http://www.ft.com/cms/s/0/ed0e615c-698a-11dd-91bd-0000779fd18c.html

In the UK nonetheless, but it seems that Chip and PIN may have already been compromised. Canada is aiming for full implementation by 2010... may be too little too late by then.

10 years behind.... like our chip credit card and 3G phones, other countries already have used these and about to move on.

The UK's implementation of chip and pin wasn't very well done. It seems to have mainly been done to protect the banks, rather than the consumer.

Hopefully they do it properly here. We'll see.

I'm in the UK right now. Major PITA using a Canuck CC. People look at you funny when we explain that we'll have to swipe and sign. Are there any Canadian CC's that already have chip and pin?

I'm in the UK right now. Major PITA using a Canuck CC. People look at you funny when we explain that we'll have to swipe and sign. Are there any Canadian CC's that already have chip and pin?

All RBC Visa cards around Canada, starting from August have the Chip and PIN.

Cheers, unknown

I'm very concerned about this system. I just got off the line with my bank and they mentioned that I won't have a choice and will have to use the Chip and Pin card.
Does anyone know which cards will still go with the old system?

I'm very concerned about this system. I just got off the line with my bank and they mentioned that I won't have a choice and will have to use the Chip and Pin card.
Does anyone know which cards will still go with the old system?

I just got an MBNA card in the mail yesterday, it did not have the chip. TD cards have also not been switched over. CIBC and RBC are transitioning to the new system, and all new cards have them.

Honestly, nothing is foolproof these days. Chip and PIN will be more secure for us than the simple magnetic strips for now at least. If anything, they can still copy your magnetic stripe and just use it at stores that don't have the chip terminal, or in the US, where they haven't began the movement to Chip and PIN.

With one of these cards-at least you can control your card, you insert it yourself in the terminal- don't let anyone swipe it.

If anything, they can still copy your magnetic stripe and just use it at stores that don't have the chip terminal, or in the US, where they haven't began the movement to Chip and PIN.

The problem I have is that there is a paper trail and a signature that would not be mine should someone copy the magnetic card. However, now with the Chip and Pin, there would be no proof that I did or didn't use the card. It will be my word against the bank should any fraud occur. The lack of a paper trail for evidence is my biggest worry.

Now I know that many transactions are already occuring with a paypass/no signature system, but they are for small transactions. But should someone copy my PIN card and by $5,000 worth of stuff at Future Shop, I can be on the hook for it and according to the updated Visa Cardholder terms and conditions, I'm on the hook for all PIN transactions, even if it's fraud, Unless PROVEN otherwise.

From the updated terms on CIBC's website:
http://www.cibc.com/ca/pdf/visa/chip-pers-en-2008.pdf
If a Cardholder fails to comply with any obligation
in the Section entitled “Personal Identification
Number (PIN)” and someone other than the
Cardholder makes any PIN-based Transactions on
the Visa Account, the Primary Cardholder will be
liable for those Transactions and any interest, fees
and losses incurred, to the maximum extent
permitted by law. This applies regardless of
whether: (i) the Transactions occurred after a Card
was lost or stolen; or (ii) the Transactions were
authorized by a Cardholder or not.

WOW I had no clue you would be liable for the all purchases used with the chip and PIN cards. I like paypass. Fast for small purchases and the card doesn't leave my hands.

I don't know why they can't put a photo of the cardholder on the POS terminal in this digital era?

Better still, why not a finger print reader?

I'm sorry but I refuse to give my finger print to all the merchants out there. There are shady merchants as it's not that difficult to be a merchant.

The problem I have is that there is a paper trail and a signature that would not be mine should someone copy the magnetic card. However, now with the Chip and Pin, there would be no proof that I did or didn't use the card. It will be my word against the bank should any fraud occur. The lack of a paper trail for evidence is my biggest worry.

Now I know that many transactions are already occuring with a paypass/no signature system, but they are for small transactions. But should someone copy my PIN card and by $5,000 worth of stuff at Future Shop, I can be on the hook for it and according to the updated Visa Cardholder terms and conditions, I'm on the hook for all PIN transactions, even if it's fraud, Unless PROVEN otherwise.

From the updated terms on CIBC's website:
http://www.cibc.com/ca/pdf/visa/chip-pers-en-2008.pdf

It goes on to say :


However, if PIN-based Transactions are made by
someone other than a Cardholder and there was
nothing that the Cardholder reasonably could
have done to prevent the PIN’s use, the Primary
Cardholder is not liable for those Transactions nor
for any interest and fees resulting from them.
Also, the Primary Cardholder is not liable for any
PIN-based Transactions that occur after we receive
written or verbal notice from a Cardholder that
the Card was lost or stolen nor for any interest
and fees resulting from such Transactions.


Nothing to see here move along. It's just saying store your pin in a safe place or you're on the hook.

It goes on to say :


However, if PIN-based Transactions are made by
someone other than a Cardholder and there was
nothing that the Cardholder reasonably could
have done to prevent the PIN’s use, the Primary
Cardholder is not liable for those Transactions nor
for any interest and fees resulting from them.
Also, the Primary Cardholder is not liable for any
PIN-based Transactions that occur after we receive
written or verbal notice from a Cardholder that
the Card was lost or stolen nor for any interest
and fees resulting from such Transactions.

The bolded part is a pretty big grey area.

Again, there is no paper trail to cover this. I'm afraid it will be as bad as debit cards. Personally knowing many who have had debit cards comprimised and seeing first hand the aggravation, wasted time and costs associated with fighting the banks to prove you didn't authorize that transaction, Chip Cards will be a problem

It says that it has to be a chip and PIN transaction to render you liable... so if a thief copies the magstripe and conducts a magstripe transaction, it will not make you liable since there was no PIN involved. This would also be the case if someone tried to conduct a Card Not Present transaction (e.g. an online transaction).

I thought that the banks took the same stance with today's mag stripe only cards... we are liable if someone conducts a PIN-based transaction with the card (e.g. withdraw money from an ATM). Or is my supposition incorrect?

I'm very concerned about this system. I just got off the line with my bank and they mentioned that I won't have a choice and will have to use the Chip and Pin card.
Does anyone know which cards will still go with the old system?

???

Why would the bank give you a choice as to what kind of security system you want on your credit card? In any case, even though it's not perfectly infallible, it's extra security. Why would you not want extra security?

I have the new RBC Visa, and on multiple occassions in restaurants, the card has been denied because the person doesn't know what to do with it :confused:

???

Why would the bank give you a choice as to what kind of security system you want on your credit card? In any case, even though it's not perfectly infallible, it's extra security. Why would you not want extra security?


Because it's not extra security. It's just a way for the Banks and Visa to reduce their fraud payouts by shifting the responsibility.

Face it, Chip Cards have been comprimised for many years (Satellite TV cards, story about the Chip Cards in UK). So why go from one comprimised format to another?? So the paper trail is gone and the banks can deny fraud payouts by saying, "The technology is 'foolproof', therefore, you used the card and you are on the hook for a $5,000 purchase from Future Shop", even though you didn't use it.
Otherwise, why would the terms of service be updated in such a way.

I have the new RBC Visa, and on multiple occassions in restaurants, the card has been denied because the person doesn't know what to do with it :confused:

Exactly my problem. So many stores have no idea how to use the card.

Exactly my problem. So many stores have no idea how to use the card.


I also have RBC VISA Gold and today I received my new PIN & CHIP Card. The accompanied guide says that the restaurants and other establishments which do not have the new technology, they can continue to 'swipe' the card as in past and you have to sign the receipt till such time these establishments switch over to new technology. Hence, I do not think there should be any problem in the transition phase. I have not yet tried my new card but would post here my experience.

Because it's not extra security. I would disagree and say it is additional security. Credit card companies and banks needed to do something since mag stripe security is non-existent and anyone with a reader could copy the information. Mag stripe was developed in the 60s and credit cards needed an upgrade.

Is it foolproof? Of course not, nothing is. But this system is definitely better than the current mag stripe set-up.

The signature system was useless, clerks do not check signatures most of the time. I am not even sure if the paper trail is even kept by the vendor or in the event of fraud does the Bank actually check the paper trail?
It's just a way for the Banks and Visa to reduce their fraud payouts by shifting the responsibility. Somewhat correct. It is Europay/Mastercard/Visa's way of shifting the liability to Bank and/or consumers away from EMV. Now the Banks and consumers need to be more diligent in their actions.

Face it, Chip Cards have been comprimised for many years (Satellite TV cards, story about the Chip Cards in UK). So why go from one comprimised format to another?? So the paper trail is gone and the banks can deny fraud payouts by saying, "The technology is 'foolproof', therefore, you used the card and you are on the hook for a $5,000 purchase from Future Shop", even though you didn't use it.
Otherwise, why would the terms of service be updated in such a way.
Not quite but I hear what you are saying. From wiki:
Decreased liability for banks

A common criticism of the Chip and PIN implementation is that it was done to reduce the liability of banks in cases of credit card fraud, by putting the burden of proof on the customer to prove that their PIN was compromised, rather than on the bank having to prove that the signature did not match....... However, the financial institutions are still bound by The Banking Code, which states that the burden of proof is on the bank to prove their claims of negligence as opposed to the consumer having to prove his or her innocence. [3]The bolded part is important.......

It should be interesting to see if fraud does decrease. France was very successful but with Canada being slow to transition to full chip and PIN (they are still using mag stripe as fall-back), I don't think it will.

The signature system was useless, clerks do not check signatures most of the time. I am not even sure if the paper trail is even kept by the vendor or in the event of fraud does the Bank actually check the paper trail?
There is a papertrail that the merchant must keep and banks ask all the time for a copy of the sales slip in cases of disputed purchases.

Decreased liability for banks

A common criticism of the Chip and PIN implementation is that it was done to reduce the liability of banks in cases of credit card fraud, by putting the burden of proof on the customer to prove that their PIN was compromised, rather than on the bank having to prove that the signature did not match....... However, the financial institutions are still bound by The Banking Code, which states that the burden of proof is on the bank to prove their claims of negligence as opposed to the consumer having to prove his or her innocence. [3]
My point exactly. (Even though I hate Wiki as a source). The issue now becomes that this goes against the new Terms and Conditions of the Chip Card where:
If a Cardholder fails to comply with any obligation
in the Section entitled “Personal Identification
Number (PIN)” and someone other than the
Cardholder makes any PIN-based Transactions on
the Visa Account, the Primary Cardholder will be
liable for those Transactions and any interest, fees
and losses incurred, to the maximum extent
permitted by law. This applies regardless of
whether: (i) the Transactions occurred after a Card
was lost or stolen; or (ii) the Transactions were
authorized by a Cardholder or not.

There is a papertrail that the merchant must keep and banks ask all the time for a copy of the sales slip in cases of disputed purchases.


My point exactly. (Even though I hate Wiki as a source). The issue now becomes that this goes against the new Terms and Conditions of the Chip Card where:

I already pointed out that the two paragraphs go together. In other words that paragraph only applies if you give your pin out to someone.

However, the financial institutions are still bound by The Banking Code, which states that the burden of proof is on the bank to prove their claims of negligence as opposed to the consumer having to prove his or her innocence. [3]

I just looked this up and it looks like this is only in affect in UK as "The Banking Code" is UK law.

Exactly my problem. So many stores have no idea how to use the card.

Because when you swipe the card at the new chip and pin enable terminal, the machine will ask you insert the card into the machine not swipe it. So many people don't know how to do it. so that's the problem. In addition, some customers fogot the password, so the transaction cannot be completed.

This thread is confusing me. Since when is Chip & PIN being put on credit cards? I have always been under the impression from the banks it is for debit cards only.

I don't see how chip & PIN could be implemented on credit cards without them totally throwing away PayPass / PayWave, which is finally starting to catch on. After all, what are you going to do, wave your wallet for paypass, then have to enter your PIN anyway? What was the point of the paypass then?

I'm very concerned about this system. I just got off the line with my bank and they mentioned that I won't have a choice and will have to use the Chip and Pin card.
Does anyone know which cards will still go with the old system?
I agree with all of xstatik concerns.
I might switch my everyday card to whoever is left on the old system; until they're all gone.

I agree with all of xstatik concerns.
I might switch my everyday card to whoever is left on the old system; until they're all gone.

Reality is all banks are converting in 2009- they will automatically replace your cards. Yes, your card may have an expiry date in 2011 for example, but they will still mail you a replacement.

The general trend is to try and shift the onus to the consumer. But at the same time, look at debit card fraud and in general everyone gets reimbursed. Yes, it's a PITA, but you still get your money back in the end.

The article I posted did not necessarily say whether Chip and PIN cards have been duplicated, like the chip, but that fraud has occured on them. Fraud with Chip and PIN is still very possible by online purchases and signature based transactions- and the rigged terminals might just have gotten that information and not necessarily duplicated the chip.

Also, from what I understand, the chip has a "transaction" count on it, it knows how many transactions have been PIN-initiated, and every time a transaction is processed, it is compared to the bank's database, and if it doesn't match, it gets rejected. This would eliminate the possibility of a duplicate chip card in circulation. This is what someone in the industry told me, so take it for what it is.

And in theory, once the full conversion has been made, people will probably just resort to more crude tactics while they work on a way around the system. Stealing cards, robbing people for them, for example.

From CIBC:

If a Cardholder fails to comply with any obligation
in the Section entitled “Personal Identification
Number (PIN)” and someone other than the
Cardholder makes any PIN-based Transactions on
the Visa Account, the Primary Cardholder will be
liable for those Transactions and any interest, fees
and losses incurred, to the maximum extent
permitted by law. This applies regardless of
whether: (i) the Transactions occurred after a Card
was lost or stolen; or (ii) the Transactions were
authorized by a Cardholder or not.


I don't even see how this could be enforced. "Did you give your PIN to anyone?" "No" ... ?

I agree with all of xstatik concerns.
I might switch my everyday card to whoever is left on the old system; until they're all gone.
We should compile a list of who is not on the Chip and Pin system. I haven't heard about Amex moving to this system, so I may just make an Amex my primary card and save the Visa for emergencies only.

We should compile a list of who is not on the Chip and Pin system. I haven't heard about Amex moving to this system, so I may just make an Amex my primary card and save the Visa for emergencies only.

What are you going to do in 2009 when everyone has moved to it, cash only?

This is coming down from Visa/Mastercard/Amex themselves, it is not like the banks have an option, or that you have any options.

I also have RBC VISA Gold and today I received my new PIN & CHIP Card. The accompanied guide says that the restaurants and other establishments which do not have the new technology, they can continue to 'swipe' the card as in past and you have to sign the receipt till such time these establishments switch over to new technology. Hence, I do not think there should be any problem in the transition phase. I have not yet tried my new card but would post here my experience.

Many places have the technology but don't know it. e.g. Second Cup where the terminal, ancient and glued to the counter staff-side, had a chip reader and required C&P transaction with my new Chip RBC card.

On the other hand, I've spent the last two weeks in Ireland and using the C&P card is much easier than the swipe/sign approach. In some of the more touristy areas, in fact, the staff recognizing my North American accent initiate a swipe transaction, only to be told to their surprise by the terminal that it's a Chip transaction!

Just got a replacement CIBC Dividend Visa that has the Chip - however I have not been asked to enter a pin anywhere yet.

My new replacement TD Visa card does not have a chip.

This thread is confusing me. Since when is Chip & PIN being put on credit cards? I have always been under the impression from the banks it is for debit cards only.

I don't see how chip & PIN could be implemented on credit cards without them totally throwing away PayPass / PayWave, which is finally starting to catch on. After all, what are you going to do, wave your wallet for paypass, then have to enter your PIN anyway? What was the point of the paypass then?
I assume they will allow non-PIN PayPass / PayWave transactions, perhaps with a limit on the maximum amount. I'm not sure how secure RFID is, but seeing as they are quite common for bulidng security systems and such, perhaps they are reasonably safe from fraud? (I don't really think so though, because I saw a paper on "hacking" the RFID cards used in a subway system to ride for free.)

I think they key is chip & PIN will replace swipe & sign transactions, not online & PayPass / PayWave transactions.

I assume they will allow non-PIN PayPass / PayWave transactions, perhaps with a limit on the maximum amount. I'm not sure how secure RFID is, but seeing as they are quite common for bulidng security systems and such, perhaps they are reasonably safe from fraud? (I don't really think so though, because I saw a paper on "hacking" the RFID cards used in a subway system to ride for free.)

I think they key is chip & PIN will replace swipe & sign transactions, not online & PayPass / PayWave transactions.

Paywave/Paypass should still be PIN Free. They're for low dollar amounts anyway. Basically if you don't have to sign today with your paypass transaction, you won't need a PIN to complete it in the future either.

Look at it this way anyway, even if you stole the secure RFID info and managed to use it. Are you really going to go on a $25 (the limit before signature is required) shopping spree at McDonalds or Timmies :P.