According to an article in BankInfo Security, Visa and Mastercard have given fuel pump terminal vendors an additional 3 years to add support for EMV.
Visa and MasterCard announced this week that they are pushing back their liability shift dates for counterfeit card fraud that results at non-EMV chip-compliant U.S. pay-at-the-pump gas terminals to October 2020 from October 2017.
That news is an early Christmas gift for convenience-store operators and the petrol industry, even though if it leaves issuers on the hook three years longer for counterfeit fraud that might result from a hack or skimming attack at self-serve gas pumps.
But I wonder how much fuss issuers will make about the extension. Counterfeit card fraud at gas pumps pales relative to retail point-of-sale and ecommerce fraud. And despite what we heard five years ago about pay-at-the-pump skimming reaching nearly "epidemic" proportions, we hear much less about it today. That's not to say it's gone away, by any means; but it no longer appears to be a looming epidemic
Visa and MasterCard made the right decision to give gas pumps a break on EMV. The question now is, will the three year extension be enough?
(Score: 2) by opinionated_science on Wednesday December 14 2016, @11:25PM
Yes , in Europe this is the standard - card never leaves your sight.
Here in the USA, I was in Miami and the gas station skimmed my card. Did some googling and it had been reported on the local news over 6 months previous.
In essence , CC companies are the middle men that just pass the costs on to us suckers.
Google/Apple/Whatever pay from bank accounts, might upset that if widespread enough.
Google Pay uses a virtual account number, so it is impossible to skim. Surely, that would be trivial for banks to add?
Oh right, not in their interests to let you get fraud free payment, as they probably don't get a kick back....
(Score: 2) by Scruffy Beard 2 on Wednesday December 14 2016, @11:36PM
I think you missed my point.
Yes it is good that replay attacks are shut-down, but the card must trust the payment terminal.
If the payment terminal skims your PIN, have fun proving it: the burden is now on you, the customer. (Though in practice, I suspect they would notice if the same location generates many complaints).