Don’t be a chip-and-pinhead!

Yure/Shutterstock

If you happen to drive down the Brenner Autobahn between Austria and Italy this summer, here’s a little advice for crossing the wind-whipped Europabrücke, or Europe Bridge: keep a little cash on hand to pay the toll.

When I motored south from Alsace, France, to the Italian Alps not long ago, I failed to do that. It resulted in one of the scariest moments of my life. I steered our Hertz rental van into the credit card lane, assuming that my Wells Fargo Visa would be accepted, as it had been on the French highways.

But it wasn’t.

Elliott Advocacy is underwritten by MedjetAssist. Medjet is the premier global air-medical transport, travel security and crisis response membership program for travelers. With a MedjetAssist membership, if you become hospitalized more than 150 miles from home, we will get you from that unfamiliar hospital all the way home to the hospital you trust. All you ever pay is your membership fee. MedjetHorizon members add 24/7 personal security and crisis response benefits. Elliott.org readers enjoy discounted rates. Travel safer with  MedjetAssist.

Three futile swipes later, I nervously switched to my debit card. Cars started to line up behind me. Nothing. I fumbled for my Navy Federal Visa card. It, too, was rejected. In the resulting confusion, with the automated toll gate calmly issuing instructions in Italian, I dropped the plastic, and it blew into a busy lane.

Don’t let this be you. The truth is, your American Visa or MasterCard works abroad, except when it doesn’t. When you absolutely have to pay for something, no matter where you are, carry a little local currency.

The problem is mostly chip-and-PIN technology. They use it, we don’t. Chip-and-PIN, for the uninitiated, is the common name for the EMV smart card payment system used by credit, debit and ATM cards in Europe and most of the rest of the world. The systems authenticate your identity by means of a computer chip embedded in the card and a personal identification number, or PIN.

Most American credit cards use an older credit card technology that relies on a magnetic strip to verify the customer, also referred to as swipe-and-sign. They’ve been slower to adopt the technology primarily because of price. It’s cheaper to write off the cost of the fraud resulting from the less secure credit card technology than to invest in the more secure chip-and-PIN systems. The United States is scheduled to begin broadly adopting chip technology next year.

Until then, here’s what you need to know: Credit card problems are more frequent than your bank wants you to think. While an increasing number of banks offer chipped cards, only a few are actually worth carrying. And by the way, if you’re reading this story, you probably need one.

I won’t make you scroll to the bottom to find out what happened to my family’s chip-and-PINless misadventure. I couldn’t open the van door because the toll booth blocked it, but my 11-year-old son, Aren, bravely slid the back door open and retrieved the card. And after I pushed a button to talk to a person, the gate simply went up and let us through.

Turns out there are plenty of other travelers with plastic problems like mine. Matthew Reames, a PhD student in Charlottesville, Va., recently tried to use his American credit card to pay for his train fare in Copenhagen. The automated kiosks rejected the card because it didn’t have the chip-and-PIN feature.

“I suppose my work-around would have been to go to an ATM and withdraw money,” he says. But he had a better solution: He tried his British ATM card, which worked.

No one knows precisely how many American credit cards use chip-and-PIN technology, or how many of the cards are in circulation, but the number of U.S. cards that use the technology and are worth applying for can be counted on one hand — literally. Many chip cards carry foreign transaction fees of between 1 and 3 percent, “which really isn’t a worthwhile price to pay for convenience,” says Brian Karimzad, director of MileCards.com, a site that helps customers compare credit cards.

There are only five cards widely available with chips, PIN functionality and no currency fees, according to Karimzad: State Department Federal Credit Union EMV Visa Platinum, Andrews Federal Credit Union GlobeTrek Visa, PenFed’s Platinum Rewards, Promise & Gold Visa, the Barclaycard Arrival Plus World Elite MasterCard and the Hawaiian Airlines World Elite MasterCard.

Of course, this doesn’t mean that your magnetic strip card won’t work on your summer vacation. It will be accepted in big cities, with exceptions for certain transactions such as toll booths and automated ticket dispensers at train stations. “Once you’re off the beaten path a bit, however, things may get a little tougher,” says Matt Schulz, a senior industry analyst at CreditCards.com. He tried to pay for dinner at an Italian restaurant in Garmisch-Partenkirchen, Germany, with his American card recently, but his server said, “Nein, danke.” He settled up with cash.

So do you need a chip-and-PIN card? If you’re headed overseas, and particularly to Europe, you probably do.

“People who frequently travel across the pond should invest in a chip-and-PIN card so they do not risk being cardless while overseas,” says Eric Adamowsky, the co-founder of CreditCardInsider.com. He also likes the Andrews Federal Credit Union card mentioned by MileCards.com’s Karimzad, noting that you can apply for the card as early as a week before your trip and still get it in time for your vacation.

Having the right card would have prevented a monkey wrench from being thrown into the wheels of Shawn Cohen’s recent vacation to Paris. His American credit card was readily accepted at restaurants and even for the Eurostar high-speed train. But when he tried to rent bikes to tour the city, the machines spat his card back without approving it.

“We couldn’t figure out why it didn’t work,” says Cohen, who works for an interactive marketing agency in Dallas.

I’m a little envious. Cohen learned his lesson about chip-and-PIN cards without much drama. I still have nightmares about my son jumping onto a busy Autobahn to fetch my credit card. Note to Dad: don’t be a chip-and-PINhead.

Should American credit cards add chip-and-pin technology?

View Results

Loading ... Loading ...

210 thoughts on “Don’t be a chip-and-pinhead!

  1. This is a well-known topic on travel website forums.

    We backwards USA-ers will eventually get with the modern world when Walmart, Target, and and other card-issuing mass marketers decide that the fraud penalty is a lot larger than they thought, especially after the mass identity theft episodes that have happened recently.

    Next problem: Converting to metric.

  2. I was just talking about this at home yesterday. My high school aged daughter is going on a school sponsored trip to Europe next year. Everything will be prepaid, except for lunches and souvenirs.

    She’ll have spending money, but we aren’t sure of the best way to have her handle it. We’re thinking a prepaid Mastercard or Visa debit card with the chip and pin. This would allow us to reload it from here should the need arise. (Along with a handful or Euros.)

    Any other thoughts? We really don’t see the need of putting her on our credit cards yet solely for this trip. Traveler’s checks seem SO 20th century!

  3. I lived extensively in Germany for 3 years as a result of a similar high school trip. I can honestly say there were never any times my normal credit card/debit card was every unacceptable. Considering everything will be prepaid, i don’t imagine your daughter will find herself in many situations where she will need a chip/pin. Does she have her own account? For my high school trip, I had a debit card attached to my account with a limit on the amount of money i could withdraw. That may be something to consider as well – just make sure the banks are aware of where she will be.

  4. Chase now provides chip-and-sign technology with many of their cards. If a card reader asks for a PIN press and it should process the transaction.

    To avoid the exchange fee, the cost of the Sapphire is $95 per year. Because the typical exchange fee is 3%, one would have to charge $3000 to recover the annual fee for the card. Chase recommends always charging in local currency (unless of course you book and pay while still in the USA).

  5. Really important to get into habit of double checking the “total” before putting in your PIN. I’ve caught “mistakes” which may happen when the person has to input the total separate from where they rang up the charges such as in a restaurant. Once your PIN goes in, it’s nearly impossible to claim you were defrauded. My last experience: $390 typed in when the bill was $310. The first screen does ask if you’re OK with the total. Don’t get into habit of hitting OK automatically just because people are impatiently waiting for you to get on with it.

  6. I’m waiting for the follow-up story where Chris gets a tollbooth running ticket from Hertz… with the added administrative fee and the currency exchange rate and the foreign transaction fee. :-p

  7. Then I would pursue an ATM card with a visa or MC logo but with a limit. I had a bunch of cash but also an ATM card with a limit of $400 for my 2 week trip.

  8. Chip & Pin is the norm in Canada. It’s not perfect, but I like the wireless terminals for waitstaff which make calculating the tip easier, and can speed up the transaction if you’re in a hurry. They still accept swipe cards specifically to accommodate American visitors, but these days your server is less likely to carry a pen for signing.

  9. When I traveled in Europe I used a non-chip debit card. I set up a spar are account at my bank specifically for my travel and got a separate card just for that. I loaded to the account only as much money as I would need for each outting so that if my card was stolen or account hacked I wouldn’t lose ALL my travel money. When I got to a hotel that had wifi I accessed my primary account and transferred more over when I needed it. I had no trouble using my Visa debit card in Spain, Italy, or France. You could do the same with your daughter.

  10. My bad. You could, however, open a credit card account with a small limit ($300?). Might be an option, and a teaching opportunity. Let her see how she does without a major risk …

  11. On our five-week visit to Europe last month, the new chip-enabled Chase Sapphire Visa was one of the two items of late-model tech that we brought along. It worked really well. I was able to use it in every tiny pub across Cumbria and Yorkshire, in Parisian subway ticket machines, and everywhere in Germany and Switzerland. No problems anywhere, and no currency conversion charges either. There is even one US retailer that already has the chip-and-PIN readers, the much-maligned Walmart.

    A lot less can be said, however, for Verizon Global Roaming, which I added to my existing iPhone account for the trip. Wherever I went in Europe, I got solid No Service everywhere I went. Either there is a bug on the GSM side of my phone, or Verizon is not ready for the big wide world just yet. But because it’s an iPhone, I could at least make calls via Skype whenever I was at a WiFi spot.

  12. If anyone does their research before going, this could be avoided. I just got back from UK & EU. American Express (you must request it) and Citi Bank offer cards with chip/pin. Barclays does on a few of their associated cards, ie: Hawaiian Airlines. The ID thieft rate in the US is around 41% while in the UK & EU it’s 1% mainly due in part to the newer technology. Banks in the US are mandated to be 100% converted to the chip & pin cards, WAIT FOR IT, 2021. So do your research before treking off. :)

  13. I saw that in Florida, what a surprise! Shocks people because they are used to swiping their card and those with a chip must be plugged into the reader.

  14. Our older cards can be used BUT only when there is a HUMAN present to process it, learned that during my stay in England and Ireland.

  15. From Verizon FAQ: “Your Global Ready device is set to International CDMA ON by default. In the event that you travel to a destination which supports both CDMA and GSM and you need to roam on a GSM network go to Settings and turn International CDMA to OFF.* If you remove your SIM Card your device will only connect to CDMA
    networks.”

    Possible reason for your issue?

  16. I had my American Express card refused in a cafe in a small village in Switzerland last summer; all they accepted were cards with the chip. When I got home I asked AMEX for a chip card and they told me they would send one immediately… and added: here in the USA we’re using Chip and swipe.

    Even though my card has a chip (the small golden square on the card) I don’t have the same protection as the chip and pin… anyone know if this is so?

  17. The chip-and-PIN is more secure only in that it requires a PIN to authorize a transaction. Other than that, the chip contents are identical (according to our CC provider).

  18. You didn’t mention the British Airways card by Chase. In addition to Chip and Pin, it has zero foreign transaction fees. It does have a $95 annual fee.

  19. We went to England not too long ago. We had so many problems locally with our credit card paying for overseas hotel reservations and the like that we switched banks. We were assured that everything would be just fine, but we still bought one of those prepaid Visa cards, just in case.

    The fees on those are horrendous and will easily eat up the balance. We learned a trick, though – use it as a debit card and get cash back. This worked well at supermarkets and reduced the number of transactions (which = fees) on the card AND we had local currency on hand. Oh, and yes, we did end up having to use that prepaid card, as smaller venues would not take our swipe and sign VISA card.

  20. That really surprised me, I had to scroll back up and check the date on the story.
    We’ve been using chip & pin for years in Australia (even RFID paypass has been in use for quite a while now), it’s quite rare to see a swipe & sign these days.

  21. Didn’t the Target debacle get this thing off the ground, after many years of stalling?

  22. I’m so old school. I still walk in my bank and deal eye to eye with the tellers. Although nowadays, I have to swipe their ATM card and enter my PIN before I can transact in the counter. As usual a manager is needed since I forgot mine :-) But thanks to old school people, tellers still have jobs and have money to feed their kids.

  23. Oh, you weren’t being facetious. Sorry.

    You can’t call and ask for your PIN. You have to reset your PIN, either by calling and using an automated system (sorry) or having the bank send you another one by mail (rare these days) or having the bank reissue the card and you reset the PIN. Again, you reset the pin by using the automated system. Follow all the prompts, punch in the numbers for your PIN, finish following prompts and ta-da, new PIN.

  24. I have an IPhone 5 on Verizon’s service. First, you must make sure your phone is GSM capable… older model IPhones are not (although your”s sounds like it is). IPhones have an unlocked SIM, so there is absolutely no need to use any carrier’s Global service option… although they won’t just volunteer that info. When you are in global “roaming” they still make money. When in the UK last fall, my first stop was to a Carphone Warehouse, where I purchased a prepaid SIM for £15… I had 2GB data, unlimited text, unlimited incoming, and 500 outgoing (I think)… good for 30 days. It was on 3G, so a little slow, but who cares? They have about 30 other options from all the carriers, some with 4G, and when I just checked on their website, the rates have gotten even lower. The store reps will insert the SIM, make a test call, and insure that everything works. Easy peasy, and VERY cheap. Huge improvement from years past. Hope this helps for your next trip overseas. In the UK Carphone Warehouse is on about every corner, and think they even have one in Heathrow.

  25. I think the list of chip & PIN cards is inaccurate. I’ve had the Chase United Club Card for a few years, and it is chip & PIN. It also has no foreign transaction fee.

  26. Congratulations, Chris, on a sensible poll question – which is often more rare than a chip and pin card in the United States!

    And yes, the American businesses need to get on with it, and be standard. Two places where I live that do NOT have chip and pin have been Olive Garden and Red Lobster. Two American owned businesses that have not made the effort to comply with the standards even in a country that HAS adopted this technology.

  27. Yes and this is absurd considering that AMEX used to market themselves as “the” card to use when travelling. Foreign issued AMEX cards use chip and pin, they do have the technology set up.

  28. I did not say chip-and-PIN. Rather, “chip-and-sign”. Chase offers some 40 different cards. And to avoid the foreign transaction fee you must pay at least $95 a year, which would not make sense for many (including us) who don’t travel overseas regularly and would not likely charge enough to make the annual credit card fee worthwhile.

  29. That is correct advice. I’ve used dual mode CDMA/GSM Verizon phones in Europe for years. Change the network setting to “Global”, and it should connect. Also, if you want email while you are traveling, before you leave, buy the $25/100MB Global Data plan for 1 month, otherwise you will have to pay as you go per MB of data. When you get back from the trip, cancel the global data plan, and you will be back on your domestic data plan.

  30. American Express Travellers checks – don’t leave home without them!

    If they have something with chip and pin, that’s great. Also remember an ATM card. They do now have bank machines everywhere.

  31. I went to England not too long ago. I had my chip and pin enabled card and had no problems at all.
    I would have had trouble had I not had that.

  32. Savings accounts generally limit the number of withdrawals to 6 per month so you need a checking account.

  33. British machines generally don’t give you the added layer of hitting OK before the pin. They show the total and ask for the pin. Also, don’t be put off if a lot of the British machines don’t work properly. Although at home, I rarely see a machine malfunctioning, in the UK it can be quite common. I go to the UK about 4 times a year. And I do carry cash.

  34. But isn’t that the reason why I am walking in a bank. To talk to the people who have MY money. Maybe they can figure out an easier way to identify me other than a stupid pin code. It did not used to be this way.

  35. Thank you. Have to think about it and check some more, but what I have read suggests it’s harder to hack (the PIN card). That seems disingenuous as your key punches (when entering a PIN, or a Zip Code, or …) are “logged keystrokes”. Not much different than the magnetic stripe. I suspect the hackers will eventually catch up with that too …

  36. Target data was stolen in mass through the net. Not because there was no chip and pin.

  37. Although I just read an article stating that the Target hack was made possible because of the swipe cards and could have been prevented by chip-and-PIN (which may be “true” today, but I believe the hackers will catch up).

  38. But the reason it was a problem was because the information could be transferred to another magnetic strip on another card. No pesky PIN to interfere with the spoofing.

  39. On the other hand, **if** Target STORED your PIN in their servers and the hacker gets in and steals data on the server, your PIN is also compromised :-)

    Debit and ATM cards used PINs. Right?

  40. I’ve had several experiences at grocery stores where the clerk checking out my purchases actually reaches over the machine and pushes OK for you if you don’t do it fast enough. Believe me, I let them know in no uncertain terms this is NOT alright. I also let the managers know what happened.

  41. I have had many “chip and pin” problems, mostly in the UK, but nothing as bad as your bridge incident, fortunately. They started with this technology many years ago as I recall, but my relatives in Scotland informed me that it’s not all it’s cracked up to be; that the “chip and pin” actually made the fraud worse! It scares me that this technology will be coming to the US, because I think consumers will pay the price for it: http://www.creditsesame.com/blog/credit-card-chip-and-pin-technology/ and http://www.dailymail.co.uk/news/article-1200183/Card-fraud-costs-UK-610m-chip-pin-fails-prevent-thefts.html for example. Apparently, it protects the banks more than consumers.

  42. Foolproof????

    Chip-and-PIN crack code released as open source
    zd dot net/1qCihCp

    Software to crack the encryption used by credit card chip-and-PIN readers has been publicly released on the web.

    Cambridge University research student Omar Choudary open-sourced and published the code on Wednesday, along with technical details of hardware used in the Smart Card Detective, a device he built and used to modify a transaction between a credit card and a reader.

    “The device can modify communications between a credit card and a terminal,” Choudary told ZDNet UK. “It looks at the commands between the terminal and the card, sees the PIN requested and replaces the PIN.”
    Using the Smart Card Detective, Choudary said he was able to carry out a card transaction without a valid PIN. Instead, he successfully modified the EMV Europay, MasterCard, Visa protocol that underlies chip-and-PIN validation.

  43. My daughter is also going to the UK for a month this summer, same scenario as yours. I did get her a credit card (ours) with her name on it, and will give her my bank ATM card which has no fee for foreign withdrawals so she can make small withdrawals often and won’t have to walk around with a ton of cash. I will tell her to always try with Visa, but if it doesn’t work, pay with cash.

  44. You can’t have a credit card in your own name until you’re 18. It didn’t used to be this way as I remember getting one at 16, but when I tried to have my son get one on his own to establish credit (he graduated from HS at 16, they flat out said he had to be 18.

  45. We’re not, scammers from all over the world target us. Our financial institutions are the cause, money makes money normally but to them to they see it as an unnecessary expense. We are a great country, filled with opportunities, there will always be takers, scammers and those who watch from afar and unnecessary (being polite today) comments.

  46. My Chase Sapphire Preferred card has a chip. I think they’re widely available, that is to say, I don’t think I’m special.

  47. Immediately after implementing chip-and-pin cards in the US, we will implement the metric system.

  48. In modern banks, you go to the teller and you insert your chip and pin card, enter the pin, then talk to the teller.

  49. Yeah so the PIN is my identity. I thought I was my own identity since we are already face to face. I’m using my LOCAL bank where I made my account :-)

  50. I tend to agree. Why INCONVENIENT me more?
    I like it the way it is.
    Note my usual vendors do not make me sign for purchases less than 50-100 dollars. Why will I now have to enter a stupid PIN code?

  51. Just use 8669 which spells “Tony” on the keypad, then you just need to remember your name.

  52. AT&T told me over the phone that many hackers have open wifi hotspots with their AT&T names or other well know names like McDs and SB. Be very careful.

  53. That’s a great idea thanks. My wife does a similar thing. Maybe I’ll just use her code so she can remind me what it is. I’m so bad at PIN codes that’s why I hate them.

  54. Her account doesn’t have a limit, student account. She just needs to maintain a $10 balance.

  55. That may be easy to remember, but it is not regarded as good advice security wise. However, it is a personal decision.

  56. I think the issue is that some machines (terminals) do not have a mag swipe reader. They only have a RFID reader which is looking for the chip.
    But if a human being is present, they can KEY IN (enter) the card number info, expiry date and the security code if they have to.
    Of course their systems have to agree not to challenge the US cardholder with a PIN code.

  57. No, I saw that and made sure that International CDMA, which does not exist in Europe anyway, was Off.

    Email was not a problem, although when I added Global Roaming I specified voice only, because cellular data overseas costs rubies. I could do email at WiFi spots, which were everywhere.

  58. For reasons unknown to me, the lowly consumer, my AmEx card has alweays worked everywhere in Europe. Most of the time! On our way to the Barcelona airport to catch a flight home a couple of years ago, we ended up just like Chris … no matter what we did, the bar smugly stayed down. Pretty soon an unseen someone somewhere began yelling at us in Italian. My husband kept repeating that we didn’t know what to do and of course his voice got louder and louder, I was convulsed with laughter … after 10 minutes the bar raised and we were on our way, completely clueless as to what finally got us through. If Aren was brave enough to get out of your vehicle on the Autobahn to retreive your card, I predict great things for the boy!

  59. Tip: I use a Samsung Dual SIM (Galaxy Duo S) to solve my International problems. It uses the old SIM format so prepaid SIM cards easily fit in.

    Added: But if you are using CDMA (Verizon), you will need a different phone which Verizon calls Global Ready :(

  60. I haven’t a clue to what you are posting and all I can say is that my Verizon plan wouldn’t let me use my phone in Europe. I met a man in Paris who got his to work, but he said it took two days of working with Verizon to get what they said would work to actually. Know what? It was HEAVEN to unplug for the two weeks!

  61. Yes, I had the option of unlocking the phone so I could use a European SIM, but that wasn’t what I wanted. I run an IT service business, and instead of announcing to the world that I was going to be away all month I just wanted to be able to get messages on my regular Verizon number, and to be able to talk people through critical problems.

  62. Did the café even accept AX? AX isn’t as widely accepted as it use to be due to their high fees.

  63. I just finished a driving tour in southern France. Automated toll booths usually rejected my American credit cards (both swipe, and “chip + sign”).

  64. Easier said than done! In our business, every vendor requires a password and when you get to over 200, you kinds blank out without a cheat sheet!

  65. Are you talking PIN or passwords? Try a password manager like lastpass, and enable Multi Factor Authentication.

  66. A couple of things wrong with this. Even in the “big” cities like London one will have problems with using US issued “swipe” credit cards. The Underground ticket machines will not take anything other than pin and chip or cash. The same goes for the main line train ticket kiosks. Even the guards (conductors) on the train can not use the swipe cards. No gasoline at the pump, no renting of a Barclay bicycles is possible without chip and pin. The US credit card companies will tell you that merchants overseas “have” to take your card. That is a bunch of crap. A lot of them will not. I go to the UK frequently: The last time the poor thing at the Tesco till didn’t know what to do with my US credit card. A lot of restaurants have the hand held card readers and they have no swipe capability at all. Also ones US ATM card might have a PIN, but that is different and will not work other than in ATMs. Also NFC (RFDI) credit cards are totally different and also will not work without a designated chip and pin. Real chip and pin credit cards are “contact” cards. The chip in the card has to physically touch the inside of the reader to be able to be read. The credit card does not broadcast anything!
    US banks have come up with this half assed chip and signature stuff now. Don’t go for it. They will generally not work in any automated payment system.
    I have a true chip and pin from the Andrews Federal Credit Union and another one from the Hanover Square branch of Citibank in London. Both work like a charm.

  67. I’ll double check as well. I am only expecting one withdrawal each month anyway…when trip payment day comes around each month.(She’s on an installment plan.)

  68. Rule of thumb: unmanned credit card machines in Europe need the chip and pin card. You should always have local currency with you for those just in case times.

  69. I’m waiting for the US to use the hand held devices at restaurants so we don’t have to keep handing over our cards to strangers who take them out of our sight.

  70. Wow. They also have an RF thing that you use for smaller purchases, you just hold the card near the machine and it validates with no pin or swipe. And yes, you can get a special holder so your wallet doesn’t set these things off.

    Millions of people in other countries are using these things without a hitch. I’m sure that you and your fellow Americans will find it just fine.

    Metric system might be more of a challenge though.

  71. I hope the trip goes well. I find it best to have a plan b in case the card gets wrecked or lost etc.

  72. I have eliminated some as I can call instead of going online, so it is going in the direction I am happy with!

  73. It just isn’t worth it to me to have all these passwords and pins. I only have a flip phone and I think I am the only one in the US who doesn’t text!

  74. Seems to me AAA can take advantage of this problem.
    Why can’t they partner with a company like AS24 and issue Eurotraffic cards toll and fuel cards (charged to our US credit cards)?

  75. My branch knows me and welcomes me, by name, when I walk through the door. They assisted me with my ATM card, but I have to go into them each time I try to use it, as I can’t remember my pin. I only use my ATM before a trip so I remember how to use it when we travel in case we need emergency cash.

  76. We ran into a credit card problem in Costa Rica this spring–not with chip and pin, but with most bank’s ATMs not accepting our ATM card. We had some dollars, and we could charge meals and large purchases with a Mastercard, but not get local currency. Scotia bank, in San Jose, accepted our card, but that was near the end of our trip! So that’s something else to be aware of. There was a Scotia ATM in the airport, so we should have gotten a bunch of colones then. Little did we know!

  77. I don’t like texting but my kids text me. A few months ago, I moved to a mid model smartphone (without a data plan) and I still hate texting.
    My older brother does not even use a mobile phone :-)
    You are not alone in your views, bodega.

  78. I absolutely refuse to allow texting on my phone. Many friends call me and say, I texted you but haven’t heard back. How can I reply when I don’t have texting and didn’t see the message? But I loved talking with them!

  79. Yes, not all ATM’s take all ATM cards. We always travel with traveler’s checks, cash, ATM and 3 different credit cards. In EDI, banks wouldn’t cash our traveler’s checks, but the post office would. You just need to be as prepared as you can be.

  80. We just attended a Dana Carvey show at our local concert hall. He had a bit on passwords/pins that was very funny. We are all in the same boat!

  81. They did take American Express but only the chip. They had no swiping machine; only the reader into which the card is inserted. Actually I called AMEX when I got home and they told me the cafe could have punched in all the numbers on another terminal, but they didn’t offer and I didn’t know.

  82. It could be that they don’t want to punch the numbers as they are more liable that way if your card is stolen. Macy’s had a sign at the counter saying that if your card didn’t swipe, you couldn’t use it.

  83. I hate texting because when I switch SIM cards whilst travelling to another country, it renders texting pretty much useless.

    As for the passwords, I use the web to save a lot of time and also earn a living that way, so it is more of a necessity for me.
    Each person’s perspective is different.
    You obviously have no trouble using the comment feature on this website, which requires a username and password, so I see you do not escape it completely, but good luck.

  84. That’s actually something that’s crossed my mind. If we get a prepaid card, and something happens…then what? That’s why I was thinking of a mix of a prepaid card, Euros and maybe even a small amount of traveler’s checks may be worthwhile.

  85. I didn’t even use a credit card at US restaurants on a recent trip there. I have become so uncomfortable with the whole idea that I simply used cash.

  86. My bank, USAA, just announced they are transitioning all their MasterCards to chip & pin. I got one last year. Very useful in Scandinavia at the ticket kiosks. Currently I’m in Scotland, and I’ve actually not used my MC at all so far but I’m happy I have it.

  87. I think he must be just doing this on purpose for the sensationalist aspect. Anyone who knows about travel knows about this issue far before attempting to go through a toll booth. This chip and pin issue is not new and why wouldn’t someone like the author of the article be amongst the first to get a chip and pin card?

  88. No Panacea

    Chip and pin scam ‘has netted millions from British shoppers’

    A sophisticated “chip and pin” scam run by criminal gangs in China and Pakistan is netting millions of pounds from the bank accounts of British shoppers, America’s top cyber security official has revealed.

    Dr Joel Brenner, the US National Counterintelligence Executive, warned that
    hundreds of chip and pin machines in stores and supermarkets across Europe
    have been tampered with to allow details of shoppers’ credit card accounts
    to be relayed to overseas fraudsters.

    These details are then used to make cash withdrawals or siphon off money from
    card holders’ accounts in what is one of the largest scams of its kind.

    In an exclusive interview with The Daily Telegraph, America’s
    counterintelligence chief said: “Previously only a nation state’s
    intelligence service would have been capable of pulling off this type of
    operation. It’s scary.”

    An organised crime syndicate is suspected of having tampered with the chip and
    pin machines, either during the manufacturing process at a factory in China,
    or shortly after they came off the production line.

    In what is known as a “supply chain attack”, criminals managed to
    bypass security measures and doctor the devices before they were dispatched
    from the factories where they were made.

    The machines were opened, tampered with and perfectly resealed, said Dr
    Brenner, “so that it was impossible to tell even for someone working at
    the factory that they had been tampered with.” They were then exported
    to Britain, Ireland, the Netherlands, Denmark and Belgium.

    An investigation launched by Mastercard International is understood to have
    discovered several of the corrupted machines at British branches of Asda and
    Sainsbury’s.

    In all, hundreds of devices in Britian and other affected countries had been
    copying the account details and pin numbers of thousands of credit and debit
    cards over the past nine months and transmitting the data via mobile phone
    networks to underworld electronic experts in Lahore, Pakistan.

    Once MasterCard had uncovered the scam it alerted stores which set about
    examining tens of thousands of chip and pin machines to find out which ones
    had been tampered with.

    The corrupted devices are an extra three to four ounces heavier because of the
    additional parts they contain, and the simplest way to identify them has
    been to weigh them.

    A MasterCard International investigator said: “As recently as a month
    ago, there were several teams of people roaming around Europe putting the
    machines on scales and weighing them. It sounds kind of old school, but the
    only other way would be to tear them apart.”

    The Chinese scam, which the investigator said had creamed tens of millions of
    pounds from British and other European accounts, came to light at the start
    of the year. MasterCard’s network experts picked up anomalies in charges
    being levied on its card holders and those from other issuers, including
    Visa, which suggested fraudulent activity.

    They realised that card details were being stolen and used to produce “white”-
    or cloned – cards, which were in turn used to fund purchases from countries
    around the world. Sometimes the criminals used them to make “card-not-present”
    transactions – by phone or internet – for goods or services, often travel
    tickets.

    On other occasions they would simply withdraw cash. The illicit transactions
    took place at least two months after the information had been stolen, making
    it difficult for investigators to work out what had happened.

    But after six months of fruitless investigation, investigators spotted an
    attempt at a similar fraud on a card which had only been used in one
    location in Britain. The chip and pin machine from the particular store was
    passed to MasterCard’s international fraud lab in Manchester for inspection.

    Dr Brenner, whose job is to unify counter-intelligence policy and strategy
    among the CIA, the FBI and US defence establishment, said the scam should
    act as a wake-up call to chip and pin machine manufacturers. “They have
    to do more testing. They have to guard that supply chain in ways that people
    guard the movement of jewellery, because this is value,” said Dr
    Brenner, who now has a group of experts dedicated to analysing this kind of
    threat.

    Shoppers at Asda in High Wycombe, Buckinghamshire, last month reported that
    their cards had been used to make unauthorised withdrawals overseas after
    they had visited the store. One customer said 25 withdrawals from his
    account, totalling £1,400, had been made in the US and Pakistan.

    In a statement MasterCard UK said: “We are not able to comment on
    specific cases or give out any details as to their specific fraud
    investigations.”

    The Metropolitan Police referred all enquiries about the scam to Apacs, the
    banking payments association, which sponsors the Dedicated Cheque and
    Plastic Crime Unit investigating card fraud in the UK. A spokesman for Apacs
    said: “We have no evidence, data or intelligence pointing to a Chinese
    link to chip and pin fraud.” A spokesman for Asda said: “We are
    not aware of any new units being compromised.” A spokesman for
    Sainsbury’s said: “We have not had any issues with chip and pin
    machines being compromised at the point of manufacture.”

  89. It is very hard to get away from it completely, but I am being very selective on any more and doing away with those that I can achieve what I need by phone.

  90. yes, “chip and pin” is what to use. I don’t know who came up with Chip and sign, it doesn’t fix anything.

  91. This would require the conversation between the machine and the server to be unencrypted. This came out years ago and yet still, the swipe country (USA) is the one with the higher fraud.

    Nothing is perfect, but some things are a lot closer to perfect than others.

  92. The United States is the most advanced country in the world. If you ever have any doubts, just ask any American:)

  93. you can also get those travel cards that load up in your currency and then you can use those abroad if you dont want hard cash. I always carry local money when i am abroad, why wouldnt you makes sense

  94. You won’t like this. The visa cardholder agreement I have has been modified to say that any transaction made with the chip and a valid pin will be regarded as a bona fide transaction. Period. Punch in that PIN or disclose it and you can forget any fraud claims.

    So: If the merchant doesn’t have a chip and pin terminal and the bank has a chip and pin card, the merchant is liable.

    If the merchant has a chip and pin terminal and the bank doesn’t have a chip and pin card, then the bank is liable.

    If the bank and merchant both have chip and pin equipment, and the purchase is made using chip and pin, then the cardholder is liable.

    I can surely imagine the comments, but I can assure you I cover my hand when entering the pin, don’t use third party ATM machines, etc.

    That’s just how it is.

  95. DCC (or dynamic currency conversion) is,in my experience, always more expensive to use than even a card which applies 2.5% as a currency conversion fee, at least when I go to the UK.

  96. Interesting. I admit that the sign was a couple of years ago and was when my card from fraudulently use at Macy’s, even while I was on the phone with the fraud department of my card company. If it was swiped, the merchant was protected, but if they punched in the numbers, not so. That is how scammers were getting away with a lot of these purchases.

  97. I use a VPN software which makes a tunnel past the wi fi hotspot. I’m also careful as to which names I use to connect. Using a what is my ip type of application and then tracing the ip address will tell you what the provider is really. Most people won’t go to that trouble but it takes me only a few seconds to verify who owns the connection if I am concerned.

  98. I had some problems using my USAA debit card (with MasterCard logo) in Warsaw. I was using a Polski Bank ATM. The manager of the bank told me it was because I did not have a chip and pin card.
    Finally tried Deutsche Bank and was able to get some cash (Polish zlotys.)

  99. Oh this took me a while to figure out. With Chip and Pin, the store keeper (merchant) now becomes liable for the fraud. With the old stripe and sign, as long as he checks for the card hologram and cardholder’s signature and swipes to get authorization, he is off the hook. Oh wow, how can EMV and the banks be so greedy?

  100. I have a credit card and cash in my wallet. I also have another credit card and cash in something that’s strapped to my body under my clothes. The key is to not keep everything in the same place. I’d skip the TC’s.

  101. bodega, did you read my comment about the banks and networks simply shift the burden of fraud to merchants with chip and pin?

    what a smart move for them :-)

  102. Good suggestion to look at the ATM limits. Debit card limits are good to watch too. Chase, I believe, had $500 per day withdrawal and $5000 per day debit limit. Bank of America had about $300 per day but debit limit set at “balance of account”. I upped the cash limit on the B of A card but reduced the debit limit.

  103. BTW, many merchants in our area only take cash. They are dropping all credit cards. Many smaller restaurants, too.

  104. I have a thing called flynumber. I forward my cell phone to it and it takes messages. I have a softphone which can receive calls, but although that works great at home (where I don’t need it) the data seems too slow when travelling. However, it lets me know when someone calls and takes messages, relaying it via email.

  105. Yes the fact that the CARDHOLDER will lose a lot of protection is disgusting. All the banks want to do is SHIFT losses to us.
    This is stupid – disguising it as better technology but really offloading the risk to us.
    This is not a welcome change for Americans.
    No reason for us to be like Europe in this one.

  106. My favorite Italian pasta maker in Mamaroneck, NY takes cash and checks only now. Back to the old school.

  107. No checks, here, either. I have seen no checks taken in many parts of the US. Also, no bills higher than $20 allowed in many stores, too.

  108. Tony… Not quiet that clean. Here’s what us merchants have been told… If there’s fraud and you have the chip pin terminal and it’s a chip pin card, visa is responsible. If you have the terminal and the card is not a chip pin, the issuing bank is responsible. If the terminal is not chip pin, the merchant is responsible.

    Basically is coercion to both the merchant and the issuing banks to move to chip pin in the next 18 mo

  109. Part of the October 2015 deadline in our roadmap is what’s known as the ‘liability shift.’ Whenever card fraud happens, we need to determine who is liable for the costs. When the liability shift happens, what will change is that if there is an incidence of card fraud, whichever party has the lesser technology will bear the liability.

    So if a merchant is still using the old system, they can still run a
    transaction with a swipe and a signature. But they will be liable for
    any fraudulent transactions if the customer has a chip card. And the same goes the other way – if the merchant has a new terminal, but the bank hasn’t issued a chip and PIN card to the customer, the bank would be liable.

    So it will cost $3B to replace the cards and another $2.5B to replace the terminals. Banks and merchants will pay (not Visa or Master). And then the cost will be passed on to us.
    I bet the fraud will just move to card not present transactions.

  110. Not sure you meant to reply to me, but yes, I agree. Which is why our CC issuer strongly suggests that we have merchants charge in local currency and pay them (the CC issuer) to convert to dollars.

  111. Although I mis-read the original post, I do agree with you and Chase. I’ve seen it much more expensive when the overseas place charges in the currency of the card. The advice of “do not use DCC” is a good one.

  112. I’m told though to be careful, as some merchants will automatically charge in USD and not ask, while others will hear to say local currency and do USD anyway. Better, I’m thinking, to pay cash at smaller places for that reason.

  113. I read somewhere that even if you supposedly have a global ready phone, Verizon shutdown the ability to define APNs

  114. Apparently, it is a requirement that the merchant must ask before converting to your card’s currency (using DCC) or must conduct business in the currency of the merchant. That said, the smaller merchants in my experience just charge in their local currency and don’t even bother with it. Chain stores seem to ask. The big “baddie” is hotels. Just to use Marriott as an example, they have a little tick box in the area before where you sign, in essence, it says that UNLESS YOU TICK THE BOX you consent to using DCC.

    I’m sure each and every one of you who has bought the “world’s greatest traveller” book would know this but for those of us that do not have the benefit of that book, I will explain below:

    A big hint is when you check into a hotel and you are given the machine to pre-authorize and it says $300 USD ok? The thing to do in this instance is to NOT say OK to it, or they will use DCC. Most of the front desk clerks apparently do not know this, but generally you click “NO” at this prompt and then it will ask in the local currency.

    Now if you are in a country where the currency fluctuates like a yo-yo, you may indeed wish to settle in USD. However, in the UK, for example, I find it cheaper to use the GBP and let my bank convert it.

  115. +1000! Great information. I take it this does NOT apply if the hotel is prepaid in USD (e.g, using booking dot com).

  116. The machine is very handy for figuring out the tip, but it does it “after tax”. I tip 15% if the service is good. After seeing the absurdity of a certain columnist advocating 25%, I realized the tip thing is seriously getting out of hand and although I had been tipping 20%, I changed it to what I think is more reasonable – 15%. if the service is bad, I change it to 0%. Buffets are 10% and I don’t tip for take away.

    Anyway, I like chip and pin, never had chip and sign, don’t like swipe (they don’t clean their reader forever and a day and then just about wreck your new card trying to get it to swipe).

  117. They changed all of our machines and all of our cards here, didn’t cause as much as a bump. The ATM’s also read the chip. Many of the machines in the USA are already capable of reading chip and pin, but isn’t enable. The stores generally have to modify their software, which seems to be the biggest barrier most have when their POS is tied in with the credit cards.

  118. Thanks for the kudos. Honestly, I don’t know. I’ve only used third party booking sites a couple of times, and it has been for hotels in the USA, which generally don’t do DCC.
    Mostly I use the hotel chain’s own website.

    However, most hotels will want to pre-authorize an amount per night to deal with any incidental charges, so the thing is to still watch what the machine says, even if you have prepaid.

    Another thing, they will be tighter on the ID in the UK (sometimes wanting to photocopy your passport) if you are a “walk in” and not if you are booking on the hotel website.

  119. I don’t live in a town, which is why I said area. It is the smaller, mom and pop places. The cost of taking cc’s is just too much.

  120. We found out the disadvantage of the U.S. swipe cards when we went to France last year. We needed to fill the gas tank of our rental car on a Sunday. We had used our regular credit cards at the gas station near where we were staying previously by going through the attendant. Two other stations in the area had turned down our cards. That Sunday we weren’t thinking that there would be no attendant on duty.
    Once back in the U.S. We asked for new cards from American Express with chips and feel a little more secure when traveling out of the country.

  121. It’s important to note that it makes sense for a merchant to store a credit card number as that identifies the account which payed for the purchase. A merchant should never store a PIN, which is only useful as a verification step with the bank that you are dealing with an authorized user and should be immediately discarded.

    In other words, Target had to store credit card numbers, so they were and always will be vulnerable. PINs should never be stored, so they are only vulnerable to “live” attacks which intercept communication on the network or otherwise actively siphon transaction data… a much harder and less rewarding break-in.

  122. It all depends who is actually charging your card…. if the charge happens at the point of booking, for a prepaid reservation that would usually be the US-based OTA and they would quote and charge in dollars as a “domestic” transaction.

    If the total is in the foreign currency, and especially if there is a reference to the hotel processing the payment, you will want to confirm when settling your bill that you are declining DCC.

    And as Bill notes, hotels may still want to run your card for incidentals. Watch the screen and paperwork for any mention of USD. With an electronic terminal, they should be configured to offer DCC (often by just displaying a USD total, in which case you press No/Decline red button) or to automatically use local currency.

    Make sure to say the *name* of the local currency as you hand over the card, even better as a sentence in the local language: “Euro, s’il vous plait.” This may dissuade the clerk from just accepting DCC for you, and makes it easier to ask them to fix “their” mistake if needed. Even if you decline, the receipt may include a DCC section with USD listed as an “example” of what you would have paid with DCC. (Don’t panic, read calmly, as long as it says you declined DCC and lists a total in local currency, you’re fine.)

    You will find terminals configured to automatically use DCC if possible… I think some banks or processors may encourage this by kicking back fees. Often, the staff running the machine has no idea how to turn it off… since by the time you realize this, the transaction will have been authorized, you have a choice:
    – suck it up… a couple of percent on smaller transactions is not worth the hassle
    – make them cancel/reverse the transaction and pay with cash … that can be fun if they don’t know how to do it, but they really should know how for all kinds of other reasons
    – ask them to reconfigure their terminals … it is a long shot, but if they get enough hassle from customers, or lose repeat business, chances are they will ask their bank to do it

    I’ve done all three, for the latter two cases even once helping them talk on the phone with the bank to learn how to do it. The key is to be polite and apologetic, frame it as a learning experience for everyone, and explain that between all the banks involved, a foreign transaction with DCC can cost you up to 10% more. Yeah, that’s only if you stack DCC with other common fees, but being able to say 10% makes it sound less trivial.

    Frame the situation as “the banks” making life more complicated for both you and them… people everywhere can empathize with trouble caused by banks… you are now working together to stop the greedy bank.

    Obviously, if they are busy with other customers or you are in a hurry, just cancel the transaction or suck it up, whichever is faster. The ~3% commission of DCC hurts but is not the worst ripoff when traveling. You may be able to come back later, or at least remember next time you shop at that merchant. Do tell them that their use of DCC causes a problem for you.

  123. By calculating tip, I assume you mean that they suggest the tip you should leave (because the wireless terminal obviously knows how good your service was). I have seen some terminals configured with tips that start at 20% and go up… trying to pressure customers to tip higher. As long as Chip-and-PIN is coming from Europe, maybe we can also adopt the habit of having service be included in the price on the menu, and leaving tips to reward exemplary service.

    If I am somewhere C+P cards are common, I usually show my card with a swiping motion to remind them that they have to swipe and then have a pen for a signature… that often saves time.

  124. I hear that a lot: “The cost of taking cc’s is just too much.” It is true that CC fees of usually 3% are not trivial (heck, just look at my DCC rant above) and there is risk of fraud, but that just assumes cash operations are free and risk-free. They are not.

    Accounting for the cost of handling cash, making sure you have enough of it, but not too much, in the right denominations, counting it, securing it, depositing it… all costs staff time and real money. You are exposed to the risk of counterfeit bills, employee skim and outright theft, armed robbery, physical damage by fire, water, rodents.

    There is the very real cost of lost business… many people no longer carry much cash around with them, may reserve it just for necessities, and so may skip your store altogether, or buy the bare minimum. Not accepting cards can be as short-sighted as a store not accepting cash. You are reducing your pool of customers.

    Some transactions I will only do by credit card because I count on the protection of having a somewhat neutral arbiter to keep the merchant honest but without the overhead of small claims. Imagine if all those credit card disputes had to end up in court because they were done in cash.

    How all those costs of accepting cash balance out card costs can vary based on your mix of customers and the type of business. I would like to think it comes out about even in many cases… most merchants should accept both.

    … but no one should be lulled into thinking that accepting cash doesn’t have real costs.

  125. I’ve used an American Chip and Signature card at unmanned ticket machines in the UK with no issues (although in theory it should ask for a signature it doesn’t – thankfully). In supermarkets it does require a signature. Hopefully those banks that offer Chip and Signature will offer Chip and PIN too – but Chip and Signature is better than nothing.

  126. I don’t think any merchant would think that taking cash isn’t without cost or risk. As I mentioned earlier, I see many signs that say, No Bills Larger Than $20. Most use the pens and know how to check the bills for needed markings.

    As one who handles the credit card charges for our business, I can tell you that there is a lot more cost than just the percentage you lose by accepting the cards.

  127. When I told a teller at my local bank I never use their ATMs, she made me walk outside the bank with her and do my transaction on the ATM.

    Lesson learned… now I just don’t mention never using their ATM. (Though at my bank they still accept normal id at the counter, no need to swipe a card as you describe.)

  128. Ha ha, and send us a copy of your card for safe-keeping… you know, in case you lose yours.

    Really, given how easy it is to discreetly watch someone enter a PIN code (unless they are paranoid and cover the pad), I don’t put much trust in them.

  129. Haha- the pin pads in Canada have shields on them and people are encouraged to cover their hand to protect their pin. The card insertion places have a special design with flashing lights around them. Furthermore, I get an email each and every time the card is used. They don’t get far. Notification to the card company of a fraudulent transaction happens faster than somebody like Amazon can ship. Airlines use verified by visa. It is getting harder and harder to steal.

  130. My theory is that since charge cards were pioneered in the United States, and even swipe-and-sign credit cards were here far longer, they have become ingrained in everyday habits.

    Whereas most other countries had a shorter period of swipe-and-sign, and only by the time chip-and-PIN came along was there mass issuance of payment cards, so many people went straight from cash and check to PIN.

    In Poland (representative of many former communist countries), the average person would have used cash or postal/bank transfer into the early 1990’s. Over the past decade or so most have gotten bank debit cards with PINs, but credit card uptake was even slower, as people don’t trust credit as much.

    Basically, Americans had a long time to get used to signatures, and that habit is going to be hard to break. Honestly, I am not convinced PIN is that superior… faster and more efficient, perhaps, but with commerce and fraud shifting to card-not-present transactions, not the solution we will ultimately need.

    (In the end, I imagine we will need something like VerifiedByVISA, where the bank contacts you via an app on your phone to authorize each transaction…. you give an identifier to the merchant (by swipe, pin, RFID, whatever), they ask the payment network, the payment network asks you, your authorization goes back to the bank, then the merchant.

    That guarantees that the merchant never handles sensitive info, the apps can be configured by the user and the bank for whatever elaborate verification method is desired, and almost all kinds of fraud can be eliminated or at least tracked to the responsible party.

  131. No, let’s do the metric system first… that actually makes thing more logical and simple… powers of ten. Not sixteenths of inch, 12 inches to a foot, 3 feet to a yard, god know how many yards to a mile, especially with a mile being a bit more than is easy to estimate with your eyes.

    How about we start with metric… and then once that’s done, we’ll take another look at those chips and pins… maybe by that time there will something even better?

  132. Going metric isn’t always the best answer.
    You know, Nicola Tesla determined that the optimum electrical setting for motors was 60 hz and 220 volts. The USA decided that they had too large of an installed base of 110 volts and did not convert, but they kept the 60 hz. The Germans felt that 60 hertz wasn’t “metric enough” so they went with 50 hz instead of 60. I believe that Europe’s electrical apparatus loses something like 30% efficiency due to this anomaly because Nicola Tesla was right.

    And that’s why we have to bring multi voltage appliances when we travel to many countries.

    Just an interesting tidbit.

  133. This particular exploit actual breaks in between the card in the card terminal. Essentially a man in the middle attack, where it fools the card and the terminal into thinking they are talking directly with each other. I don’t know the EMV protocol well enough, but there are countermeasures possible.

    I think the weakness in Chip-and-PIN rest in how easily a PIN can be obtained and used by a rogue party. You have to be very skilled to mimic a signature, and make it look natural while a clerk watches. Entering a stolen PIN can be done by the dumbest criminal.

    Yes, the signature on the card can be altered or even a new card cloned…. but ever more common in the US are signature pads which record your signature (probably noting the cadence and order of your strokes), and I would be surprised if that data doesn’t get sent to the payment network. Algorithms can compare subsequent signatures and flag any transaction where the signature is too far off, particularly if the other fraud algos think the transaction is unusual.

  134. Well, I don’t like that. But I do prefer chip and pin over the swipe and signature. i don’t like people seeing my signature. On those signature pads, I would often just make a squiggle..

  135. The guy in the control room figured it was simpler to push the override and give those silly Americans a free pass rather than have the hassle of addressing the issue…

    either that, or as a comment above said, there is a highly inflated bill with your name on it roaming from office to office in Europe, always hoping the next leap will be the leap home .. into your mailbox.

  136. It doesn’t help with those stand-along machines that demand a PIN, but it does solve the security issue.

    It is the “chip” part that actually makes payment cards more secure by forcing encrypted dialog between the card and the terminal and making cards almost impossible to clone.

    All the PIN does it make it easier for machines to verify identity… a machine that accepts a PIN and verifies it with the card is pretty trivial to design. A machine that looks at your signature and compares it to the one on your card is a more complex device. (You would need a camera and possible a touchscreen, and there would be many more ways to fool the machine.)

    But as I argued above, I think signature may be a more secure way to verify identity than PIN… casually looking over your shoulder, an idiot can easily steal your PIN, but to mimic your signature will take a skilled hand and practice.

  137. No one is seeing me enter my PIN, I assure you. And no camera is recording it. There are covers to the side and my hand or wallet over my hand, and me in the way. One other thing to mention is that NOBODY is touching my card but me. No sales clerk has to take it to check the signature. They hand me the machine, I use it, hand it back, or I walk up to it or whatever.

  138. Many visitors to Europe choose not to drive… and most places are able to accommodate you with a staffed booth. I know that most ticket machines will reject a signature card… so I stand in line at the booth.

    Plus, tollways can surprise you everywhere… even in the US, many tollways are eliminating staffed tollbooths. I once got stuck at an Indiana toll-gate that only took exact change in coins or an electronic pass. Finally, I noticed the small sign that said I could post-pay online within a few days… so I drove through (technically running the toll), then payed by credit card online that evening.

    The Golden Gate Bridge (among others) has been open road tolling (no stopping to pay a toll) for over a year, which can catch many visitors. Up until the last year or so, getting a Chip-and-PIN card from a US bank was like pulling teeth, unpleasant and rarely attempted.

  139. Yes, one has to do research wherever you go. Driving, money, toll roads, phones, etc. Fortunately, there are generally online resources to find out most things. Best not to find out things the hard way.

  140. It was about two years ago, but I had no trouble using a swipe card with the London bikeshare system. The hand-held card readers almost always have a swipe slot… usually along an edge, though some staff still try to stick a swipe card into the chip slot. Staffed kiosks in both mainline and (rare) underground stations were also able to process my swipe… I just made sure to keep my Oyster very well topped-up.

    Everything else you say is true… not having the PIN part makes you a second-class financial citizen and could cost precious time working around it, particularly where machines are concerned.

  141. It fascinates me how utterly normal it feels to have my card taken away at a US restaurant, while in every other situation, I am anxious if the card leaves my sight.

    (Target, a major retailer here, has/had these horrid motorized card readers which pull in and swallow your entire card. They are a major reason why I almost never shop at Target.)

    It fascinates me even more that somehow there is not massive card fraud related to restaurants in the US. Sure, there were incidents of employees in the back room running skimmers to clone cards, but by and large fraud concentrates on credit card details stolen from corporate databases, cards stolen from mailboxes, or outright identity theft. (PIN doesn’t solve any of these issues, nor would handheld terminals.)

    I think the risk to a restaurant employee trying to steal cards is so great, the chance of getting caught high, and the reward so low…. that few bother… and the system teeters on.

    In any other country, I would be concerned if the server took my card away from the table, because it would be unusual… but in America… unless they don’t come back, no one gives it a second thought.

  142. I used Target in Atlanta and I paid cash.
    As far as the restaurants go, one issue is the fraud, but the other issue is the places that don’t clean their card readers. They swipe your card, then they rub it on their pants to try to “excite the stripe” and basically assume that it is 100% your card why it won’t read in the reader….so they destroy it in the process. (e.g. Boston Market Hallandale Beach Fl-never ever will you touch a card from me.).

    New rule as of 1 Jan 2014. Nobody touches my card unless I agree to it. Period. No exceptions. Hotel staff in the USA are politely asked to use one swipe and if that doesn’t work, we’ll talk about it.

  143. Sure, sorry I didn’t mention various accounting and compliance costs, equipment costs, and undeserved chargebacks. I would be interested to see if there is somewhere an honest evaluation, it that is possible, of the real costs of a cash or credit transaction for a certain type of business.

    I am reminded too that a business that goes off the payment card grid may get extra scrutiny from the IRS… conversely, the IRS is known to also go after businesses which get too much of their revenue from payments cards in comparison to “industry norms”, under the assumption that they are not reporting cash income.

    A lot of this comes down catering to your customers and building trust with them. Steady customers tend to not cheat you and vice-versa, and every merchant should keep an eye out for transactions that seem unusual.

    There are absolutely business which have no good reason to take cards. Today, two girls were running an actual lemonade stand down the street … 25 cents a cup. Quarters went into a piggy bank, and I immediately thought better of it before trying to get change for a dollar. If you tend toward small transactions, local traffic, and non-essentials, cash is king.

    On other hand, I bet a typical travel agency would not frown on people coming in with a suitcase of $20s to pay for an around-the-world excursion. It is just practical reality… credit cards get the job done and offer some benefits to both sides.

  144. from 1 August 2014, you will need a PIN to use your credit card or debit Visa/Mastercard in Australia in most situations. Not sure what will happen if you don’t have a PIN & no cash ?

    We also have pay wave, which means you can just wave your card near the reader for amounts less than AUD$100 (USD$94) in most cases. No signature or pin required.

  145. I don’t use anything with PINs, but I do see the shields… and while I don’t doubt you are aware and careful… there are numerous ways to compromise PINs that are impossible to do with signatures and that have actually been done (discreet surveillance with tiny cameras and mirrors, phishing scams, keypad overlays, hacked terminals, infrared imaging, alien mind probe, ouija board… ok, those last two, unproven).

    The other measures are not specific to PIN-based cards. I set my “major purchase limit” to $0 and get email every time my card is used. Most fraud is caught by behavioral algorithms run by banks and payment networks. Verified by VISA can use PIN-like passwords, but that is not a requirement. (By connecting with your computer during the VbV handshake, your bank can look at factors like your location, the type of computer and software you are using, and possible ask questions to test your knowledge about past behavior.)

    All in all, the card companies have made quite difficult to steal even without PINs.

    I found some Federal Reserve stats for 2012 that for the US swipe and sign credit cards 0.037% of card-present transactions were fraudulent, or 0.114% by value, with similar stats for swipe and sign debit cards. While it is true that PIN-based debit/ATM cards had 1/4 the rate of fraud, there are no stats for Chip and sign cards to compare, and there are significant difference in the who uses debit cards and where as compared to credit. In Canada, chipped cards also reduced fraud by 1/4. The thing is, often that fraud doesn’t disappear, but transitions to other types of transactions.

    I think only $1 lost to fraud in every $1000 is pretty impressive for the swipe and sign system which I admit has massive holes. But I also think the biggest gain is from the Chip, not the PIN. The smart cookies at major US banks seem to agree, as they decided it would be most cost-effective to transition to chip-and-signature to combat fraud.

    Really, the argument that a four-digit number is harder to obtain and reproduce than a much more unique set of pen strokes seems very weak to me. I can understand the merchants like PIN because of the liability shift and being able to avoid training employees to spot credit card fraud.

    Whether you sign with a squiggle or not, what you sign is very unique and hard to reproduce by anyone else. Yes, it is difficult to get employees to compare signatures on suspicious transactions, which is why the signature pads have taken off.

    Tesla was the fabled one-eyed man in the kingdom of the blind… turns out nobody listens, and you die poor and alone in room 3327 behind a “do-not-disturb” sign. Quite sad.

    As for “hands off my card”… at least in the US, customer-operated terminals are ever more common, so I almost never have to hand my card over… as to Europe, a swipe card almost always has to be handed to the cashier. But then I’ve never had issues with dirty cards or scratched stripes.

  146. The terminals usually ask whether you wish to tip by $ amount or percentage, and you then enter a $ value or % number.

  147. I actually did have a client come in and pay for a very expensive trip with all $20’s and they came in after hours. It was a bit unsettling until the bank cleared the bills, then we wrote the check to the vendor!

  148. 41% of what exactly? I can guarantee that 41% of the U.S. has not had their identity stolen. Gotta love statistics.

  149. Purdy much… I’m just happy that we almost exclusively run “card not present” transaction so I don’t really have to worry about this part of the mess. Of course, they already increased our rates a lot to account for that…

  150. @TonyA_says:disqus PCI DSS makes it illegal to store anything like that (pin or the three digits on the back of the card). You can store the card #, with a ton of security, but that’s it.

  151. More likely, it means that 41% of Americans have had their credit card information stolen and used. I certainly have had that happen a few times. ID theft is a whole other can of worms.

  152. My Citibank Preferred Mastercard is a “chip + signature” card. It has a chip but Citibank says no PIN is needed. Does anyone know if this will be accepted in Europe?

  153. I didn’t claim you made it up, but the details are critical. (And there’s the fact that some people who publish these sorts of stories basically do make things up…or misrepresent findings either accidentally or on purpose.) That article shows a one-year figure claiming 7% of people experienced some form of identity theft. I skimmed and couldn’t find 41% anywhere (sorry if I missed it) but most all the larger numbers were things like “of the households where identity theft occurred X% experienced this” so they’re talking about much smaller percentages of the overall population.

  154. Forget the travelers checks. No one except a bank will cash them anymore and the fees to cash them are high.

  155. RFID and chip are two different things. RFID just requires a wave of the card past the reader. Chip requires the card to be physically inserted in the reader.

  156. Oh so those chips are only near field, or are they even something less? Are they like a SIM card that requires physical contact? I thought GSM SIM cards had the capability of of being used as an electronic wallet? So I guess they had to be near field? Confused American here.

  157. While some of the RFID cards are also chip n pin, just because your card does one does not mean it does the other. The chip n pin cards have a visible metallic square on the front of the card, the RFID wave cards have nothing visible that shows they have the capability built in. You can think of the chip n pin cards as a SIM because it requires contact with the reader. The RFID card can be cloned and stolen without ever leaving your wallet in your pocket.

    The GSM SIM requires the hardware in the phone they get inserted into in order to function as a wallet. By themselves they are inert and useless.

  158. The card has to have a Visa or MasterCard logo to function at ATM machines in Europe. You will have to talk with your bank about what type of account that would require. Checking is better because there are fewer FDIC restrictions on withdrawals.

  159. Have you ever used your Chase card to purchase something and been asked for a PIN?

    I have begged Chase for a true chip n pin card and they tell me all they have are chip n signature. Not even close to the same thing. It does not ever work in unmanned terminals.

  160. Chase recommends using DCC (ie charging in your home currency) because it means more money for them!

    Why? The merchant gets to choose the exchange rate they use and it is always one which nets more for them which means the dollars you get charged is more and then Chase tack on their additional 3% exchange fee so they get more from every transaction. Even if you have a no fee card you still end up paying more because of the inflated exchange rate.

  161. It is the chip part that makes it more secure. Not the pin. While not impossible to hack, the chip adds a true degree of difficulty for anyone wanting to create a clone of your card.

  162. When I said “local currency”, I meant that Chase is advising NOT to use DCC, as merchants usually charge more than the Chase would (at least that is what I’ve read, and what has been said here as well.

  163. This happened to me at a restaurant in CAMBODIA in 2008. They told me to return the next day with cash.

    Of all my credit cards, Visa, MC, and Amex, the only card with a chip is the Diners Club/Mastercard. I never leave home without it, because it gives me access to Diners Club lounges in airports around the world. There are some really unexpected places where they have fabulous lounges. The $95 membership fee pays for itself, plus I get airline miles for any purchases.

    Now, I only use the credit card when I have to, so I don’t worry about conversion fees.

  164. That is what the Global Ready Verizon phones are. They are dual-mode CDMA/GSM. Whenever I upgrade my phone with VZ, I always make sure it is a global ready.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: