Credit Card fraud....

[Nick Hicks]

CHIP cards do no good if online purchases can still be made using just the card number. Does having CHIP and PIN mean the PIN would be required for online purchases?

In Australia, we've had chip cards for many years. Because the card issuers did not want to leave out any merchants, the cards still have a magnetic strip for merchants who only have swipe POS terminals. They also would still accept a signature instead of the PIN for a number of years but now a PIN is needed in Australia for purchases usually in excess of $100. You can just use "Paywave" (a proximity RFD device built into the card) for lower value purchases so some fraud is still possible, even with a chip card. The cards have a 3 number code on the reverse side (called a CVV I think) to use when doing internet or phone purchases.

When I was in Europe last year, many times I was asked for a signature instead of entering my PIN so there's not a lot of consistency. When I would buy fuel, I had to find service stations with an attendant so I could sign the receipt (Europe has a lot of unattended "automatic" gas stations - like Costco).

[Gerry Grzadzinski]

but now a PIN is needed in Australia for purchases usually in excess of $100.

What do American's do when they don't have PIN cards?

[Ken Fitzgerald]

What do American's do when they don't have PIN cards?

When we were in Australia for 2 weeks in 2014, we used credit cards like we do at home. For cash, we used ATMs and our debit card which requires a pin.

[Mike Henderson]

What do American's do when they don't have PIN cards?

When traveling in Europe, I insert the card in the reader, but I have to sign the receipt instead of entering a PIN.

Mike

[Gerry Grzadzinski]

Same in Canada, but he said that e PIN was required in Australia.

[Ken Fitzgerald]

Gerry....2 years ago we spent 14 days in Australia. We used credit cards to buy things like souvenirs, replace two pieces of damaged luggage and pay for meals. For some smaller things we used cash. We never needed a pin when we used the credit card. When we used the debit card to get cash at the ATMs we did use our pin but we have to use a pin for that debit card here at home in the US.

[Brian Elfert]

No, giving you PIN for a on-line purchase would not provide any security. The PIN is tied to the chip. On-line security is still a work in progress. IF the US were to go to chip and PIN, it would essentially eliminate "card present" fraud. But the scammers would move to "card not present" fraud, which includes on-line purchases.

My credit cards have been used for fraud multiple times. I believe they have all been online purchases and not purchases at actual card readers. CHIP cards do nothing to stop this sort of fraud.

What CHIP cards prevent is wholesale harvesting of credit card numbers like what happened at Target, Home Depot, and others. If a card reader gets malware installed due to a security issue the numbers that are grabbed from CHIP cards are worthless as they are one time use numbers.

[Mike Henderson]

I had a situation recently where my credit card number was stolen. I know it was stolen when I was in a restaurant because the crooks used it to buy some headsets. However, the company called me because they didn't have the headsets in stock and wanted to know if I would wait for them. I can pin the theft to the restaurant because the company called me on my cell phone. And I had used my cell phone number on my "frequent eater" program at that restaurant.

So the restaurant employees took my card number, and probably my CVC, and looked up my info on the "frequent eater" program. If they had looked me up on the web, they would have found my home phone number, but not my cell phone number. They used my home address (which was also in the "frequent eater" program) but I assume they would have called in to get the shipping address changed.

I reported it to the management of the restaurant but nothing was done. I never went back to that restaurant, however, and did a review of them with the information about the theft.

Mike

[Nick Hicks]

My take on the whole affair is that chip cards don't offer a whole lot more security while they still have the magnetic stripe on the back. Skimming of credit card data has happened at ATMs where crims have stuck on a small mag stripe reader around the entry slot for your card. My understanding is its the stripe that been read, not the chip. In terms of phone or internet theft using the card details, if they have physically accessed your card, they will have all they need (including the CVV code). The only check possible then is some sort of address/phone number verification. I saw some mention of Apple Pay for the web but don't know much about that as yet.

[Jim Becker]

My take on the whole affair is that chip cards don't offer a whole lot more security while they still have the magnetic stripe on the back.

This is absolutely true. And unfortunately, it's going to be a long time before the mag-strip is no longer needed...

[Brian Elfert]

My take on the whole affair is that chip cards don't offer a whole lot more security while they still have the magnetic stripe on the back. Skimming of credit card data has happened at ATMs where crims have stuck on a small mag stripe reader around the entry slot for your card. My understanding is its the stripe that been read, not the chip. In terms of phone or internet theft using the card details, if they have physically accessed your card, they will have all they need (including the CVV code). The only check possible then is some sort of address/phone number verification. I saw some mention of Apple Pay for the web but don't know much about that as yet.

There is some sort of data embedded in the magnetic stripe that tells the card reader the card has a chip so only the chip can be used. That does no good if the card reader is stripe only and also doesn't help against online use.

[Nick Hicks]

There is some sort of data embedded in the magnetic stripe that tells the card reader the card has a chip so only the chip can be used. That does no good if the card reader is stripe only and also doesn't help against online use.

I can't speak for cards issued elsewhere but I don't believe this is the case for Australian cards. When I have bought goods from a merchant who doesn't have the chip reader POS device, they just swipe the card. I then enter the PIN or sign the receipt depending on what their system needs.