Our daughter works in the accounting department's revenue division for one of the major airlines. She has to deal daily with credit card fraud as it pertains to that business where she interfaces between the company and the issuing banks.

In conversation this morning she told me how the two major credit card fraud schemes are worked on the airlines and how much it costs the company as in the end, often the company has to take the financial hit.

Last month credit card fraud cost her employer 1.8 Million dollars. That was just last month.

I found it staggering!

I wonder if the new chip cards will help reduce the amount of fraud. It should make if harder to clone a card - providing the merchant has a reader that reads the chip.

Mike

Credit card theft/fraud will only continue to get worse until the banks start to actually do something about it. I'm sure you've all seen the marketing hype from credit card companies that boast about how they have your back when your credit card info is stolen and how you won't be held liable for the money. Well they don't lose any money either when that happens. It's all on the backs of the merchants and the merchants have no recourse.

.. as in the end, often the company has to take the financial hit.


... It's all on the backs of the merchants and the merchants have no recourse.

I would argue it's ultimately on the consumer's back. The banks push the cost of fraud to the merchant, the merchant to the consumer disguised as inflation. - - Perhaps in rare cases, competitive pressures mean the stockholders/owner get the hit.

And chip card didn't save me from fraudulent charges 6 states away - - to an airline. (2nd time in last 6 months to cancel all the cards and start new. No idea of the cost to bank, but cost me 2-3 hours/ea.)

I have not heard a good solution put forward by anyone, but guessing that something has to change soon.

I won't go into detail how the credit card scam is worked as it would only give others ideas. The manner the scam uses will work one time only for a given card. It does it in such a way that the only prevention would be if the bank called the card holder and verified every purchase.

The idea that one company gets this amount of fraud only made me wonder how much the entire US economy is affected by credit card fraud.

I would argue it's ultimately on the consumer's back. The banks push the cost of fraud to the merchant, the merchant to the consumer disguised as inflation. - - Perhaps in rare cases, competitive pressures mean the stockholders/owner get the hit.


Yes, ultimately the consumer will pay for it with increased prices at the store but most consumers aren't smart enough to see it that way. Kind of like, if you gave every person a quarterly tax bill for all the taxes they owe, versus "pay as you go" there would be riots like we've never seen.

If I'm a merchant and I sell a $1000 tool and the credit card used is fraudulent the bank will automatically take the money out of the merchant's bank account without explanation. The explanation usually comes several days later. The merchant then loses the $1000 and the merchandise and it's not like the merchant gets that money back from other customers with increased pricing the next week.

When I had a store with a robust e-commerce business I would do address verification, CVV verification, ip address location checking and I would still occasionally get taken. Glad to be out of that now.

I won't go into detail how the credit card scam is worked as it would only give others ideas.

Trust me, they already know how to do it a dozen different ways.

It's all on the backs of the merchants and the merchants have no recourse.

I don't believe that's true. Under the present set of rules, if the merchant has a chip enabled terminal and the chip is used for the transaction, the merchant does not eat the transaction. If the merchant does not have a chip enabled terminal and the charge is done through a card swipe, the merchant eats the transaction. Here's (http://www.creditcards.com/credit-card-news/understanding-EMV-fraud-liability-shift-1271.php)an article about it.

Under Federal law, the consumer can only be charged for $50 of a fraudulent transaction, and since that's so small, the card companies don't charge it back to the consumer. If the charge is made via phone or Internet and the card is not present, the consumer is not liable for any of the transaction cost. In other words, if all they stole was your card number, you're off the hook.

Mike

[BTW, fraud is much less in Europe because they use a chip card and PIN. Here in the US, the card companies decided not to use a PIN because they were afraid people would not be able to remember the PIN, and would therefore use another card, perhaps with a PIN they could remember. The chip plus PIN is very secure when making a charge with the card present. Even if someone stole your card, they could not make a purchase without knowing the PIN. Of course, the scammers would then just go to online purchases where the card is not present.]

I wonder if the new chip cards will help reduce the amount of fraud. It should make if harder to clone a card - providing the merchant has a reader that reads the chip.

It will help, but not really go far enough until we go to "CHIP and PIN" like the rest of the world. The silly banks didn't think that US customer could remember a PIN... go figure!

It will help, but not really go far enough until we go to "CHIP and PIN" like the rest of the world. The silly banks didn't think that US customer could remember a PIN... go figure!
Jim,

Someone asked my phone number the other day.....and it didn't pop into my head. They may be right. I had a PIN on a bank card for years and one day forgot it, just out of the blue.

I just write the pin number on the card so it is easy to find.

;)

I don't believe that's true. Under the present set of rules, if the merchant has a chip enabled terminal and the chip is used for the transaction, the merchant does not eat the transaction. If the merchant does not have a chip enabled terminal and the charge is done through a card swipe, the merchant eats the transaction. Here's (http://www.creditcards.com/credit-card-news/understanding-EMV-fraud-liability-shift-1271.php)an article about it.

Under Federal law, the consumer can only be charged for $50 of a fraudulent transaction, and since that's so small, the card companies don't charge it back to the consumer. If the charge is made via phone or Internet and the card is not present, the consumer is not liable for any of the transaction cost. In other words, if all they stole was your card number, you're off the hook.

Mike

[BTW, fraud is much less in Europe because they use a chip card and PIN. Here in the US, the card companies decided not to use a PIN because they were afraid people would not be able to remember the PIN, and would therefore use another card, perhaps with a PIN they could remember. The chip plus PIN is very secure when making a charge with the card present. Even if someone stole your card, they could not make a purchase without knowing the PIN. Of course, the scammers would then just go to online purchases where the card is not present.]

my mastercard from ufcu is chip and pin

We were notified this week that the regional bank with which we deal is sending us new debit cards with chips and we use the same pin we use currently on their debit card. We are hoping they arrive before our upcoming trip as we use them in ATMs abroad where we often get the best exchange rate.

Twice since I have been a Sam's Club member, I have stood in line for 30 minutes or so while some fool in front of me with two or three carts of stuff desperately seeks to remember her PIN or call someone else to find out what it is. In addition to that, each time the clerk would not ask the customer to get out of the way so someone else could check out. I can imagine if all card holders were required to use a PIN, this same scenario would play out many times a day at retail establishments.


The silly banks didn't think that US customer could remember a PIN... go figure!

We were notified this week that the regional bank with which we deal is sending us new debit cards with chips and we use the same pin we use currently on their debit card. We are hoping they arrive before our upcoming trip as we use them in ATMs abroad where we often get the best exchange rate.

For travel overseas, there's a couple of things to watch for.

1. Get a credit card which does not charge a foreign exchange fee. Some cards charge as much as 3% for a charge in a non-US currency.

2. The cheapest way to get foreign currency (cash money) is to use your bank ATM card. Some banks do not charge a fee when you use your ATM card in a foreign country. Check with your bank. If they don't charge a fee, you'll get the best exchange rate possible. The worse (well, one of the worse) is to change your US dollars in the airport.

Finally, a couple of cards offer trip cancellation insurance as long as you charge your trip on that card. Chase Sapphire and United Airlines are two that provide up to $10,000 per person (limit 2) in trip cancellation insurance. If you priced trip cancellation insurance you'll see that this is a significant savings (trip cancellation insurance can easily run $500+ per person.)

Mike

The Europeans seem to manage to remember their PINs okay. And Americans seem to be able to remember the 4 digit PIN to get into their smart phones. And the PIN for their ATM cards. As long as the customer can set the PIN themselves, I don't see why Americans should not be able to remember a PIN for a credit card.

Of course, when people set their own PINs (such as their ATM PIN), they use something like their birthday, their child's birthday, etc. I don't see that as a real problem.

Mike

Mike's right, the Europeans do credit cards better than we do. I've made several trips to Edinburgh the last two years and I can't tell you how many taxi drivers I had to teach how to swipe a credit card.

Ken, Be sure to read up on tipping in whichever countries you're going to. Much different than the US. Enjoy your trip!

Mike's right, the Europeans do credit cards better than we do


Canadian's, too.

Credit card theft/fraud will only continue to get worse until the banks start to actually do something about it. I'm sure you've all seen the marketing hype from credit card companies that boast about how they have your back when your credit card info is stolen and how you won't be held liable for the money. Well they don't lose any money either when that happens. It's all on the backs of the merchants and the merchants have no recourse.

When credit card fraud costs the banks more than it costs to institute a more secure usable user verification method, they'll change. Not before, unless there are external forces such as merchant or government action. It seems like the credit card issuer sending an email or text any time a transaction takes place would be doable. I know some institutions do that now.

Ken, Be sure to read up on tipping in whichever countries you're going to. Much different than the US. Enjoy your trip!

I always read up on tipping! But sometimes the rules need to be broken.

Let me tell you about teaching tipping to a fly fishing guide in near Christchurch, NZ on Christmas Eve 2008. They don't believe in tipping. We fished for 4 hours catching 0 fish but that's why then call it fishing and not harvesting. I hung two and couldn't land one. He hung two and couldn't land one. The average wind speed that day was 13 mph with gusts up to 20 mph. Horrible casting conditions for a hacker fly fisherman like me. He taught me a lot about casting in the wind that day. He refused to charge me for his time or even charge me for a license since I didn't catch a fish. He had come in off Christmas vacation with his family to take me fishing. He worked for the resort where we were staying. He may have taken his first tip that day and it was generous. I insisted I would be insulted if he didn't take it.

Then there's the café owner in Paihia, NZ in 2014 who gave 3 couples a ride to their hotels, in the dark of night, while a cyclone was coming ashore and refused any compensation. His café located on the sea wall of the bay was damaged later that night when waves broke through a large window flooding the place. He used his pizza delivery van which looked like a shrunken PT Cruiser with a cage in the back and only 2 seats. One couple at a time, wife riding shotgun, husband in the back on his hands and knees with the luggage and the owner driving the pizza delivery van, he delivered the 3 American couples to their respective hotels refusing any compensation even for his gasoline expenses. My wife and I were the 3rd couple. The next day our early morning tour was canceled while we were on the road in the tour bus, due to high winds, 135 kph, at the pass we had to cross. Later that day and again the next morning, wearing our Gore-Tex lined mountain parka styled rain coats, my wife and I walked from our hotel to this gentleman's café and managed to eat 3 meals over the next two days before we departed without the tour we had scheduled. That was the only way we could try to repay him for his kindness. Riding in the back of a pizza delivery van in a hurricane! What a kick!:D

Friendly bunch those Kiwis!

Australians and New Zealanders do not tip and do not expect to be tipped and if I went to the US I would find it very strange and be totally out of my depth as far as tipping is concerned. The background to no tipping is that our service industry employees do not have to use tips to make up their weekly wage and if they do receive a tip it is a true bonus.

Australians and New Zealanders do not tip and do not expect to be tipped and if I went to the US I would find it very strange and be totally out of my depth as far as tipping is concerned. The background to no tipping is that our service industry employees do not have to use tips to make up their weekly wage and if they do receive a tip it is a true bonus.

Chris, in my limited experience, ( we have spent 14 days in Australia and 2 trips for a total of 24 days in New Zealand), the service industry people in those two countries make more, don't expect tips and provide a higher level of service than is provided here in the USA. I don't believe it's caused because of the higher base wage as much it is just a different social attitude than you see here in the USA.

It seems like the credit card issuer sending an email or text any time a transaction takes place would be doable. I know some institutions do that now.
I have my credit cards set up that way - I get a text or Apple app notification every time the card is used. Kind of funny sometimes. I'll get a notification before the waiter brings the credit card receipt for me to sign.

If I recall, I think you can choose to receive an email but text and Apple iPhone app notifications work better for me.

Mike

Twice since I have been a Sam's Club member, I have stood in line for 30 minutes or so while some fool in front of me with two or three carts of stuff desperately seeks to remember her PIN or call someone else to find out what it is. In addition to that, each time the clerk would not ask the customer to get out of the way so someone else could check out. I can imagine if all card holders were required to use a PIN, this same scenario would play out many times a day at retail establishments.

Somehow that doesn't seem to be a problem in Europe. I doubt that Europeans are significantly smarter or have better memories than people in the US.

Chipped cards are used almost exclusively in every country I've traveled to, for transactions from a few "cents" to thousands of Euros. I've made hundreds of transactions and stood behind many people and not ONE TIME did I see someone fumble with a PIN. I've never forgotten the PIN and I have an shockingly horrible memory - just ask my Lovely Bride, ah, what is her name? (I do keep the PIN in the safe and review it before a trip if I haven't traveled for a few months)

Here's a tip: use a simple trick to encode the PIN (just ask if interested) and write the result somewhere such as part of a phone number for Aunt Sally. That would be easy to recover.

Years ago I got a special international card debit from my credit union and use it exclusively when traveling. The clerk passes a hand-held reader, I insert the card, type the PIN, and it's usually done in 15 seconds. As fast or faster than swiping a card and signing. And your money is far safer with a PIN - lose your card in the US and anyone who finds it can drain it at Walmart, chip or not.

I do think there will be a painful adjustment period when they go to the PIN chip cards in the US, but it will pass. Maybe those incapable of remembering a PIN will learn to carry cash so they can get their smokes and cokes.

JKJ

Maybe if people use their PIN more often, they'll remember it.

Jim,

Someone asked my phone number the other day.....and it didn't pop into my head. They may be right. I had a PIN on a bank card for years and one day forgot it, just out of the blue.
A very large percentage of the population use Debit Cards/ATM cards today with a PIN and have for years. And since one can usually determine what the PIN is so it's "personally meaningful", I suspect that few would not be able to remember it. Even my older daughter who has "issues" can remember her PIN. (much to her financial detriment sometimes...but that's a different kind of problem ;) )

My experience in Europe was that they seem to prefer Debit cards to credit cards. Locally issued credit cards seem to work OK if you can get one. They also seem to prefer Visa over Mastercard from memory. The whole credit card fraud and skimming issue is why using Apple Pay is a good idea although its take up is a but patchy.

CHIP cards do no good if online purchases can still be made using just the card number. Does having CHIP and PIN mean the PIN would be required for online purchases?

CHIP cards do no good if online purchases can still be made using just the card number. Does having CHIP and PIN mean the PIN would be required for online purchases?
No, giving you PIN for a on-line purchase would not provide any security. The PIN is tied to the chip. On-line security is still a work in progress. IF the US were to go to chip and PIN, it would essentially eliminate "card present" fraud. But the scammers would move to "card not present" fraud, which includes on-line purchases.

We need chip and PIN but we also need a good secure system when the card is not present.

Mike

... need a good secure system when the card is not present.

Several 'dual mode' verification systems are used in the IT world for high security server access. One example requires you to attempt to logon to a server using typical credentials, but before allowing the logon, user is prompted for additional verification. User selects either a cell phone app 'push', or a phone call - cell or landline. Both the push or call require user to respond. The response is from a totally separate device (vs. the server) and is the second 'mode'. Total additional elapsed time is perhaps 6-8 seconds.

For credit cards, the card swipe/chip read/online would be the first mode verification. Push or phone call from CC provider would be the secondary mode verification. Hacker would have to compromise both your card and your phone.

...My prediction? It's coming quickly.

CHIP cards do no good if online purchases can still be made using just the card number. Does having CHIP and PIN mean the PIN would be required for online purchases?

In Australia, we've had chip cards for many years. Because the card issuers did not want to leave out any merchants, the cards still have a magnetic strip for merchants who only have swipe POS terminals. They also would still accept a signature instead of the PIN for a number of years but now a PIN is needed in Australia for purchases usually in excess of $100. You can just use "Paywave" (a proximity RFD device built into the card) for lower value purchases so some fraud is still possible, even with a chip card. The cards have a 3 number code on the reverse side (called a CVV I think) to use when doing internet or phone purchases.

When I was in Europe last year, many times I was asked for a signature instead of entering my PIN so there's not a lot of consistency. When I would buy fuel, I had to find service stations with an attendant so I could sign the receipt (Europe has a lot of unattended "automatic" gas stations - like Costco).

but now a PIN is needed in Australia for purchases usually in excess of $100.


What do American's do when they don't have PIN cards?

What do American's do when they don't have PIN cards?

When we were in Australia for 2 weeks in 2014, we used credit cards like we do at home. For cash, we used ATMs and our debit card which requires a pin.

What do American's do when they don't have PIN cards?

When traveling in Europe, I insert the card in the reader, but I have to sign the receipt instead of entering a PIN.

Mike

Same in Canada, but he said that e PIN was required in Australia.

Gerry....2 years ago we spent 14 days in Australia. We used credit cards to buy things like souvenirs, replace two pieces of damaged luggage and pay for meals. For some smaller things we used cash. We never needed a pin when we used the credit card. When we used the debit card to get cash at the ATMs we did use our pin but we have to use a pin for that debit card here at home in the US.

No, giving you PIN for a on-line purchase would not provide any security. The PIN is tied to the chip. On-line security is still a work in progress. IF the US were to go to chip and PIN, it would essentially eliminate "card present" fraud. But the scammers would move to "card not present" fraud, which includes on-line purchases.


My credit cards have been used for fraud multiple times. I believe they have all been online purchases and not purchases at actual card readers. CHIP cards do nothing to stop this sort of fraud.

What CHIP cards prevent is wholesale harvesting of credit card numbers like what happened at Target, Home Depot, and others. If a card reader gets malware installed due to a security issue the numbers that are grabbed from CHIP cards are worthless as they are one time use numbers.

I had a situation recently where my credit card number was stolen. I know it was stolen when I was in a restaurant because the crooks used it to buy some headsets. However, the company called me because they didn't have the headsets in stock and wanted to know if I would wait for them. I can pin the theft to the restaurant because the company called me on my cell phone. And I had used my cell phone number on my "frequent eater" program at that restaurant.

So the restaurant employees took my card number, and probably my CVC, and looked up my info on the "frequent eater" program. If they had looked me up on the web, they would have found my home phone number, but not my cell phone number. They used my home address (which was also in the "frequent eater" program) but I assume they would have called in to get the shipping address changed.

I reported it to the management of the restaurant but nothing was done. I never went back to that restaurant, however, and did a review of them with the information about the theft.

Mike

My take on the whole affair is that chip cards don't offer a whole lot more security while they still have the magnetic stripe on the back. Skimming of credit card data has happened at ATMs where crims have stuck on a small mag stripe reader around the entry slot for your card. My understanding is its the stripe that been read, not the chip. In terms of phone or internet theft using the card details, if they have physically accessed your card, they will have all they need (including the CVV code). The only check possible then is some sort of address/phone number verification. I saw some mention of Apple Pay for the web but don't know much about that as yet.

My take on the whole affair is that chip cards don't offer a whole lot more security while they still have the magnetic stripe on the back.
This is absolutely true. And unfortunately, it's going to be a long time before the mag-strip is no longer needed...

My take on the whole affair is that chip cards don't offer a whole lot more security while they still have the magnetic stripe on the back. Skimming of credit card data has happened at ATMs where crims have stuck on a small mag stripe reader around the entry slot for your card. My understanding is its the stripe that been read, not the chip. In terms of phone or internet theft using the card details, if they have physically accessed your card, they will have all they need (including the CVV code). The only check possible then is some sort of address/phone number verification. I saw some mention of Apple Pay for the web but don't know much about that as yet.

There is some sort of data embedded in the magnetic stripe that tells the card reader the card has a chip so only the chip can be used. That does no good if the card reader is stripe only and also doesn't help against online use.

There is some sort of data embedded in the magnetic stripe that tells the card reader the card has a chip so only the chip can be used. That does no good if the card reader is stripe only and also doesn't help against online use.

I can't speak for cards issued elsewhere but I don't believe this is the case for Australian cards. When I have bought goods from a merchant who doesn't have the chip reader POS device, they just swipe the card. I then enter the PIN or sign the receipt depending on what their system needs.