Chip and Pin, Pin and Chip, No Matter What You Call It, It Is A Failure! Enter Consumer Payments Done Right: Contactless payments (Courtesy of Apple) !


Starting in January 2016, I started seeing terminals like this below:

This European and Asian System has been used for years. While the system is supposed to be very hard to counterfit it does not mean that it cannot be counterfitted. It won’t be rolled out in the US in its complete form for several years. It seems that the American Public needs to have this new system hammered into its psyche.

Have you wondered why they started rolling them out in January 2016? First off… the Christmas shopping season was over. Can you imagine if the US economy dumped because of the forced insertion of this technology into our culture? People are having a hard time using it now… just imagine people trying to buy their Christmas presents with these things!!! Well, aside from a total consumer melt-down, think about this… due to the new laws passed by Congress… unless a retailer has a “chip and pin” system… if there is fraud… the liability shifts from the banks (who are charging up to 30% interests on some credit card accounts) to the retailer itself. Hmmm liability works wonders when it comes to social engineering our financial system!

Well, my first complaint is that the retailers have thrown the system out there without any training. New “C&P” cards were issued before current cards expired… PINs were given out…and nothing was said. People went into stores and saw the terminals above… and they did not know whether to swipe the card or insert it. All the retailers had a different story … as no two retailers have the same payment processing company. At one store you would insert your card only to be told that it was not ready and you had to swipe. At the next store, you attepted to swipe and got remonstrated by the clerk for not being smart enough to insert a card.

As as aside… any of you been to Walmart? OMG… when you insert your C&P card… it makes the most annoying raspberry sound… theoretically… Walmart does not want you to forget to grab your card on the way out… but personally I think it is just a hazing sound for being so stupid to buy eveything from Communist China and slit our own economic throats!

While the “C&P” cards are supposed to be more secure than the old “Swipe” and run cards, as I just mentioned, most of us are stymied about how to use them properly. Also, at the moment… the payment processors have only implement the chip part… not the pin part. With only the Chip part, people are still able to sign for their purchases. If somebody stole your “C&P” card, they could simply forge your name on the pad. Not much of an improvement really.

Most people are surprised that the new “C&P” cards are just as insecure and crappy for on-line purchases. You go to amazon… and an older magnetic stripe card works the same as a new “C&P” card. They are identical. If the old card could get scammed… a chip does not do anything for you and you are just as at risk as using the old card. Even when the new “P&C” cards swith to using PINs instead of signatures for their authorizations… I still don’t think I will be trusting their technology. A PIN number can be obtained through the theft of the card in the mail or obtained via social engineering.

Let’s shift to talking about ROLLOUT. The payment processors had a pathetically small amount of capacity in their data centers to process these payments. In the early stages, a simple purchase sometimes took up to a minute to complete. All the clerk could do was apologize while you secretly played the Jeopardy game show theme in your mind. One would think that the payment processors would have adequately provisioned their technology for the start up. I have to admit, that things got better around the month of March.

There is a big difference between the old style cards and the new “C&P” cards. The old cards sent very little data up to the processor… and they got a small confirmation back via the payment terminal. The new cards require multiple communications with the servers…. both up and down. While an average weeknight might not be bad to shop at Target, It may be a different story at Christmas Time 2016! Can you imagine being 20th in line at Walmart… all backed up… because each Chip and Pin transaction is taking 2 minutes? All the up and down traffic… and the fact that there is such a large holiday transaction volume… will upset customers everywhere! Ha ha… it is enough to make you shop on-line for your Christmas gifts this year! One can only hope that people who provision the payment processors with data connections and servers figure out what is going on…. and make sure that they have the capacity to handle a busy holiday season. Of course, a store like BestBuy has faster point-of-sale terminals than a “Mom and Pop” family restaurant does. It will all even out… hopefully.

So, if you have understood what I have said so far, you see that we are in for some tough times. Humans don’t like change and we got it once in January…. and more is coming when we ditch the use of the signature for a PIN. Is there a better way to handle paying for our purchases? I think so. The buzzwords are “Contactless Payments”.

www.investopedia.com defines Contactless Payments as follows:

Contactless payment is a secure method for consumers to purchase products or services via debit, credit or smartcards (also known as chip cards), by using RFID technology. To make a contactless payment, a person simply needs to tap their card near a point-of-sale terminal – leading to the nickname “tap-and-go”.

While I don’t advocate the classic style of Contactless Payments that enable “tap-and-go”… because if a credit card or ATM/Debit card is RFID equipped that brings on other security issues. I like the idea of using your smartphone to act as your payment vehicle. Enter Apple Pay !!!

www.wikipedia.org describes Apple Pay in this way:

Apple Pay is a mobile payment and digital wallet service by Apple Inc. that lets users make payments using the iPhone 6, 6 Plus, iPhone SE, and later, Apple Watch-compatible devices (iPhone 5 and later models), iPad Air 2, iPad Pro and iPad Mini 3 and later. Apple Pay does not require Apple Pay-specific contactless payment terminals, and can work with existing contactless terminals.

I have an iPhone that lets me use Apple Pay…and I have an Apple Watch which lets me use Apple Pay as well. Why do I like Apple Pay so much? Simple… security. Due to the “secure enclave” built into Apple Pay compatible iPhones and Apple Watches, nobody can get to the actual data. The phone has to be authorized via fingerprints and the Apple Watch won’t make payments until it is in contact with human skin and a secure code is entered into the watch.

www.wikipedia.org explains why Apple Pay is so secure:

The service keeps customer payment information private from the retailer, and creates a “dynamic security code […] generated for each transaction”. Apple added that they would not track usage, which would stay between the customers, the vendors, and the banks. Users can also remotely halt the service on a lost phone via the Find My iPhone service.

To me, if you keep information from the retailer/e-tailer then if they get hacked… my financial information does not get put up on the auction block with that of millions of other customers.

I have to admit, I fought using Apple Pay… but tonight, I gave it some thought. That is why I am writing this blog entry. I registered my cards for Apple Pay and my banks that I use support it. I am giving it a go… if you have the tehnology too, are you going to try it?

If you have comments on this blog entry or found this useful, please leave a comment.

Advertisements

~ by Rick Andrade on August 23, 2016.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: