and in the US with the move to C&P the majority of the terminals have NFC capable HW built-in.
Note, that while this is true, that most new terminals that support EMV also support NFC, in the US the banks are NOT adopting "Chip & Pin". They are adopting "Chip & Signature" (that or something very similar is what all the card issuers are calling it). I've received several chip cards now and not one has provided a PIN and all say it is a "Chip & Signature" card.
They won't all be updated as there's no legal requirement to do so AFAIK. Mom and Pop's Corner Store will probably keep using their old swipe machine just as they have for years.
Note, they don't have to upgrade at all. If course any and all fraud they end up with is now on them and not the bank/credit card company anymore starting in October. The only exception to this rule is gas pumps until 2017. So if your small business wants to take that gamble and not upgrade like must will, oh well. Of course when mist everyone else had, and now support Apple Pay, that's where I'll be doing my shopping at anyway.
As for Samscum Pay, it'll fail for the simple fact that no one wants to use anyone's services with Android other then Google's!!!. That means Google's wallet and later Android Pay. Samsung keeps trying with their own services and so far they've ask failed. They keep trying, finding some way to make money on their hardware after the sale. It just doesn't work with Android when you have zero control of the OS. Really the only company winning with Android is Google.
Note, that while this is true, that most new terminals that support EMV also support NFC, in the US the banks are NOT adopting "Chip & Pin". They are adopting "Chip & Signature" (that or something very similar is what all the card issuers are calling it). I've received several chip cards now and not one has provided a PIN and all say it is a "Chip & Signature" card.
I've noticed that, too, but I assumed that it was simply them not having that part of their system up and running to verify the PIN, hence the signature. That's going to remove a huge part of the security feature if a signature will be acceptable indefinitely.
PS: I will try Apple Pay if the terminal supports NFC. Usually the radios are on but the payment fails due to some unspecified issue. I then will try my chipped card. This also usually fails due to som unspecified issue. Disclaimer: I do have these things ready in hand so I'm not holding up the line with my experimentation.
Put it another way, Samsung Pay uses NFC wireless tech (with tokenization), and LoopPay uses "magnetic signal transmission" tech to simulate the magnetic pickup from a physical card swipe (with no encryption). Two different wireless technologies. Two different "protocols."
That is exactly what it is. The "MST" works in exactly the opposite way the Square Reader works (which converts the swipe to a "sound" to the device.) The technology has been around since the 1920's, you might also know it as "Magnetic Tape"
Move a piece of magneticly charged film over a magnetic pickup = sound/data. MST "plays" the sound at the magnetic reader head which is picked up as if a swipe had taken place. The movement is against a stationary head. So what if you just playback the movement? That's what MST is.
It's actually far worse than the swipe card, because if people wanted to defraud a merchant, they could make any kind of fake credit card they want with a fake mag stripe, and just hold the Looppay device near the slot to send whatever credit card numbers they want it. Like this is literately the "worst case scenario" PCI DSS compliance was meant to prevent, as it doesn't protect the card holder data at all. You may as well recite the credit card number out loud.
PS: I will try Apple Pay if the terminal supports NFC. Usually the radios are on but the payment fails due to some unspecified issue. I then will try my chipped card. This also usually fails due to som unspecified issue. Disclaimer: I do have these things ready in hand so I'm not holding up the line with my experimentation.
Occasionally here in Canada, there will be a sticker or post-it note over the NFC device that says "NO TAP". This just means that:
Either
- The Merchant hasn't activated "NFC" in their account, thus NFC taps will just be denied by the reader.
or
- The Merchant has to pay more to use NFC and is trying to avoid these charges.
It's usually the former, and if they have a custom branded POS system like BestBuy and Target, the software has to be aware of EMV cards where there is no NFC hardware (Canadian Target (before they left) and Best Buy locations are Chip+Pin only)
Like here's a fun fact. In my wallet there is only one NFC card, the Credit card. Which I've been using the Chip and later NFC with everything possible ever since before the EMV switchover. The Debit cards are MagStripe/EMV-only. No NFC. Both the Canadian and American cards are like this. The first place I used the EMV chip was an A&W Restaurant, which the cashier just inserted my card and handed the reader to me, without pressing EMV application on the menu. So I pressed Mastercard, put in the PIN and then handed it back. There are some PoS systems here that require you to "press any key" after the transaction even if you use NFC.
Note, that while this is true, that most new terminals that support EMV also support NFC, in the US the banks are NOT adopting "Chip & Pin". They are adopting "Chip & Signature" (that or something very similar is what all the card issuers are calling it). I've received several chip cards now and not one has provided a PIN and all say it is a "Chip & Signature" card.
If you have a debit card, it's Chip+PIN, using the same PIN you use before. If you receive a credit card without a "PIN" then you're going to have go to the issuing bank to set one. All credit cards have an ATM PIN, it's for doing cash-advances. If the card explicitly says "chip+sign" you won't be able to use it outside of the US.
In fact there is one merchant (a Subway Restaurant location) here that treats all credit card transactions, both NFC and Chip+PIN as Swipe transactions and wants you to sign the receipt every time.
Probably not, as all the merchant providers are requiring the update OR the merchant becomes liable for 100% of fraud with swiped transactions. And since the terminals are not a high cost item compared to even a single expensive fraud case, and the merchant providers are pushing deals on new terminals to get everyone updated, I expect that you will see even the mom and pop people upgrading their terminals.
Even Square has an EMV dongle coming out soon for a very affordable price.
Just for my curiosity about how much is a new terminal? A rough ballpark is all.
Nothing is stopping MCX from changing their name, and frankly they probably half to after this debacle once they can figure out how merchants can properly use CurrentC with mobile devices for mining data. The solution is, in part, to make it work with *Pay.
(The asterisk (*) refers to Apple Pay, Android Pay, Samsung Pay, and everyone one following Apple's lead. I hope they all use the word Pay at the end simply to make this simpler for the consumer.)
But but but...it's such a clever name! CurrentC=currency, get it?
They've been stubbornly ignoring their customers' concerns so far, so I suppose they will just as stubbornly keep that great name. I wonder how much they spent to design the name?
But but but...it's such a clever name! CurrentC=currency, get it?
They've been stubbornly ignoring their customers' concerns so far, so I suppose they will just as stubbornly keep that great name. I wonder how much they spent to design the name?
I tried to think of some new names yesterday. (I was just trying to help them out. Honest¡)
Just for my curiosity about how much is a new terminal? A rough ballpark is all.
The Square one is $49 (or free if you pre order now for most users it seems). More traditional ones (when not discounted or rolled into your processing costs or rented) seem to be $129 -- $500 range depending on features, etc. This is just from a quick internet search and I did not read all the fine print.
Just for my curiosity about how much is a new terminal? A rough ballpark is all.
A couple hundred dollars for a decent one, and while a bulk purchase can reduce that price considerably it also raises the total cost. Then you have installation, support and training to deal with.
What I'd like to see is the banks support the increased security and savings from lower theft they have to refund by reducing fees when a proper secure payment is made, thereby encouraging the purchase, installation, support and training for these terminals.
If you have a debit card, it's Chip+PIN, using the same PIN you use before. If you receive a credit card without a "PIN" then you're going to have go to the issuing bank to set one. All credit cards have an ATM PIN, it's for doing cash-advances.
You missed my point. In Europe, they are "Chip & Pin" and the PIN is used for credit transactions. We are not talking normal Debit Card PIN use. The credit cards being issued now in the US are not "Chip & Pin", they are "Chip & Signature." You may be able to get a PIN for use in doing cash advances, the same as with "current" non chip cards in the US. But that is not "Chip & Pin" and the PIN is not used for credit transactions, like in Europe.
Probably not, as all the merchant providers are requiring the update OR the merchant becomes liable for 100% of fraud with swiped transactions. And since the terminals are not a high cost item compared to even a single expensive fraud case, and the merchant providers are pushing deals on new terminals to get everyone updated, I expect that you will see even the mom and pop people upgrading their terminals.
Again, if the bank issuing the card has not upgraded the card to a chip card, then there's no liability for the transaction by the merchant. I presume there's going to be some software in the new terminals that will recognize a swiped card contains a chip and forces the consumer to insert the card instead, otherwise what's the point? I currently have in my possession four credit cards without a chip which were recently issued. The experts think it will take up to a year or more for the banks to replace all the mag-stripe cards with chip cards. I asked my bank when they would be upgraded and they did not know.
Now I agree with you that as single fraud case is enough to convince a merchant to upgrade, but considering the cost of some of these POSTs, many small business merchants I have spoken with have made little or no effort to upgrade, and have no concrete plans of when or how that's going to happen. Most seem very angry about it. I also had a larger business tell me point blank they had not made a decision about upgrading their POSTs, and would not be liable as there would be a period of amnesty (this I had not heard before, nor have been able to verify). But unless the POST manufacturers are stockpiling to deliver en masse to all these merchants who scramble at the 11th hour, it's going to take some time just to manufacture those units, assuming all those merchants go clamoring for them at once. Ultimately, I expect some small merchant is going to get hit with a fraud case that will make national headlines, and that's when everyone will upgrade who has been putting to off.
Of course it's been widely known for some time that the US will be using chip and signature. It may take years if ever for the PIN to be adopted in the US. This makes ?Pay and other mobile payment services even more valuable. I suspect this is one less thing banks have to deal with in making this colossal changeover. Customers are going to have enough trouble learning to insert their card and leave it, especially on most POSTs which also have mag-swipe readers. Which is another reason the POSTs are likely smart enough to refuse a mag-swipe transaction for a chip equipped card, otherwise exposing the poor merchant to liability for the transaction. Because obviously merchants won't be able to disable the mag-swipe readers until the banks have cancelled all mag-stripe only cards, and re-issued chip cards.
October 15th is not going to be some magical overnight transition to chip card and mobile payments. It's going to be messy. Very messy.
So this system will be totally useless outside the states. If your using a EU bank card in Europe you can no longer swipe it. The till machine has to read the chip.
And since Samsung pay doesn't do this then it is dead in Europe.
Tried my UK apple pay for the first time on the watch was surprised on how fast it is. Can't wait to try it on the tube next time I'm in London!
Merchants are required to update their terminals by late October or risk being responsible for fraud if their terminals have weaker security than the bank card used. Our local meat shop had a fire and when they rebuilt they got the new-style terminal. Boy were mom and pop shocked to see Apple Pay work!
Again, if the bank issuing the card has not upgraded the card to a chip card, then there's no liability for the transaction by the merchant. I presume there's going to be some software in the new terminals that will recognize a swiped card contains a chip and forces the consumer to insert the card instead, otherwise what's the point? I currently have in my possession four credit cards without a chip which were recently issued. The experts think it will take up to a year or more for the banks to replace all the mag-stripe cards with chip cards. I asked my bank when they would be upgraded and they did not know.
There is a big push and most card issuers are busy replacing cards with chip & signature cards. You are correct that the liability is not transferred if the card does not have the chip stuff.
As an aside, my CITI chip card, when I swipe it at Walmart, tells me I have to insert it. So there is something either being detected through some sort of NFC stuff(?) or encoded in the magnetic stripe to let the terminal know it has a chip.
I hope more whatever pay keep coming out. The more NFC payment systems are available the more merchants are going to be push to adapt, the more I will be able to use my ?Pay on ?Watch. I see no negative here.
Just for my curiosity about how much is a new terminal? A rough ballpark is all.
A couple hundred dollars for a decent one, and while a bulk purchase can reduce that price considerably it also raises the total cost. Then you have installation, support and training to deal with.
I think Apple should have got into the business of this hardware.
Comments
and in the US with the move to C&P the majority of the terminals have NFC capable HW built-in.
Note, that while this is true, that most new terminals that support EMV also support NFC, in the US the banks are NOT adopting "Chip & Pin". They are adopting "Chip & Signature" (that or something very similar is what all the card issuers are calling it). I've received several chip cards now and not one has provided a PIN and all say it is a "Chip & Signature" card.
Note, they don't have to upgrade at all. If course any and all fraud they end up with is now on them and not the bank/credit card company anymore starting in October. The only exception to this rule is gas pumps until 2017. So if your small business wants to take that gamble and not upgrade like must will, oh well. Of course when mist everyone else had, and now support Apple Pay, that's where I'll be doing my shopping at anyway.
As for Samscum Pay, it'll fail for the simple fact that no one wants to use anyone's services with Android other then Google's!!!. That means Google's wallet and later Android Pay. Samsung keeps trying with their own services and so far they've ask failed. They keep trying, finding some way to make money on their hardware after the sale. It just doesn't work with Android when you have zero control of the OS. Really the only company winning with Android is Google.
I've noticed that, too, but I assumed that it was simply them not having that part of their system up and running to verify the PIN, hence the signature. That's going to remove a huge part of the security feature if a signature will be acceptable indefinitely.
PS: I will try Apple Pay if the terminal supports NFC. Usually the radios are on but the payment fails due to some unspecified issue. I then will try my chipped card. This also usually fails due to som unspecified issue. Disclaimer: I do have these things ready in hand so I'm not holding up the line with my experimentation.
That is exactly what it is. The "MST" works in exactly the opposite way the Square Reader works (which converts the swipe to a "sound" to the device.) The technology has been around since the 1920's, you might also know it as "Magnetic Tape"
Move a piece of magneticly charged film over a magnetic pickup = sound/data. MST "plays" the sound at the magnetic reader head which is picked up as if a swipe had taken place. The movement is against a stationary head. So what if you just playback the movement? That's what MST is.
It's actually far worse than the swipe card, because if people wanted to defraud a merchant, they could make any kind of fake credit card they want with a fake mag stripe, and just hold the Looppay device near the slot to send whatever credit card numbers they want it. Like this is literately the "worst case scenario" PCI DSS compliance was meant to prevent, as it doesn't protect the card holder data at all. You may as well recite the credit card number out loud.
Occasionally here in Canada, there will be a sticker or post-it note over the NFC device that says "NO TAP". This just means that:
Either
- The Merchant hasn't activated "NFC" in their account, thus NFC taps will just be denied by the reader.
or
- The Merchant has to pay more to use NFC and is trying to avoid these charges.
It's usually the former, and if they have a custom branded POS system like BestBuy and Target, the software has to be aware of EMV cards where there is no NFC hardware (Canadian Target (before they left) and Best Buy locations are Chip+Pin only)
Like here's a fun fact. In my wallet there is only one NFC card, the Credit card. Which I've been using the Chip and later NFC with everything possible ever since before the EMV switchover. The Debit cards are MagStripe/EMV-only. No NFC. Both the Canadian and American cards are like this. The first place I used the EMV chip was an A&W Restaurant, which the cashier just inserted my card and handed the reader to me, without pressing EMV application on the menu. So I pressed Mastercard, put in the PIN and then handed it back. There are some PoS systems here that require you to "press any key" after the transaction even if you use NFC.
If you have a debit card, it's Chip+PIN, using the same PIN you use before. If you receive a credit card without a "PIN" then you're going to have go to the issuing bank to set one. All credit cards have an ATM PIN, it's for doing cash-advances. If the card explicitly says "chip+sign" you won't be able to use it outside of the US.
In fact there is one merchant (a Subway Restaurant location) here that treats all credit card transactions, both NFC and Chip+PIN as Swipe transactions and wants you to sign the receipt every time.
Probably not, as all the merchant providers are requiring the update OR the merchant becomes liable for 100% of fraud with swiped transactions. And since the terminals are not a high cost item compared to even a single expensive fraud case, and the merchant providers are pushing deals on new terminals to get everyone updated, I expect that you will see even the mom and pop people upgrading their terminals.
Even Square has an EMV dongle coming out soon for a very affordable price.
Just for my curiosity about how much is a new terminal? A rough ballpark is all.
But but but...it's such a clever name! CurrentC=currency, get it?
They've been stubbornly ignoring their customers' concerns so far, so I suppose they will just as stubbornly keep that great name. I wonder how much they spent to design the name?
I tried to think of some new names yesterday. (I was just trying to help them out. Honest¡)
Just for my curiosity about how much is a new terminal? A rough ballpark is all.
The Square one is $49 (or free if you pre order now for most users it seems). More traditional ones (when not discounted or rolled into your processing costs or rented) seem to be $129 -- $500 range depending on features, etc. This is just from a quick internet search and I did not read all the fine print.
A couple hundred dollars for a decent one, and while a bulk purchase can reduce that price considerably it also raises the total cost. Then you have installation, support and training to deal with.
Here's one from Amazon: http://www.amazon.com/Verifone-N-VX820-SC-VX820-KEYPAD-M282-703-C3-R-3/dp/B008LI1MGE/
What I'd like to see is the banks support the increased security and savings from lower theft they have to refund by reducing fees when a proper secure payment is made, thereby encouraging the purchase, installation, support and training for these terminals.
If you have a debit card, it's Chip+PIN, using the same PIN you use before. If you receive a credit card without a "PIN" then you're going to have go to the issuing bank to set one. All credit cards have an ATM PIN, it's for doing cash-advances.
You missed my point. In Europe, they are "Chip & Pin" and the PIN is used for credit transactions. We are not talking normal Debit Card PIN use. The credit cards being issued now in the US are not "Chip & Pin", they are "Chip & Signature." You may be able to get a PIN for use in doing cash advances, the same as with "current" non chip cards in the US. But that is not "Chip & Pin" and the PIN is not used for credit transactions, like in Europe.
Probably not, as all the merchant providers are requiring the update OR the merchant becomes liable for 100% of fraud with swiped transactions. And since the terminals are not a high cost item compared to even a single expensive fraud case, and the merchant providers are pushing deals on new terminals to get everyone updated, I expect that you will see even the mom and pop people upgrading their terminals.
Again, if the bank issuing the card has not upgraded the card to a chip card, then there's no liability for the transaction by the merchant. I presume there's going to be some software in the new terminals that will recognize a swiped card contains a chip and forces the consumer to insert the card instead, otherwise what's the point? I currently have in my possession four credit cards without a chip which were recently issued. The experts think it will take up to a year or more for the banks to replace all the mag-stripe cards with chip cards. I asked my bank when they would be upgraded and they did not know.
Now I agree with you that as single fraud case is enough to convince a merchant to upgrade, but considering the cost of some of these POSTs, many small business merchants I have spoken with have made little or no effort to upgrade, and have no concrete plans of when or how that's going to happen. Most seem very angry about it. I also had a larger business tell me point blank they had not made a decision about upgrading their POSTs, and would not be liable as there would be a period of amnesty (this I had not heard before, nor have been able to verify). But unless the POST manufacturers are stockpiling to deliver en masse to all these merchants who scramble at the 11th hour, it's going to take some time just to manufacture those units, assuming all those merchants go clamoring for them at once. Ultimately, I expect some small merchant is going to get hit with a fraud case that will make national headlines, and that's when everyone will upgrade who has been putting to off.
Of course it's been widely known for some time that the US will be using chip and signature. It may take years if ever for the PIN to be adopted in the US. This makes ?Pay and other mobile payment services even more valuable. I suspect this is one less thing banks have to deal with in making this colossal changeover. Customers are going to have enough trouble learning to insert their card and leave it, especially on most POSTs which also have mag-swipe readers. Which is another reason the POSTs are likely smart enough to refuse a mag-swipe transaction for a chip equipped card, otherwise exposing the poor merchant to liability for the transaction. Because obviously merchants won't be able to disable the mag-swipe readers until the banks have cancelled all mag-stripe only cards, and re-issued chip cards.
October 15th is not going to be some magical overnight transition to chip card and mobile payments. It's going to be messy. Very messy.
And since Samsung pay doesn't do this then it is dead in Europe.
Tried my UK apple pay for the first time on the watch was surprised on how fast it is. Can't wait to try it on the tube next time I'm in London!
Again, if the bank issuing the card has not upgraded the card to a chip card, then there's no liability for the transaction by the merchant. I presume there's going to be some software in the new terminals that will recognize a swiped card contains a chip and forces the consumer to insert the card instead, otherwise what's the point? I currently have in my possession four credit cards without a chip which were recently issued. The experts think it will take up to a year or more for the banks to replace all the mag-stripe cards with chip cards. I asked my bank when they would be upgraded and they did not know.
There is a big push and most card issuers are busy replacing cards with chip & signature cards. You are correct that the liability is not transferred if the card does not have the chip stuff.
As an aside, my CITI chip card, when I swipe it at Walmart, tells me I have to insert it. So there is something either being detected through some sort of NFC stuff(?) or encoded in the magnetic stripe to let the terminal know it has a chip.
:embarrass Until you pointed it out NO I HAD NOT!! Geesh. . . Obviously I had never verbalized it until just now. Thanks!
lol!
I think Apple should have got into the business of this hardware.
Technically they might be into it with the iDevice-controlled mobile POS devices used in their stores.