|
First off, thank you for making this thread. Billions of dollars are zipping across wires everyday and people probably don't spend a microsecond to think about what's going on in the backend. I'm especially fascinated with how long it's going to take the US to move to chipped cards when I see such a large install base of magstripe only equipment out there (parking lot payment terminals, POS systems with built in swipe readers, etc). I've got many questions:Pissingintowind posted:Since the US is around 50% debit and 50% credit, your overall effective rate is the average of the two: 1.31% + $0.24. This means that as long as your average ticket is above $20 or so, you're doing better than Square's blended 2.75%. Pre-durban, were "signature" debit transactions in the US charged the same rate to merchants as credit transactions? as in, a Visa/Mastercard debit card being swiped/signed without a PIN? If so, banks must have been laughing all the way to...well I guess themselves for how much money they were making vs normal/old style EFTPOS PIN based transactions people had been using since the 80s. Pissingintowind posted:Apple Pay relies on a new EMVCo tokenization security standard that was assembled from scratch last year. This was an enormous undertaking for Visa, MasterCard, and American Express, and frankly, I'm shocked that it was pulled off in the amount of time that was available. Effectively what happens is that on a network processing level a card number to "token" card number mapping is maintained. Apple Pay uses the "token" card number for transactions, so the merchant never sees the actual card number. The US market has one major thing going for it: uniformity. All MasterCard POS transactions are processed by MasterCard's Banknet network processing system. All Visa POS transactions are processed by VisaNet. In many other countries, local processing systems process Visa, MasterCard, and American Express transactions, sometimes even by law. This fragmentation will make it extremely difficult to scale Apple Pay internationally, especially where the local processing system is a mandated, slow-moving, government-owned, lowest-common-denominator relic, but I'm sure it will happen eventually. This is fascinating, I didn't realize Apple Pay is just a straight (and yet elegant) implementation of an EVMCo standard. Gives confidence for the longevity of it since it's not really further fragmenting the payment space. Can you go into detail about the US's previous foray into RFID/NFC based payments and the security risks that came up? I've read this article that showed when the cards first came on the market there were multiple implementations, some just atrociously bad from a security standpoint. How exactly do passive RFID chips do any sort of rolling tokenization/sequencing/etc for security? With EMV the chip is powered while in the terminal to do its magic, were these RFID chips using the field broadcast by the reader to give enough power for a chip to change the code/token/etc? Furthermore, what's the difference between some of the "tokenization" with EMVCo contactless vs the previous implementations that existed/exist in the US? You say the Apple Pay token for now is static, and it's the encryption keys that encrypt transaction. Basically, my Apple Pay/EMVCo token is a "static" credit card number that has its own public/private key? Pissingintowind posted:What the hell is up with all of these card number breaches? Will EMV solve essentially all of this because we'll stop transmitting and storing card numbers in plaintext read off magnetic strips like cavemen? I'm spergin' about payments 
|
#
¿
Oct 24, 2014 04:05
|
|
|
|
| # ¿ Apr 29, 2024 05:40 |
|
|
Werthog 95 posted:Lots of stores have upgraded their hardware but haven't turned on the chip slot yet. I've been stuffing my chip card into every slot I can find and none of them have worked yet. There are actually a bunch of people that are more spergs than me about chipped cards that keep track of places you can use it in the US now Haven't kept up but certain walmarts have terminals that'll accept them I never shop at walmart so I've never been able to test. http://www.flyertalk.com/forum/credit-card-programs/1304271-usa-emv-cards-availability-experiences-q-chip-pin-chip-signature-464.html
|
|
#
¿
Oct 31, 2014 05:38
|
|
|
Pissingintowind posted:Also, this post took me almost an hour, so I hope it's helpful! Thank you for taking the time to write all that out, seriously. I love this thread. What's up with the different styles of EMV chips? My credit card has a cool large EMV chip that looks like this one:  But by new debit card has a pathetic looking one like this:  Seems like some have more contacts than others, I presume the extra ones are just unused?
|
|
#
¿
Oct 31, 2014 05:44
|
|
|
flosofl posted:Is one contactless and the other require sliding into a chip reader? If not that, then it may be down to the chip supplier neither are contactless
|
|
#
¿
Oct 31, 2014 05:48
|
|
|
mishaq posted:There are actually a bunch of people that are more spergs than me about chipped cards that keep track of places you can use it in the US now haha jesus christ these guys even made a website http://emvacceptedhere.com it's all walmarts
|
|
#
¿
Oct 31, 2014 05:52
|
|
|
Lolcano Eruption posted:I just received what seemingly is a duplicate of my current amex card in the mail. Same number, expiration, and security code. Amex assures me that when I activate the new card, the old one is deactivated. But if they are visually the same, how can one be deactivated and the other be active? Is there hidden information in the mag stripe or chip? I know that for online transactions, the two cards are indistinguishable. Did you order a replacement card because of a damaged/worn magstrip or something? I'll let the guy that actually knows what he's talking about answer, I wonder if the cvv1 is different? If not, then they have to be identical. I also wonder what happens with EMV cards and you order a replacement due to damage/wear, are the cryptographic keys on the chip also cloned or different?
|
|
#
¿
Nov 6, 2014 07:52
|
|
|
|
| # ¿ Apr 29, 2024 05:40 |
|
|
Pissingintowind posted:Not really. Aren't the principles of a signature, while archaic and almost completely ignored today, not stupid though? A primary use case for card-stolen fraud is to take the card to a high end retailer, buy some expensive poo poo, and try to resell it on ebay or whatever later (a lot harder today than 5-10 years ago though since the police/retailers watch ebay these days) If you're buying something that costs $1000+ at a high end retailer, it's not a 2 second swipe and walk out kind of transaction, they will most likely ask to see your card, and there they can compare the signature you provide with the one on the back of your card as a part of a fraud screening procedure for the retail staff But I agree 100% for sub $500 transactions having to sign little digital pads is idiotic, it's not like anyone is verifying these signatures anyway, it should just go through without a signature
|
|
#
¿
Nov 19, 2014 00:06
|
|