Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Credit card companies DO have chips in their cards, but thousands of merchants around the country don't yet support them. Credit card companies are doing their best to pressure merchants to upgrade their systems, but they can't just suddenly cut off those thousands of merchants.

If they did, the headlines would suddenly be "Credit card companies forcing mom and pop shops to spend thousands on new equipment"



From the article:

---- On Oct. 1, 2015, Visa and MasterCard put in force new rules that can penalize merchants who do not yet have chip-enabled terminals. Under the new rules, merchants that don’t have the technology to accept chip cards will assume full liability for the cost of fraud from purchases in which the customer presented a chip-enabled card.

But those rules don’t apply to fuel stations in the United States until October 2017, and a great many stations won’t meet that deadline, said Verifone’s Turner. ----

According to "Yearbook 2005: British Retail Consortium" [1], by the time of the liability shift (1 January 2005) "retailers accounting for 75% of transactions" had a chip+PIN terminal, with the remainder "well on the way". It goes on to explain that small businesses including petrol stations were consulted as the change was planned, there was no relaxed deadline for them. (If my memory is correct, petrol station pumps were among the first to switch, as they had the highest level of fraud — relatively high-value transactions with no supervision.)

[1] https://books.google.dk/books?id=csUYwwVZ2AUC&pg=PT207&dq=ch...


Gas/Petrol stations were, along with restaurants, also the rare places where the CC was physically separated from the customer. By mandating chips+pin, customers no longer handed their cards over to people who might scan/copy them while out of sight.


Canada somehow did it. So did the UK and much of Europe. The US is not a special case.


You just have to transfer full legal liability onto the CC company in the event of fraud. They would build and deploy a sane crypto scheme by COB tomorrow, wherein my plaintext CC number would not be revealed during every transaction.


It's a 6 week turnaround time for Visa and Mastercard. But yeah, they can do it and have done it. Having non-standard procedures is a pain on the IT implementation side, and the US is non-standard.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: