate of mag fraud is still pretty low, more Online Fraud which was ALWAYS liable to the merchant and did not see to do much ti incentivize any changes there.
Causing 90% of your customers pain to save less than 1% on fraud is likely going to cost merchants more than just paying for the fraud, which is also the math online merchants used. Online merchants that have huge fraud prevention lost more customers than the fraud....
Hell I remember one time a online merchant wanted me to submit more info after the sale for anti-fraud... I cancelled the order and bought from someone else
xattt 2021-08-16 20:32:45 +0000 UTC [ - ]
SilverRed 2021-08-17 07:08:11 +0000 UTC [ - ]
hocuspocus 2021-08-17 08:26:23 +0000 UTC [ - ]
djrogers 2021-08-17 17:21:35 +0000 UTC [ - ]
FridayoLeary 2021-08-16 20:24:54 +0000 UTC [ - ]
How painful could it possibly be to go and buy a new card reader? Why doesn't the payments provider offer them as part of the service? They are not so expensive.
jjk166 2021-08-16 21:36:20 +0000 UTC [ - ]
It's not like this is an investment that will lead to more customers or new revenue, this is a big expense just to stay afloat. Getting financing for such an expenditure is extremely difficult. At least in a mixed ecosystem you might be able to recoup some of the cost selling your old equipment, but no one's going to buy it if it's going to stop working soon.
SilverRed 2021-08-17 07:09:52 +0000 UTC [ - ]
This seems to be universal in Australia. Even the mega store self serve integrated systems have a separate machine mounted on for processing card payments.
jjk166 2021-08-17 12:36:04 +0000 UTC [ - ]
And even if you can hotswap a POS system, they're still expensive. A machine plus software is about $4000 per lane, and that's when you're not a captive market. Even small retailers typically have enough lanes that this is a significant expense. People in this thread are giving prices for Square readers which 1) are not at all sufficient for most businesses and 2) are sold at a loss while Square makes its money on transaction fees and subscription services (the same is true for the rest of the Square clones). It's like comparing a home projector to a movie theater projector.
bjowen 2021-08-17 11:45:41 +0000 UTC [ - ]
MichaelZuo 2021-08-16 23:06:51 +0000 UTC [ - ]
2021-08-16 20:30:03 +0000 UTC [ - ]
kalleboo 2021-08-17 16:09:00 +0000 UTC [ - ]
nulbyte 2021-08-17 11:32:39 +0000 UTC [ - ]
Not really. Anti-fraud measures by the banks usually amount to taking the hit themselves, unless they actually catch the culprit. And that's only in the case of actual fraud. In other instances, the banks' algorithm screws up and blocks your card for a legitimate transaction. Then there's the hassle of replacing your card.
In the U.S., the bank where I have my checking account can print cards in the branch, but many more make you wait for the ever-worsening postal service to deliver you a new one.
Johnny555 2021-08-17 05:10:55 +0000 UTC [ - ]
But the bank doesn't pay me for my inconvenience in noticing and reporting the fraud, and then the time to move my recurring payments to a new card.
I wish contactless payments worked with my card more places, especially gas stations.
bjowen 2021-08-17 11:37:35 +0000 UTC [ - ]
ohazi 2021-08-16 20:51:28 +0000 UTC [ - ]
In the US, the card companies convinced merchants to adopt the EMV contact standard by implementing a liability shift that would make the merchants liable for card-present magstripe fraud after a certain date. For merchants using POS terminals, the liability shift happened in 2015, and for gas stations it happened a few months ago (after several delays). EMV contact coverage needs to be essentially 100% before they'll consider getting rid of magstripe completely.
Contactless is an entirely optional sideshow, and is not required by anyone anywhere. It has lots of issues (they somehow managed to make it less secure than magstripe(!), which is kind of appaling) and there are no plans to ever have it supersede EMV contact as the baseline standard.
yarcob 2021-08-17 10:41:56 +0000 UTC [ - ]
You can't make a fake contactless card, because each card has a private key that you can't extract. But it's trivial to make a fake magnetic stripe card.
One type of fraud with EU credit cards works like this: Criminal collects credit card numbers and pins by adding a hidden magnetic stripe reader to an ATM and a video camera, then create a fake magnetic card, and then withdraw money with fake card + PIN somewhere abroad where magnetic stripes are still allowed.
For this reason, my bank disables withdrawals from abroad by default, and you need to manually enable world wide payments in the online banking app.
ohazi 2021-08-18 02:38:11 +0000 UTC [ - ]
Most contactless cards can be asked to transmit the cardholder's name, credit card number, and expiration date, and the card will happily do so, wirelessly. This is often enough to make fraudulent online transactions.
It's trivially easy to build a device that does this using a microcontroller and a coil of wire. You don't need to have a payment processor's encryption key, you can just make one up and the card will reply. You can walk around in a crowded area with such a device and capture responses from hundreds of cards in under an hour.
Electronic devices that clone your contactless card are usually better, as they generally require some sort of interaction before they'll respond -- actual physical contactless cards might as well be a megaphone attached to your credit card number.
If you can capture a genuine transaction between a POS terminal and a contactless card, and if the transaction amount is below the card's floor limit, the transaction can often be replayed or relayed to a different terminal.
With a cheap amplifier, this can be done reliably from low single digit ft away. The floor limit is usually somewhere around $20-$100 below which the terminal doesn't ask for a PIN or go online.
yarcob 2021-08-18 10:15:06 +0000 UTC [ - ]
You imply that it is possible to clone NFC cards with other means. Is that really possible? Crypto chips are usually hardened against all kinds of attacks, and I would assume that NFC cards are resistant to cloning even if you have physical access to the chip. I'd be curious to learn more about that if my assumption is incorrect.
Regarding replay attacks, do you have a source on that? I would assume that even offline POS terminals would use a nonce to prevent replay attacks. Is that assumption incorrect?
And finally, you can extract card holder name and card number from most cards just by looking at them. Claiming that NFC cards are somehow worse than mag stripe cards in that regard is just FUD.
ohazi 2021-08-18 21:10:41 +0000 UTC [ - ]
I mean, sure, it's always possible, but probing a secure microcontroller with needles and an electron microscope isn't really what I meant.
I was referring to what the various mobile wallet applications do behind the scenes when they allow you to "import" a plastic card and then use it as a contactless payment source via your phone's NFC radio. They're not actually cloning the private key inside the card, they're using various banking APIs to ask for a new key that, for all intents and purposes, will act exactly like the key on the physical card.
They're supposed to ask for extra info so that they're super ultra sure the person importing the card is the legitimate cardholder, but this is not always very thorough. What kind of info do they typically ask for? Numbers printed on the card that you can acquire wirelessly by accidentally bumping into someone. If you're lucky, they'll try to do two-factor via SMS or email with information that they have on file, but I've seen some that don't bother.
> Regarding replay attacks, do you have a source on that? I would assume that even offline POS terminals would use a nonce to prevent replay attacks. Is that assumption incorrect?
I worked on an EMV contact + contactless implementation several years ago, and at the time contactless replay attacks were easy to demonstrate. Things may have improved since then, but the protocol was not very good (supposedly due to constraints from early NFC cards that were small and anemic), and I think they would need to redo most of it and kill backwards compatibility to mitigate the risk completely.
https://www.youtube.com/watch?v=e023wGfVaE0
https://www.cs.bham.ac.uk/~tpc/Relay/
https://www.hackster.io/news/this-tiny-10-device-can-perform...
https://link.springer.com/chapter/10.1007/978-3-319-39814-3_...
https://en.wikipedia.org/wiki/Contactless_payment#Security
From what I can tell, there was a lot of discourse around these problems around 2015-2018. There were demonstrations and exploits galore. But the standards were already out and none of the banks or card issuers wanted to change anything. Security researchers got bored and moved on. I don't see any evidence that replay and relay attack vectors have been fixed, or that they aren't exploited in the wild, just that the banks seem to consider the risk acceptable.
> And finally, you can extract card holder name and card number from most cards just by looking at them. Claiming that NFC cards are somehow worse than mag stripe cards in that regard is just FUD.
So you'll let me rifle through your wallet and write down the card numbers and expiration dates? Would the average person let me do this? Of course they wouldn't, because basically everybody knows that they need to prevent random people from seeing the various numbers printed on their payment cards.
Is the average person aware that I can capture these markings by "accidentally" bumping into their back pocket on the subway?
It's not FUD, it's a (subtly?) different issue, one that the public largely doesn't understand yet.
What's frustrating about contactless cards is that there isn't even a good solution once you do understand the problem. Metal shields sewn into your wallet only hide the problem. The card will still respond if you shoot enough energy at it, and you'll still be able to pick up the response if you have a sensitive enough receiver.
watermelon0 2021-08-17 06:19:49 +0000 UTC [ - ]
bjowen 2021-08-17 11:52:20 +0000 UTC [ - ]
ohazi 2021-08-18 02:41:59 +0000 UTC [ - ]
If you want to issue a new card today, it must have a chip, but it doesn't need to have contactless. There are currently no (public) plans to change this.
djhworld 2021-08-16 20:25:29 +0000 UTC [ - ]
Every time I've been to the US it's still magnetic stripe in places like restaurants/bars where the wait staff whisk your card away and then 4 days later the charge ends up appearing on your card.
I saw chip and pin (or sometimes the odd chip and sign) appearing in the big shops/chains like walgreens though so I guess it's slowly changing.
It felt a bit like what the UK was like 15-20 years ago.
mullen 2021-08-16 21:19:04 +0000 UTC [ - ]
kube-system 2021-08-17 05:38:38 +0000 UTC [ - ]
barsonme 2021-08-17 06:55:59 +0000 UTC [ - ]
Also: it’s important to remember that running a debit card as credit isn’t the same thing as using debit. At most banks, your credit limit for debit cards (weird sentence, yeah) is very low: like $500 or so. If you call (and have sufficient funds), they’ll often temporarily raise it for you. (It’s how I paid for school on a debit card when the school could only run it as credit.)
aj3 2021-08-17 06:54:24 +0000 UTC [ - ]
2021-08-16 20:32:49 +0000 UTC [ - ]
gruez 2021-08-16 20:15:01 +0000 UTC [ - ]
for when you fly over to the US and need to use your card
SAI_Peregrinus 2021-08-16 20:24:37 +0000 UTC [ - ]
MisterBastahrd 2021-08-16 20:40:14 +0000 UTC [ - ]
throwawayboise 2021-08-16 20:20:04 +0000 UTC [ - ]
xahrepap 2021-08-16 20:26:17 +0000 UTC [ - ]
Are gas stations not a big target for skimmers? Why didn't they design it to avoid the magstripe-skimmers? have two inserts or something, I don't care. But now we're a FULL generation of gas station pumps away from being free'd from skimmers. I just don't understand.
Also, don't get me started on the audio/video ads at the pump these days. They're the worst. I'd rather have to pay inside than have "while you're pumping" ads.
nitrogen 2021-08-16 20:35:59 +0000 UTC [ - ]
Scoundreller 2021-08-16 20:33:47 +0000 UTC [ - ]
jwineinger 2021-08-16 20:30:44 +0000 UTC [ - ]
karlshea 2021-08-17 06:24:47 +0000 UTC [ - ]
chrisdhal 2021-08-17 12:40:23 +0000 UTC [ - ]
zz865 2021-08-16 20:18:03 +0000 UTC [ - ]
klipt 2021-08-16 22:58:29 +0000 UTC [ - ]
tamaharbor 2021-08-16 22:14:10 +0000 UTC [ - ]
dmd 2021-08-16 23:26:14 +0000 UTC [ - ]
ddek 2021-08-16 20:15:49 +0000 UTC [ - ]
drclau 2021-08-16 20:23:38 +0000 UTC [ - ]
Unlock your iPhone with Apple Watch when you're wearing a face mask
https://support.apple.com/en-us/HT212208
jdminhbg 2021-08-17 05:42:30 +0000 UTC [ - ]
2021-08-17 16:13:23 +0000 UTC [ - ]
kalleboo 2021-08-17 16:13:47 +0000 UTC [ - ]
salamandersauce 2021-08-16 20:15:37 +0000 UTC [ - ]
xwdv 2021-08-16 20:20:51 +0000 UTC [ - ]
stingraycharles 2021-08-16 20:16:21 +0000 UTC [ - ]
jmharvey 2021-08-16 20:29:51 +0000 UTC [ - ]
ComodoHacker 2021-08-17 07:35:01 +0000 UTC [ - ]
I guess one reason is global compatibility. For a global system to hold its promise, a card issued in one country (including developing ones) should be serviceable anywhere else.
moviuro 2021-08-16 20:46:00 +0000 UTC [ - ]
https://www.autoplus.fr/securite-routiere/peages-le-paiement... - only 20 contactless toll gates in all of France in 2016 (gates, not tolls).
kergonath 2021-08-16 21:17:15 +0000 UTC [ - ]
France was the earliest adopter for chip and chip+pin, but they have been somewhat late to the contactless party (for a EU country).
robcohen 2021-08-16 20:14:52 +0000 UTC [ - ]
gruez 2021-08-16 20:24:59 +0000 UTC [ - ]
Turns out infection from surfaces is basically a non-issue.
https://www.nytimes.com/2021/04/08/health/coronavirus-hygien...
Johnny555 2021-08-17 05:15:13 +0000 UTC [ - ]
https://www.cdc.gov/norovirus/about/transmission.html
coldtea 2021-08-17 08:25:03 +0000 UTC [ - ]
dom96 2021-08-16 23:48:55 +0000 UTC [ - ]
gruez 2021-08-17 01:47:38 +0000 UTC [ - ]
You can bypass the paywall with scripts disabled, but the key excerpts are:
>But the era of “hygiene theater” may have come to an unofficial end this week, when the C.D.C. updated its surface cleaning guidelines (https://www.cdc.gov/coronavirus/2019-ncov/community/disinfec...) and noted that the risk of contracting the virus from touching a contaminated surface was less than 1 in 10,000 (https://www.cdc.gov/coronavirus/2019-ncov/more/science-and-r...).
>“People can be affected with the virus that causes Covid-19 through contact with contaminated surfaces and objects,” Dr. Rochelle Walensky, the director of the C.D.C., said at a White House briefing on Monday. “However, evidence has demonstrated that the risk by this route of infection of transmission is actually low.”
barbazoo 2021-08-16 20:23:44 +0000 UTC [ - ]
cinntaile 2021-08-16 20:20:36 +0000 UTC [ - ]
kook_throwaway 2021-08-17 09:27:30 +0000 UTC [ - ]
brnt 2021-08-16 21:13:56 +0000 UTC [ - ]
bpodgursky 2021-08-16 20:22:31 +0000 UTC [ - ]
siruncledrew 2021-08-16 20:22:59 +0000 UTC [ - ]
cyanydeez 2021-08-17 01:39:19 +0000 UTC [ - ]
bamboozled 2021-08-16 22:08:47 +0000 UTC [ - ]
coldtea 2021-08-17 08:27:36 +0000 UTC [ - ]