credit card usage

[newport dave]

I have been watching to see if any of our British friends would answer your questions. But apparently they don’t know or don’t care anymore on this thread.

Here is what I understand about this chip and PIN process.

When they put their ‘smart card’ into the little machine, it checks the validity of the PIN they entered with the chip. If the two match, everything is fine. Then it records all of the transaction information but does not communicate with ‘home-base’ (bank or credit- card company) until later in the evening. And yes, if your assumption is correct, that if the PIN number is part of this information, than that information is transmitted ‘to the world’.

Since the little machine is not in contact during the transaction it cannot verify that the card is still valid or that the credit limit has not been exceeded. That happens much later. So, a person could go on a shopping spree all day and the merchant or bank does not find out until the following morning.

I am sure that there is no totally secure way; there will always be a crook out there who can hack or find a way to get ‘inside’. A PIN number will help and so does the idea of ‘see ID’. But the money the banks in Europe must have spent to distribute cards with chips and machines that will process them has to been horrendous. And who do you think eventually pays for that?

Since we, in the US, have so many reading machines that are based on the magnetic strip out there, it is no wonder the US banks and credit card companies are reluctant to join our European friends.

 

BTW How did you get a PIN for your credit card with Capital One? I don’t think it does any good, but I checked with my bank and they don’t know what I am talking about.

 

Transactions go straight to either the bank/credit card or card transaction processing company, has my wife and I have both had transactions refused either because we where elsewhere in the UK and they thought my card had been stolen or cloned or it was for a significant amount ie paying for holiday, which happened to my wife a few weeks ago. All it took to get the transaction authorized was a quick phone call to verify certain security details and all was sorted.

[Globaliser]

Am I correct in assuming that when you swipe or enter your chip card in a machine it still has to be in communication with the bank in order to verify that the card is indeed valid and has not been taken out of service?

 

If the little machine that is brought to your table in a restaurant compares the chip and PIN and then records the transaction, those details would still have to be transferred through the internet to the bank (or who ever). Now, I would also assume that the little machine records the credit card number, PIN number and the amount of the transaction. So now all that information is out in the open world anyway. True, you are the only one who touched your card, but it is the information that a dishonest person is interested in and they can readily make another card and chip.

 

Again my question is: I like the idea of a PIN number, but what good is the chip?

The PIN is used to verify that you are the person entitled to use the card. It's a replacement for signature verification, which is the way that this fact has traditionally been checked. The PIN that you enter is checked by interrogating the chip. I think that if you enter an incorrect PIN several times, the chip will lock so that the card can no longer be used until the chip has been unlocked.

 

After the PIN has been verified, the machine communicates with the merchant's service provider to get authorisation. This is the point at which a card may be detected as stolen or over-limit, or at which the transaction may be refused for some other reason. If it is refused, the transaction does not complete and you will be asked to pay by some other means, even if you had entered the correct PIN.

 

It's not easy to make another chip. Nor is it easy to hack the information passing between the machine and the service provider because of the encryption used. But in any case, the information transmitted ought not to include the PIN; as I understand it, one purpose of the chip is to enable verification of the PIN to take place locally. The only time the PIN is exposed to the "open world" is when you press the digits on the keypad, hence the advice that you should shield your PIN when doing this.

[Globaliser]

I have been watching to see if any of our British friends would answer your questions. But apparently they don’t know or don’t care anymore on this thread.

Actually, some of us have day jobs that mean that we can't come here every day. I'm really sorry that it means that I have to temporarily forego the pleasure of reading posts from people who think they're really clever in choosing to write "See ID" on their credit card signature strips.

Then it records all of the transaction information but does not communicate with ‘home-base’ (bank or credit- card company) until later in the evening. And yes, if your assumption is correct, that if the PIN number is part of this information, than that information is transmitted ‘to the world’.

 

Since the little machine is not in contact during the transaction it cannot verify that the card is still valid or that the credit limit has not been exceeded. That happens much later. So, a person could go on a shopping spree all day and the merchant or bank does not find out until the following morning.

And as you have seen above, your understanding is incorrect.

[h3rjp]

Here is what I understand about this chip and PIN process.

When they put their ‘smart card’ into the little machine, it checks the validity of the PIN they entered with the chip. If the two match, everything is fine. Then it records all of the transaction information but does not communicate with ‘home-base’ (bank or credit- card company) until later in the evening. And yes, if your assumption is correct, that if the PIN number is part of this information, than that information is transmitted ‘to the world’.

Since the little machine is not in contact during the transaction it cannot verify that the card is still valid or that the credit limit has not been exceeded. That happens much later. So, a person could go on a shopping spree all day and the merchant or bank does not find out until the following morning.

 

Your understanding is completely incorrect. As has been said further back on this tread. Each transaction is checked with your credit card issuer while you are stood with your card in the machine and every transaction is given an authorisation number or decline or whatever. The "online / instant" authorisation process is pretty much the same as it has been for at least a decade, even before chip and pin was introduced.

 

I am sure that there is no totally secure way; there will always be a crook out there who can hack or find a way to get ‘inside’.

 

Chip and Pin led to a massive drop in "card holder present" credit and debit card fraud, which is why it was introduced.

But the money the banks in Europe must have spent to distribute cards with chips and machines that will process them has to been horrendous. And who do you think eventually pays for that?

Since we, in the US, have so many reading machines that are based on the magnetic strip out there, it is no wonder the US banks and credit card companies are reluctant to join our European friends.

 

Putting in the chip and pin machines was a large-ish operation; but was completed in about a year. The machines themselves simply integrate with existing cash registered and are little more than a "plug and play" extra, with a small software upgrade.

 

It's also worth noting that retailers weren't "forced" into adopting chip and pin, but were "strongly persuaded" by making retailers liable for all fraud where a chip and pin card could be used, but wasn't.

 

The cost is re-couped by cutting the card fraud. If there wasn't a cost saving to be had, the system would not have been introduced in the first place; as that simply wouldn't make commercial sense.

 

I guess if the numbers add up in the US (e.g. cost of fraud versus the cost of upgrading the entire payment system) then they will go the same way too.

 

You wanted a full answer! Now you have one! :)

 

as I understand it, one purpose of the chip is to enable verification of the PIN to take place locally. The only time the PIN is exposed to the "open world" is when you press the digits on the keypad, hence the advice that you should shield your PIN when doing this.

 

You are correct. The machine that your card is inserted into checks the pin you enter against that stored on the chip. The PIN number is never transmitted to anyone.

[handfordr]

Since we, in the US, have so many reading machines that are based on the magnetic strip out there, it is no wonder the US banks and credit card companies are reluctant to join our European friends.

 

I don't think this holds water, 10 years ago Europe was as the US is now.

The switchover from the old fashioned magnetic strip and signature in Europe was done very quickly. It was perceived as a win win situation for everybody concerned with much enhanced security benefitting all.

Its not a perfect system by all means but figures since introduction suggest it is a big step forward in security.

At the moment one assumes all the US banks are happy to swallow the losses incurred as they can just pass it on the customer in one form or another at the end of the day. I suspect it needs some leadership from the US government to enable US to catch up in this respect.

[Lair Bear]

Thank you all for clarifying one point about the how the system works.

 

But it is still not 100% clear if I can use my PIN, that was provided by my credit card company, will do me any good in Europe. The reason it was provided a number of years ago was that 'PIN may be required in certain European countries'.

However, it seems to no avail since it is still with a magnetic strip card.

 

I have one more question. How do you handle a transaction when purchasing an item via telephone or the internet? I assume there is no PIN interaction and everything is the same as we do with the magnetic card. Right?

[handfordr]

I have one more question. How do you handle a transaction when purchasing an item via telephone or the internet? I assume there is no PIN interaction and everything is the same as we do with the magnetic card. Right?

 

On most Internet transactions you will see an additional field to enter your PIN number. Some credit card providers have taken it a stage further where after entering your PIN you are redirected temporarily to your credit card providers facility for additional security hoops to jump through.

 

In Europe most of the fraud now takes place on 'customer not present' transactions like over the phone. It really depends on how lax your credit card provider is, at minimum you should be telling them you will be in London/UK in advance on the dates you will be here. But even with this they may refuse to process the transaction if they perceive it as an 'irregular transaction'.

You should bring at least 2 credit cards in my opinion in case one provider won't process.

[newport dave]

Thank you all for clarifying one point about the how the system works.

 

But it is still not 100% clear if I can use my PIN, that was provided by my credit card company, will do me any good in Europe. The reason it was provided a number of years ago was that 'PIN may be required in certain European countries'.

However, it seems to no avail since it is still with a magnetic strip card.

 

I have one more question. How do you handle a transaction when purchasing an item via telephone or the internet? I assume there is no PIN interaction and everything is the same as we do with the magnetic card. Right?

 

You'll need your pin if you want to use an ATM. Otherwise you'll use your card as you do in the US, get the retailer to swipe it(we still do this if 'chip and pin' machine is not working) and sign the receipt. Buying over the phone you just give them the normal details, plus you have a 3 digit security code on the signature strip. For online purchases again it's the same but theres a system call 'verified by Visa/Mastercard' where you have to enter an extra password for the transaction to go through. This is only if the site uses this system though.

[Globaliser]

Chip and Pin led to a massive drop in "card holder present" credit and debit card fraud, which is why it was introduced.

Its not a perfect system by all means but figures since introduction suggest it is a big step forward in security.

Broadly speaking, card fraud is down by 90% - as in, it is now running at one-tenth of the level that it was before chip-and-PIN.

 

It's no wonder that so many countries around the world are also rapidly embracing this technology. It's not just a European thing.

[12B@C]

Broadly speaking, card fraud is down by 90% - as in, it is now running at one-tenth of the level that it was before chip-and-PIN.

quote]

 

I suggest you read the follow article in the British press.

http://www.telegraph.co.uk/news/newstopics/politics/lawandorder/3173346/Chip-and-pin-scam-has-netted-millions-from-British-shoppers.html

[Globaliser]

But it is still not 100% clear if I can use my PIN, that was provided by my credit card company, will do me any good in Europe. The reason it was provided a number of years ago was that 'PIN may be required in certain European countries'.

However, it seems to no avail since it is still with a magnetic strip card.

As newport dave says, you will need your PIN if you use the card in an ATM.

 

But if you use your card for a purchase, you will almost certainly be asked for traditional signature verification without needing your PIN.

I have one more question. How do you handle a transaction when purchasing an item via telephone or the internet? I assume there is no PIN interaction and everything is the same as we do with the magnetic card.

I'm afraid I have to disagree with handfordr here: the PIN should never be asked for by a webpage in an online transaction, and I would never disclose my PIN to a webpage.

 

Some telephone/internet transactions will only require the card number to complete.

 

However, merchants are increasingly also asking for the "security code" which is the three extra digits printed on the signature strip (or the four digits printed on the front of an Amex). This is also known as the CVV2 (Card Verification Value). The idea is that this is less likely to be known to a fraudster who does not have the physical card in their possession. If they do have the physical card, it is less likely that it will remain unreported as lost/stolen. This applies to both telephone and internet transactions.

 

In addition, there are the further internet systems that newport dave mentions: Verified by Visa and Mastercard Securecode. These are used only for internet transactions. They come into play when the card issuer offers the relevant system, the merchant has implemented it on their website and the customer has registered to use the system. After you have entered the card number, the merchant's webpage asks the card issuer for authorisation and a popup window or a frame opens on the webpage. This is directly connected to the card issuer (and only to the card issuer). The card issuer then asks you for a password (or selected characters from a password). If you satisfy the card issuer that you are the cardholder, the window closes and the card issuer tells the merchant that it has authorised the transaction, which then completes the transaction. Because the window/frame is connected only to the card issuer, the password information that you type is not shared with the merchant.

[Globaliser]

I suggest you read the follow article in the British press.

http://www.telegraph.co.uk/news/newstopics/politics/lawandorder/3173346/Chip-and-pin-scam-has-netted-millions-from-British-shoppers.html

So what?

[DorneyBoy]

Broadly speaking, card fraud is down by 90% - as in, it is now running at one-tenth of the level that it was before chip-and-PIN.

quote]

 

I suggest you read the follow article in the British press.

http://www.telegraph.co.uk/news/newstopics/politics/lawandorder/3173346/Chip-and-pin-scam-has-netted-millions-from-British-shoppers.html

 

I've read the piece and all it seems to be saying is that an American 'expert' is alerting the public to a weakness about a relatively trivial (given the size of the problem) occurence of fraud with Chip & Pin.

Similarly there has been wide publicity here in the UK about fraudsters who install camera's above ATM's to capture PIN numbers coupled with a dummy skimming device that fits over the original ATM.

The end result of this public information is we're all more aware and educated to protect ourselves

 

Just seems a poor piece of unbalanced reporting to me.

Surely the journalist should put this within the context that without chip and pin the whole fraud picture would be a lot, lot worse and that overall Chip & Pin is a big step forward.

As handfordr says no system is perfect and this American expert is merely alerting to a weakness in the system so we all don't get complacent. I would be more worried if the so the called 'experts' were smugly saying that Chip & Pin is perfect and foolproof security wise.

[handfordr]

I'm afraid I have to disagree with handfordr here: the PIN should never be asked for by a webpage in an online transaction, and I would never disclose my PIN to a webpage.

 

However, merchants are increasingly also asking for the "security code" .

 

Globaliser, you're right - I was getting PIN's mixed up with security codes

[traveler111]

Those of you who have been to London, I have a question. Have you been denied the use of any of the following cards: Visa, AT&T Universal Card, Discover, or American Express? :)

[Globaliser]

• Visa - This is pretty much universally accepted wherever credit cards are accepted, subject of course to all the technical things mentioned in this thread.
• AT&T Universal Card - The card's website suggests that the personal versions of this card are Mastercards, which are also universally accepted. The business version seems to be a Visa.
• Discover - This is usually not accepted in the UK.
• American Express - This is very widely accepted, but you are likely to come across a number of merchants who will not accept it.

[skisteamboat]

Those of you who have been to London, I have a question. Have you been denied the use of any of the following cards: Visa, AT&T Universal Card, Discover, or American Express? :)

 

Never had a problem with AMEX although I do not use it anymore since the charges are excessive. I stick with Capital One Master Card for minimum or no fees. AMEX, Visa and Master Card are almost universal. I have not seen any places showing the Discover Card Logo.

 

Cheers

[traveler111]

Thank you for the info, will not sign up for AMEX. :)

[drefinnej15]

Hi...Can you tell me what items you needed to use cash for..I am going to take your advice and use my Capital One credit card as much as possible..but do you know what attractions or places/situations i will need cash for?? thanks

[MATHA531]

In the past few years, London has become a lot like New York. There is hardly no place that doesn't accept mc or visa ranging from fast food restaurants, convenience stores, the theatres, most restaurants, most museums that have admission fees (most don't BTW), tube stations, national rail stations, national express coach stations. As a matter of fact, last summer I spent a week in London and the only times I had to pay cash were for drinks in pubs (but many accept cartds for food) and the use of an inexpensive internet cafe (only £1/hour).

 

A couple of things to note. The UK has converted its credit card system to what is called chip and pin. For the most part, UK credit cards issued by UK banks require the use of chip and pin i.e. the card has a chip, it is inserted in a terminal and you must enter a pin number that is embeded in the chip. This is becoming very international. There is, however, one fairly backward country whose banks refuse to adopt chip and pin (I won't mention the name of this country but its initials are USA) as the banks in the USA have found that their losses due to fraud are less than it would cost to convert the whole payment system to chip and pin. While that should have little effect on most touristy type places, sometimes you get ignorant clerks who have to be told that the American card is not chip and pin but the terminals will for the most part read the magnetic strips on US issued cards

 

Also be aware that several of the protections built into merchant agreements in the USA do not carry over to the UK and many other parts of Europe. Merchants can set minimum amounts for use of a credit card, not allowed in the USA in merchant contracts. I have run into this problem from time to time where merchants insist on minimums. I got into quite a verbal exchange with one restaurant who had no sign and would not accept my credit card for less than £10; while I don't question their right to do so, there should be some kind of sign. The restaurant people acted as if everybody should know credit cards are not accepted for less than £10 (although I have never been refused in fast food places for small charges).

 

The other consumer protection not present in the UK is that merchants can surcharge credit card purchases, again agsinst merchant contracts in the USA. Recently I bought Eurostar tickets on the web using my credit card. During the checkout I was told there was a £3 fee for use of the card.

 

Also as a side note they almost always check signatures on non chip and pin cards. The clerks always look at the signatures on the card. I don't think in the USA in the lasty few years any merchant has ever looked at my signature on my mastercard. Almost everything here now is wipe the card, done. Oh well.

[SteveH2508]

It is becoming more common for small transactions to attract a surcharge because the merchant agreement charges make the sales uneconomic otherwise.

 

For instance, you can use a credit card to pay a London taxi fare but it will cost you an extra £2 IIRC. For small transactions cash is still king in UK (that is Sterling not Euros BTW) - very few places accept Euros.

 

Travel companies are probably the worst for surcharging for the use of credit cards.

[MATHA531]

It is becoming more common for small transactions to attract a surcharge because the merchant agreement charges make the sales uneconomic otherwise.

 

For instance, you can use a credit card to pay a London taxi fare but it will cost you an extra £2 IIRC. For small transactions cash is still king in UK (that is Sterling not Euros BTW) - very few places accept Euros.

 

Travel companies are probably the worst for surcharging for the use of credit cards.

 

I understand that but to us Americans, where such surcharges are a violation of the merchant's agreement (as well as the setting of minimums for use of a card) it sometimes comes as an unpleasant surprise.

[Giantfan13]

You might need a few coins to use the WC's.:)

 

We used our Cc as much as possible, but we also found the need for cash. We liked paying for taxi's with cash, and just for an ice cream or something small, we always went the cash route. If we wanted to tip some one, baggage handlers, people in hotels, we just could not give them a CC. You don't need a lot of cash, but some will help.

 

Cheers

 

Len

[SteveH2508]

I understand that but to us Americans, where such surcharges are a violation of the merchant's agreement (as well as the setting of minimums for use of a card) it sometimes comes as an unpleasant surprise.

 

Which was why I felt it necessary to point it out. We Brits have other peculiarities to be aware of - like beer that is not ice cold and tastes of beer! :)

 

Many pubs now take credit cards - often you can run a tab by leaving your card behind the bar and paying for everything at the end. Some pubs also have ATMs in them - do not use them - the surcharges are expensive.

[Giantfan13]

Hi...Can you tell me what items you needed to use cash for..I am going to take your advice and use my Capital One credit card as much as possible..but do you know what attractions or places/situations i will need cash for?? thanks

 

Just noticed you are from MY corner of the world. Where about on LI do you reside??

 

Cheers

 

Len