So, I caught a bit of discussion on this on (I think) NPR recently. I wasn't paying close attention, so please apply grains of salt liberally...
Chip+sig, I believe, still hashes/tokenizes the card number when it sends it in. That doesn't necessarily protect the integrity of that particular transaction, but it *does* prevent usable card information from being captured and then re-played elsewhere. So it is more secure in the big picture than the mag stripe. The reason given for not going to chip+pin, as I recall, is that the card companies are looking towards the next generation of tech (and if they said what it was, I don't remember), and are basically planning to leapfrog over chip+pin to whatever is coming next. Sorry for the scant details and lack of critical analysis, but it's what I've got. Oh, and this article lists out some places that are offering PIN support for chipped cards: http://creditcardforum.com/blog/chip-and-pin-credit-cards-usa/ -- Christopher Manly Coordinator, Library Systems Cornell University Library Information Technologies c...@cornell.edu 607-255-3344 On 2/3/15, 12:14 PM, "Tom Perrine" <tom.perr...@gmail.com> wrote: >I've been trying to get CHIP+PIN from *anyone* in the US since a trip >to EU 2 years ago. There is a DoD CU in MD that will issue them, and >that's all I ever found (as of last summer). > >My latest AMEX came with CHIP+sig, that was 2 months ago. There was >no indication in the letter or any printed material with the card. > >$spouse just got her AMEX today. There's an included letter that talks >about the card being CHIP+sig. > >You may have noticed all the new POS terminals that have a slot under >the keypad. In speaking to people behind the counters, most have said >"there's a big software upgrade coming this summer to support that". > >One restaurant said that it had been activated, and I was able to >CHIP+sign. But I signed a paper receipt just as if I had swiped. > >CHIP+sig still probably won't be good for buying train tickets and gas >from unattended kiosks and stations in EU. > >Why *anyone* would want CHIP+sig is beyond me. All of the expense of >the infra change and none of the benefits. > >I've heard it has something to do with who (card holder, merchant, or >bank) is responsible for fraudulent charges, which might explain the >whole problem. > > > >On Mon, Feb 2, 2015 at 1:15 PM, <berg...@merctech.com> wrote: >> In the message dated: Mon, 02 Feb 2015 11:46:28 -0800, >> The pithy ruminations from David Lang on >> <Re: [lopsa-discuss] NIce Fraud alert system - American Express> were: >> => On Mon, 2 Feb 2015, Peter Loron wrote: >> => >> => > Yep, AMEX is usually pretty on the ball WRT fraud. >> >> That's been my experience too. >> >> => > >> >> [SNIP!] >> >> => > >> => > The EMV isn't perfect, but it does reduce fraud. >> => >> => Does it make any impact on online/phone purchases? >> >> +1 to AMEX for fraud detection. >> >> -100 to AMEX for online/phone purchase fraud prevention. >> >> Many years ago, AMEX used to offer (free!) virtual credit card numbers >> called Private Payments. These were good for one-time use, with a >> capped-maximum and 30-day validity. The "card" could be generated >> on-demand after logging into the AMEX site. This was a terrific way to >> handle on-line purchases. Then they dropped the service. >> >> Mark >> >> => >> => David Lang >> => >> -- >> Mark Bergman >> _______________________________________________ >> Discuss mailing list >> Discuss@lists.lopsa.org >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ >_______________________________________________ >Discuss mailing list >Discuss@lists.lopsa.org >https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss >This list provided by the League of Professional System Administrators > http://lopsa.org/ _______________________________________________ Discuss mailing list Discuss@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
