Mastercard, Discover and Amex Ending Signature Requirement for Purchases Tomorrow, Visa to Follow Later This Month

[tmiw]

I don't think physical cards themselves are going away for a very long time. And since they aren't, I frankly MUCH prefer swiping as opposed to inserting my card for the chip -- the chip is way slower.

It depends on the store. A lot of them only did the absolute minimum and didn't bother doing much in the way of optimization or supporting "extras" like contactless payment (probably in part because they weren't huge fans of accepting cards in the first place and didn't want to encourage it).

Honestly, the US will probably never have 100% NFC acceptance unless some significant changes are made. I'm thinking dramatic reductions in interchange along with changes to policy to make NFC easier to adopt (see below).

A lot of places have tap to pay...I just used it inside a gas station yesterday. It is fast once you have your card in hand, but overall having to find a credit card, use it, put it back is probably no faster than ApplePay.

I think OP meant on the cards themselves. That was tried in the US before with poor results. I don't think banks are willing to try a "failed" technology again.

That being said, tap-to-pay is as secure as and faster than EMV. We should be striving for tap-to-pay everywhere instead of this mishmash of insecure MSRs, slow EMV terminals, proprietary QR codes, and a few select places that actually accept tap-to-pay/Apple Pay.

I have a feeling QR is ultimately going to win out in the US for mobile payments. Unlike elsewhere (where banks control the software on terminals and give merchants little choice in customization), NFC is artificially difficult* for American merchants to implement**; as a result, they aren't going to bother literally writing new code to support it unless the demand's there. Meanwhile, everyone has a barcode/QR code scanner already that's being used for scanning stuff--or at least a phone with a camera.

Of course, that depends on there being one consistent standard for QR. EMVco/Visa/UnionPay have one but who knows if that'll become more commonly accepted or if it stays confined to retailer-specific apps.

* In part due to retailers not being willing to use software that someone else's written and there being no mandate from the networks/processors to do so. It's why every store's terminals behave slightly differently even if they're using the same hardware.

** One example is Safeway. They got EMV first, then NFC a year-ish later. Even then, the latter is flaky as hell and I don't know why they bothered. (As far as I know, they were never MCX members or whatever.)

No verification at all. The US doesn't use chip and pin cards like Europe does. We use chip and signature cards. They are different. Even though our credit cards look just like yours and have a chip, they don't support a pin unless it's actually a debit card in which case the pin is only for debit transactions and not credit card transactions. Apparently, the US thinks we're too stupid to remember a pin number for our credit cards.

There are actually some US chip-and-pin credit cards here but they are rare and the pin is often times intended only for international transactions. They are usually credit cards geared for international travelers.

Yes, we're stupid over here when it comes to credit card security.

Yeah, that is indeed the real reason. I always found that funny because virtually every American carrying a credit card in their wallet also has a debit card... with a pin number that they are capable of remembering. Oh boy how I love our country, lol.

I believe the banks fought the inclusion of PIN numbers since they thought there would be a significant number of Americans that wouldn't be able to remember the 4 digit number (probably a fair assumption) and including it would cause delays, loss of sales and bewilderment among the sheepeople.

I'm so glad the signature is finally going away since it was totally worthless anyway. I've been signing with an "X" for I can't remember how long and nobody cares.

It's because PIN wasn't worth the cost to the banks. It's hard to justify when lost/stolen fraud is only 9% of all card fraud.

That said, Europe supports contactless payment far more than here. I used Apple Pay for almost everything in the UK last year without issues, even at ticket machines. PIN might no longer be as necessary for foreign travel as it was in the past.

Fun fact: those PIN-enabled credit cards? They're actually kind of a hassle to use in the US because smaller merchants don't expect PIN and try to bypass it. (Ask me how I know.)

I'm often required to do signatures using Apple Pay for purchases even under $20. Is this something that will count on retailer support? If so, I suspect a ton of small, non-chain retailers will never bother to do this, which is a bummer.

You'd probably right on that one. As mentioned above, many didn't really want to accept cards in the first place and only started to because enough people demanded it. I also suspect some got bitten by chargebacks in the past and aren't so trusting of the networks now.

The PIN stops this (and it's not so easy to get someone's pin).

All that's needed is a camera hidden in the ATM, which I consider pretty easy. See here for some interesting reading.

This article isn't entirely accurate. VISA has about 75% of the market. And while the other big card brands are removing the requirement altogether, VISA is not. Signatures will only be optional of the merchant is able to take EMV payments.

So, for merchants that do not have a solution for EMV will still be required to capture the signature for VISA transactions. And since that is about 75% of their customers, it will likely be ALL customers of theirs until they have EMV enabled.

http://visacorporate.tumblr.com/post/169621606538/visa-makes-signature-optional-for-emv-merchants-in

75% of the market? I thought it was only around 50% so I'd be interested in a source for that claim.

Well that’s not true.

https://www.consumer.ftc.gov/articles/0213-lost-or-stolen-credit-atm-and-debit-cards

It should be fairly straightforward to report fraud within 48 hours considering how common account notifications are these days. I think the original point still stands.

 

[nwcs]

Over the years I’ve noticed most places that take the chipped visa do not require signature under $50.
[doublepost=1523558233][/doublepost]
What’s the QR barcode payment? Haven’t come across that.

It’s the payment systems like what Walmart is doing. You have a QR scanned which ties to your payment method.
[doublepost=1523568802][/doublepost]

I don't think physical cards themselves are going away for a very long time. And since they aren't, I frankly MUCH prefer swiping as opposed to inserting my card for the chip -- the chip is way slower.

It’s also more vulnerable to skimming. A physical card is fine but the magnetic strip needs to go. And all these terminals where they lock down the NFC payment methods or disable them need to be opened up.

 

[MyMacintosh]

For me it used to be about the amount of time saved from not having to pull out a credit card. Now its more a bout realizing how much people don't actually wash their hands and me not wanting those hands touching my credit card. Apple Pay is so much more convenient is so many ways.

 

[joemolomo]

I remember when PIN came out in the UK I was at university still so over 20 years ago - feels so long in fact I don’t really recall ever signing for things !

I have this same foggy memory, not sure if it because I live in smaller town, but Im sure I was still signing stuff 2002ish. Soon we'll have forgotten even having cards, I rarely take out my wallet these days. Just need to get gov to put driving license on apple wallet then ill be set for life.

 

[steve62388]

It should be fairly straightforward to report fraud within 48 hours considering how common account notifications are these days. I think the original point still stands.

It’s not factually correct. If you’re going to make categorical statements you should at least be knowledgeable of the facts.

I’m not even from the US and it took me all of 10 seconds to find accurate information.

 

[Tanax]

So no signatures required, and no PIN - if someone steals your card they can pretty much empty out your entire credit value? Geez. Why don't you have PINs?!

 

[tmiw]

It’s not factually correct. If you’re going to make categorical statements you should at least be knowledgeable of the facts.

I’m not even from the US and it took me all of 10 seconds to find accurate information.

The FTC website linked previously says $0 maximum loss if you report before any fraudulent charges are made and $50 if done within 48 hours after them. (That $50 is the same as with credit cards, BTW--which in practice is covered by the banks either way.) It's not 100% the same as with credit cards due to the time requirement and one's actual money being involved but that still doesn't invalidate my original point.

However, if you can find a bank or credit union that actually makes people pay that $50, I'd be interested in knowing who it is so I can avoid them.

 

[Jeaz]

No. If your card is lost or stolen, you and notify the bank within 48 hours, your maximum liability for fraudulent use is $50. If your card number is stolen (a much larger problem, in my experience), you are not liable for any fraudulent use.

Well, that’s good to hear, that you are protected as consumer. I do see plenty of other new problems with this solution, but I guess that’s mostly for shop owners and the banks to worry about.

 

[interstella]

I thought at first that I was reading a resurrected thread that was started in 2004 or thereabouts. I haven't had to sign for absolutely years. I wonder why adoption of modern technology has been so slow in the USA?

 

[dhershberger]

I've seen this discussion before but never really understood it fully to be honest.

I'm from Europe and here we use PIN-codes. Is that replacing the signatures or will there be no verification at all?

To the best of my knowledge, signatures in the US are not for verification, but instead a signed contract. Generally if you sign for a charge purchase there will be text around the signature line stating something to the effect of "I agree to pay the above amount according to the card issuer agreement."

 

[rochford]

We've had chip+PIN and tap-to-pay (no signature, up to ~$100) on credit cards for many years in Canada.

At least with tap-to-pay, it works pretty much everywhere and you don't have to fiddly around with your phone (especially with iOS's sluggish tendencies).

In Australia we’ve had tap to pay with no pin or signature for at least 5 years with chipped cards, and more recently on my iPhone 6, for purchases up to $100, and with pin above that. Since getting an iPhone X retailers and I have been surprised that a pin hasn’t been needed for (most) purchases over $100, apparently relying on the accuracy of Face ID.

 

[Wanted797]

Only just now. About time.

Here in Australia signatures were dropped and the chip method adopted while I was working at Target... 5 years ago!

 

[MagnusVonMagnum]

All that's needed is a camera hidden in the ATM, which I consider pretty easy.

ATM? It's a credit card, not a bank card. The new cards put the numbers on the bottom now, so the camera isn't going to see both it and you typing numbers. Otherwise, how are they going to also get the card? Hide a camera, jump out and take the card while you're there? They might as well just force you to get them some money out of this ATM while they're at it. In other words, a pin doesn't protect against every possible encounter, but it's a hell of a lot better than a signature.

 

[FelixDerKater]

Is zip code their attempt at making an easy PIN?

 

[TheColtr]

In the US we only utilise PINs for debit cards. Even then, you can simply override entering a PIN by pressing, “enter,” or, “accept.” 100% fraud enabling. I’ve also never been asked for an ID to verify the name on a card. We’ve always been behind on security and verification.

Seriously? I’m in California and I’m always asked for ID. Even for things like drive through at Rally’s/Checkers I have to show my ID on a 12 dollar order. Not every place asks but a lot of them do.

 

[bradl]

It's about time. No one checks for signatures anyway.

I beg to differ on rare occasions. When living in Australia and making a purchase, they checked my signature all the time, and in some cases, even corrected me on my signature, saying that the letters in my signature for the purchase weren't how I signed the back of the card.

The signature process has become a bit lazy here in the US, but overseas, they do get checked, especially if it comes from a card that they do not recognize.

BL.

 

[IJ Reilly]

Seriously? I’m in California and I’m always asked for ID. Even for things like drive through at Rally’s/Checkers I have to show my ID on a 12 dollar order. Not every place asks but a lot of them do.

I'm in California too, and I am rarely asked for an ID with a credit card purchase. So I am thinking, it must be you.

 

[tmiw]

ATM? It's a credit card, not a bank card. The new cards put the numbers on the bottom now, so the camera isn't going to see both it and you typing numbers. Otherwise, how are they going to also get the card? Hide a camera, jump out and take the card while you're there? They might as well just force you to get them some money out of this ATM while they're at it. In other words, a pin doesn't protect against every possible encounter, but it's a hell of a lot better than a signature.

It's not unheard of for something to be installed in the ATM to make the card not come back out once inserted. The thief then comes by after the customer leaves and forces the card out. Which, along with the camera focused on the PIN pad (or even an overlay that covers the existing one and stores whatever's entered), gives them everything they need.

As for credit cards, it's traditionally been the case in other markets to have PIN changes for those happening at the ATM, so unless you want to keep the same PIN forever (also poor practice like it is with passwords) you're going to have to use it at one eventually.

Really, Krebs' website is pretty interesting reading if you're into security at all.

(That said, PIN should have at least been provided as an option for customers. But as mentioned before, that might not be so important anymore for international travel with NFC being so common elsewhere.)

Is zip code their attempt at making an easy PIN?

I think it was something gas pumps (I almost never see this anywhere else) had to do because they had nothing better. Once chip becomes more common at those, however, I suspect it'll go away for good.

 

[Mr Fide]

I'm sad about this.

For many years I have enjoyed travelling to America and being asked to sign when I use my credit card.

It's like travelling back in time.

 

[macman312]

Welcome to around 2012 in Australia. We’ve had PayPass /payWave for ages now. Time to catch up USA.

I’ve been told The reason swipe and signature is more widely used is so you can tip in restaurants.

I tip in Australian restaurants. The waiter/waitresses brings the card terminal over. It then asks you to enter the tip. Not hard at all.

 

[TheHammer]

Can’t use signature in Australia for years... it’s much safer, good move.

 

[bradl]

Welcome to around 2012 in Australia. We’ve had PayPass /payWave for ages now. Time to catch up USA.

I’ve been told The reason swipe and signature is more widely used is so you can tip in restaurants.

I tip in Australian restaurants. The waiter/waitresses brings the card terminal over. It then asks you to enter the tip. Not hard at all.

How funny here!

In my time in Melbourne, and especially on Lygon street in Carlton, I got some headturning looks when I left a tip! a waitress actually followed me out and tried to give the tip back to me, thinking that I left it on the table by accident! I had to explain to them how tips worked in the US (the wages in the US don't include tips, while the wages in Australia do include tips, so they weren't used to being tipped).

BL.

 

[elvisimprsntr]

This is bad news everyone!. This means they will be moving to chip-n-pin, which is extremely vulnerable and has a huge shift in liability from the card issuer to the consumer. Make sure to read the new terms and conditions you receive.

With chip-and-signature the burden of proof is on the card issuer. With chip-n-pin, the burden of proof shifts to the consumer. If you don't believe me, you can see how the chip-n-pin system failed UK consumers.

Two best explanations of how chip-n-pin (EVM) is seriously flawed.

 

[DotCom2]

Since I now have an Apple Watch with ApplePay and love using it, when I ask the merchant if they have mobile pay they say yes but only Samsung Pay. This has happened to me several times lately. Yesterday at hobby lobby in fact. What is up with that? What kind of a deal did Samsung broker to get an exclusive deal like that I wonder.

 

[tmiw]

This is bad news everyone!. This means they will be moving to chip-n-pin, which is extremely vulnerable and has a huge shift in liability from the card issuer to the consumer. Make sure to read the new terms and conditions you receive.

Getting rid of signature does not imply that PIN will be required. In fact, it probably never will be.

That said, I have two of the very few chip and PIN cards available to Americans and neither have T&C that are of concern. It'd be unlikely they could ever include language making cardholders responsible either due to US law being clear on the matter.

Since I now have an Apple Watch with ApplePay and love using it, when I ask the merchant if they have mobile pay they say yes but only Samsung Pay. This has happened to me several times lately. Yesterday at hobby lobby in fact. What is up with that? What kind of a deal did Samsung broker to get an exclusive deal like that I wonder.

A few possibilities:

1. The store has terminals with the magstripe and EMV slots always active but requires cashier intervention for NFC to work. They probably mention that only Samsung Pay works because they don't know how to enable the NFC portion.
2. NFC literally isn't supported by the store regardless of what the cashier does. Samsung Pay also works in this situation because it allows magstripe emulation.