Hacker News new | past | comments | ask | show | jobs | submit login
Home Depot Files Antitrust Lawsuit Against Visa, MasterCard (wsj.com)
341 points by ikeboy on June 17, 2016 | hide | past | web | favorite | 475 comments

It seems to me that these alternatives (Chip & sign, chip and pin, carrying a credit card at all) all compete poorly with the "tap my phone to pay" offerings. I use the latter whenever and wherever it is offered. As I understand it offers greater security than any of the above, and more importantly (life is short) it is much faster. (Though there is one wrinkle. Most point-of-sale systems process phone payments with just the tap. A few of them seem to instead treat it as equivalent to a swipe, and then launch you into a legacy multistep handshake thereafter.)

For reasons I don't understand, the credit card makers have spent many years bringing the new chip cards to market, they include much higher technology than ever offered before, yet the payment process takes much longer. Of course these few seconds don't matter that much per transaction, but think it might be enough to actually make a meaningful difference in staffing levels and line lengths at big stores in December.

I do understand the fees though. The credit card brands and banks have worked themselves, through years of diligent effort, into a business where they can impose a kind of "tax" of 3% on most of the retail economy across the entire US. This is obviously of immense economic value to them, and they will work very hard at every level to maintain it for as long as possible. On the other hand, paying these companies a 3% tax on every retail transaction is... rather surprising in the grand scheme of things, and seems unlikely to persist for that much longer.

It seems to me that these alternatives (Chip & sign, chip and pin, carrying a credit card at all) all compete poorly with the "tap my phone to pay" offerings.

Cards are waterproof, and don't require being charged.

There's also the small issue of millions of people using feature phones for work (sturdier and no need to risk a $200+ smartphone being broken) and carrying a simple card for payments. But who cares about those chumps...

And somehow that physically prevents you from also carrying your personal phone when you're out and about?

How is this an issue? Most people don't have issues keeping their phone's out of water or keeping it charged.

We obviously don't hang around the same people/age group. There is always at least one person in my circle of friends that needs a charger.

Obviously 90% of the time a phone could be used (though I don't agree it's faster than credit card tap, roughly the same speed) and a card can be used as backup, but it makes ditching a credit card completely not really an option.

> There is always at least one person in my circle of friends that needs a charger

If your social circle is anything like mine, it's not some person, it's always one, as in a single person who disproportionately is incapable of maintaining their phone. For the majority of people they're very reliable devices, so this is less "everyone will be inconvenienced sometimes" and more "a few people will be inconvenienced a lot". I recognize that it's still an issue, but those people can keep using cards while the rest of us benefit from tap-to-pay being the preferable option a majority of the time.

I foresee an opportunity in the electric vehicle industry a giant quick charge truck for stranded or absentminded EV drivers.

I was in New York during Hurricane Sandy. I was staying in a hotel and the power was out. The morning after the storm I went outside to see what was going on. There was a big CNN truck with a dish and a big crowd.

I thought "maybe the mayor is speaking to the media" and walked over. Turns out the crowd was people charging their phone from the truck. CNN generously left the truck running there for a couple of days.

Actually that would be really cool with self-driving cars, have a "tanker car" pull up next to you to extend the range for long-range "sorties"...

While you're driving, mid-air refueling style. Better make the link-up all in the same lane, though.

Autonomous cars will already line up together to get the slipstream efficiency; take it an extra step further and you could have a battery tanker-truck up front giving everyone in the convoy a charge and also making their travel more efficient.

And share the energy from regenerative breaking downhill, and much more.

At least, just like cyclists, they can rotate through who gets the front to equalize energy usage.

I foresee large-ish autonomous battery packs in the form of cars, rather than trucks, simply because they can go to more places at once.

Dang it! I'm ahead of my time but five years late.

I don't enjoy carrying a fragile $500+ computer on my person at all time and often do without. I frankly don't want to live in a world where I couldn't leave it at home.

And plenty of people feel the same way about cards. That's why Apple Pay falls back to plastic cards, and plastic cards fall back to cash.

If I break my credit card (which is actually quite hard) I get a replacement. If I break my phone I better hope that I had a warranty.

As a credit card holder they still send you a physical card, I don't think than anyone is waving that if you say you have an Iphone.

If you lose your phone you just fall back to the physical card that you presumably have in your wallet somewhere.

Why not just use the card all the time then?

Because the phone is more secure using one time tokens instead of a semi permanent 16 digit number

I was assuming a chip and pin style card. These, as best as I can tell, seem to have most of the security of a phone-based solution, but with a much smaller attack surface (no internet connection, no cellular radio or baseband processor) and no need for recharging or carrying backup payment methods.

The chip on my cards is secure enough compared to a phone-generated token.

Really? It costs $500 to replace a credit card?

That's why I don't waste $500 on a phone when I can get a great flagship phone that's a couple years old for $100. If it gets broken, it's not that hard to spend another $100 for a replacement. If it gets broken in a year, I get a replacement that's $100 and now a year newer than the last one. So my question to you is: why do you feel the burning need to stay on the cutting edge? Do you always have to have a car that's less than a year old?

Well it would probably push me back to cash. I don't bring my phone if I'm going to be wet, or theres a chance of it getting damaged (swimming, moshpits) but I still might want or need to buy something. I also find it a chore to keep my phone charged all day, and will regularly have it die, and leave it somewhere to be charged while I go out.

Credit cards don't run out of battery.

If your phone is almost out of juice, you can order an Uber. But if your battery is flat, you can always ask the cabby if they take cards (or just withdraw cash using your card if you're in a city where most of the cabs don't).

Except in my experience cabbies are like "yeah we take credit" and then afterwards "oh my credit card machine is broken, are you sure you don't have cash? I'll drive you to the ATM..." Cabbies want to dodge that income tax.

And then you tell them "well, thanks for the free ride" and you walk away. I've never had a cab driver balk when I use that and the machine immediately starts working again.

Got in a shouting match with a cabbie once in Chicago for this same thing and when I opened the door to get out after he insisted repeatedly his machine wasn't working, he threatened to kill me if I didn't pay. Then, when I threatened to call the cops, his machine immediately started working.

You mean you stuck around to find out it still worked?

Man, I love Uber. Or at least the idea.

This probably varies by location, but in nyc cabs are required to have working credit card readers. Thus, insisting on credit card pretty much always works - the alternative is that they admit they illegally picked you up.

In over a decade of life in NYC, never had a problem with taxis incorrectly refusing cards. Happens 90%+ of the time in Philadelphia though, which is why I take Uber or similar whenever possible there.

So what if it's illegal. They're disrupting the regulatory apparatus.

Fight the power! Stick it to the man!

Yeah - startup avoid taxi regulation=revolutionary disrupter, cab driver avoiding regulation=bad

one benefits the consumer, the other fucks it over.

s/benefits the consumer/benefits the consumer in the short term, while fucking them over in the long term/

All a matter of perspective, which is why we can't just arbitrarily declare our conduct beneficial and pretend like that's a license to break the relevant laws.

If one believes that a proposed-but-currently-illegal behavior is beneficial to society, the technically correct way to go about rectifying the situation is to discuss with your local democratic representatives, who can take the issue back to the legislative chamber and work to correct the law. Admittedly, that's pretty impractical at this point.

Impossible, not impractical if the embedded interest you're attempting to leapfrog has already paid off the legislators.

Does it? Fuck them over, that is?

The taxi driver is just trying to reduce his costs; he could allow riders to negotiate cheaper prices, benefiting everyone.

Well, the taxi driver is reducing his costs by not paying taxes. That doesn't benefit the rest of the taxpayers...

The taxi driver is also reducing his cost by not paying credit card companies.

Given credit card companies have legal means to pay less percentage tax on much more income than the cab driver and suck money out of taxpayers' pockets in many other ways, I'd offer that screwing over the credit card company might benefit the rest of taxpayers more than the cabbie paying tax does.

If they tell you after giving you a ride that you have to go to an ATM and pay the ATM fee, then they are just passing the cost on to you at a net loss - ATM fees are higher than CC fees on purchases the size of a typical cab fare. I'm not convinced that it's better to funnel money to banks rather than CC companies.

If you're paying ATM fees a) that's on the banks, not on the cab driver, and b) you need to switch banks--I have paid a handful of ATM fees in the last decade and I make in-person purchases almost exclusively in cash.

If there's no bank you have an account at within a reasonable distance, you might not have a choice. Obviously I use free ATMs when I can, but how much control do you have when a cabbie is demanding money?

I moved a year ago so there isn't a bank I have an account at in my current state. But my bank is part of a national network of ATMs. If I use an out-of-network ATM the fee is refunded up to once a month.

Banks get money either way. They get most of the money from a credit card transaction.

Even if the cabbie doesn't give a substantially lower rate if you choose not to pay with credit, there are indirect benefits to the consumer, like keeping more cabbies on the street because it makes the profession more lucrative (and presumably, patrons of cab services want a sufficient supply of cab drivers).

It's definitely less refined and consistent outside of NYC.

Also like this in Chicago.

At which point, you get out of the car. They're required to have readers. Tough shit if they break the law in an attempt to dodge paying their share of taxes.

Yep. Neither does cash. And when you pay cash, you're not also feeding marketing databases, unless you choose to. Nor are you required to ask permission of the issuer in order to buy something.

I really like cash.

Cash is cool, but has a lot of downsides.

It can be stolen easily. You have to go somewhere to get more of it. You have to make change. It doesn't allow you to automatically track your purchases. You can't get it back from a seller if you are sold fraudulent goods.

Or you can ask the cabby if he has a USB port in the car. I always charge on the road.

OK, but if that fails and your phone gets wet... how will you pay for the new phone? With a soggy broken phone?

That's why you buy a waterproof phone.

Don't forget dropping, temperature sensitivity, bending and (for me) magnetic field sensitivity (which seems to be alarmingly bad but temporary). It only takes one event to cost you close to $1000 (not sure of phone cost in US). That's a lot more than a new credit card costs.

I am curious where you live. I get along just fine using a $150 BLU phone.

Edit: Thought about getting the $50 version, but I'm not quite that frugal.

Second Edit: You probably need NFC for this huh? Drat.

I get along just fine using a $150 BLU phone

Wow. Not a comment about you in particular, but about the industry in general. I did a quick search and found this: http://bluproducts.com/android-phones

Really? 66 different phones? Is this entire industry, except for Apple, run by imbeciles? Not that I'm in the target demographic, but I only have a relatively few years left on this earth. I don't want to spend half of them just figuring out the differences between Android phones!

Hasn't the rest of the world learned anything from St. Steven?

> Really? 66 different phones? Is this entire industry, except for Apple, run by imbeciles?

Out of curiosity, I went to find out how many variants Apple is currently selling[1] (model, color, storage). I counted 42 distinct combinations you could possibly choose! I guess not even Apple learned from 'St. Steven', or he was wrong.

Removing the color axis whittles down the model/memory combination to a more manageable 12 options - but the point remains.

1. http://www.apple.com/iphone/compare/

What point remains? When you're trying to figure out what phone you want, model is just about the only thing that matters. Apple has 5, of which 3 are current. It's easy to compare them, and nearly impossible to compare a list of 66 different models.

New Zealand. My example iPhone is probably on the expensive end of the spectrum.

For comparison: 1000NZD is 705USD. An iPhone 6s is 649USD, and the plus is 749USD. I've got a Nexus 5, which was 400USD a couple of years ago.

BLU is a usually-cheap phone brand, with handsets starting around 60USD.

arent plastic cards arguably more vulnerable to magnetic fields?

No. Magnetic strips are resistant to 3 tesla, but it does kill them. I assume moving fast across flux lines does it. However chips on the card are good with unlimited exposure to 4.7 tesla as far as I can tell. Phones turn off and won't reboot for a period of time that is alarming, but so far I haven't seen it kill one. MRI engineers even have instructions to document some scanner work with their iPhones. It may just be the screen turning off so I'll have to test Siri or something to check if it's that. They always work again so far but the 30 minute wait didn't seem good!

Many phones have magnetic switches for use with smart cases. When you close the case cover, a small magnet trips the switch and turns the screen off.

The magnet isn't damaging the phone — at least not at field strengths likely to be encountered in everyday life. Removing the magnetic field should immediately turn the screen back on.

4.7t is pretty strong. It isn't a cover detector as it's mainly iPhones I've seen affected and it lasts long after the phone is removed from the field. However this may be what has caused the effect on some of the other phones I've seen exposed. I'll do some experimenting next time it occurs. GE and Seimens seem to have an array of phones that engineers are equipped with and they are happy to expose them to high fields.

Many people do. It's not once or twice that I've ran out of battery. Once I even purchased a backup power bank to charge my phone. I paid with a bank card.

I have one of those octopus-like "charge any phone" chargers in my kitchen for friends and family who are perennially in need of a charge.

How is it not an issue? My ability to pay should not rely on my phone's OS and payment app functioning correctly. It should not rely on me having remembered to charge my phone. All of these phone payment systems go through the credit card companies anyway. Printing out the plastic card is not the main service they provide.

Parent was referring to cards not phones.

...until they do.

I'm not sure how it works but it works but with Semble in NZ they seem to be able to do it with the phone off http://www.semble.co.nz/faqs/always-on

My phone is waterproof

I tried Samsung Pay & Android Pay exclusively for a few days and gave up very soon. I even used Google Wallet (NFC) when it first came out.

There were a couple of times when Samsung Pay blocked all payments until an update was applied and the change log had nothing to do with payment functionality but with other useless & unrelated stuff like "better notifications" "better deals". NOTHING, absolutely NOTHING about a security issue, a flaw or a hole that was being used to steal money.

I havent had too many issues with Android Pay but still its the same issue ... instead of a simple swipe and go, and my ability to use my money in anyway I want and I am not at the mercy of an app developer who is acting as a gatekeeper to access my money so he/she/it can control what I need on my phone / my device to use my money whenever I want so they can push their agenda that has nothing to do with me using my money. no thanks.

thats not even including the additional cut the app provider takes and increases my price effectively. I'd rather pay one middleman.

Credit Cards dont need to be "fixed" or "solved". As a customer, its easy to use, widely accepted and my risks are covered 100% by the issuer. I cant say the same for phone payment methods.

I don't consider my risks to be 100% covered. I don't have to pay for fraudulent charges, but I still incur substantial costs in terms of time and hassle when a card is compromised and I have to get a new one. Time on the phone with the bank outlining which charges are legitimate. Time getting them to send me a new card (more complicated if I'm traveling). Time updating all of the automated payments or other accounts where the card number is stored. Hassle when my card is declined in the grocery store because the number was compromised and I didn't know yet. Hassle getting a late fee refunded (or service reinstated) because I forgot to update the card on one account and the automated montly charge failed. Hassle when the card is declined because the bank THINKS it's been compromised (theoretically less likely in a more secure system). And so on.

I've had cards compromised probably a dozen times (most in the forms of "mass compromise," where the bank shuts down my account and sends me a new card even though there were no fraudulent charges on my specific account). I'm glad I didn't have to pay any cash, but it has cost me a lot nonetheless.

I can't understand why virtual card numbers haven't been embraced across the industry. While it wouldn't solve every problem you mentioned it would make the need to update cards with services non-existent. I think it's safe to assume that a virtual card number per service would also allow them to more quickly assess where the breach occurred.

Bank of America still offered this last time I checked, but the stupid thing required Flash so I never bothered with it.

Only for BofA credit cards. For some reason they won't let you use it for their debit cards.

Not to mention requiring Bank of America. No thank you.

Agree. If Google and Apple can do per-app passwords for apps or websites that don't work with 2-factor authentication it seems like Visa should be able to kick out a per-merchant number for Comcast, Netflix, etc.

If the underlying credit card number is compromised, just change that and leave the virtual in place.

This used to work with Paypal virtual debit cards. At some point in the last 5 years they decided to cancel the program.

Just a quick chime in here - our system does in fact do that, and though I can't speak with authority about others, my understanding is that they do the same.

The biggest problem with virtual card numbers at the moment is when you show up at the hotel and cannot provide the card you reserved the room with. Notwithstanding that, they are quite successful in some parts of the world.

I have ~30 cards and a few get compromised every year. I've honestly never found it to be a big hassle.

My daily card has been compromised a few times—Chase just overnighted me a replacement and that was it.

> Credit Cards dont need to be "fixed" or "solved". As a customer, its easy to use, widely accepted and my risks are covered 100% by the issuer. I cant say the same for phone payment methods.

As a customer, you are paying more for products because credit cards are broken: retailers are passing on fraud-related expenses to you. You are paying for the inefficiencies in the system, even if the costs seem hidden.

I would use Android Pay if Google didn't restrict it to licensed unrooted stock versions of Android. Cyanogenmod supports Marshmallow on my phone where stock is still on KitKat, but I can't use Android Pay with it.

Can't these checks be subverted/modified?

I don't think they've ever been bypassed on custom roms that aren't based on an official rom. Basically it checks all the files in /system to ensure they match with one that's undergone certification. If you have a good rom but just rooted it, there are some tricks although I haven't tested them, but nothing has been done for cyanogenmod or anything else not based on a certified one.

http://www.howtogeek.com/241012/safetynet-explained-why-andr... has an explainer, and a link to more technical information.

Someone has to pay for the fraud and that's obviously getting to be the consumer in the end (indirectly through transaction cost).

Yes - but since the merchant is the one liable you can assume those costs are being passed down to you either way (key part being the contractual obligation visa/mastercard assert that prohibits the merchant from charging you more for using a credit card). Therefore in the meanwhile you can be covered for fraud and a) get your 1-2% back b) get airline miles - or c) none of the above. Seems like an obvious choice?

Fun fact: The contractual obligation says they can't charge you more for using a credit card. But it doesn't say they can't charge you less for using cash. This is how gas stations get around it. The gas is the higher price, but you get a 10 cent discount for using cash.

Merchants actually can charge more for credit card usage now. It's been permissible since a 2013 lawsuit, except in 9 states where it's prohibited by state law.

Gas stations have a special loophole for that

The point is that for the whole system it's beneficial to move to a more secure system with less fraud. For the individual user of course less so.

Visa and MasterCard have permitted surcharging for credit card use since 2013, as the result of a class action lawsuit.

I don't understand about the contractual requirement for no price differences. Gas stations do it everywhere ... a different price for cash vs cards.

It is an insane marketing speak thing. The contractual requirement isn't for no price differences. There may be a discount for using cash, but they can't word it as being charged more for using a card. The two might be equivalent in numerical terms, but it is the language that is important.

Ah, Apologies there were some changes to this recently (2013) which had slipped my mind (they mostly don't affect New England due to state-based restrictions - which is probably why I'd forgotten):


Samsung Pay has worked great for me at a number of locations. The only issue is one of my cards which I think should work wont register and when I try to pay I always get a fingerprint mismatch initially which takes up some time to do a second try

This must be a US only thing.

In the UK nearly all cards can be used for contactless payments below a fixed amount (£ 30 at the moment).

Additional security (inconvenience) only kicks in on higher price purchases.

Additionally, there is no time delay for contactless, and chip and pin is extremely fast too.

Contactless is far faster than even unlocking your phone (even if you use a fingerprint unlock), and can usually be done concurrent to the cashier putting your item in a bag or reaching to pass it to you... it is essentially frictionless.

This all works so well I find myself doing something I never though I would... I've abandoned cash. Contactless payments are that good, and fast, and work at the end of the day when my phone is out of battery, and works for every one of my daily casual purchases (travel, food, a book, some toiletries, some groceries, etc).

Same here in Canada, for slightly more (100 CAD, I believe). It's incredibly convenient. So easy to spend money! Tap, tap, tap with just a dumb card.

During a recent trip to the US, they had to swipe my card and make me sign a piece of paper (which I gleefully sign with an "X" as if I were illiterate). It felt so backwards.

I lived in the US then moved to Ontario. I find that about 70% of card readers here have "NO TAP" taped across the top. Since the insert chip, enter code, wait, and approve process actually takes longer than the swipe-and-sign in the US, I've found the time spent, averaged over my actually purchases, to be about the same. It probably has more potential to improve in the future.

Back in Sweden, Chip-and-PIN was so efficient - you can insert your card, enter your pin, and get an authorization all meanwhile the cashier is ringing up your goods. Then when the total is done, you just hit "OK" on the final amount and in seconds you're done.

In pretty much every other country I've visited, you have to do the whole process serially after the total is done, which is quite slow.

Yea, frustrating that in Canada you can't enter your pin or anything until everything is rung up.

I tap everywhere in Mtl. It's rare for me to find terminals where I can't tap.

Some US establishments seem to have stopped requiring a signature under a certain dollar amount but the tap capability isn't universal and I've noticed that it even varies across locations. So either they're pilot testing or some other factor like franchise vs. corporate are at play.

The tap to pay has actually become less common, in my experience. At one point, two of my cards supported it. Now, none of them do. Le sigh.

In the UK and Europe, didn't governments essentially force banks into the modern age in terms of electronic payments that your contactless and contact cards use?

By comparison banks in the US use the debit card & ACH system which has many issues compared to credit cards and European payment systems.

Can't speak for all of Europe, but in Norway, the banks did it of their own accord. They got their heads together in the early 1990s and founded a private company, co-owned by all the banks, that has been stewarding the technology used for inter-bank transfers and card payments.

They've been quite good at this — Norway has had chip and pin since the early 2000s, and contactless payments (using NFC in ordinary cards, not phones) have existed for a few years now. Money transfers are also completely effortless; all you need is the other person's bank account number.

For consumers, the main hurdle remaining is the speed of transfers between banks. They only perform transfers in bulk twice a day (and for years they only did it once a day).

Contactless cards did exist here in the US a number of years ago. I had one from Chase. Then around 2014 when it expired, the replacement card did not have contactless payment anymore. According to this article it was simply a lack of demand: http://www.digitaltransactions.net/news/story/Chase-To-Disco...

You can still get contactless cards from Amex at least (I'm not sure about Chase). But you have to specifically request them (and hope you can find a CS rep who knows what you're asking for). I think it's a bit of a chicken and egg thing - it's hard to get a true measure of demand when people don't even know it's a possibility...

Lack of demand or lack of interest from the banks to invest in the technology/security? I'd love to know why the US adopted "Chip and Signature" rather than "Chip and Pin". Requiring a signature is essentially worthless. My understanding was that it was a combination of US customers not being familiar with using a PIN and concern over where the liability lies if fraud occurs (the assumption being that if someone uses a PIN then the card owner gave them the PIN).

There is an attack on chip-and-PIN cards when the ATM system hasn't been upgraded to chip cards. The problem is that the PIN for chip-and-PIN is same as for ATM withdrawals. The terminal also gets enough information from chip cards to clone the magnetic strip. The result is that compromised terminal can produce cloned cards that can be used to withdraw cash from ATMs.

I don't think chip and signature is a requirement - most places seem to ask for a PIN rather than a signature.

Just swiping the card, however, also works just fine and I now use it everywhere again because I can't be bothered to remember and type in yet another passcode. Just more friction in the process.

An increasing number of terminals now reject the swipe, with the screen stating something like "this card has a chip, please insert and wait". Cashiers are starting to ask, before you swipe, "does your card have a chip?" I even used a terminal yesterday where, after inserting the card, it asked me to identify whether my card was a "Citibank Card" or "Visa Debit Card" (ambiguous, since the card was a Citibank card with a Visa logo). The implementation of this chip rollout in the US is a mess.

The selection was because your card had multiple AID's on it. Some terminals still need some work, and sometimes configuration, to handle AID selection properly. The US Common Debit AID is still not widely supported, which is why many grocery stores still haven't rolled out Chip & PIN support - they don't want to pay the credit card interchange fees because their merchant or terminals don't support the debit AID.

So yes, the chip rollout here in the states is a giant clusterfuck for the time being. It will get better soon, once the hodgepodge of banks and hardware vendors get everything straightened out.

What about the October 2015 liability shift? If grocery stores "still haven't rolled out Chip & PIN support", then they face liability for counterfeit and lost or stolen cards. Issuers can conditionally allow fallback transactions [1], do you know if issuers are generally denying fallback transactions? Is the prompt "this card has a chip, please insert and wait" for a swipe on a card with a chip due to the merchant's policy to avoid the liability shift, or is it due to the issuer denying fallback?

[1] http://www.emv-connection.com/downloads/2015/05/EMF-Liabilit...

The liability shift only matters if the potential loss outweighs the cost of running all transactions as credit until your issuing bank and hardware support the US Common Debit AID is greater than the potential fraud liability.

For a grocery store <1% per transaction and 3% per transaction is a pretty huge difference, one of my local stores that only takes debit cards still doesn't support chip cards because of the madness with the US Common Debit AID preventing them from enabling the EMV support on their terminals.

> most places seem to ask for a PIN rather than a signature

That is for debit, which is an entirely different thing than credit.

There are no US banks that implement Chip & PIN. Heck, it's nearly impossible to get a Chip & PIN capable card for travel if you have a US issuing bank.

Swipe support will in theory eventually be disabled (e.g. authorizations declined by your issuing bank) at some point in the future when Chip & Signature is being rolled out.

If you're typing your PIN code into a terminal in the US, you are using debit though.

> There are no US banks that implement Chip & PIN. Heck, it's nearly impossible to get a Chip & PIN capable card for travel if you have a US issuing bank.

Not entirely, but your last sentence is true. Some issuers do PIN credit cards. I have one from First Tech Federal Credit Union that uses PIN and touts it as a benefit. When I used it in Europe, it worked exactly as expected and prompted for my PIN just like in the States. There are a handful of smaller issuers that also do PIN primary (mostly credit unions but at least one Florida bank with a card catering to Cuban trade does) and a few more that have PINs but the PIN is secondary so it isn't asked for unless the terminal's configuration insists on it.

Here US, some stores when using a chip credit card (not debit/checking account btw) requires a pin instead of a signature, not sure if they call it a pin but it's 4 digits to verify purchases . . . instead of signature.

I have never heard of a US credit card using a PIN. May I ask what kind of card you have?

I have a MasterCard that takes a pin. I've been asked to enter the pin at several places, including WalMart. It is a credit card, not a debit card.

Frankly, I'm baffles by these claims that US cards don't work with chip and pin because so far, if I use the chip, I have been required to use the pin.

I also have a corporate amex with a pin set up, but I've never used it.

My corporate CitiBank card required me to set a pin when they switched to chip cards. All my other chip cards have been chip and signature though.

Target VISAs switched to chip and pin recently. I assume related to their data leak.

> There are no US banks that implement Chip & PIN

Not true - BarclayCard Arrival/Arrival+ do. However, they prioritize signature first. They can be used at automated kiosks that require PINs, though.

Isn't Barclay/BarclayCard (arguably) not a US bank though?

They have a US office and offer cards to US residents. That's all that matters.

I only ever use a credit card, so I'm not sure that's true. Or can you debit a credit card?

My guess is that the signature thing probably carries more weight as a contract for payment owed; and if that's not actually true it still feels true enough to make it more of a comfort to the retailers/customers.

I had one from Wells Fargo and was pretty sad when my new card didn't have it. I used to love to pay for things without taking my card out of my wallet.

That doesn't make sense, adding the contactless facility mustn't cost more than pennies. As a store owner contactless saves a lot of friction and time at check out. Once the transaction is processed on the terminal surely the whole system upstream is identical.

My experience from the US is... interesting. I tapped-and-paid $700 (not a typo) when visiting NY... and American Express had no idea I was in the US (unless they cooperate with US Border Controll). In the UK, I'm limited to 30 GBP.

Did you buy the ticket with your American Express card? The data transmitted by the merchant (airline) includes some basic itinerary information.

That would be awesome if the CC provider automatically created a travel notification for you upon booking.

Some do.

Many airlines transmit level 3 purchase data as part of the credit card transaction, which will contain your complete itinerary -- which can be fed into the bank's risk system.

The next few decades of adverts that I couldn't unsubscribe from would be less than awesome though.

Amex already takes this into account.

No, I haven't, that's exactly the point! And I think that's the first transaction I've made in the US..

Nobody here has mentioned the Merchant Category Codes, which is what governs the max amount before a transaction is required to have sig or PIN. I'm sure it varies by country too, but I only have experience with the US system.


Yep. I worked for a company that "did" debit/credit card handling at the point of sale ( not clearing ) and the Smart Card guys were right down the hall. This around 1989-1995. The Smart Card guys mostly sold to Europe. It hasn't much caught on here, and I'd say that's mainly due to inertia.

> In the UK nearly all cards can be used for contactless payments below a fixed amount (£ 30 at the moment).

This sounds really interesting.

I've had chip cards in the U.S. for a couple years, but I've never seen someone use a contactless payment card here. Even tap to pay with phone is very uncommon.

Haha, I've done the opposite. I found it was too easy to spend money, that I was doing so without thinking as much of it as I would have in the past. I've gone back to cash as a form of self control

"Of course these few seconds don't matter that much per transaction"

My anecdotal experience has shown this to be an extreme pain in some cases for both consumers and retailers. Any sort of business with frequent CC payments and high volume sees their POS wait time explode.

Two personal examples:

Attended a cinema, where they had to delay the movie time due to long CC processing times. Bought food at a takeout place, with clear signs instructions (to avoid) and apologies for the delays caused by chip readers.

Contactless is standard on the London tube now - you tap a reader on a barrier with your card or phone, and the barrier opens. Same on exit. The system works out the cost as you go, and the maximum cost of multiple journeys is automatically capped.

Chip and pin definitely would definitely be too slow for this. The barriers have to be fast enough to process huge numbers of people at peak times.

Contactless has eliminated all the usual queuing for tickets and/or prepay card topups - except for tourists.

It also very much changes perceptions. I used to work for a company that manufactured point of sale systems. They found they could improve the amount of time the customer waited by queueing up all the printing of the receipt until the end of the transaction. (This was in the 1980s.) They could save something like 10-20 seconds per customer, which meant they could move 1-2 additional people per checkout per day. (And the store had something like 10-20 registers - it was a huge store.)

However, customers hated it because it felt like it took longer. They would be done with their transaction, done paying, then have to way 10-20 seconds for their receipt to finish printing. So they'd be standing there just waiting to leave with nothing to do. The company had us change it back to printing each line as it was entered into the computer.

How could printing at the end take less time than printing as you go?

Because it serializes the operation, whereas printing as you go operates in parallel.

But the modern thermal receipt printers are pretty fast (the old dot-matrix ones weren't). Epson has one that does 350 mm/sec (13.75 inches per second). So as long as you aren't shopping at CVS with their infamously long receipts, it's not too long of a wait.

I'm wondering as well. Perhaps the overall impact of needing to tear and reprint when there's an error that needs to be corrected?

> Attended a cinema, where they had to delay the movie time due to long CC processing times. Bought food at a takeout place, with clear signs instructions (to avoid) and apologies for the delays caused by chip readers.

This is a sign of their incompetence. Period

The whole rest of the world uses this without a problem.

No it's not a sign of their incompetence. Planet Money recently did an episode on how much longer it takes chip and pin to work, and also why it took so long to come to the US:


I'm not sure there is no incompetence involved when the same process is much faster basically anywhere outside the US. That is a question not answered (not even asked) in that episode if I remember correctly. I don't mean the human factor (that will be resolved in some time) but the technology used.

Chip card transactions do take a very long time in the US. If I had to guess as to the reason it would not be network or back end processing (seems way way too long, and too consistent to be due to those factors), but probably the time it takes the card to run crypto. Perhaps they use cheap cards with slow cpu but also big keys for fear of attack?

> This is a sign of their incompetence. Period

Per parent, this could also be an internet issue. If the POS is processing with a delay, the employee has little control and blaming "incompetence" is ludicrous.

Having first hand experience with dealing with impatient customers because the POS is running slow creates a feeling of entitlement (on the person pointing out how incompetent someone is) and resentment (on the side of the affected employee who is helpless in the situation).

Obviously nobody blames the cashier for the delay (at least I hope). But blaming a slow system on the organization as a whole and the department responsible for the POS in particular is appropriate. It's not like it's impossible to create a fast system.

A one-off internet issue is fine. But in this case it seems that there is something systematically broken.

> blaming a slow system on the organization as a whole and the department responsible for the POS in particular is appropriate. It's not like it's impossible to create a fast system.

After readying your comment, I went through at least 5 different emotions.

I work in the QSR space and deal with the IT side. The idea that IT department can control the speed of the computer/internet/etc. is shared by both, staff and guests. Regardless if that's the case, your comment, in addition to the parent comment are fascinating.

It seems that regardless of the situation, someone has to take the fault and customers will just blame someone regardless. That's totally appropriate (even if its not, doesn't really matter as this is a perception > reality).

Just for that insight, I would up vote your comment twice, if I could.

> The whole rest of the world uses this without a problem.

Not really true. The rest of the world has had it and moved on, and this is a main reason why.

In my country at least, we're now on to tap-to-pay credit and debit cards in recent years, which is faster than the old school swipe and sign and much faster than the chip.

Bay Area is just now getting chip readers active in many places. They started installing them a year ago or so, but many had the slot taped off. The experience now at most places goes something like this:

1. cashier done scanning items 2. person swipes card since reader has a slot to do that on the right side and that's what they usually do 3. machine beeps or displays an error or does nothing 4. cashier has to explain to insert the card 5. person fumbles with card, eventually getting it into slot 6. sometimes people just push it in and pull it out or otherwise don't leave it in long enough since every single POS has a different workflow and dialogue for this, and this error condition requires re-starting the process (GOTO 3) 7. Waiting 3-10+ seconds 8. Sign 9. Hit yes or accept or I agree 10. Wait another few seconds 11. Remove or forget card. Sometimes the machine beeps, sometimes not 12. Done!

Despite all this hassle, we still didn't get chip and pin that I had been complaining about for years, so if someone steals your physical card, they can still use it until you realize. I'm not really sure how this whole process improves security (does the actual CC number no longer enter the POS at any point?) but consumers here are definitely having some growing pains with the new system and the current state of supporting both old and new systems.

With chip-and-signature cards it's much harder (as in currently not practical at all) to clone the card to use it at another POS (at least if the magstripe readers are finally switched off). Cloned cards are a much larger issue than stolen cards.

This is a sign of their incompetence. Period

Whose incompetence? The cinema? They bought a turn-key, off-the-shelf POS package from a vendor. How much control do you think they have over that system? Card processing starts taking a dump, and you would suggest that the minimum-wage cinema worker running the cards do...?

I'm referring to the payment network

Thank you for the clarification, and apologies for any inaccurate implications. As others point out, I'm willing to give a bit of benefit of the doubt if only because there are parts of the system (Comcast's business connection takes a dump, for example) that even the payment network doesn't have control over.

Though your post makes me wonder: do payment providers have SLAs, or do they just say, "you're locked in with our network and hardware, suck it up"?

The whole chip thing takes like 30 more seconds. I'm considering carrying cash to just save time.

To people down-voting him: he's right. In the US that's how long the chip part takes (for whatever nonsensical reason).

Correct. In the US, whenever I insert my card to use the chip, it takes forever (as you watch the Do Not Remove Your Card prompt). When I've used the same card for swiping (not using the chip), it completes right away.

What I love is you have to carefully watch the screen to pull the card out when it's done, otherwise it starts a really harsh a beep that's designed to prevent you from forgetting your card, but is just flat out obnoxious if you haven't.

And the screen's text are fairly similar regardless of what it's asking, and if there was some sort of error inserting it (damn things often trip before the card's fully inserted), then it makes the same gosh damned sound to remove it. I even had one beep to get my attention to not take the card out.

I feel awkward and foolish with it, since it's ostensibly so simple, but so inconsistent. Add in a watching-water-boil time delay, and it's just a great recipe for social anxiety. One wrong move can jam the works. (Like, I once pulled the card out too early when I heard it beep at a Target and the register had to cancel the order and restart.)

That's just really weird, because no where else is it that slow. I know others says 10 seconds, but it is much much faster than that. Here in Denmark tap to pay with credit card, well debit cards mostly, is practically instant. Honestly it's often to fast. I find myself think that I didn't pay because it to fast for me to register.

Tap to pay isn't what's slow in the US, it is the chipped cards that need to be inserted into a POS device. For whatever reason they are absurdly slow. That should be great news for NFC payment services though, Apple/Android pay seem like speed demons in comparison.

> it is the chipped cards that need to be inserted into a POS device.

Weird. In Germany, it's usually very, very fast (recently, using my Number26 CC, payment in three seconds including PIN entry, and ten seconds later I got the push notification on my phone).

But that may also very well be because it's rare here to see outdated terminals. Most retail chains change their card terminals every two or three years, because they listen to their customers who actively demand speedy transactions. Oh, and because stores usually don't own the terminals but rent them (cheapest solutions are at < 20€/month and terminal). Downside: CC fees for merchants can range up to 4%, most of it goes to the CC providers.

>CC fees for merchants can range up to 4%, most of it goes to the CC providers.

It mostly seems smaller merchants simply don't switch their acquirer to get cheaper rates and complain about "high costs". FWIW, credit cards are capped at 0.3% interchange (which is what the bank gets), debit cards at 0.2% since last year. Scheme fees for MasterCard/Visa are peanuts and even AmEx doesn't cost 4%.

For example see https://www.cashforless.de.

Visa/MasterCard credit and debit 0.98% German debit (girocard) 0.25%

That would certainly explain why chains like REWE actually set up their own card acquirer... and yes, with the cheap terminals I actually referred to C4L (disclaimer: not related by work, just a happy customer).

> But that may also very well be because it's rare here to see outdated terminals. Most retail chains change their card terminals every two or three years, because they listen to their customers who actively demand speedy transactions.

The only terminals in the US that take the chipped cards are brand new (because the cards themselves are new and the deadline to accept them isn't quite here yet). I don't know why they are so slow, but they are all brand new machines.

Race to the bottom. Realize that the chip is a computer and performs crypto functions. Slower chip = cheaper chip.

I asked the manager at the local grocery store why they had chip readers but didn't enable them. They want to be ready in case the system becomes less awful. He described exactly the problems mentioned here.

Just agreeing here and adding another point of data. Everywhere I've used my card there is a 30 second delay in the processing.

It's so slow that some vendors are electing to stay with swipes. It's evidently cheaper to eat the fraud than slow down lines by ~2x. It probably translates to adding 2x cashiers.

For example, the Wawa chain of convenience stores on the East coast are very good at moving people through the registers. Around 10-15s per transaction sustained throughput is common: one or two items, beep beep good day. If someone pays by check or chip, the whole thing grinds to a halt and everyone taps their foot.

I've seen some grocery stores with double grocery belts, so the cashier can start checking out the next customer while the first one is finishing payment, they just sweep a divider over so the groceries go down the next belt.

This was well before chip-and-pin, they probably did because of the slowness of writing checks.

Though maybe this is all moot with self-checkout since the store doesn't really care that much if it takes you a bit longer to check out. Especially if they can show you ads while you wait.

That's not inherent in the chip technology. Terminals in Sweden do the same processing with the same cards faster than you can blink. They also allow you to insert the card and enter the PIN while items are still being scanned. You just need to confirm the total amount and can directly take your card without waiting.

The chip also enables contactless transactions which is even faster.

New Zealand is the same. Processing is almost instant. It's infuriatingly slow in the US.

Top tip. If you damage your magnetic strip but the chip is fine, don't go to the Coromandel without another payment method. They don't have chip readers there.

I think it depends on the particular POS system. I'm in the US, and some stores let you swipe while your things are being rung up and others make you wait until the end. I also haven't had to wait a long time for my chip to work, but I haven't used it much.

My workplace cafeteria, located in Austin, Texas, just switched the registers to always use the chips on cards. The result: the lines are 2-3x as long, they have hired another cashier, and they have created a cash-only line in order to speed up the process. It's mind-boggling how slow the chips are. The cashiers have started doing two customers at once- while you are waiting for your card to validate, they are ringing up the next order.

It's not the chips that are slow but the card readers, networking technology and so. The same chip works much faster in many other countries.

Maybe; but it's been ages since I've seen a swiped card transaction go that slow, and the card swipe uses the same card reader hardware, the same network technology, and the same "and so".

As far as I know US banks use the same chip standard as European banks (EMV) and in some countries those transactions are pretty fast (in others less so).

The card swipe doesn't use the same reader hardware as the chip reading (well, it is in the device) and there is more processing going on with more round trips to the bank if using the chip. Likely different parts of the software are used both at the reader and the bank as well.

Does it? I don't recall it being much faster in Ireland or The Netherlands.

They do have the nifty portable readers, though.

>They do have the nifty portable readers, though.

Canada has them, too, and they're great at restaurants. Great for tipping since they just hand you the device at that point with common percentage options on screen (or the option to customize it).

The American experience of server collects your card, comes back with two receipts, mental arithmetic to figure out the tip, write it down on the receipt, hand the receipt back, and server types in the tip amount just seems clunky in comparison.

In general, though, I carry cash for tips since I know those probably won't be taxed.

Clunky and also unsafe. So easy for your card to be skimmed this way.

Always amusing to see confused Americans in Canadian restaurants, though.

Maybe. I don't own a US card but heard of such stories.

But I can tell you that my German card is quite slow in Germany (not as slow as US transaction though) but blazingly fast in Sweden, Denmark, or France.

You're paying for food at work?

Normally it's under 10 seconds for me with a chip and PIN debit card, the by far most common card payment method in Germany and the UK. Most credit cards here (Germany) are chip and signature, but they are used less commonly in stores. My credit card has a PIN, but I've never used it.

10, tops. But yes, it's slower.

> It seems to me that these alternatives (Chip & sign, chip and pin, carrying a credit card at all) all compete poorly with the "tap my phone to pay" offerings.

Apple takes a cut for "tap to pay". No one wants to pay extra middlemen.

> For reasons I don't understand, the credit card makers have spent many years bringing the new chip cards to market, they include much higher technology than ever offered before, yet the payment process takes much longer.

It took years to roll out chip and pin because no one wanted to pay for the new terminals (another expensive cost pushed on to someone). It takes longer to approve a transaction because of the challenge response implemented to reduce fraud.

> I do understand the fees though. The credit card brands and banks have worked themselves, through years of diligent effort, into a business where they can impose a kind of "tax" of 3% on most of the retail economy across the entire US.

This is being driven down by legislation.

Everything has a cost, and someone has to pay it.

That is not quite correct. Neither MasterCard nor Visa charge merchants any extra to use ApplePay. In fact, some merchant banks even lower merchant fees if they adopt secure payment methods like ApplePay.

MasterCard and Visa do pay Apple a minuscule fee (15¢ per $100.00, and less in Europe), however, it is smaller than the amount they expect to save due to reduced fraud from folks using ApplePay (and Apple apparently has also agreed to split some fraction of any fraud losses with them).

See also: https://en.wikipedia.org/wiki/Apple_Pay#Service

> Everything has a cost, and someone has to pay it.

In Europe, the interchange fee (what the retailer's bank pays to the card company) is limited to 0.3% for credit cards and 0.2% for debit cards. This came into effect sometime last year.

Are you sure that's not 3% and 2%? When you consider the banks are on the hook for fradulent charges the interchange fee is their buffer to cover this (plus the myriad reward programs most banks offer).

Yes, those numbers are correct, see e.g. http://ec.europa.eu/competition/sectors/financial_services/e... and http://ec.europa.eu/competition/sectors/financial_services/p... for an overview.

Reward programs always have been a bit less pronounced here in Europe and mostly have been reduced after the regulation of interchange fees.

Wow, it's almost as if capping the fees they can charge provides an incentive for the banks to aggressively pursue anti-fraud technologies that benefit everyone.

Naw, never mind this is the USA. Free market is all that matters.

My only problem with Apple Pay and the like is that my cards work perfectly fine and are simple to use. That and I keep forgetting to use it and then when I do I probably cannot.

With regards to merchant fees, I have actually had some merchants say they would be glad to take a check

If it didn't take so long most merchants prefer checks because there are no special fees on them.

As for Apple Pay, it becomes A LOT more compelling if you have an Apple Watch. All of a sudden instead of having to pull your phone out of your pocket you Press the button on the watch, move your wrist in front of the reader, and it's done.

I don't have an Apple Watch but I could definitely see using it for payments if I did. As it is, it's at least as easy and fast for me to pull out a credit card as it is my phone so I haven't seen a reason to pay with my phone.

Unfortunately it has the glitches that everything on the Apple Watch has. Double-press to pay... oh, wait, "Updating card information". Ok, I'll get the card out. Or you try it on the Tube and the barriers just flash "no go" at you, for some unexplained reason. Roll on watchOS 3.

Before I started using the watch I only used Apple Pay for novelty.

To be fair since I've gotten my watch Apple Pay is in WAY more places so I can use it on a regular basis.

I think Apple Pay would still win over the card for privacy (I'm REALLY tired of getting cards stolen) and speed over the current chip system.

> "tap my phone to pay" ... offers greater security than any of the above

I doubt the security is greater:

* Phones have a far larger attack surface and are regularly exploited.

* Confidentiality is part of security, and I don't want my purchases tied to the rest of my phone data and identity.

Not that I know the entire implementation but I believe the phone has secure-element hardware that decouples sensitive material from the rest of the device. Therefore, in theory, attacking “the phone” gives you no access to (say) a credit card number. This should be a relatively small attack surface.

Correct, even if IOS is root level compromised it doesn't matter, as the secure element is a self contained hardware security module:


What about Android phones, which are over 80% of the market?

Nope, most android phones (that I'm aware of) lack a dedicated HSM. The iPhone 6+ was I believe the first general consumer phone that shipped with a HSM. Being a linux guy through and through, it is/was the reason I got a 6+ and I couldn't be happier. It isn't perfect, but it is a huge improvement over most other things out there.

Motorolla has the horribly overpriced AME 2000 (ick), and Samsung has the knox platform built standard into most of their stuff (which is very good), but they lack a true HSM. If you're an android user and want a HSM for sensitive data, get one of the Microcrypt SD devices. It is as good as you'll get (and still not as good as an iPhone).

Apple Pay generates a unique credit card # for every transaction, ensuring a compromise of one merchants system will never end up in the ability for hackers to use your card for any other transactions.

Unique card # per transaction is the holy grail of security.

Your claims of somehow compromising confidentiality are also provably false.

> Your claims of somehow compromising confidentiality are also provably false.

What's the point of saying something is provably false and then completely leaving out any reference to that proof?

Then prove them as false?

There is a reliance on the security of the local device that isn't an issue with cards. Primarily this is more of a social engineering concern anyway, rendering most technical solutions useless.

Last year there was an article how Apple Pay was making it easier for scammers to use cards. I believe this particular vector was patched by having to authenticate that you are trully adding your card via bank authorization. However, Mobile Payment is susceptible to fraud and thieves will find a way.


That was a flaw in the process the banks were using to allow cards in the Apple Pay (without verification), not a flaw in Apple Pay itself.

> That was a flaw in the process the banks were using to allow cards in the Apple Pay (without verification), not a flaw in Apple Pay itself.

Agree. However, this does illustrate a point that safety concerns are valid.

Myself, I'm a proponent of mobile payment but I understand the inherited hesitation from some folk about security.

Technically, I don't think they're doing a unique credit card # for every transaction, it's just per retailer.

Neither of those statements are true. Read up on payment network tokenization.

Tap-pay with my Visa card is commonplace in downtown Toronto and faster and easier than doing the same with my phone.

It's enough faster than chip+pin to make a difference. But the weird thing about chip+pin is that it's much slower in NYC than it is in Toronto or elsewhere in Canada. I can see why these mobile-pay systems are gaining ground in the U.S. where chip+pin is poorly supported in the rare places that it's actually supported at all. And I don't see anyone tap-pay'ing with their cards here.

The infrastructure behind the tech makes a big difference for whether there's any room for mobile-pay to actually improve on credit-cards.

Both tap and chip and pin are so fast now in Canada that it's great. The US payment infrastructure is still mostly terrible. In many cases, even with chip cards it's chip and signature!

We don't have pins on our chip cards and as far as I'm aware, no bank is issuing CCs with pins with or without a chip. Debit cards use PINs, but bring a host of other liability problems to the user, and almost universally lack the rewards programs which consumers with good credit take advantage of (because hey, I get 2-3% towards travel expenses while paying the same).

> We don't have pins on our chip cards

That seems to be true, what I can't figure out is why.

Because the fees on signature transactions are higher.

Are you sure? The only information I can find that agrees with you is about debit cards, where PIN means it uses a different payment network. Credit PIN uses the same network as credit signature, so it seems unlikely the fees would be different.

I've been doing this with a MasterCard Paypass-based card for probably close to ten years? Now I have a Visa card that's payWave based, which is essentially the same thing.

The whole Android Pay/Apple Pay thing has been nice from a "more people have the terminal now" thing. But the card's tap function works so well, I can't imagine using my phone.

Here's the deal: Chip-and-PIN is slow to function because it is a two decade old technology. Modern "tap my phone to pay" (Apple/Android Pay) is a lot more secure thanks to tokenization and mandatory PIN/fingerprint use. It is the future, but it's not yet at 100% penetration. Banks can't issue you a new phone when you sign up for an account. So merchants and card networks are squabbling over how to evolve the baseline method of physical cards that will still be around for awhile.

There is no reason to think that the 2-3% tax is going away anytime soon once you understand the network dynamics. The key element that almost everyone overlooks, even people on HN building alternative payment systems, is that that tax mostly gets refunded to consumers via reward programs. It does not just go into Visa or the banks' coffers. They certainly take a healthy slice of it at scale but they key point is, they have aligned themselves with consumer interests. Reward programs keep consumers loyal to the "high tax" system, because the tax mainly goes to them.

This can be demonstrated very simply by comparing credit and debit usage rates. There is already a "low tax" payment method that has near 100% adoption in every consumer pocket and merchant register. It's called debit cards. They work exactly the same as credit cards at the register -- you can even sign for them (and it's no more expensive than PIN thanks to the Durbin amendment). Yet consumers still widely use credit cards. Why? Because no rewards. It's mostly merchants who would benefit from lower interchange fees, at least in the short run.

So this is why Apple Pay et al did not try to build a lower-fee system. It would have misaligned them with consumers. This might shed some light on why Bitcoin never had much of a chance as an alternative consumer payment method.

Tap-to-pay and chip cards all use the same standard, EMV. Most of the problems with chip cards in the US are because of incredibly slow terminals or applications on the smart card themselves. Since the terminals are much faster dealing with tap-to-pay I'm guessing their either just take forever to initialize the smart card, or it's the latter issue (application on the card itself).

I'm curious as to the experience of people taking EMV cards from the US to Europe, is it any faster than in the states on the same terminal hardware?

I've taken US credit cards to Europe (and soon Australia) and yes, they're noticeably faster there, even with the insert + PIN process.

So that leaves the bottleneck on either the merchant bank, the US card networks, the payment terminal or the retailers internet connection. Still a crapshoot to figure out where the latency comes from, but at least it's not the cards or the issuing banks.

My assumption is that it's the payment terminals. The US tends to have far more dated/low end terminals than I've seen elsewhere. I have a feeling that since retailers are forced to upgrade, they choose the cheapest, most terrible option they can.

I'm not so sure most of the fault lies with the terminals. In April 2016, Visa announced a software/firmware update to card terminals to speed up the awkward waits affecting chip cards [1].

But to your point I found chip terminal manufactuer that claims to have optimized the communications between the chip and the terminal [2].

[1] http://investor.visa.com/news/news-details/2016/Visa-Speeds-...

[2] https://cayan.com/insights/emv-doesn-t-have-to-slow-down-the...

Rewards are nice, but I use credit because I'd much prefer to use the float on other people's money. If my credit card is owned, I'm not out the money while the bank figures out what's going on. With debit, that money is gone until the investigation is complete.

> The key element that almost everyone overlooks, even people on HN building alternative payment systems, is that that tax mostly gets refunded to consumers via reward programs.

NNNNnno. 1) the price on everything is inflated 3% for what amounts to an archaic and insecure way to process transactions 2) It's not opt-in: that is, with few rare cases, I gain nothing, and in fact, must spend more money to not participate and 3) Even if I do participate, all I can hope for is, at best, 1.5% or so cash back. You might say, "Oh, well that's a fee for convenience and security. OK, then what the hell is that fee I pay for the card every year?

It's bullshit. Get rid of it. Make consumer credit illegal. People are too stupid, greedy and short sighted to consume it well.

None of those points actually refute the simple fact that most of the interchange fee gets refunded to consumers.

As for the theory that prices are inflated by interchange, there are two problems with it. One, reward card users don't experience inflation because most of the interchange is refunded to them. Two, when Australia regulated down interchange, it didn't actually result in lower prices.

> what the hell is that fee I pay for the card every year?

Most cards in the U.S. don't have annual fees. The ones that do usually offer enhanced benefits like richer reward programs.

In the UK at least, contactless payment with your card is pervasive, so Apple Pay and "tap and hope your finger is correctly aligned or you look like a muppet" is a worse experience than my card's much cleaner "tap to pay"

The London underground ticket barriers support both Apple Pay and contactless cards. Using Apple Pay is a guaranteed way to enrage everybody standing behind you in the queue. It's not fast enough. The fingerprint reader isn't perfectly reliable. And I am terrified of dropping my phone and it being trampled.

While the phone is locked, double click the home button and leave your thumb rested on the button for a second. It will set up an Apple Pay payment and leave it ready to go. It lasts for 60 seconds before requiring authorisation again.

So simply preload the transaction as you're walking to the barrier, then touch your phone on the reader. Usually it is fractionally faster than contactless cards.

The extra few seconds or so for a chip transaction don't really matter, as long as I have the ability to insert the card whenever I want, such as before an item is scanned. It's really annoying and unnecessary for a POS to reject an inserted card just because it's too early in the transaction process.

For me, the extra time isn't too much of a burden. It does take longer than a few seconds but that's not my beef with it. My beef is with the problem of "so, what do I do? Insert or swipe?"

Some places require inserting. Some places still use swiping. There's a swipe area and an insert slot. The cashier looks at you like you're new to using credit cards when you don't guess the right method, even though it's different everywhere you go. It's a mess and apparently the chip isn't even a requirement. Screw the chip.

Honestly, I thought things were a whole lot better (from a UX perspective) when you just handed the cashier the card and they operated the card reader for you. They know their system's idiosyncrasies; the customer doesn't.

I'm unhappy that stores have been pushing more and more cashier work onto the customer without adopting an industry standard UI for their payment systems.

I have just read a report of a trip to the US by someone from the UK. He was surprised how long it took to process a chip and pin transaction in the US, you don't notice any delay in machines in the UK.

NPRs Planet Money did a total fluff piece[0] where they talked about how slow chip cards were, and why they couldn't be adopted in the US because of the speed.

In Europe, even when being abroad (if that makes a difference), I have never had any issues with delays or payments, it only takes 1-2 seconds.

[0] http://www.npr.org/sections/money/2016/04/13/474135422/episo...

Could you provide more details about the UX when using chip & pin in the US? What is this "delay"?

Chip & PIN is quite prevalent up here in west coast Canada. Just wondering how our experience differs from yours.

Stick your card in the reader, wait tens of seconds until it tells you that you can remove it.

Compared to something like ApplePay where you tap and it's processed in a few seconds or old swipe where it's even faster.

Odd. We just got chipcards here in chicago and its consistently close to 30 seconds too, but not because of processing time—that usually takes three/four seconds, but for some reason we also have to tap through several screens on every transaction asking if you want cash back…if you approve the amount…if you want it all on this card…poorly labelled with "yes"/"no" buttons. Maddening.

Not sure about Chicago but in the Bay Area, you only get the cash back prompts when using a debit card, which also sets you up for additional fraud liability and lower rewards kickbacks. I'd suggest getting a chase sapphire or citi DoubleCash card. It'll be faster as well (no idiotic cash back prompts with every transaction).

This is inane advice. I'm aware of credit cards, thanks.

Tens of seconds is an exaggeration. In my experience it's max 10 seconds.

And that's assuming Apple Pay is recognizing your fingerprint or is coming up at all. Don't get me started if you have multiple cards linked to Apple Pay...

I'll tell you that Apple Pay is significantly better if you have the watch. Since the watch is already authenticated to your phone, there's no fingerprint mess. You just double tap the side button and hold the watch over the payment terminal, it taps you, and you're done. It's extremely convenient.

For extra oddness, Apple Pay is extremely fast everywhere I've used it except my grocery store. There it takes about 30 seconds. I have no idea why. The device tells me I'm done, but for whatever reason the software on the point-of-sale system doesn't decide that the transaction has been paid for for a surprisingly long amount of time.

I've timed it at the WF next door and it is ~13s. Not "tens", but significantly more than your "max" of 10.

In my experiences it's between 10 and 20 seconds. The places that haven't yet updated their terminals and still swipe cards are much faster.

That could be a communication problem between card terminal and network, not representing the average case.

It is not just the average case, it's the rule in the US. The same terminal will be fast for swipe and NFC transactions while being terribly slow for EMV.

I'm surprised nobody has mentioned caching. The terminals are likely slow either way, but they can cache the swipe and appear faster.

This is not possible via the chip which requires synchronous communication with the terminal.

I half-remember an article I read a long time ago about chip and pin cards that mentioned asynchronous communication with the mothership as a big win for the chip.

The example it brought up was that because the chip's identity could be verified through local communication with the chip, purchases could be logged at the terminal and synchronized at any point with the payment processor.

Is there something about the US payment processing market that makes that feature unattractive? Are businesses subsidizing more fraud protection than in other countries by making transactions synchronous and hiring more staff?

What do you mean cache the swipe? You can swipe and have a receipt in your hand before the chip cards tell you to remove your card. They are simply way slower. NFC is similarly speedy in comparison to the chips.

You wouldn't happen to have a link to that, would you?

> It seems to me that these alternatives (Chip & sign, chip and pin, carrying a credit card at all) all compete poorly with the "tap my phone to pay" offerings.

Sometimes I need to read comments like this to remind me that Hacker News is full of people who live inside the SF tech bubble where this sentence is considered a reasonable idea, and I shouldn't take HN too seriously.

I still have never seen someone use Apple Pay or android pay in real life. I live in DC. I've used Apple Pay for lyft but it's more annoying than uber just having my card on file.

I don't even know how to swipe my phone.

What's ironic is that the old school mag swipe cards are more convenient than Apple Pay but the new chip cards are so slow that it does open up a convenience gap for Apple Pay to gain mind share.

i would go so far as 80% of the places I go don't accept chip and anything. they all have little stickers on them saying "chip doesn't work, please swipe" or the equivalent. i'm pretty sure they don't even have a plan for implementing it.

Many of the chip enabled machines in the US I've seen are really slow; there local market has huge lines just after launch because the process was so much slower than the swipe.

The funny part is that this all works quite well in Canada. The chip and pin systems there are quick and completely painless. Send like the card companies in the US drug their feet for years, and then picked up some substandard contractors for implementations...

It's been years of improvement in Canada and we started much earlier. Chip and PIN used to be noticeably slower (but I wouldn't call it slow) but now it's very fast. Tap is instantaneous.

Wait until October. That's why liability flips from CC company to merchant for any non-chip transaction.

Most CC companies made the liability flip for POS terminals in October 2015, some even sooner. They all seem to have held off until October 2017 for gas pumps though. https://en.wikipedia.org/wiki/EMV#United_States

Gas stations, ahhhh. Gas pump UI and UX was terrible in the 90s and is a joke by modern standards. It makes me almost want to drive off when they make me decline to play the lotto and decline a car wash at the pump.

My understanding is that wall many stores have the hardware, their accounts haven't been set up for chip and signature because the banks and card networks have been slow in getting everyone switched over. So they had to pay for the new terminals, pay for the fraud liability since were past the cut off date, and they still don't get to use the new stuff. I think some people are actually suing the companies over that.

I took impute the US credit card agency's taking forever to deliver the US a safer card alternative like Europe's "chip and pin(EMV)" system to just plain laziness and a lack of desire to invest.

I believe Europe has had this chip and pin technology for something like 20 years so we just finally upgraded to 20 year old technology.

For some reason the credit card cabal decided that after all this time that instead giving the US "the chip and pin which would be compatible with the EU system they gave us "chip and pin" which incidentally takes much longer to process a card, and I am almost never asked to actually sing my transaction. You have to ask WTF on all this?

The rational I hear about why the US went with "chip and sign" rather than "chip and pin" is that they feared that US card holders if they have to memorize pin numbers they would likely stop using there other credit cards(lots of people in the US have 3 or 4) and just use the single one they decided to memorize. Memorizing pins was at odd with encouraging maximal credit card use.

There is definitely an opening in the retail payments market right now. The chip thing is a major problem for high volume retail. That extra time adds up in a very big way, just like latency in a network.

-Instead of getting quicker, payments just got slower

-Apple and Google have the credit card companies on to their payment platforms now

-Minimum wage moving toward $15+ an hour means cashiers need to double speed/efficiency

-Interest rates are extremely low, which means cash flowing transactions is cheaper for any party

The payment terminal is already being leapfrogged at Starbucks with mobile ordering. Retail stores could require identification and payment method in order to enter the store, and then bill you as you walk out using mobile sensors. This wouldn't be any more unusual than needing a membership to get in to Costco. The membership contract could over ride traditional payment transaction rules.

There are tipping points in terms of costs vs lost revenue but I suspect things are going to move away from cash and physical cards really quickly. Like Uber, rather than being a negative, this will be seen as a huge positive by the majority of users.

If 'tap my phone to pay' sprouted a confirmation window with the amount to be charged, I'd never use a card again.

Until the device that authorizes the payment is owned by me, there's always a great deal of opportunity for chicanery.

In Australia Paywave is much faster than phone payments. Anything under $100.00 and you just tap the screen with you're card, wait a second for approval then walk off, no signature or pin needed.

For a couple of years my debit card was paywave. When it worked it was excellent, though it seemed to fail about 20% of the time (I'd end up swiping). Then my bank removed it on their newer cards. I was sad.

We have "tap card to pay" in Denmark. If amount is below 200Dkk (30ish USD) no PIN is needed. Its very fast, very secure and our credit card fees for merchants, are much much lover.

A problem with this is that not everyone has a smart phone, and expecting someone to spend what can be a large sum of cell fees to make purchases is just not reasonable.

While I think the credit card companies in general are running something similar to a mafia protection racket, they are in fact providing value to retailers. By extending credit to consumers they encourage consumers to purchase more from retailers. The question for retailers is: "Does the 2.x% transaction fee cost more than the incremental revenue from customers buying on credit?"

That's a pretty limited view of the credit card value proposition. The credit part is, of course, what it is, but also important is the fact that most people have immediate and secure to all their cash (and credit).

Also, not to be discounted is that it's far from free to handle cash. The delay in settling credit card payments + apparently pretty heavy-handed practises around charge backs is probably a bigger problem than ~2% transaction fees are.

Agreed. I was just trying to point out that the % transaction fee is not just for the currency exchange, but also for the risk involved in providing a line of credit.

VISA does not offer credit. The issuing bank does. VISA is just a payment network that links consumers, merchants, and credit issuers. Actually it is a scheme that involves 4 parties[1].

[1] https://gendal.me/2014/08/09/a-simple-explanation-of-fees-in...

> Of course these few seconds don't matter that much per transaction,

Yeah they do. To the point that both Visa and MasterCard opposed even introducing chips for years. For that sole reason.

It's one of the main causes of the incredibly long delay the US has seen to their card security.

>It seems to me that these alternatives ... all compete poorly with the "tap my phone to pay" offerings.

I don't always carry my phone. A credit card requires no power supply either.

Of course cash is preferable to both.

My MasterCard is tap to pay and it's better than using the phone. Smaller lighter. I always have my wallet. Don't always have my phone.

The idea os needing my extremely unreliable and expensive phone that I don't have money to replace to make payments horrifies me.

As far as I understand, the phones rely on real crypto to verify transactions without exposing secrets to the merchant.

The chip and whatever cards despite taking 10 or more seconds are still just transferring the secret to the merchant. So once criminals figure out how to make copies they will be no more secure.

Not true, both chip and contactless are signing a challenge with a secret that doesn't leave the card.

> the "tap my phone to pay" offerings

Are generally wildly insecure.

See, all of these "you won't have to carry a card ever" schemes that involve tapping a phone seem to not care that people have other cards to care about. Why bother with all of this effort to move payments onto my phone (which has a battery that dies), when I already have a wallet with my drivers license, public and private health insurance cards, my public transport payment card and my swipe card to get into the office?

The problem is not that a phone is fundamentally better for this stuff, the problem is that you're yet to be provided a card-based alternative that works well.

For transactions under $100, card payments in Australia don't require authorisation (I'm unsure if this is a legal requirement, or if it's just a de-facto standard that most of our banks have adopted). You just wave the card and you're good to go - the payment processes using the same mechanism as tapping a phone so it's just as fast.

It's actually more convenient in most cases as many places don't have their credit card terminals right in front of where you're served, so the cashier has to walk over to a terminal. With a card, I hand it to them and say "just tap" - they handle the rest while I wait and talk with whoever I'm with (or check my phone if I'm on my own). With a phone, I'd have to walk over to the terminal, wait for the cashier to key in the pricing and then hope that Touch ID won't stuff up while I hold it near the contactless reader. I also can't check my phone while I'm doing that, because I need to use it to make the payment.

Tapping cards works so well and is so widely supported that I was able to live just fine with a near-destroyed debit MasterCard (and zero cash) for nearly six months a few years ago. The plastic was coming off and prevented it from being inserted into a terminal, but by 2012/2013 our retail sector had such widespread support for contactless payments that it didn't matter. For the purchases over $100 I made, I tapped and then entered my PIN.

Despite Australia being the highest users of contactless payments in the world (per capita, of course), Apple Pay has had a very slow launch here. It only works for Amex (which no one uses as no one accepts it due to high fees), and MasterCard/VISA cards for one of our big four banks. The banks aren't interested in dealing with Apple due to extra fees that Apple wants to impose, and consumers aren't pressuring the banks or Apple to make a compromise because the current experience is already good enough.

Maybe there's something "magical" that I'm missing out on, but I really don't get why phone-based payments are being so widely hyped. It's already a solved problem.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact