|
Online fraud is outpacing in-person credit card fraud, as it should because of the amount of transactions made online. So with chip reading hardware costing less than $20 and all credit cards required to have chips in them now, why can't I plug my USB card reader into my computer, then when it's time to buy something, enter a PIN to verify myself instead of entering my credit card number and CVV? It would make transactions require a piece of hardware, but wouldn't it dramatically reduce the amount of fraud as well as make stolen physical cards useless for online purchases?
|
# ? Jul 24, 2018 20:28 |
|
|
# ? Apr 26, 2024 19:09 |
|
Hummer Driving human being posted:
Hummer Driving human being posted:It would make transactions require a piece of hardware
|
# ? Jul 24, 2018 21:07 |
|
Yeah, I kind of figured that would be a top answer. But since smart card certificates/PIN protection are already well understood and implemented, how much trouble would it be to implement the web side of it? RSA and other companies require who knows how many physical tokens for one time passwords. I guess credit card companies have done the math required for fraud versus how much they could save by giving customers a free card reader if they wanted one?
|
# ? Jul 24, 2018 23:29 |
|
Hummer Driving human being posted:Yeah, I kind of figured that would be a top answer. But since smart card certificates/PIN protection are already well understood and implemented, how much trouble would it be to implement the web side of it? RSA and other companies require who knows how many physical tokens for one time passwords. I guess credit card companies have done the math required for fraud versus how much they could save by giving customers a free card reader if they wanted one? I guess a password is still phishing vulnerable. Though a card reader could be too unless there's a USB interface directly to certificates, a site could man-in-the-middle the request. You could send people a client certificate to install, and use that to verify transactions via the visa site. That would be relatively immune to phishing or man-in-the-middle-ing, and would not require hardware, and done right wouldn't even be significantly inconvenient. My guess is credit card companies on average get to keep more from illicit transactions than they have to refund. Especially given that they often try to charge merchants for reversed transactions.
|
# ? Jul 25, 2018 02:35 |
|
Your avatar text really annoys me because whoever mistakenly thought that would be a good and sick burn used virii instead of viruses
|
# ? Jul 25, 2018 10:21 |
|
Clamps McGraw posted:Your avatar text really annoys me because whoever mistakenly thought that would be a good and sick burn used virii instead of viruses Yeah, I think "viri" in Latin means "men." On a more on-topic note, I don't really like the idea of using chips when doing transactions. It's like selecting the "credit" option instead of debit, which requires a password, even if it is just 4 numbers. It invites fraud, and I don't understand why banks are cool with this.
|
# ? Jul 25, 2018 12:10 |
|
roomforthetuna posted:My guess is credit card companies on average get to keep more from illicit transactions than they have to refund. Especially given that they often try to charge merchants for reversed transactions. Beyond this, I'm pretty sure merchants are begging them not to make things more difficult. That "verified by VISA" password scheme was everywhere for while, and then it vanished, and I'm pretty sure it's because people would always forget passwords and get frustrated by the reset process, etc., causing a lot of abandoned checkouts. I'm guessing it's better to eat the cost of the occasional fraud than it is to piss customers off. As to the actual question, what advantage would a hardware chip reader provide over a more standard two-factor authentication system like a code being sent to your cellphone, besides being more expensive and impossible to use if you're trying to buy stuff on your smartphone and didn't bring your reader doodad along?
|
# ? Jul 25, 2018 12:54 |
|
It would be nice if that were an option. It would also require every single online sales system to be reworked to be compatible with every single scanner and blah blah blah. It's a nice idea.
|
# ? Jul 25, 2018 20:42 |
|
roomforthetuna posted:
It's actually cost of change > losses due to fraud. That's why the US was slower adopting chips compared to the rest of the world : many, many outdated terminals and software needed changing.
|
# ? Jul 25, 2018 23:38 |
|
You'll likely skip this and go straight to client side tokenization (think Apple Pay or Google Pay) instead. They Payments Request API should help smooth a transition over as well: https://developers.google.com/web/fundamentals/payments/
|
# ? Jul 26, 2018 02:03 |
|
Hummer Driving human being posted:It would make transactions require a piece of hardware, but wouldn't it dramatically reduce the amount of fraud as well as make stolen physical cards useless for online purchases? My bank (Ulster Bank, Northern Ireland) did this years back - I don't know why, as most of the other online banking systems seem secure. You don't need to use it for purchases, but any money transfers etc. - stick the card in. And if you lose or break it, they send you out another one free. I've been through about 6 so far!
|
# ? Jul 26, 2018 22:13 |
|
poo poo I live in a area where out of the three towns I live/travel to normally only a handful of stores accept the chip, rest are still swipe.
|
# ? Jul 26, 2018 22:21 |
|
It's hard to imagine something stupider than requiring online transactions to require loving hardware lmao why yes, i'm going to plug a loving chip reader into my phone to shop on amazon
|
# ? Jul 26, 2018 22:33 |
|
TROIKA CURES GREEK posted:It's hard to imagine something stupider than requiring online transactions to require loving hardware lmao So, y'know, it's better in that it doesn't require plugging something into a computer that could be up to anything, but it's worse in that you have type an extra 20 digits as part of the process of making a transaction.
|
# ? Jul 27, 2018 01:31 |
|
Hummer Driving human being posted:Online fraud is outpacing in-person credit card fraud, as it should because of the amount of transactions made online. So with chip reading hardware costing less than $20 and all credit cards required to have chips in them now, why can't I plug my USB card reader into my computer, then when it's time to buy something, enter a PIN to verify myself instead of entering my credit card number and CVV? It would make transactions require a piece of hardware, but wouldn't it dramatically reduce the amount of fraud as well as make stolen physical cards useless for online purchases? this physical hardware in the chip does not improve the security of the transaction at all, it arguably makes it easier to skim credit cards because of how long it takes an ordinary chip reader to process the transaction.
|
# ? Jul 27, 2018 02:33 |
|
Bruegels Fuckbooks posted:this physical hardware in the chip does not improve the security of the transaction at all, it arguably makes it easier to skim credit cards because of how long it takes an ordinary chip reader to process the transaction. Contactless is the way to go IMO - the cards still have chip & pin if needed, but anything under £50 (I think, could be £40) just needs you to touch your card (or phone if it has NFC) to the reader - beep, green tick on the card reader screen, all paid for. I can't remember the last time I swiped my card - it would be years ago.
|
# ? Jul 28, 2018 03:57 |
|
spog posted:That's why the US was slower adopting chips compared to the rest of the world : many, many outdated terminals and software needed changing. Because the rest of the world - well, Europe specifically I'm thinking of - didn't also have outdated terminals and software?
|
# ? Jul 28, 2018 19:56 |
|
feedmegin posted:Because the rest of the world - well, Europe specifically I'm thinking of - didn't also have outdated terminals and software? Maybe they said, "Hey, this is a good idea. Let's change over to it and worry about the costs later." I've encountered quite a few chip reader terminals in the US where the chip reader part has not been activated right away.
|
# ? Jul 28, 2018 20:28 |
|
Mister Kingdom posted:
Even Taco Bell doesn't use the chip reader yet. Taco Bell!
|
# ? Jul 28, 2018 22:00 |
|
feedmegin posted:Because the rest of the world - well, Europe specifically I'm thinking of - didn't also have outdated terminals and software? Size is a supposedly a factor as well as the US not having a unified authority to mandate he change, but I think the biggest reason is that the US has historically had weirdly low fraud compared to the rest of the world and if there isn't a monetary pressure on the companies then why change.
|
# ? Jul 29, 2018 03:18 |
|
May I also suggest that the US, one of the few countries to still use exclusively Imperial measurements, is historically speaking unwilling to embrace new ideas and standards regardless of their advantages?
|
# ? Jul 29, 2018 05:11 |
|
PT6A posted:May I also suggest that the US, one of the few countries to still use exclusively Imperial measurements, is historically speaking unwilling to embrace new ideas and standards regardless of their advantages? This is a fairly bold blanket statement.
|
# ? Aug 8, 2018 10:06 |
|
may i suggest, that the giant country made up of 50 mini countries that are comparable or bigger to an european countries might have a hard time making mass change???
|
# ? Aug 9, 2018 06:05 |
|
I work in IT. I'm now picturing calls from my parents and friends "hey, I'm trying to buy something from Amazon I need tomorrow, and my $4 knock-off chip reader isn't working; could you help me?" The real answer to why we don't do this is to reduce mass murder.
|
# ? Aug 9, 2018 18:44 |
|
Thanatosian posted:I work in IT. I'm now picturing calls from my parents and friends "hey, I'm trying to buy something from Amazon I need tomorrow, and my $4 knock-off chip reader isn't working; could you help me?" My bank issues a piece of hardware for online payments and there are no $4 knock-offs because you can only use the device issued by the bank. It never malfunctions, batteries last years and if it breaks they will send you a new one. You don't have to plug it into your computer but you can and then you don't have to type in the response manually.
|
# ? Aug 9, 2018 20:02 |
|
Two factor authentication is more secure.
|
# ? Aug 9, 2018 20:54 |
|
your friend a dog posted:may i suggest, that the giant country made up of 50 mini countries that are comparable or bigger to an european countries might have a hard time making mass change??? Russia also uses chip readers. In fact they invented their own system.
|
# ? Aug 10, 2018 18:43 |
|
Kaal posted:Russia also uses chip readers. In fact they invented their own system. Russia? The country with less than half th population of the United States? Concentrated in a smaller area? That Russia?
|
# ? Aug 10, 2018 20:02 |
|
Russia's about twice the landmass and has a more spread out population there, bucko.
|
# ? Aug 11, 2018 00:28 |
|
American exceptionalism: A nation too large and yet too small; too diverse but also too homogeneous; too urban and yet too rural; always unready to adopt any changes or accept any critique. Real talk: Incidence of credit card fraud in the US is triple the global average, largely due to a lax attitude by government authorities. An estimated $200 billion is lost each year to such fraud in the US. Merchants and card companies are liable to reimburse losses when they are discovered, though in reality it can be quite difficult to recover your money. Furthermore any incidental costs related to protecting yourself from further fraud are yours alone. But card issuers aren't going to discourage customers from using their products by unilaterally implementing security reforms (look at American Express) so it's important to adopt industry wide reformat via governmental reform.
|
# ? Aug 11, 2018 01:39 |
|
Kaal posted:But card issuers aren't going to discourage customers from using their products by unilaterally implementing security reforms (look at American Express) so it's important to adopt industry wide reformat via governmental reform. What I don't understand is that chip and PIN is much easier for the customer. Like, consider at a restaurant: the server must bring over the pin pad and your credit card never leaves your sight, instead of the server taking it away and then bringing it back later with a little slip of paper (that you must manually calculate a tip on, not that it should be much of a challenge). And they get to charge merchants for new equipment! It's win-win!
|
# ? Aug 11, 2018 01:42 |
|
Kaal posted:But card issuers aren't going to discourage customers from using their products by unilaterally implementing security reforms
|
# ? Aug 11, 2018 03:09 |
|
crowtribe posted:Russia's about twice the landmass and has a more spread out population there, bucko. U think the lil tiny towns and poo poo have chip card readers? Lmao
|
# ? Aug 11, 2018 03:28 |
|
your friend a dog posted:U think the lil tiny towns and poo poo have chip card readers? Lmao yeah righto
|
# ? Aug 11, 2018 05:47 |
|
man whos arguing in good faith: AKSHULLY you'll find russia is very spread out which is why its very impressive all those spread out little villages have chip readers. god bless putin. god bless communism
|
# ? Aug 11, 2018 06:26 |
|
Hummer Driving human being posted:Yeah, I kind of figured that would be a top answer. But since smart card certificates/PIN protection are already well understood and implemented, how much trouble would it be to implement the web side of it? RSA and other companies require who knows how many physical tokens for one time passwords. I guess credit card companies have done the math required for fraud versus how much they could save by giving customers a free card reader if they wanted one? I'm not even sure how personal card readers attached to a computer would work with regard to PCI-DSS security either. Source: I work for a huge credit card processor.
|
# ? Aug 11, 2018 20:18 |
|
Hi I got high and was thinking about this question last night in bed because I'm a moron who can't leave her work at work and also I'd drunk a lot. Anyways, slightly more background, I'm an internal technical writer and operations trainer for an international credit card processor. Encryption is another area where this would be an issue. With EMV/chip, encryption is a big deal for the obvious reasons. With the company I work for, when a merchant needs equipment from us, the readers/PIN pads that are sent out are injected with encryption keys that mean they will only work for our company. My assumption is that the other large processing companies do things the same way, for the simple reason of wanting to make sure merchants stay with them instead of loving off to a competitor. To my knowledge from talking with the guys at work on the development/coding/security side, each individual card-backing bank can/does also have their own encryption differences, though I really know very little about this because it's not an area I speak to. I don't know at which point in the process it comes into play. So you'd have to have multiple people signing off on this basically - the merchants, the processors, the card-issuing banks, and the card brands themselves, leaving out the customers themselves going for this as something they consider (rightly or wrongly) to be safe as well as economical. Then you have to actually make the coding and technology happen and try to get the equipment out to enough people that it pays back the cost of development (and because this is the financial industry let's not lie, make a profit). Considering that the relationships up and down that line can be contentious at the best of times thanks to the myriad ways in which everyone fucks everyone else below them on the totem pole, and occasionally takes a stab at loving the people above them, agreement on something that large that is such a change in How Things Work is extraordinarily unlikely unless it's a unilateral decision from above that everyone has to either agree to or stop taking credit cards. The fighting upwards along that line just to get EMV equipment and capability to merchants in the US was extraordinary. Multi-year effort requiring mandates and liability shifts on chargebacks from the card brands, and in 2018 merchants are still dragging their feet on it and getting pissier because the breaks on pricing and whatnot that the processors gave as an initial incentive have mostly gone away if you didn't do what you should have, at least that I know of.
|
# ? Aug 12, 2018 17:30 |
|
Here in Norway (so yes, way smaller, not comparable, etc..) we have this neat thing called BankID , it started out being just a universal one time code generator you could use for logging into any online bank, but now you can use it to confirm credit and debit card charges online, logging in to most government sites (taxes, health stuff etc) and they stopped requiring hardware a long time ago. Now I just get a passphrase on my phone, and confirm by entering my personal pin on there. https://www.bankid.no/en/about-us/
|
# ? Aug 20, 2018 16:31 |
|
your friend a dog posted:U think the lil tiny towns and poo poo have chip card readers? Lmao Probably? Butt gently caress nowhere small town canada managed to do it?
|
# ? Sep 5, 2018 22:34 |
|
|
# ? Apr 26, 2024 19:09 |
your friend a dog posted:man whos arguing in good faith: AKSHULLY you'll find russia is very spread out which is why its very impressive all those spread out little villages have chip readers. god bless putin. god bless communism As we all know communism begins when it becomes easier for people to pay for stuff.
|
|
# ? Sep 6, 2018 16:53 |