According to an article in BankInfo Security, Visa and Mastercard have given fuel pump terminal vendors an additional 3 years to add support for EMV.
Visa and MasterCard announced this week that they are pushing back their liability shift dates for counterfeit card fraud that results at non-EMV chip-compliant U.S. pay-at-the-pump gas terminals to October 2020 from October 2017.
That news is an early Christmas gift for convenience-store operators and the petrol industry, even though if it leaves issuers on the hook three years longer for counterfeit fraud that might result from a hack or skimming attack at self-serve gas pumps.
But I wonder how much fuss issuers will make about the extension. Counterfeit card fraud at gas pumps pales relative to retail point-of-sale and ecommerce fraud. And despite what we heard five years ago about pay-at-the-pump skimming reaching nearly "epidemic" proportions, we hear much less about it today. That's not to say it's gone away, by any means; but it no longer appears to be a looming epidemic
Visa and MasterCard made the right decision to give gas pumps a break on EMV. The question now is, will the three year extension be enough?
(Score: 2) by takyon on Wednesday December 14 2016, @09:16PM
Since I wrote my last comment about this, I've found that the chip worked in maybe 5 seconds in one instance (Walmart maybe?) and considerably longer in other stores.
I think ALDI uses the scotch tape over the chiphole, as you might expect. They also only recently started accepting credit cards in the first place.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by Scruffy Beard 2 on Wednesday December 14 2016, @10:59PM
If it takes more than a few seconds they are probably using dial-up.
Or, if it is around Christmas, the server is just overloaded.
The old magstripe system is vulnerable to the replay attack soo badly, that they call it "identity theft" when you copy the transaction.
(Score: 3, Interesting) by urza9814 on Thursday December 15 2016, @09:55PM
You can usually force a 'fallback transaction' (using the mag stripe) by inserting the card backwards. It'll fail immediately; do it three times in a row and it'll let you swipe. And doing that doesn't impact the liability -- it's still on the card issuer because the POS *supports* the chip, even if it isn't used.