SoylentNews is people
SoylentNews
According to an article in BankInfo Security, Visa and Mastercard have given fuel pump terminal vendors an additional 3 years to add support for EMV.
Visa and MasterCard announced this week that they are pushing back their liability shift dates for counterfeit card fraud that results at non-EMV chip-compliant U.S. pay-at-the-pump gas terminals to October 2020 from October 2017.
That news is an early Christmas gift for convenience-store operators and the petrol industry, even though if it leaves issuers on the hook three years longer for counterfeit fraud that might result from a hack or skimming attack at self-serve gas pumps.
But I wonder how much fuss issuers will make about the extension. Counterfeit card fraud at gas pumps pales relative to retail point-of-sale and ecommerce fraud. And despite what we heard five years ago about pay-at-the-pump skimming reaching nearly "epidemic" proportions, we hear much less about it today. That's not to say it's gone away, by any means; but it no longer appears to be a looming epidemic
Visa and MasterCard made the right decision to give gas pumps a break on EMV. The question now is, will the three year extension be enough?
(Score: 2) by bob_super on Wednesday December 14 2016, @09:50PM
Hey, do you know how I've paid in European restaurants for the last quarter century?
After waiting for hours to get her attention, you tell the waitress you don't need the check because you know how to add (tax and tips included, round numbers).
She brings you the card terminal, which looks like a printing calculator. She types the amount and puts the chip in, hands it to you for the code
5 seconds later, the card has authorized the code, you pull your card out, which never left your sight, and the receipt is printing.
Done.
Again: a [bleep]ing quarter of a century of having figured it out.
(Score: 2) by Scruffy Beard 2 on Wednesday December 14 2016, @11:05PM
Technically, those terminals are never supposed to leave the sight of the waitress.
I have been told by the owner of one of my former ISPs that the payment processors were very reluctant to send terminals to small businesses, presumably due to the possibility of tampering.
(Score: 2) by opinionated_science on Wednesday December 14 2016, @11:25PM
Yes , in Europe this is the standard - card never leaves your sight.
Here in the USA, I was in Miami and the gas station skimmed my card. Did some googling and it had been reported on the local news over 6 months previous.
In essence , CC companies are the middle men that just pass the costs on to us suckers.
Google/Apple/Whatever pay from bank accounts, might upset that if widespread enough.
Google Pay uses a virtual account number, so it is impossible to skim. Surely, that would be trivial for banks to add?
Oh right, not in their interests to let you get fraud free payment, as they probably don't get a kick back....
(Score: 2) by Scruffy Beard 2 on Wednesday December 14 2016, @11:36PM
I think you missed my point.
Yes it is good that replay attacks are shut-down, but the card must trust the payment terminal.
If the payment terminal skims your PIN, have fun proving it: the burden is now on you, the customer. (Though in practice, I suspect they would notice if the same location generates many complaints).