As a merchant, however (which I am), there is no chance I would accept this. None. Unless the issuers (that is, Visa, MC, Amex) drastically change their policies, which I don't see happening anytime soon.
Why? Because the issuers are very clear about a few things: When push comes to shove and it REALLY gets down to it, unless the merchant takes a physical swipe of the actual card AND has backup to prove it (i.e. an imprint of the physical plastic), the issuers will side with a consumer in the event of a fraud dispute.
So why, do you ask, do most merchants not bother taking imprints of the actual cards? Because a visual verification and physical swipe is usually enough (for 99% of cases). Instances of fraud via card duplication are rare, so it's usually not worth the hassle. But in some cases, it is.
My business runs large-ticket purchases though CCs (average is $2000), and we take super extra precautions when our customers buy from us. We take magnetic swipes, visually verify, AND take physical imprints.
We've lost several chargebacks because of lack of doing this. You'd be surprised how these little-known rules crop up when you least expect them. "Sorry, customer claims charge not authorized. Merchant doesn't have physical imprint. Chargeback approved." It's happened and we've been defrauded out of $thousands because of it.
The ONLY way we've been able to successful combat chargeback fraud is through the multi-layered approach.
Anyway, I know this is a fairly esoteric perspective and my business may be different from lots of others where this isn't an issue, but I have a feeling V/MC/Amex aren't going to get behind this.
They're very hard to clone (I won't say impossible, but attacks against EMV have not generally been of this nature) and the transaction records at both ends will tell you whether the actual, real card was there.
The liability is more clear-cut as a result. If the customer claims the charge was unauthorised, that's between the bank and the customer.
--edit-- of course with EMV cards Coin would no longer be possible or relevant. Neat product, only useful in a magnetic-stripe world, which is at least a decade behind the curve now.
Theoretically with EMV you could put all your credit-cards on one chip and the terminal will either choose a supported default or present you a list, but that would require cross-bank cooperation, never going to happen.
"Swipe" cards have been phased out years ago - you'd have to try hard to find a bank which will still issue one.
Specifically because you can no longer find ATMs which rely solely on the magstripe. Some banks have biometric fingerprint readers (where you put in your hand and it reads multiple fingerprints at the same time) in addition to the PIN code of the debit/credit card, and sometimes additional passwords.
My bank does not rely on biometrics, but in order to do any transactions, I have to enter a code generated by the bank which consists of three strings, which are prompted one at a time, displayed on screen mixed with other random and unrelated strings, so that someone peeking over my shoulder would not be able to match the button with what's on screen and finally, before the transaction is complete, the account's password. And that's with a chip.
The portable readers you can find everywhere still have magstripe readers in addition to the chip reader and will refuse to read the magnetic strip if the card contains a chip.
Those portable readers use either a 3g connection or standard dialup.
As for the physical "imprints", this is something that 30-somethings like me can barely remember.
Also related: there are no bills which can't be paid online. All banks accept them, unless specified otherwise (usually there are restriction after the expiry date). If you get a bill by mail (instead of email), you can just type the barcode. Or scan it, if you have a reader or a mobile phone with the bank's app.
The concept of getting bills by mail, and then mailing back cheques, as found in the US, is completely alien.
You hit on something though; in the U.S. there are tens of thousands of ATM machines all over. They all accept PIN numbers, and I "believe" magnetic-strip as well (not sure if they're doing fancy stuff too with built-in chips or not). It's the standard that everyone uses; debit card and credit cards alike.
To change that to support different tech, you'd have to upgrade all of the ATM machines, all of the credit cards, and all of the backend tech. That's a lot of coordination between banks/credit-card companies. On top of that you have POS systems in stores which are all magnetic-strip based as well, accepting PINs and/or signatures.
Any sort of switch would have to be phased-in over years and require a lot of buy-in. Unless retailers, banks, ATM providers, and credit card companies have a good business case to do so, they probably won't.
I'd imagine it would be easier for some other type of technology which displaces cards entirely, like phone-based payments, would eventually replace all of this. An idea like Coin augments the current "archaic" system and has the potential to take off. But outside of the U.S. it sounds like it won't work without modification.
And it is coming to the US too, in some form or other: Pretty much all the major banks have committed to introduce it (though in some cases chip + signature) by mid 2015.
I'm not saying the US isn't behind the times, but where else has a singular rollout of tech like this been done on a US scale?
Of course you can. Countries outside the US did it city by city, bank by bank.
In fact, the US is in the process of a gradual rollout of EMV cards now - a mix of chip+pin and chip+signature cards. The aim for when to complete the transition varies by state, bank, and type of merchants, but most aim to be complete by mid 2015.
There was no big bang switchover anywhere that has already made the transition to my knowledge.
The banks did rolling releases of chip and pin cards as people were issued new cards over a period of years before the switch was complete. When the first people got chip and pin cards there were no locations where they could use the pin.
And in the UK at least, it took a couple of years before you had to use the pin even when faced with a chip+pin terminal - you could keep opting to sign for a long time.
Doing a singular rollout of tech like this is stupid and unnecessary.
I think it took at least 5 years.
So yeah, non-trivial. And if (as it sounds like) the banks in the US have managed to offload most of their fraud problems to everyone else involved in the transaction, then there's probably little incentive.
"Chip and PIN was trialled in Northampton, England from May 2003, and as a result was rolled out nationwide in the United Kingdom in 2004 with advertisements in the press and national television touting the "Safety in Numbers" slogan. During the first stages of deployment, if a fraudulent magnetic swipe card transaction was deemed to have occurred, the retailer was refunded by the issuing bank, as was the case prior to the introduction of Chip and PIN. On January 1, 2005, the liability for such transactions was shifted to the retailer;"
Also note this bbc article suggesting a Feb 2006 deadline for not accepting signatures from cards that were chip and pin enabled.
I would guess the banks had been rolling out EMV capable ATMs well before 2003. Retail level EMV may have taken two years from trial to liability swith. Infrastructure changes would have pre-dated that by years.
I know EMV cards had been distributed to customers since the late 90s because I used to use mine for testing while I developed the software I wrote that ran several of the retailer systems in that Northampton trial :)
From a consumer perspective, it was virtually painless. The biggest change is that credit card transactions now require a PIN (assuming a chip card and chip-enabled POS).
The lack of chip card support in Coin effectively makes it a US only product at this point as most of the card-heavy countries have moved past mag swipe (or, are in the process).
Once a quarter of cards sport chips and a quarter of machines support chips, it's just a question of issuing new chip cards when old cards come due (or get lost/stolen).
The Chip and Pin machines have a channel to swipe. There are very few places where you hand over a card. For example, in the train stations, the machine to swipe a card is on the same side of the glass as the customer. The agent never handles your card.
So they might be more accepting of Coin (given that they don't see that it is different) than American businesses.
It's entirely possible that Coin may still be useless outside the US if most machines will reject your card's strip.
Also, as other people have pointed out, the US is moving to chip cards in a couple of years (2015). So this product already has a very short shelf-life.
It seemed like a completely unusable system for it's complete lack of any security.
(Particularly if you consider there are now live payment systems that use pretty much the same audio jack serial port hack as this one does to clone cards)
Thankfully, in Canada, everything is done via chips, so even with Visa purchases my card never leaves my hand (or at least, my sight). Restaurants bring the terminal to your table, they process everyone there, and then you're done. Sending your card away feels almost archaic now (and a bit patrician, which has its appeal).
1) They require you to register this "coin" device
2) They require you to add some banking account details
Now, if you were to "clone" someone else's card without their permission, the trail would lead directly to you...
I don't think so, there's also no way for anyone to trace the transaction back to them
The fraud you're speaking of is not limited to this technology; anyone could find and use a credit card they found on the ground if the merchant did not verify it.
[edit: Oh, and all my debit/credit cards are now paywave/paypass enabled, and they are all from the big 4/5 banks]
The Coin page doesn't mention this at all; does it have this? If not, it sounds like a step backwards.
"Australia leads the world in contactless payments, which have grown from almost zero three years ago to more than 35 million transactions a month and now account for 60 per cent of all MasterCard and Visa credit card transactions, according to Westpac."
The whole time I was watching the video, I was thinking "Huh - who swipes their card any more?!"
As usual there are variations between implementations, but underneath it's all good-ol' EMV :)
So I doubt that these could be supported easily by Coin, it requires various keys that the banks do not allow to escape.
If Coin do manage to get talking to banks about allowing wired or wireless EMV apps to be loaded onto a customer Coin card then that would be awesome. I predict that layers of bureaucracy and brand-management will prevent this.
But good luck to 'em if they try!
Commonwealth Bank, the largest bank in Australia is very soon releasing native Android NFC support and NFC style "smart tags" that you stick to the back of your iPhone.
This pretty much eliminates the need for any kind of "card aggregation". I wonder how quickly other countries will follow suite?
It's not about convenience, it's about security and reliability. That's the direction we need to take.
And it is about convenience - people are willing to accept the risk for the added convenience.
In Netherland, there's also one electronic payment system that does not require a PIN: the "chip knip" (chip wallet). You explicitly transfer an amount of money from your account to the chip (often about $20), and you can use that to pay. You still need to approve the payment by pressing a button on the machine, but if you lose it, you don't lose a lot.
And it probably works without a phone/internet connection, because the money is right there on the card and nothing needs to be verified on any server.
See some of the following case studies by the FOS that support the fact that the customer is not always liable even if the PIN is used:
Other than that, here in Europe, customers are protected by law from having to take on the liability. Varies by country, but basically it's a case of "you're responsible to see that nobody else gets to take my money, that's why you're a bank numbnuts"
It can actually be a bit tricky to use my company card to buy lunch at restaurants sometimes because "there's no chip".
Their FAQ says future versions of Coin will support EMV, but I'm not familiar enough with the hardware to know how difficult that is.
Would be good for those stupid loyalty/membership cards I guess, if you are good with explaining what the hell this weird card looking thing is and why it will work like the normal cards every single damn time you use it.
In theory, you could slam mastercard, visa, amex, credit, debit, whatever else you want, all on the one chip. Depending on the exact card and terminal implementation a transaction would either use the default application or get an on-screen display asking you which you would like to use. But you'd have to get the banks to load the app on there as there are sensitive keys involved.
That's not exactly the same as Coin - you couldn't pre-select which card to use in which situation, and you couldn't load them yourself. I suppose in theory you could have multiple EMV chips on a card like Coin and have a circuit-switching arrangement of some sort. There would need to be a way to embed them there and that would put a limit on things...
--edit-- about the stupid loyalty card things - in Australia I noticed most of them had started working on barcodes, and people had smartphone apps that gave them a menu and displayed the right code, pretty cool.
One, you may not be able to download the card app from one card and upload it to another. My GlobalCard fu is not well honed enough to tell you what ADPU you'd need to invoke in order to try, but it goes against the goals of the product to allow this anyway.
Two, if a credit card company provides you with an EMV card, it's got a private key loaded into the card, and may have even originally been generated on the card. It is outright not allowed under any circumstance to download that private key and upload it to another chip; that would be a major hole in the scheme.
Three, not all banks use the same crypto. Even if they all agreed to a single kind of crypto operation, different EMV chips have different performance characteristics when carrying out crypto operations. If the bank can't control the actual EMV chip any more, then they cannot control elements of their payments processing (e.g. session closure within a certain time frame). This problem is the easiest to solve of these three problems.
So, unless the banks get on board with allowing their apps and their keys to be provisioned on an already existing card, or provide some kind of proxy mechanism whereby an EMV card can delegate another card to act on its behalf (and imagine the security concerns with that) then this isn't going to happen.
I don't see the benefit to the banks for doing this. You're far more likely to see paypal succeeding in turning your phone into your wallet (and they are doing it) then you are to see Visa or MC allowing you to link multiple EMV cards into one.
Want to add some loyalty cards on the same chip? Sure!
Want to combine two different MC products? Sure!
Want to have Mastercard together with Visa or some local card network that we dislike? Nope, we don't want that so we'll not allow you to issue such cards.
Share branding? Are you CRAZY???
2) Yup, and combined with '1' this means that you'd have to get the banks to do it
3) You'd have to get some more cross-scheme standards about the crypto capabilities sorted out. I estimate we could have all the schemes in agreement by... 2025? Or is that optimistic?
The benefit would only be to the consumer, in the same way that Coin may benefit people, however any method of doing this with EMV would present some sort of extra attack surface and that's generally Bad(TM).
1. Chip cards do make this almost completely irrelevant
2. Supporting EMV is going to be tricky, because cloning those cards is also tricky (skimmers have spent hundreds of thousands on it and haven't figured it out).
3. Most membership cards, even ones that have magnetic stripes on them, actually use the barcodes on the card. Safeway, CostCo, Shoppers, etc. all have mag stripes, but they all use the barcodes. The Coin won't help you with a single one of them.
4. If, as a cashier, someone handed me a Coin and said 'It's okay, it's a Visa', I would say 'no'. No signature, no card number, no anything. There's no difference from my perspective between a person putting their Visa onto the Coin and a person putting someone else's Visa onto the coin, and I'm not going to start accepting obviously cloned cards regardless of who's holding it.
I actually called Visa about it and they told me that any vendor accepting Visa transactions is required by their contract with Visa to accept swipe transactions. She said it was there because the US was still rolling out chip and pin cards.
Note that a lot of places wouldn't accept credit cards in the first place (swipe or not), only debit cards.
Mainly because it would make my trips to Europe a lot easier, where many systems I've encountered won't work on some non-EMV cards.
If they get some sense and implement this on their lower-end charge cards, I'd be a pig in shit. I try to have this be the only card I use.
Chip-and-sig is almost useless.
Also, I'm a stingy bastard with the fabled Unicorn Card (Zync) that's no longer offered. I think any changes would mean a forced upgrade. I'm worried about a forced upgrade when the card expires too.
There are a handful of credit unions that issue dual C&S/C&P cards. It's a little harder to get one than an ordinary card, but probably worth it if you're traveling abroad. (I got one from Andrews.)
Surprised to hear it's next to useless, but not really surprising that it's less useful.
Shopping for a new bank, for many reasons.
 Technically: chip-and-signature rather then chip-and-pin. Also, you have to ask for the EMV but they're super friendly about it.
I had one chip & sig card that didn't work except in like one restaurant I went to. A couple of places I could use any regular credit card though. Ended up having to go to ATMs and carry cash, which is so uncommon that people think you're a drug dealer. :D
Flat 2% cashback cards are great. Rotating 5% category cards a great. Big signup bonuses are great.
I have a Chase British Air card I opened with a 100,000 mile bonus, plus a companion pass once a certain spending level was reached. Long story shorter, we opened two (one for me, one for my wife). Pooled the miles together. We have 220k miles and a companion pass. We're using this for 2 first class tickets from SFO to Europe in the spring. That is, literally, $25,000 in airfare.
Oh, and it's chip + sig :)
tl;dr Often annual fees are very worth it. And also often, an issuer will waive them in all or part.
Credit cards are divided by payment scheme's. Banks just issue cards for 1 of the scheme's eg. Mastercard or VISA, ... don't think Mastercard. In this field I don't think Mastercard will want their competitor on the same card. Even technically it's not so easy to implement for a payment processor (I work for a payment processor).
--edit-- and did you think us Europeans just rolled it out for shits and giggles?
In reality, much of your money is going to huge companies that supply their products, like Sysco.
And the EMV transition has been going on behind the scenes in the US for years too, so expect to start getting cards with a chip as your cards expire over the next couple of years.
Meaning shifted entirely to the consumer?
Under law in much of Europe, the consumer is not under much risk. In the UK (for example) the credit card provider is legally a party to the debt and has a responsibility to refund the consumer on demand if the consumer is willing to state (in a legally binding way) that the transaction was not authorised by them. Debit cards are governed by different rules that amount to much the same, though the legal protections are weaker.
There's a cap of EUR 150 consumer liability for lost&stolen (physically) cards up until you notify the bank; zero liability for lost&stolen cards after the time of notification, and zero liability for any fraudulent transactions if your card isn't lost or stolen.
Only UK law (and MC/Visa rules for UK) is a bit different, but another poster describes them below.
It is extremely common.
The cost of rolling out EMV was determined to be greater than the cost credit card companies paying for the increase in fraud and chargebacks out of pocket.
The first large chip and pin deployment was in France, in 1992. At the time, Eastern Europe was in economic chaos, and not really on the radar.
Which is why the poster above is warning about this; if there will be merchants out there who won't accept it, it's pretty much DOA as you can't replace all the cards in your wallet with it.
With that said, they require verification of the signature on the back of the card with the one on the receipt / screen.
In the event that the card is not signed, you are then allowed to require identification and the card must be signed by the customer before it is used.
Most credit card companies prohibit the "See ID" that some people put on their cards in place a of a signature.
But writing "See ID" on the back of the card and then using a completely different signature on the receipt is not acceptable as far as I know.
Now, this is all very hypothetical for many reasons, but generally it's my practice to follow cardmember agreements that I am, after all, agreeing to follow.
It's all very silly anyway given that online credit card transactions almost never require a signature.
Quite honestly though, once a thief has access to your card, you have other problems. If they're close enough to see it, they're likely close enough to duplicate it and leave you the card with you ever knowing.
If the signature is that concerning, then use one signature consistently for your credit card transactions that's unlike the one you use for anything else.
If you don't like that option, then you probably shouldn't be using credit cards currently offered.
Agree, SUPER clever idea. I'm wondering how this would work to make purchases _online_. I know, I know. I'd use my real card. But it strikes me as ironic that the big idea for this digital card is that I don't have to carry my 'analog' cards around. Unless I want to make a digital purchase. Then I need my analog card.
that's not true at all; have you been outside of any major city in america?
I've stayed in hundrends of small cities, from Ogalala, NE to Ozona, TX and Oatman, AZ, and used my credit cards for all kinds of purchases, from Kroger and CVS, to outlet stores, gas, local shops, small eateries, fast food places, restaurants etc.
Never had a vendor inprint my card.
With credit cards, unless there was a unique image on it then you'd often be able to guess from the number what the other card details should look like.
btw, it sounds like you should have had a lawyer handling some of those chargebacks, particularly if you had captured the driver's license info. We started using a (cost conscious) lawyer to deal with every chargeback and our win rate went way up. And by "dealing with a chargeback" I mean forwarding along our response on his letterhead.
We actually had Amex _negotiate_ with us over a chargeback once. I had no idea this was even possible -- they actually said "So how about we'll agree to split the loss. We'll cover half, you guys cover half." I had no idea that was even an option.
I'm in the UK and this is not really my area, so you'd probably have a better chance of verifying that than me.
A more convenient way of handling credit cards is a useless idea to me. What we need is a safer and more reliable way to handle transactions. Preferably one that doesn't rely on politically motivated monopolists.
It's just like any cloned card - I can easily make a blank white card with a copy of my creditcard's magstripe, and technically it will work in a swipe POS-terminal, but any merchant is required to refuse such a card, and recommended to detain the card and me, if it's safe to do so, or call the cops.
I carry 19 cards, of which 16 are essential. Some of them are not for swiping so they wouldn't benefit from Coin. The solution for me is a wallet that can hold 20 to 30 cards, but as far as I can tell there's no such thing.
* Costco membership card
* three loyalty shopper cards for my common stores (I need the physical card because none of the apps I've tried using that scan the bar codes work with store scanners)
* a card to pay for my train rides,
* bank debit card for ATMS
* business credit card
* personal credit card
* medical insurance card (this one would be easy to just use a photo of)
* AAA card (would be easy to use photo of)
* Zip Car Card
* Bus pass card for corporate shuttle
* Airlines MVP card (likely easy to just use a photo of, I think....though I'm not sure about speedy checkin).
* Access card for corporate office.
* Drivers license
I have about 25 other cards that I keep at home, like Library, more shopper perks cards (usually because they can lookup by my email address in store), etc..
This doesn't really help my wallet situation that much.
Soon to be one.
Also, I was a user of both Belly and Level Up for awhile. But the merchants around here have been finicky with the services and some of the shops I frequent stopped using them.
I'm surprised your loyalty cards aren't the smaller key ring ones. I have half a dozen on my keys and barely notice them.
I leave my AAA and Airline cards at home and pull them out when I need them for trips. Could probably do the same for your Zip Car card (unless you use the service multiple times a week or something) and other rarely used cards.
Last year my medical insurance company switched to paper cards which are much thinner and easier to deal with even if they're less sturdy. Same as my car insurance.
All that being said I still walk around with about a dozen cards in my wallet, so I can definitely sympathize. But I could probably edit out 3 or 4 right now and not really miss them.
The problem is that Coin doesn't really solve this. It only encodes credit cards; most of the other cards either don't have mag stripes or require other information on the cards than just what's on the mag stripe.
I do have a lot of the shopper cards available on key. But I run uber-light on my keys and shifting cards from one pocket to another doesn't really help me gain anything. Also, with the key-ring versions, I've shared them with my S.O. so we can keep all our groceries and loyalty points together so they add up faster for household items or discounted gas, etc...
The problem with leaving a card like Zip Card at home is I'm inevitably going to be somewhere that's not home and need a Zip Car.
Though because of the size I keep mine in my front pocket, also handy as I believe it lessens the chance of having it pick-pocketed.
EDIT: I should add that the main grocery store I shop at, you scan your card when you enter and are given a wand to checkout your groceries as you add them to the bag.
Also, I could elaborate more on why certain cards need to be with me, but I thought things like Costo & Zip Car were pretty obvious.
So the list of home cards:
* MTA Metro Card for when I'm in NYC.
* USA Cycling license for racing (they have an app now that I can use when I show up at races)
* Best Buy Rewards card (I know, I know....but they can look up by my email)
* Several complimentary coffee cards for Peet's coffee (Yeup, they are useless to me at home, but I got tired of carrying them around)
* Borders Reward card (ooops, looks like I haven't cleaned out my home stack in awhile)
* Amtrak rewards card (just need the number and website has this remembered)
* Local Library card (they can use my driver's license, but I can't use the self checkout, which is OK becasue the line isn't ever long and I don't use often enough)
* Library Card for the bigger city by me
* NSSA Press Credentials (only needed when attending certain sporting events - I grab this one as necessary)
* APIS Press Credentials (same as above)
* Bike Club Membership card (provides discounts at local stores, but they know me and I don't need it anymore)
* Panera card (I think I needed this at one time to access Wi-Fi or something)
* Card for my season ski tune & discount (though customized, I think they just look me up in the computer or remember my face)
* Season pass card to get into a apre-ski venue for free
* AMC Entertainment gift card (I go to the movies once/year, and everytime I forget to bring this thing)
* Safeway Card (only useful when I'm on the West Coast grocery shopping. I've since learned to use my Brother's phone number)
* EFTA racing license for mountain bike race series around here in the summer time.
* NEMBA Membership card (mountain bike related)
* Gift Card to another coffee shop
* Home Depot Gift card (exact credit card shape and size)
So, as you can see, I've optimized a good chunk out of my wallet , but it's not all the way there. Though a couple of my cards "could go" there's still about 12 or 13 essential cards I must carry with me.
I do have all of those cards scanned and stored in dropbox with 1password, but I don't have good 3g coverage so I carry them just in case.
I carry my fat wallet in a fanny pack. Not very elegant, but incredibly practical.
I'd love to have one with a classy finish and that would block NFC signals from leaking.
I ended up ditching all but essential cards and got down to five. One debit, credit, health insurance, license, and AAA.
Eurpean here. I was shocked to learn many USAian men keep their wallet in the back pocket. How do you sit on that?
Often you will spot them with a month's worth of paper receipts crammed inside so the poor wallet is about to burst.
It is just conventionally where a man's wallet goes in America--One of those things where you don't apply common sense because it's just "how it is" and you've never really thought about it.
What happens is you grow a dent in your butt, and get a lopsided spine. Yay!
I remember before I even had a cell phone myself and people in general still put their wallets in the back right, and it was cool to have a chain attached to it and hooked to your front right belt loop. I'd use my front pockets for all sorts of random crap, but I think I always had my keys in my front right. I've been really good about virtually never having lost a key in my life. I used to carry a pocket watch in my left.
Now I am faced with a pocket dilemma. I carry one phone for data and a 5s that I am using with a SIM (connected via pdanet/foxfi hotspot). So the two phones are taking up both front pockets! I'm currently either putting my keys in my jacket or in my back left pocket, which can potentially be quite uncomfortable to sit on. Would be cool if there was an easy way to flatten keys like a wallet.
Unlike the upper pockets, those extra two are in an area which you don't squeeze when sitting.
Thus my billfold must go in one of my rear pockets.
The keys and money clip are distinct enough that I have no problem pulling out the right thing. And the keys are not going to damage the money clip like they would damage the phone.
Also, with the fitted slacks it's harder reach past the keys to the money clip or vice versa.
I think I'll be able to get down to about 8 essentials, and hope I don't forget the others when needed.
It's paper thin, but strong enough that it hasn't fallen apart after years of use. It only has 6 pockets though, so it's not going to separate all of your cards.
Thinking out loud here... could you make the use of the Coin card dependent on being within range of your bluetooth enabled cell phone. If the card knows that it is being swiped (not sure if it does)... then the in-range phone could know and send a msg to the CC company with the shared secret saying "yo, it's legit". Now a thief would have to steal both the phone and the card for it to work. I'm sure there are a million holes in this, but just putting it out there.
Similar concept could work regular CC's as well. CC company comes up with "card swiper 2.0!" and deploys them to merchants. I as a consumer get some incentive from the CC company to register my device with them. When my card get's swiped at a merchant... card swiper 2.0 tries to detect my device. If it sees it, great, lower chance of fraud. If it doesn't, give me a ring to see if I'm aware that my card was used or deny the charges. Might help the triage the sheer number of transactions out there for what's fraud and what isn't.
On the other side of it, I love the idea, and the only way to get merchants and card companies to begin changing their policies is for someone to be first through the door. This will not work for all situations at first, but if it proves popular it could easily sway these policies. Imagine some of the possibilities. Just as an example, imagine getting a pre-approved credit card offer in your email, then having the new, swipeable card instantly downloaded to this device after a few verification questions. Credit card companies that worked with Coin could gain an instant competitive advantage in the cut-throat credit card marketing business. This could also revolutionize the loyalty card business.
Typing in the last four on the coin completely bypasses this anti fraud measure since the last four will always match on the coin because the digits it displays come directly from the magnetic stripe data.
Cool product. I want it to work, but I fear it won't be widely accepted.
That said, if they were to license the visa and mastercard logos for it, that would probably be enough to get it accepted during most transactions by cashiers who aren't savvy or don't care.
I have seen flat cards without numbers that would be impossible to imprint.
Given your large average ticket, it makes sense to be extra paranoid and take an imprint (mostly to avoid scammers), but certainly doesn't apply to 99% of merchants.
I don't think this would be a roadblock for them. Unless, of course, Visa/MC/Amex finds some obscure legal clause (or technical way to detect the different card) to shut them down.
If this becomes more widespread coin will have problems.
If they want to book it as 'card present' transaction, then they have to follow the 'card present' guidelines - which, by coincidence, would require them to see the actual card, not just it's magstripe data in some fancy device.