Comment by sonnyblarney
8 years ago
Financial fraud prevention gambits are complicated.
It may be possible that PP thought someone else was using your account.
What should happen in these scenarios is simply a validation of some kind ie payment only goes through if you click on the email your received.
I used to travel to SF from Canada a lot and my bank would block my Visa even though I told them not to.
In the US there's no password in Visas, i.e. no chip-and-pin, which is totally crazy = huge fraud.
It's funny to think in the Silicon Valley, top tech companies in the world ... everyone is still using that old mag stripe stuff when pretty much the rest of the world has moved on.
The US largely migrated to chip and signature in 2015. I think a large majority of credit card uses today are chip in the US because the issuers quickly sent out chip cards, most terminals got updated to use them, and swipe is rejected often if chip is available.
To be clear, this is chip (and sometimes signature for large purchases) but not chip-and-pin, so the original statement of no passwords generally holds true, but the mag stripes are generally not used anymore.
There are still idiot retailers that won't support the chip for debit transactions. Or even stupider, some let you choose between credit or a debit after inserting to the chip reader and reject you for choosing debit.
Mag strips are often used by ATMs and machines that you stuff cards into for tickets (train, museum etc).m I don’t know why but I’ve never encountered an ATM that uses the chip. I’m an MRI radiographer with expertise in the area of mag strip erasure. Chips are fine though and work after repeated exposure to 3T magnets.
I’ve inferred that the newer ATMs I’ve encountered use chips: the card stays in the machine for the entire transaction and is released to you right before the cash is dispensed.
3 replies →
> swipe is rejected often if chip is available.
It's the other way around. If you try the chip 3+ times, and it doesn't work, you can swipe the card, and the swipe transaction will work.
When the more secure method fails, it falls back to the less secure one. It's lunacy.
In actual practice TONS of people ruin their chips or regularly run them while doing stupid things like holding onto the card and bending it slightly or pulling it out early. When it fails to go through because they couldn't follow directions or because its outright broken they keep using their cards for months or until they get a new one expecting the retailer to deal with their half broken credit instrument and complaining energetically if it doesn't work.
Since a relatively small number of complaints ruins the parent companies perception of how well the individual store is doing as far as customer service the store level doesn't want anything to inconvenience their customers especially since literally 99.9999% of swipes are from legit customers not thieves.
The retailer either accepts swipes or not, ditto for your bank, the fact that there is a fall back feature if chip fails isn't a security failure unless it opens up a new avenue. (Someone could just print a magic strip unless one or both blocked mag strip charges)
2 replies →
Given how craptacular the terminals are here, not having the fallback would lead to a nontrivial amount of lost sales. (Sooo.. I can’t pay? Guess I have to abandon this cart of groceries and find a bank branch...)
The chips also don’t seem to last as long as the magstripes for some reason (which makes zero sense when you think about it). I’ve had to get my card replaced 3x in the space of two years.
Luckily EC cards in Europe don't do that. If you fail 3 times the chip stops working and the magnet stripe tells you to use the chip.
1 reply →
Put your chip card quickly in and out three times, next the machine will tell you to “swipe your card”.
This even works in chip-and-pin systems, at least here in Australia. Makes me sad, I don't really understand why falling back to what we're trying to replace is considered a good idea :(
1 reply →
It’s easy to accidentally invoke paywave doing this, which is annoying when trying to text if a mag strip is faulty.