However, I'm still not sure how they will handle the PIN part of Chip and PIN, as the usual requirement is that the PIN is entered on a dedicated Pin Entry Device which then only presents the unlocked smart card to the merchant register.
PayPal Here solution to this was to have a seperate Bluetooth card reader and pin pad http://techcrunch.com/2013/02/21/paypal-here-is-coming-to-th...
Does anyone know if people can use chip and pin cards but only sign for them?
There's a list of acceptable verification methods in the card, and a list of methods the device is can perform is contained in the terminal software. The intersection of these is what's usually performed.
(background - I wrote my first EMV processing kernel in 2001 and am currently working on a bluetooth-enabled card-reader and PIN entry device that looks like it will directly compete with the square device)
Some cards are pin only - notably most of Maestro, Visa Electron and V-PAY cards.
A lot, a majority?, of chipcards issued in the U.S. prefers signatures - I'm uncertain what the percentage is for which doesn't support pin at all.
http://www.smh.com.au/digital-life/digital-life-news/pins-to...
Anecdotal story: the only time my credit card has been defrauded is after a 3 day stay in the USA
Care to explain how and why the fraud rate went up?
Chip and PIN cards are widely deployed here in Spain, and all cases of fraud around me involved drunk people not covering the keypad when entering their PIN. In ATMs there's a nice animation of a hand covering the number pad, but not on POS (LCD displays just say "Enter your PIN"), and many people are careless or forget to do so.
I used to hear more cases of CC fraud back when magnetic strips were used, but I might just be biased.
It's only on rare occasions now that I have to even put in a pin (in Australia), NFC style payment terminals are pretty much ubiquitous.
NFC payments in 80-90% of stores, many parking machines, >50% of vending machines.
However, the game could change completely with the move to tokenization.
That's really cool that contactless is so ubiquitous in Oz. As a nation you guys are very much ahead of the game on the whole contactless/NFC thing.
The NFC cards, SIMs, keyfobs etc. don't necessarily require a PIN here in Poland; you're good for ~$15 USD (50 PLN).
If you need to pay more than that, you then have to enter your PIN as you suggest.
Limits the use cases to corner-shop-equivalent purchases, still quite a large market!
I don't know if there's a technical reason why not, but the security requirements for these devices are fairly stringent and getting a piece of software, running on a relatively open system with other apps from unknown sources all over it, well the certification folks would probably take a hell of a lot of convincing.
Not saying it can;t be done, but I don't think I'd like to be on that project.
American Express sent me a new card—unprovoked—about two months ago that is chipped. As mentioned elsewhere, it is a chip and signature card (as opposed to a chip and pin). I'm nothing particularly special as a credit card user so, if I received a card, seems the roll out has already well underway.
Another point is, as mentioned elsewhere, PayPal already offers a chip and pin compatible bluetooth device in a few countries marketed as part of their PayPal Here brand[0].
[0] - https://www.paypal.com/uk/webapps/mpp/how-to-use-paypal-here
(Only if you don't use a wallet)...
But given that they've already tried a "Just use the app, forget your wallet" approach that didn't take off like they wanted, I'm guessing they're not ready to try anything outside of mainstream payment cards.
It allows the shift in liability to the merchant if they don't perform a chip transaction.
Fallback is at merchant discretion, if they want to take transactions under those circumstances then that's their risk.
Other than that, no EMV is not perfect, but it's a DAMN site better than the everything-in-the-clear magstripe. Did you read the linked article about fraud levels?
