Years and years of built in culture of signing for credit cards. Would be hard to change that likely.Yeah, sorry.I've taken to calling both 'chip & pin' as a short-hand because for most people who know about it, it's the concept rather than the specifics being discussed, and for those who don't really know about it it sounds like something completely different, and ends up confusing them.
I really don't know why most of the US is going with Chip & Sig instead of Chip & Pin.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Target Plans to Offer Apple Pay After Chip-and-PIN Card Upgrade
- Thread starter MacRumors
- Start date
- Sort by reaction score
So did the UK but they managed to switch over without issue.
The real reasons boil down to money. For one thing, there are incentives on the part of banks to not use PIN (at least for debit cards) thanks to our debit cards also being Visa/MasterCards. Lost/stolen fraud pre-EMV is also a lot lower in the US than it was elsewhere. Finally, since there is no specific mandate from the government or Visa/MC for chip and PIN, banks don't want people to stop using their cards in favor of a card that prefers signature over PIN.
Who knows, maybe there'll be a sudden dramatic increase in muggings or something that will end up forcing chip and PIN. It's more likely though that the majority of people will be using Android/Apple Pay instead of physical cards by the time almost every business has chip/NFC readers.
The problem for me is that many retail POS systems store that PIN, instead of only using it for dynamic validation back to the cc processor. The aforementioned Target as one significant example.
And it's almost impossible to hide the pin being typed from prying eyes with the current POS terminals.
I'll take NFC with Touch ID any day of the week.
I refuse to hand a credit card to restaurant waitstaff, only to have them disappear with it for 10 minutes or more.
Which sort of sounds reasonable until you realize that our debit cards have been requiring PIN entry for decades (?) and over the last several years there are many retailers where you swipe and go (don't sign) on credit cards for totals less than $25.
The real reason is the weenies at the top of the banks (who are chosing this) think it'll be cheaper for them to go signature rather than PIN (and they don't really care about security...its a nice to have...which is why they didn't choose to change their several year old plan to go chip and signature despite the massive retailer credit card breaches of the last several years).
The irony in all this, is that most people I talk to (the banks customers) would much rather have the security of the PIN (like they use with their debit cards). It's nice to see Target going the PIN route for their redcard....good for them.
This is something most people don't realize - there is no network validation of the PIN in Chip and PIN (unlike our debit card PIN's). The PIN, in Chip and PIN, is stored only on the chip in the card - there is no passing of the PIN back to the bank for validation. You put the Chip and PIN card in the reader, it prompts you for the PIN, you enter it, the reader validates it against the number stored in the card - if it matches then the transaction is allowed to proceed (without the PIN since its validation has already occurred) - this is why its more secure.
Last edited:
Sounds like you go to some sketchy restaurants.
I guess giving a car sales person your personal info is OK though.
I just got a new Discover card and the rep said if I assign a PIN to the card it would act like a chip and pin card in europe, as long as I wasn't using it to get a cash advance at a bank or atm. Haven't been in europe to try it, though. I just want a friggin' credit card that will let me buy train tickets at a machine. Not all subway stations have attendants in europe and many times I didn't have enough coins to use a ticket machine. Tempted to steal a ride when that happened but I'm too honest
Network validation of the PIN is still possible with chip. In fact, that's how chipped debit cards in the US will work. It really depends on how the issuer sets up the cards and what the terminal supports.
I just got a new Discover card and the rep said if I assign a PIN to the card it would act like a chip and pin card in europe, as long as I wasn't using it to get a cash advance at a bank or atm. Haven't been in europe to try it, though. I just want a friggin' credit card that will let me buy train tickets at a machine. Not all subway stations have attendants in europe and many times I didn't have enough coins to use a ticket machine. Tempted to steal a ride when that happened but I'm too honest
That rep is likely wrong. According to here Discover doesn't support PIN for purchases at all.
I just got a new Discover card and the rep said if I assign a PIN to the card it would act like a chip and pin card in europe, as long as I wasn't using it to get a cash advance at a bank or atm. Haven't been in europe to try it, though. I just want a friggin' credit card that will let me buy train tickets at a machine. Not all subway stations have attendants in europe and many times I didn't have enough coins to use a ticket machine. Tempted to steal a ride when that happened but I'm too honest
If it's like Portland, you're legally allowed to "ride to the next station" that accepts your card. At that point just stay on the rest of the way.
He put me on hold to talk to a supervisor to confirm, so I dunno. Remember, I'm talking using it in Europe where chip and pin is the norm, not the US.
Some people have reported being able to use the cash advance PIN on Visa cards if something asks, so perhaps that's what he meant. If the terminal is working properly though PIN should never be asked for unless you use it at an ATM based on how the card's set up.
Many terminals in Europe are just following the CVM on your card. If your card and terminal support no CVM, it'll do just fine in Europe. In rare instances it asks you, your cash advance PIN normally would work.
After the first couple of failures where it wouldn't even let me get to a PIN input option, I stopped trying. Nearly every station has a different machine so it's really a crapshoot using a credit card, especially one from the USA. I just try to always have a pocket full of euros or buy a packet of tickets from a kiosk or the hotel.
Two thoughts on that:
Most importantly, PIN pads encrypt PIN block entries with a key generated by the processor. Retailers (like Target) do NOT have access to that key. So thieves can steal all of the encrypted PIN numbers that they want from a retailer, but unless they also hack the processor to get the decryption key, they can't decrypt the PIN block.
Also, retailers aren't allowed to store PIN data after the transaction is complete, per the PCI/DSS requirements that they have to follow. See the bottom line of the attachment. If Target was storing PIN data, and it wasn't caught in the extern audit that all Level 1 retailers have to use yearly to prove that the retailer is following the PCI/DSS rules didn't catch this, that'd be an epic double fail.
But even then, the stupidly stored PIN would be encrypted with a key that Target doesn't have, so it'd essentially be useless to the hackers.
Attachments
What good will upgrading terminals to Chip & PIN do, when the only bank in the entire USA which offers Chip & PIN cards is the U.N. credit union?
Chip & PIN cards encode the PIN into the card, so you must know the PIN to use the card. Only Europeans are blessed to have these cards; Americans are not allowed to have them as our banks prefer to cover the losses & inconvenience their customers with endless reissues of their credit cards and repeated alterations to recurring transactions.
Chip & Signature cards (what Americans will be allowed to have) use their Chip to provide a single-use code to the merchant (so no more Target breaches, as the numbers obtained will be useless), and then require an easy-to-forge Signature. Anyone who can sign a name can use your card.
Oh, and if you travel to Europe? Your shiny new Chip card is ok at shops, but useless for buying train tickets from machines (those helpful people in booths are being phased out as Chip & PIN cards make them redundant) or for making purchases from a handheld terminal.
The Target Red card was linked to your checking account for years. That's how it worked. If they have a credit card option now that is "relatively" new.
----------
Why did I get a new credit card yesterday from Barclays asking me to set a "Chip and Pin" Pin then?
----------
Furthermore what restaurants does this guy eat at? I'm never been to one in the US that DOESN'T take your card off to the back parlor.
I've had the credit version of the card for years now. Perhaps it wasn't around initially and only the debit version was there, but it seems like the credit version has been around for some time now as well.
Last edited:
THIS.
I used Apple pay on Launch day of the iPhone 6 at many stores that now, for some reason, have them turned off.
The terminals were working fine before. CVS, Home Depot, Lowe's Foods, and a few others I don't remember. I never got turned down at a terminal that had NFC until like a month into having the iPhone 6.
See, this is exactly why the government needs to come down hard on banks that misrepresent their cards.
Re: Barclays -- the card does have a PIN. It'll only be asked for at unattended locations (e.g. train ticket machines, gas pumps), hence why it's chip and signature.
Target redcards themselves will actually be Chip & PIN- not signature. Target posted an FAQ about this on the REDcard site.
----------
Many Chip & PIN Terminals are also NFC terminals. It would be financially stupid to buy one and not the other.
Also, Apple Pay is an EMV contactless card, therefore has everything to do with Chip & PIN. At places without EMV, it processes as MSD.
Plenty of places have NFC , with newer businesses taking it left and right. Who needs CVS? best buy and now Target have plans to enable it despite being MCX members. Lots and lots of mom and pop stores take it and they don't even know they do.
----------
Chip and PIN "upgrade"? Erm... that's been out FOR YEARS.
Oh, hang on... you're Americans...
Hey at least our terminals have large iPad like touchscreens because we get to play with the new chip & PIN terminals hehe. You guys have to wait to upgrade to these because it isn't a priority as you've already got Chip & PIN.
. I kid of course. As long as purchases are secure. You have to admit our chip & PIN terminals look hella cool.Attachments
Last edited:
Plenty of places have NFC , with newer businesses taking it left and right. Who needs CVS? best buy and now Target have plans to enable it despite being MCX members. Lots and lots of mom and pop stores take it and they don't even know they do.
----------
Hey at least our terminals have large iPad like touchscreens because we get to play with the new chip & PIN terminals hehe. You guys have to wait to upgrade to these because it isn't a priority as you've already got Chip & PIN.
A nut and bolt could have a touchscreen if it helped the functionality
Hey at least our terminals have large iPad like touchscreens because we get to play with the new chip & PIN terminals hehe. You guys have to wait to upgrade to these because it isn't a priority as you've already got Chip & PIN.
A lot of why we have massively fancy touchscreen terminals is because we're chip/swipe and signature. Digital signature storage is one of those kludges that keeps signature working as a CVM in this country.