Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Yeah, sorry. :eek: I've taken to calling both 'chip & pin' as a short-hand because for most people who know about it, it's the concept rather than the specifics being discussed, and for those who don't really know about it it sounds like something completely different, and ends up confusing them.

I really don't know why most of the US is going with Chip & Sig instead of Chip & Pin.
Years and years of built in culture of signing for credit cards. Would be hard to change that likely.
 
Years and years of built in culture of signing for credit cards. Would be hard to change that likely.

So did the UK but they managed to switch over without issue.

The real reasons boil down to money. For one thing, there are incentives on the part of banks to not use PIN (at least for debit cards) thanks to our debit cards also being Visa/MasterCards. Lost/stolen fraud pre-EMV is also a lot lower in the US than it was elsewhere. Finally, since there is no specific mandate from the government or Visa/MC for chip and PIN, banks don't want people to stop using their cards in favor of a card that prefers signature over PIN.

Who knows, maybe there'll be a sudden dramatic increase in muggings or something that will end up forcing chip and PIN. It's more likely though that the majority of people will be using Android/Apple Pay instead of physical cards by the time almost every business has chip/NFC readers.
 
At this point though I would be okay with mandating PIN preferring for all debit cards (leaving credit cards as chip and signature) and stop allowing people to cancel out of having to enter it. That has always been a huge WTF for me even though I understand why that's the case.

The problem for me is that many retail POS systems store that PIN, instead of only using it for dynamic validation back to the cc processor. The aforementioned Target as one significant example.

And it's almost impossible to hide the pin being typed from prying eyes with the current POS terminals.

I'll take NFC with Touch ID any day of the week.
 
Years and years of built in culture of signing for credit cards. Would be hard to change that likely.

Which sort of sounds reasonable until you realize that our debit cards have been requiring PIN entry for decades (?) and over the last several years there are many retailers where you swipe and go (don't sign) on credit cards for totals less than $25.

The real reason is the weenies at the top of the banks (who are chosing this) think it'll be cheaper for them to go signature rather than PIN (and they don't really care about security...its a nice to have...which is why they didn't choose to change their several year old plan to go chip and signature despite the massive retailer credit card breaches of the last several years).

The irony in all this, is that most people I talk to (the banks customers) would much rather have the security of the PIN (like they use with their debit cards). It's nice to see Target going the PIN route for their redcard....good for them.

The problem for me is that many retail POS systems store that PIN, instead of only using it for dynamic validation back to the cc processor. The aforementioned Target as one significant example...

This is something most people don't realize - there is no network validation of the PIN in Chip and PIN (unlike our debit card PIN's). The PIN, in Chip and PIN, is stored only on the chip in the card - there is no passing of the PIN back to the bank for validation. You put the Chip and PIN card in the reader, it prompts you for the PIN, you enter it, the reader validates it against the number stored in the card - if it matches then the transaction is allowed to proceed (without the PIN since its validation has already occurred) - this is why its more secure.
 
Last edited:
The rub is that without a PIN, using the chip card outside the US becomes difficult. I think it's too soon to say how long it will take to get Apple Pay everywhere at the international level.

If I remember correctly, it's only Wells Fargo that's offering the PIN option.

I just got a new Discover card and the rep said if I assign a PIN to the card it would act like a chip and pin card in europe, as long as I wasn't using it to get a cash advance at a bank or atm. Haven't been in europe to try it, though. I just want a friggin' credit card that will let me buy train tickets at a machine. Not all subway stations have attendants in europe and many times I didn't have enough coins to use a ticket machine. Tempted to steal a ride when that happened but I'm too honest ;)
 
This is something most people don't realize - there is no network validation of the PIN in Chip and PIN (unlike our debit card PIN's). The PIN, in Chip and PIN, is stored only on the chip in the card - there is no passing of the PIN back to the bank for validation. You put the Chip and PIN card in the reader, it prompts you for the PIN, you enter it, the reader validates it against the number stored in the card - if it matches then the transaction is allowed to proceed (without the PIN since its validation has already occurred) - this is why its more secure.

Network validation of the PIN is still possible with chip. In fact, that's how chipped debit cards in the US will work. It really depends on how the issuer sets up the cards and what the terminal supports.

I just got a new Discover card and the rep said if I assign a PIN to the card it would act like a chip and pin card in europe, as long as I wasn't using it to get a cash advance at a bank or atm. Haven't been in europe to try it, though. I just want a friggin' credit card that will let me buy train tickets at a machine. Not all subway stations have attendants in europe and many times I didn't have enough coins to use a ticket machine. Tempted to steal a ride when that happened but I'm too honest ;)

That rep is likely wrong. According to here Discover doesn't support PIN for purchases at all.
 
I just got a new Discover card and the rep said if I assign a PIN to the card it would act like a chip and pin card in europe, as long as I wasn't using it to get a cash advance at a bank or atm. Haven't been in europe to try it, though. I just want a friggin' credit card that will let me buy train tickets at a machine. Not all subway stations have attendants in europe and many times I didn't have enough coins to use a ticket machine. Tempted to steal a ride when that happened but I'm too honest ;)

If it's like Portland, you're legally allowed to "ride to the next station" that accepts your card. At that point just stay on the rest of the way.
 
Network validation of the PIN is still possible with chip. In fact, that's how chipped debit cards in the US will work. It really depends on how the issuer sets up the cards and what the terminal supports.



That rep is likely wrong. According to here Discover doesn't support PIN for purchases at all.

He put me on hold to talk to a supervisor to confirm, so I dunno. Remember, I'm talking using it in Europe where chip and pin is the norm, not the US.
 
He put me on hold to talk to a supervisor to confirm, so I dunno. Remember, I'm talking using it in Europe where chip and pin is the norm, not the US.

Some people have reported being able to use the cash advance PIN on Visa cards if something asks, so perhaps that's what he meant. If the terminal is working properly though PIN should never be asked for unless you use it at an ATM based on how the card's set up.
 
He put me on hold to talk to a supervisor to confirm, so I dunno. Remember, I'm talking using it in Europe where chip and pin is the norm, not the US.

Many terminals in Europe are just following the CVM on your card. If your card and terminal support no CVM, it'll do just fine in Europe. In rare instances it asks you, your cash advance PIN normally would work.
 
Many terminals in Europe are just following the CVM on your card. If your card and terminal support no CVM, it'll do just fine in Europe. In rare instances it asks you, your cash advance PIN normally would work.

After the first couple of failures where it wouldn't even let me get to a PIN input option, I stopped trying. Nearly every station has a different machine so it's really a crapshoot using a credit card, especially one from the USA. I just try to always have a pocket full of euros or buy a packet of tickets from a kiosk or the hotel.
 
The problem for me is that many retail POS systems store that PIN, instead of only using it for dynamic validation back to the cc processor. The aforementioned Target as one significant example.
Two thoughts on that:

Most importantly, PIN pads encrypt PIN block entries with a key generated by the processor. Retailers (like Target) do NOT have access to that key. So thieves can steal all of the encrypted PIN numbers that they want from a retailer, but unless they also hack the processor to get the decryption key, they can't decrypt the PIN block.

Also, retailers aren't allowed to store PIN data after the transaction is complete, per the PCI/DSS requirements that they have to follow. See the bottom line of the attachment. If Target was storing PIN data, and it wasn't caught in the extern audit that all Level 1 retailers have to use yearly to prove that the retailer is following the PCI/DSS rules didn't catch this, that'd be an epic double fail. :eek:

But even then, the stupidly stored PIN would be encrypted with a key that Target doesn't have, so it'd essentially be useless to the hackers.
 

Attachments

  • Screen Shot 2015-05-28 at 4.55.04 PM.png
    Screen Shot 2015-05-28 at 4.55.04 PM.png
    77.6 KB · Views: 114
Target is simply going to offer Apple Pay when they upgrade their credit card terminals to Chip & PIN compatible ones, that will also feature NFC.

What good will upgrading terminals to Chip & PIN do, when the only bank in the entire USA which offers Chip & PIN cards is the U.N. credit union?

Chip & PIN cards encode the PIN into the card, so you must know the PIN to use the card. Only Europeans are blessed to have these cards; Americans are not allowed to have them as our banks prefer to cover the losses & inconvenience their customers with endless reissues of their credit cards and repeated alterations to recurring transactions.

Chip & Signature cards (what Americans will be allowed to have) use their Chip to provide a single-use code to the merchant (so no more Target breaches, as the numbers obtained will be useless), and then require an easy-to-forge Signature. Anyone who can sign a name can use your card.
Oh, and if you travel to Europe? Your shiny new Chip card is ok at shops, but useless for buying train tickets from machines (those helpful people in booths are being phased out as Chip & PIN cards make them redundant) or for making purchases from a handheld terminal.
 
Not sure how they would be in anyone's checking account when it comes to their credit card. But saving a hundred dollars or so for basically nothing (and not exposing your credit or debit cards to Target in the process) seems like a petty good deal for many.

----------



Cash is legal tender and not really linked to the person that uses it. Still one of the top payment methods in many instances.

The Target Red card was linked to your checking account for years. That's how it worked. If they have a credit card option now that is "relatively" new.

----------

What good will upgrading terminals to Chip & PIN do, when the only bank in the entire USA which offers Chip & PIN cards is the U.N. credit union?

Chip & PIN cards encode the PIN into the card, so you must know the PIN to use the card. Only Europeans are blessed to have these cards; Americans are not allowed to have them as our banks prefer to cover the losses & inconvenience their customers with endless reissues of their credit cards and repeated alterations to recurring transactions.

Chip & Signature cards (what Americans will be allowed to have) use their Chip to provide a single-use code to the merchant (so no more Target breaches, as the numbers obtained will be useless), and then require an easy-to-forge Signature. Anyone who can sign a name can use your card.
Oh, and if you travel to Europe? Your shiny new Chip card is ok at shops, but useless for buying train tickets from machines (those helpful people in booths are being phased out as Chip & PIN cards make them redundant) or for making purchases from a handheld terminal.


Why did I get a new credit card yesterday from Barclays asking me to set a "Chip and Pin" Pin then?

----------

Sounds like you go to some sketchy restaurants.

I guess giving a car sales person your personal info is OK though.

Furthermore what restaurants does this guy eat at? I'm never been to one in the US that DOESN'T take your card off to the back parlor.
 
The Target Red card was linked to your checking account for years. That's how it worked. If they have a credit card option now that is "relatively" new.

----------




Why did I get a new credit card yesterday from Barclays asking me to set a "Chip and Pin" Pin then?

----------



Furthermore what restaurants does this guy eat at? I'm never been to one in the US that DOESN'T take your card off to the back parlor.
I've had the credit version of the card for years now. Perhaps it wasn't around initially and only the debit version was there, but it seems like the credit version has been around for some time now as well.
 
Last edited:
Target's worked like CVS's worked like Home Depot's worked before they switched them off. The hardware being doesn't mean anything but when they work and the store disables them that means a lot. Don't be so condescending.

THIS.

I used Apple pay on Launch day of the iPhone 6 at many stores that now, for some reason, have them turned off.

The terminals were working fine before. CVS, Home Depot, Lowe's Foods, and a few others I don't remember. I never got turned down at a terminal that had NFC until like a month into having the iPhone 6.
 
Why did I get a new credit card yesterday from Barclays asking me to set a "Chip and Pin" Pin then?

See, this is exactly why the government needs to come down hard on banks that misrepresent their cards. :mad:

Re: Barclays -- the card does have a PIN. It'll only be asked for at unattended locations (e.g. train ticket machines, gas pumps), hence why it's chip and signature.
 
Pathetic because Apple Pay is already more secure than Chip and Pin. And faster.
And easier to implement. Sure, get Chip and Pin working. Sounds great. However I don't really want to enter a pin. And assuming it is a four digit number which the dude behind me will know looking over my shoulder, I'm not sure it is secure. Though I don't really know what the Chip part of the process really does. But I don't see how it can be more secure than one-time use tokenization.

I am confused. Isn't Chip and Pin has nothing to do with Apple Pay (NFC)?
 
What good will upgrading terminals to Chip & PIN do, when the only bank in the entire USA which offers Chip & PIN cards is the U.N. credit union?

Chip & PIN cards encode the PIN into the card, so you must know the PIN to use the card. Only Europeans are blessed to have these cards; Americans are not allowed to have them as our banks prefer to cover the losses & inconvenience their customers with endless reissues of their credit cards and repeated alterations to recurring transactions.

Chip & Signature cards (what Americans will be allowed to have) use their Chip to provide a single-use code to the merchant (so no more Target breaches, as the numbers obtained will be useless), and then require an easy-to-forge Signature. Anyone who can sign a name can use your card.
Oh, and if you travel to Europe? Your shiny new Chip card is ok at shops, but useless for buying train tickets from machines (those helpful people in booths are being phased out as Chip & PIN cards make them redundant) or for making purchases from a handheld terminal.

Target redcards themselves will actually be Chip & PIN- not signature. Target posted an FAQ about this on the REDcard site.

----------

I am confused. Isn't Chip and Pin has nothing to do with Apple Pay (NFC)?

Many Chip & PIN Terminals are also NFC terminals. It would be financially stupid to buy one and not the other.

Also, Apple Pay is an EMV contactless card, therefore has everything to do with Chip & PIN. At places without EMV, it processes as MSD.
 
Chip and PIN "upgrade"? Erm... that's been out FOR YEARS.

Oh, hang on... you're Americans... :D
 
THIS.

I used Apple pay on Launch day of the iPhone 6 at many stores that now, for some reason, have them turned off.

The terminals were working fine before. CVS, Home Depot, Lowe's Foods, and a few others I don't remember. I never got turned down at a terminal that had NFC until like a month into having the iPhone 6.
Plenty of places have NFC , with newer businesses taking it left and right. Who needs CVS? best buy and now Target have plans to enable it despite being MCX members. Lots and lots of mom and pop stores take it and they don't even know they do.

----------

Chip and PIN "upgrade"? Erm... that's been out FOR YEARS.

Oh, hang on... you're Americans... :D

Hey at least our terminals have large iPad like touchscreens because we get to play with the new chip & PIN terminals hehe. You guys have to wait to upgrade to these because it isn't a priority as you've already got Chip & PIN. ;). I kid of course. As long as purchases are secure. You have to admit our chip & PIN terminals look hella cool.
 

Attachments

  • image.jpg
    image.jpg
    67 KB · Views: 100
Last edited:
Plenty of places have NFC , with newer businesses taking it left and right. Who needs CVS? best buy and now Target have plans to enable it despite being MCX members. Lots and lots of mom and pop stores take it and they don't even know they do.

----------



Hey at least our terminals have large iPad like touchscreens because we get to play with the new chip & PIN terminals hehe. You guys have to wait to upgrade to these because it isn't a priority as you've already got Chip & PIN. ;). I kid of course. As long as purchases are secure. You have to admit our chip & PIN terminals look hella cool.

A nut and bolt could have a touchscreen if it helped the functionality :p
 
Hey at least our terminals have large iPad like touchscreens because we get to play with the new chip & PIN terminals hehe. You guys have to wait to upgrade to these because it isn't a priority as you've already got Chip & PIN. ;). I kid of course. As long as purchases are secure. You have to admit our chip & PIN terminals look hella cool.

A lot of why we have massively fancy touchscreen terminals is because we're chip/swipe and signature. Digital signature storage is one of those kludges that keeps signature working as a CVM in this country.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.