Not a big deal, just curious if anyone knows about this.
I walked out without my wallet Monday to make some returns.
Runnings put the money back on my card without asking for it.
Petco says it is impossible without the card, so they gave me store credit.

Forgetting about store policies, could it actually be impossible for Petco, when Runnings does it routinely?
(My assumption is that Petco just wants you to either come back or lose the card; but I don't know...)

Most stores store your credit card number as a token so they can do receipt lookups or credit back your card. Petco apparently chooses not to store the credit card info. Most big chain stores will just automatically refund your card on returns without needing the card, but not all stores yet. Some still require the card to do a credit.

Wade, I was in management with Petco for 8+ years. That's correct: They don't store CC info (or at least never did). I always assumed that the reason for this was because of liability and also, it propbably cost corporate more to have a system which could securely store that info.

Best,

Erik Loza
Minimax USA

They don't store CC info (or at least never did). I always assumed that the reason for this was because of liability

This.

To store #s according to CC TOS, there are a slew of rules companies must follow. They're a royal pain. By doing so, the company takes on a load of responsibility for fraud prevention. So, companies have to decide if the extra trouble is worth the extra business it may get them... Amazon is a classic example of this, with their "one-button payment" system making quite a bit of dough. Make it easy for the consumer to pay and they'll buy more. Personally, I'd prefer if companies didn't do it, but as long as CC companies make it relatively painless to replace my card when the identity is stolen, I'll live with it.

I know CC companies charge businesses a % for accepting their credit card. I wonder if the store gets that % back by refunding to the card, or if it is just easier?

This.

To store #s according to CC TOS, there are a slew of rules companies must follow. They're a royal pain. By doing so, the company takes on a load of responsibility for fraud prevention. So, companies have to decide if the extra trouble is worth the extra business it may get them... Amazon is a classic example of this, with their "one-button payment" system making quite a bit of dough. Make it easy for the consumer to pay and they'll buy more. Personally, I'd prefer if companies didn't do it, but as long as CC companies make it relatively painless to replace my card when the identity is stolen, I'll live with it.

The problem is large merchants have historically stored too much information.

To credit a card, all that is required is the #, you don't need the expiration date, you don't need anything but the #. So the way it SHOULD have worked is, the expiration date would be captured and used during the initial settling of the charge, then the expiration should have been dropped and the card # kept. If a customer returns something, the merchant would have everything necessary to credit the card.

In that way, the expiration date would be a sort of PIN (not a great one, it is printed right on the card). Without the expiration date, though, the card # alone would be far less valuable to hackers.

But when it comes to the breaches at the very largest merchants, it is all moot anyhow. That is because the breaches were so long-lasting that they had access to the expiration date before settling for apparently months. In those cases, the hackers had their heads right up the you-know-whats of the merchants.

The solution in Europe is adding an actual PIN on credit cards. But major banks in the US have indicated: (1) Their customers don't want to remember a pin. (2) If the merchants allow their systems to be compromised, the PIN is less helpful. That is because the PIN can be captured by the "bad actors." True, a CC outfit can change the PINs on all the impacted cards and mail new PINs to customers (instead of issuing new cards). But still the PIN isn't perfect.

I know CC companies charge businesses a % for accepting their credit card. I wonder if the store gets that % back by refunding to the card, or if it is just easier?

Over 15 years ago when I had a business I think I got the fee back on refunds. The credit card landscape has changed a LOT since then.

The big reason retailers don't give cash back on credit card returns is because if they did then customers would use the retailer as a free way to get credit card cash advances. It would cost the retailer the up front percentage plus the time to sell and then return an item to stock. Credit card cash advances usually cost between 2% to 5% as a fee and then a higher interest rate on most cards plus no grace period before interest is charged. Walmart has given me cash back when I do small returns under $10, but most retailers only credit the card or offer store credit for any size return.

Okay, so they are telling the truth when they say they are unable to credit the card, but only because they choose to be unable.

............................................
The solution in Europe is adding an actual PIN on credit cards. But major banks in the US have indicated: (1) Their customers don't want to remember a pin. (2) If the merchants allow their systems to be compromised, the PIN is less helpful. That is because the PIN can be captured by the "bad actors." True, a CC outfit can change the PINs on all the impacted cards and mail new PINs to customers (instead of issuing new cards). But still the PIN isn't perfect.

I'm not sure if this is universally true but UK banks that use "chip and pin" don't offer the fraud protection we have here. If somehow a 'bad actor' comes into possession of both the chip bearing card and the PIN, the cardholder is fully responsible for any charges.

Okay, so they are telling the truth when they say they are unable to credit the card, but only because they choose to be unable.

I'd much prefer them to "choose to be unable".

I'm not sure if this is universally true but UK banks that use "chip and pin" don't offer the fraud protection we have here. If somehow a 'bad actor' comes into possession of both the chip bearing card and the PIN, the cardholder is fully responsible for any charges.

How do UK websites handle online transactions? Do they require the PIN there too?

The USA version of chip cards don't require a PIN. The one thing I don't like about chipped cards is that the transaction takes several times longer than a swipe transactions. The card has to stay in the reader during the entire transaction too. If the card is bumped or anything like that you have to start over. I accidentally bumped my card after inserting it at Walmart yesterday and had to start over.

I'm not sure if this is universally true but UK banks that use "chip and pin" don't offer the fraud protection we have here. If somehow a 'bad actor' comes into possession of both the chip bearing card and the PIN, the cardholder is fully responsible for any charges.

Are you sure? I honestly don't know, but I tend to break questions like this down into bits. It goes like this: I can't imagine anyone would be willing to carry a card with a substantial credit limit in this age of ever-increasing fraud, knowing they'd be personally responsible for losses. If people wouldn't be willing to USE the system, there would be no widespread use of cards in the UK. But there IS widespread use. So people must not be too concerned about exposing themselves in the event of fraud. So they must be protected.

Also, I found this on Wikipedia:

United Kingdom[edit (http://en.wikipedia.org/w/index.php?title=Credit_card_fraud&action=edit&section=19)]

In the UK, credit cards are regulated by the Consumer Credit Act 1974 (http://en.wikipedia.org/wiki/Consumer_Credit_Act_1974) (amended 2006). This provides a number of protections and requirements.
Any misuse of the card, unless deliberately criminal on the part of the cardholder, must be refunded by the merchant or card issuer.



(Source: http://en.wikipedia.org/wiki/Credit_card_fraud)

Here in the Great White North, pretty much everything is chip and pin now.There are some small shops using the swipe, but not many. The fraud protection with chip and pin is the same as for swipe and sign. Many of the bigger outfits, including gas pumps have moved on even from chip and pin and now it's just tap and go. This one worries me a bit since the thief only needs my card. He does not need a pin. You just tap the card on the device and that's it. So far, though, the banks here are offering the same fraud protection as they always have.

Here in the Great White North, pretty much everything is chip and pin now.There are some small shops using the swipe, but not many. The fraud protection with chip and pin is the same as for swipe and sign. Many of the bigger outfits, including gas pumps have moved on even from chip and pin and now it's just tap and go. This one worries me a bit since the thief only needs my card. He does not need a pin. You just tap the card on the device and that's it. So far, though, the banks here are offering the same fraud protection as they always have.

Tap and go would usually require the thief to actually steal your card. Most credit card fraud today is happening electronically and not with physical cards. The work required to replicate a tap and go card wouldn't usually net enough to make it worth the work. Thieves want to buy high value items they can sell for cash. The main reason thieves buy gas at the pump is just to test if the card still works before using it elsewhere.

The chipped cards will not require a PIN here is the USA. Just a signature like swipe transactions.

Are you sure? I honestly don't know, but I tend to break questions like this down into bits. It goes like this: I can't imagine anyone would be willing to carry a card with a substantial credit limit in this age of ever-increasing fraud, knowing they'd be personally responsible for losses. If people wouldn't be willing to USE the system, there would be no widespread use of cards in the UK. But there IS widespread use. So people must not be too concerned about exposing themselves in the event of fraud. So they must be protected.

Also, I found this on Wikipedia:

United Kingdom[edit (http://en.wikipedia.org/w/index.php?title=Credit_card_fraud&action=edit&section=19)]

In the UK, credit cards are regulated by the Consumer Credit Act 1974 (http://en.wikipedia.org/wiki/Consumer_Credit_Act_1974) (amended 2006). This provides a number of protections and requirements.
Any misuse of the card, unless deliberately criminal on the part of the cardholder, must be refunded by the merchant or card issuer.



(Source: http://en.wikipedia.org/wiki/Credit_card_fraud)

I may have confused credit card and debit card policies. Here (U.S.) both have some degree of fraud protection. My understanding is that because chip bearing cards are almost impossible to clone (so far and in theory) and a pin is also required there can be no transactions except by the legitimate holder. Perhaps one of our U.K. members will correct any misunderstanding. It's also possible to limit exposure to fraudulent use of debit cards simply by limiting the funds in the account to which the debit card is attached. Re mail order, because there'd be no chip reader involved I assume online transactions would have normal fraud protections. It'll be interesting to see how ApplePay and the like fraud rates compare to existing electronic payment methods.

Brian: You are right, of course, that tap and go requires the thief to have the card. However, the increased fraud using tap and go shows that is going on. Warnings are more prevalent now about not letting your card out of your sight, in restaurants, for example. I don't think any business here uses chip cards and signatures. Chips = pin.