I work a bit with pinpads (subcontractor for Chase) and from what I know the pinpad must be secure and communication encrypted. Having software on the iPad is not secure. What if someone made a fake app that harvested pins?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Square Launches NFC Reader to Bring Apple Pay to Smaller Businesses
- Thread starter MacRumors
- Start date
- Sort by reaction score
Because American retailers have thrown such a huge fit over NFC that it's unlikely we'll ever see 100% NFC acceptance unless forced to by Visa and MasterCard. Not to mention that the very poor customer experience of having NFC only supported by 10% or so of merchants (and still needing to sign, having to give the last four digits to the clerk, etc. at the places that do accept it) has basically turned people off from Apple Pay.
It's a huge reason why I think Samsung Pay can end up becoming the predominant mobile payment system in this country--IF they can get more banks signed on. They do seem to be working on that though since Chase is now supported by that service. (BTW MST works even with chip-enabled terminals because it transmits what's effectively a card without a chip's details.)
Not Square. And a fair number of terminals will likely have PIN support disabled soon if not already (e.g. at restaurants) so that cards can still be taken away from people like they are now.
Considering that Square is an iOS app, all it takes is some malware injected thanks to jailbreaking and thieves would get tons of PINs. That's why Square will likely never support PIN in app. However, Square does sell another reader (which looks an awful lot like PayPal's) that does support PIN; the much greater cost of that one will probably dissuade merchants from buying it unless absolutely necessary though.
Not entering anything at all for small amounts is even faster, and what most stores do if the card's swipe/chip and signature. Some are even suppressing PIN for small purchases now too since the card brands apparently are allowing that for the US--likely because PIN won't be supported by enough places to be worthwhile to ask for every transaction.
At some places. Most easily take 10 seconds or longer though. For instance, at Target and Walmart.
I've used my chip card at Walgreens, Best Buy, Target, Home Depot, and Walmart. None took more than 5 seconds.
Unfortunately I agree with what you're saying, and highly disagree with what the restaurant merchants are doing. It should be illegal to take someone's credit card out of their sight to process a transaction.
I recorded a few YouTube videos of me using chip cards a month ago, which is how I came up with the 10+ second figure. For example:
Restaurants are a very low margin business and they're going to do whatever's cheapest for them. Which for most right now is likely to be not to upgrade, but eventually it will probably be to just attach a cheap card reader without a PIN pad to their existing POS. Chip and PIN would have forced them to go with portable terminals/counter payments but since that's never happening, Visa/MC should have banned adding a tip after the fact for chip and signature as well.
You Americans really are behind on everything banking-related. PIN-transactions haven't taken 30 seconds here, Europe, in literally a decade or more. Back then, POS devices would actually dial a number on the phone to process a transaction.
Now (and by 'now', I mean 'for the past 10 years') they're always online and a transaction takes two seconds from the time you've entered your pin number.
The delay is more in reading the chip than calling out to the bank, though a lot of smaller businesses still use dialup for their terminals.
"chip and pin" vs "chip and signature" are somewhat industry technical terms. Its up to the card-issuer to decide which they want to implement for security. The issuer has to support it.
I'd say CVM is more of a technical term than chip and signature (which the banks have been using in their educational materials). Both issuer and terminal have to support a particular method of authentication in order for it to be used.
I'm not trying to be the "Canada is better" guy, just using it as an example, but restaurants now all have wireless terminals that they bring to the table. They type in the amount, hand it to you. You insert your card, it asks you for a tip amount, then you enter your PIN, wait for approval, then take your card and hand the terminal back to the service. Your card never leaves your sight.
Not all restaurants are very low margin businesses, though. It doesn't cost Pizza Hut $12 to make a stuffed crust Pizza with pepperoni, and they don't even have to pay their wait staff.
In other countries, restaurants have already moved to portable card chip & pin readers, while also paying their staff a decent wage because they don't rely on the tip system like America does.
That's funny, do you really think magnetic swiping is going to go away in a year? We'd be lucky to see the magentic readers phased out this decade. Look how long it's taken to get chip and PIN readers here, and they've been around for how long?
Or, the US could eventually adopt what the rest of the world does, and have servers bring a handheld terminal to your table rather than take your card away.
Well, PINs are useless without the card itself: a transaction cannot be authorised without the physical presence of the EMV chip. So, gathering PINs would likely be of little use to malware hackers unless they were also able to steal the cards themselves. In any case, all terminals are vulnerable to this kind of attack - any rogue retailer could modify their terminal to record/gather PIN numbers.
That's right. Not requiring PINs (or signature check) for small transactions is similar to how PINs are not required for contactless transactions in Canada and Europe. It's arguably more secure to NOT require PINs for small transactions, anyway, since the potential losses due to PIN disclosure are much greater. A thief who discovers your PIN can steal your wallet and withdraw large amounts of cash from an ATM, for example.
Spot on! I know my neighbor got a Square reader for their church's fundraising efforts and they started pulling in more money from tag sales etc. Carrying cash for emergencies is fine. For buying a bagel, I'd prefer not to.
though a lot of smaller businesses still use dialup for their terminals
I noticed that with my hair barber.
Drives me nuts. I want to go, "really?!"
You're so cheap you can't get Verizon internet to run your credit card reader through? Can't tell you how many times I've had my card swiped and someone calls them and you have to start the whole transaction over again.
The delay is more in reading the chip than calling out to the bank, though a lot of smaller businesses still use dial-up for their terminals.
I noticed that with my hair barber.
Drives me nuts. I want to go, "really?!"
You're so cheap you can't get Verizon internet to run your credit card reader through? Can't tell you how many times I've had my card swiped and someone calls them and you have to start the whole transaction over again.
IMO anything using the touch screen of the device 'feels' wrong. whether it technically is or isn't doesn't matter if someone asked me to put their pin into their iPhone I would be very hesitant. Much prefer the types of solutions offered by Zettle and now PayPal where you complete the transaction all on the single chip & ping device
The US isn't the only chip and signature country. I bet other chip and signature countries operate similarly to the US, but I could be wrong on that.
All it would take is finding an ATM that's not chip enabled and a bank that only verifies the PAN and expiration. It wouldn't be as huge of a bounty as say, Target's breach, but it could still be rewarding for the thief.
It's always asked for in other countries when not using contactless though. Contactless is just how banks in other countries decided to implement the waiver for low amounts.
Maybe they don't want to deal with the PCI hassles? That questionnaire is a pain in the rear every year and I only take transactions online.
Might also be a problem for visually impaired people. At least with a physical keypad there's a dimple in the center to provide a point of reference.
My , my
My, my panties in a twist and only Monday?
Lots of people are not in manufacturing or business to know all of what is involved.
That's also why people make dumb/uneducated comments when iSupply puts out
what things (allegedly) cost.
Square may have just figured out that giving away things for FREE isn't that smart.
As for $ 20 vs. $ 49 or what is expensive etc. typical consumers
Want it all , Want it now and FOREVER for FREE
Cheers, short week.
Exactly. The logical conclusion is http://www.verifone.com/products/hardware/mobile/verifone-e265/ which is basically what Apple uses in their stores (they use the model that's built into the case and has a barcode scanner).
The security benefits of PIN are overrated. PINs only prevent "lost and stolen" theft, which is when somebody finds or pickpockets the card. 80% of theft today are cloned cards because it's much harder to get caught.
Another issue is that Europe uses a lot more offline transactions. This means that the card can continue to make purchases after its been reported stolen and deactivated by the bank, until it hits a limit and is forced online. Due to EMV security flaws, and because people now have the Internet, it's highly recommended that they ignore this whole offline business.
Also illegal... not ADA compliant. Can't be used by blind/vision impaired people.
swipe is not going to be phased out within a year. if you go to any stores with the new chip card reader they do have a swipe on the side.
Uh...what's with me is that the transaction is taking upwards of 30 seconds - even at big stores with serious financial networking connections like Walmart and Target. May be 5 seconds tops for you, great; that's not what I'm seeing anywhere. Not like I can will it to go faster. Another poster above provided a video of it taking 10 seconds; is that what you need for convincing of "it's taking upwards of 30 seconds"?
Once you have a card with a chip, a flag is set in the magnetic strip to not allow swipes if the merchant has a chip card. Think about it: if not, the whole fraud prevention of chip would be useless.
Like I said above, Samsung Pay's MST functionality transmits what's effectively a card without a chip to the terminal, so it doesn't matter whether chip's enabled or not.
They have a swipe slot, yes, but if you have a chip card and swipe it when the chip reader is enabled it will say "insert card in chip reader". Most all cards are being upgraded from swipe to chip. Pretty soon no cards will use swipe, as all swipe cards are replaced with chip cards and all POS devices have the chip reader enabled. Swipe slot will be soon used only for secondary uses (loyalty cards, gift cards, etc).
