1. Home
2. Questions
3. Unanswered
4. AI Assist
5. Tags
7. Chat
8. Users
Stack Internal

Stack Overflow for Teams is now called Stack Internal. Bring the best of human thought and AI automation together at your work.
Try for free Learn more
Stack Internal
Bring the best of human thought and AI automation together at your work. Learn more

Timeline for answer to Isn't the security of credit cards with chip worse than with signature? by BrenBarn

Current License: CC BY-SA 3.0

Post Revisions

17 events

when toggle format	what		by	license	comment
Jun 19, 2016 at 2:53	comment	added	user2752467		@AndrewAylett Well of course they're available easily outside the US. I was just saying that smart device-based readers that I've encountered here (almost always Square) are magnetic stripe only.
Jun 15, 2016 at 22:34	comment	added	Mark		@halfinformed I'd actually say getting rid of the raised lettering would be a good move too - merchants can still submit charges using the old roller imprint "click-clack" card machines, although they do take a signature.
Jun 15, 2016 at 20:42	comment	added	Andrew Aylett		@JustinLardinois: I've had a chip reader for my smartphone for a couple of years now, from iZettle (in the UK).
Jun 15, 2016 at 15:31	comment	added	JimmyJames		Last night I had to swipe and insert the card. Before at this store, I would just insert but for some reason when I put the card in, it asked me to take it out and swipe and then reinsert.
Jun 15, 2016 at 2:22	comment	added	hobbs		@Andy yes, but it does that based on information on the card, specifically the magstripe.
Jun 14, 2016 at 23:28	comment	added	Andy		@hobbs they already do that. I tried swiping my chip card and the terminal rejected it saying i had to use the chip.
Jun 14, 2016 at 22:23	comment	added	user2752467		@Cruncher I'm not sure why you think not having a chip reader is inherently sketchy. Fraud liability for stripe was legally shifted to retailers less than a year ago, and some point of sale software vendors still haven't updated their software, so stores that use those vendors don't have a choice. I also haven't seen any smartphone or tablet-based card readers that use chip yet. You'd be locking yourself out of a lot of retailers, including pretty much all gas stations and restaurants.
Jun 14, 2016 at 19:00	comment	added	Hannover Fist		So your suggestion is to hide the body well when stealing someone's credit cards for optimal use?
Jun 14, 2016 at 15:29	comment	added	Lie Ryan		@MasonWheeler: Did you actually inform your bank of your new address before you make the purchase? If you didn't, that means the fraud detection system is actually working great; I would have been much more annoyed if the bank naively let that transaction through. Leaving record of stopping automatic payments isn't the same as telling the bank that you are moving.
Jun 14, 2016 at 15:16	comment	added	Mason Wheeler		"The credit card companies are still tracking card usage and watching for unusual purchases that might indicate fraud." Which is great right up until it isn't. When I moved a few years ago, the bank had records of me discontinuing automatic payments at my old location, and they had records of me buying gas, meals, and hotel rooms along my route, but when I went to buy some furniture for the new place, it got flagged as fraudulent due to being an expensive purchase far away from where I lived, and it took me 2 hours on the phone with bank reps to clear up! :(
Jun 14, 2016 at 15:07	comment	added	Cruncher		@halfinformed I personally intentionally wreck my mag stripe, and don't use it anywhere that forces me to swipe it. To me, any place that does not have a chip reader is sketchy.
Jun 14, 2016 at 6:35	comment	added	hobbs		@halfinformed or at least the day when the terminal can verify with the issuer whether the card is supposed to have a chip, and deny a swipe if so. Until then, an attacker can clone a card from the magstripe and simply zero the "I have a chip" bit, and the "PLEASE INSERT CARD" message won't come up.
Jun 14, 2016 at 6:13	comment	added	mostlyinformed		"The biggest security risk with the new cards is that many vendors don't actually require use of the chip at all -- they still let you swipe." This. The day that new payment cards in the U.S. no longer come with magnetic stripes in the first place will be a great day for financial information security.
Jun 14, 2016 at 3:23	comment	added	Jay		Yes. When evaluating a security procedure, you have to consider all realistic threats. It's quite possible for a new procedure to make you more vulnerable to attack X, but nevertheless be a good idea because it makes you less vulnerable to Y to an extent that more than makes up for X. And I'd add, signatures don't really offer much security. I rarely see stores check my signature. And if someone stole your card, he could practice forging your signature.
Jun 14, 2016 at 3:20	vote	accept	Aganju
Jun 14, 2016 at 2:25	history	edited	BrenBarn	CC BY-SA 3.0	added 75 characters in body
Jun 14, 2016 at 2:23	history	answered	BrenBarn	CC BY-SA 3.0