SUPER clever idea -- kudos for that. In theory, this is awesome. As a consumer, I love it.
As a merchant, however (which I am), there is no chance I would accept this. None. Unless the issuers (that is, Visa, MC, Amex) drastically change their policies, which I don't see happening anytime soon.
Why? Because the issuers are very clear about a few things: When push comes to shove and it REALLY gets down to it, unless the merchant takes a physical swipe of the actual card AND has backup to prove it (i.e. an imprint of the physical plastic), the issuers will side with a consumer in the event of a fraud dispute.
So why, do you ask, do most merchants not bother taking imprints of the actual cards? Because a visual verification and physical swipe is usually enough (for 99% of cases). Instances of fraud via card duplication are rare, so it's usually not worth the hassle. But in some cases, it is.
My business runs large-ticket purchases though CCs (average is $2000), and we take super extra precautions when our customers buy from us. We take magnetic swipes, visually verify, AND take physical imprints.
We've lost several chargebacks because of lack of doing this. You'd be surprised how these little-known rules crop up when you least expect them. "Sorry, customer claims charge not authorized. Merchant doesn't have physical imprint. Chargeback approved." It's happened and we've been defrauded out of $thousands because of it.
The ONLY way we've been able to successful combat chargeback fraud is through the multi-layered approach.
Anyway, I know this is a fairly esoteric perspective and my business may be different from lots of others where this isn't an issue, but I have a feeling V/MC/Amex aren't going to get behind this.
I don't know why the US hasn't adopted EMV. It's not perfect, but it has cut down fraud massively here in Europe.
They're very hard to clone (I won't say impossible, but attacks against EMV have not generally been of this nature) and the transaction records at both ends will tell you whether the actual, real card was there.
The liability is more clear-cut as a result. If the customer claims the charge was unauthorised, that's between the bank and the customer.
--edit-- of course with EMV cards Coin would no longer be possible or relevant. Neat product, only useful in a magnetic-stripe world, which is at least a decade behind the curve now.
Theoretically with EMV you could put all your credit-cards on one chip and the terminal will either choose a supported default or present you a list, but that would require cross-bank cooperation, never going to happen.
As a Brazilian, I think the US banks are very strange.
"Swipe" cards have been phased out years ago - you'd have to try hard to find a bank which will still issue one.
Specifically because you can no longer find ATMs which rely solely on the magstripe. Some banks have biometric fingerprint readers (where you put in your hand and it reads multiple fingerprints at the same time) in addition to the PIN code of the debit/credit card, and sometimes additional passwords.
My bank does not rely on biometrics, but in order to do any transactions, I have to enter a code generated by the bank which consists of three strings, which are prompted one at a time, displayed on screen mixed with other random and unrelated strings, so that someone peeking over my shoulder would not be able to match the button with what's on screen and finally, before the transaction is complete, the account's password. And that's with a chip.
The portable readers you can find everywhere still have magstripe readers in addition to the chip reader and will refuse to read the magnetic strip if the card contains a chip.
Those portable readers use either a 3g connection or standard dialup.
As for the physical "imprints", this is something that 30-somethings like me can barely remember.
Also related: there are no bills which can't be paid online. All banks accept them, unless specified otherwise (usually there are restriction after the expiry date). If you get a bill by mail (instead of email), you can just type the barcode. Or scan it, if you have a reader or a mobile phone with the bank's app.
The concept of getting bills by mail, and then mailing back cheques, as found in the US, is completely alien.
You hit on something though; in the U.S. there are tens of thousands of ATM machines all over. They all accept PIN numbers, and I "believe" magnetic-strip as well (not sure if they're doing fancy stuff too with built-in chips or not). It's the standard that everyone uses; debit card and credit cards alike.
To change that to support different tech, you'd have to upgrade all of the ATM machines, all of the credit cards, and all of the backend tech. That's a lot of coordination between banks/credit-card companies. On top of that you have POS systems in stores which are all magnetic-strip based as well, accepting PINs and/or signatures.
Any sort of switch would have to be phased-in over years and require a lot of buy-in. Unless retailers, banks, ATM providers, and credit card companies have a good business case to do so, they probably won't.
I'd imagine it would be easier for some other type of technology which displaces cards entirely, like phone-based payments, would eventually replace all of this. An idea like Coin augments the current "archaic" system and has the potential to take off. But outside of the U.S. it sounds like it won't work without modification.
"Everywhere" else in the world has managed - the combined population of countries that have deployed EMV / chip and pin is vastly higher than the US.
And it is coming to the US too, in some form or other: Pretty much all the major banks have committed to introduce it (though in some cases chip + signature) by mid 2015.
Right but it's not monolithic. States in the US are not meaningful borders economically speaking. So you can't just do one state at a time, or one region.
I'm not saying the US isn't behind the times, but where else has a singular rollout of tech like this been done on a US scale?
> So you can't just do one state at a time, or one region
Of course you can. Countries outside the US did it city by city, bank by bank.
In fact, the US is in the process of a gradual rollout of EMV cards now - a mix of chip+pin and chip+signature cards. The aim for when to complete the transition varies by state, bank, and type of merchants, but most aim to be complete by mid 2015.
There was no big bang switchover anywhere that has already made the transition to my knowledge.
The banks did rolling releases of chip and pin cards as people were issued new cards over a period of years before the switch was complete. When the first people got chip and pin cards there were no locations where they could use the pin.
And in the UK at least, it took a couple of years before you had to use the pin even when faced with a chip+pin terminal - you could keep opting to sign for a long time.
Doing a singular rollout of tech like this is stupid and unnecessary.
The phase-in in USA has "started" for years already - it's supposed to be finished at October 2015; and those who haven't upgraded their gear by that time will be liable for all fraudulent transactions they accept.
I think here in the UK there was a multi-year phase in. Started with the banks own ATMs, then the machines that smaller businesses loan from banks to take payments, then (when there were enough commercial offerings available) there was a sort of forced date for merchants to make the switch (or take more liability, that was the choice).
I think it took at least 5 years.
So yeah, non-trivial. And if (as it sounds like) the banks in the US have managed to offload most of their fraud problems to everyone else involved in the transaction, then there's probably little incentive.
According to Wikipedia, in the UK it took less than 2 years to go from initial trial in 2003 to liability shift in 2005.
"Chip and PIN was trialled in Northampton, England from May 2003, and as a result was rolled out nationwide in the United Kingdom in 2004 with advertisements in the press and national television touting the "Safety in Numbers" slogan. During the first stages of deployment, if a fraudulent magnetic swipe card transaction was deemed to have occurred, the retailer was refunded by the issuing bank, as was the case prior to the introduction of Chip and PIN. On January 1, 2005, the liability for such transactions was shifted to the retailer;"
Also note this bbc article[1] suggesting a Feb 2006 deadline for not accepting signatures from cards that were chip and pin enabled.
EMV cards had been distributed to customers since the late 90s.
I would guess the banks had been rolling out EMV capable ATMs well before 2003. Retail level EMV may have taken two years from trial to liability swith. Infrastructure changes would have pre-dated that by years.
I know EMV cards had been distributed to customers since the late 90s because I used to use mine for testing while I developed the software I wrote that ran several of the retailer systems in that Northampton trial :)
Canada already went through this. It started with the POS terminals, then gradually the cards were replaced with chip cards, then gradually the text on the terminal changed from "Swipe card" to "Swipe or Insert card".
From a consumer perspective, it was virtually painless. The biggest change is that credit card transactions now require a PIN (assuming a chip card and chip-enabled POS).
Much easier to do in Canada with the number of banks involved. The US would be an entirely different story.
The lack of chip card support in Coin effectively makes it a US only product at this point as most of the card-heavy countries have moved past mag swipe (or, are in the process).
Nah, just have the major banks start issuing chip cards, and then providing chip terminals to merchants. Once the terminals are in-place and work, everyone else has a strong incentive to catch up (fraud prevention) and a lower cost of entry (since they don't have to push merchants to support their new tech).
Once a quarter of cards sport chips and a quarter of machines support chips, it's just a question of issuing new chip cards when old cards come due (or get lost/stolen).
You can magstripe in much of mainland Europe still.
The Chip and Pin machines have a channel to swipe. There are very few places where you hand over a card. For example, in the train stations, the machine to swipe a card is on the same side of the glass as the customer. The agent never handles your card.
So they might be more accepting of Coin (given that they don't see that it is different) than American businesses.
This is inaccurate. Whether you are required to hand over the card or not is governed by each member state's regulation. For instnace, in Netherlands or UK you can keep your card; in Poland you might still be asked to hand it over and sometimes for your ID with it. Also, good luck trying to swipe in the Netherlands -- most merchants taped the terminals so that locals do not get confused.
In Australia, if you try to use a magnetic strip in situations where you could use the the chip (i.e. both the card and machine have chip support) it is refused, and the machine tells you to insert the chip.
It's entirely possible that Coin may still be useless outside the US if most machines will reject your card's strip.
Yeah, having fewer banks and heavier regulation definitely helps.
Also, as other people have pointed out, the US is moving to chip cards in a couple of years (2015). So this product already has a very short shelf-life.
Just finishing going through this in my province. The latest transition is that all gas pumps now suddenly require me to leave the card in. Yay for Chip and Pin!
I remember scratching my head trying to buy ticket from automated ticketing machine in Amsterdam Centraal because the machine required chipped card only and none of my US cards that I carried had one (not to mention the error was not clear enough and I was trying all my cards in different orientation).
So that's why this video was so confusing to me. It was essentially this guy sliding someones card (he claims it's his, but neither the device nor the card know, right?) and then happily paying stuff with it through his fake replica (or the high-tech version of it, the 'coin').
It seemed like a completely unusable system for it's complete lack of any security.
(Particularly if you consider there are now live payment systems that use pretty much the same audio jack serial port hack as this one does to clone cards)
What really concerns me is that these Coin people are now selling, for a trivial fee, a system for other people to clone my card. If I lived in the US where mag stripes were the norm, I would be seriously concerned about this.
Thankfully, in Canada, everything is done via chips, so even with Visa purchases my card never leaves my hand (or at least, my sight). Restaurants bring the terminal to your table, they process everyone there, and then you're done. Sending your card away feels almost archaic now (and a bit patrician, which has its appeal).
I would assume it would be like any other credit card transaction: up to the merchant to verify the account holder with an ID.
The fraud you're speaking of is not limited to this technology; anyone could find and use a credit card they found on the ground if the merchant did not verify it.
That brings up an off-topic point I've always wondered about. If apple will not make it possible for third party devices to interface with the iPhone through the normal port, why do approve apps that rely on hardware using the audio jack this way?
But they _do_ allow that. You have to pay a license fee to Apple for the connectors, programming interface etc, but even without that you can do communication using one of the established protocols like MIDI. Also, you could use Bluetooth 4.0 without any licensing at all.
So the question to why they allow it is that they're not consistently evil :)
I've seen credit card readers that act as a hull for an ipod touch and connect to the data port. (Necessary in austria because the audio trick wont work with chips)
I was thinking the same thing. A full 60% of MasterCard and Visa transaction are now paywave/paypass. That's pretty impressive uptake, and I'd imagine it will be just as quick one introduced en-mass overseas. Would love to know Coin's development path for this eventuality!
"Australia leads the world in contactless payments, which have grown from almost zero three years ago to more than 35 million transactions a month and now account for 60 per cent of all MasterCard and Visa credit card transactions, according to Westpac."
I'll let you in on a little secret - paywave/paypass etc are EMV cards. The interface is wireless and they have a shorter transaction flow. There are less (zero) customer validation techniques, final evaluation (pass/fail) takes place at the stage a 'normal' EMV transaction would decide on pass/online/fail.
As usual there are variations between implementations, but underneath it's all good-ol' EMV :)
So I doubt that these could be supported easily by Coin, it requires various keys that the banks do not allow to escape.
If Coin do manage to get talking to banks about allowing wired or wireless EMV apps to be loaded onto a customer Coin card then that would be awesome. I predict that layers of bureaucracy and brand-management will prevent this.
I wonder why the big US banks aren't on board with driving contacless NFC payments?
Commonwealth Bank, the largest bank in Australia is very soon releasing native Android NFC support and NFC style "smart tags" that you stick to the back of your iPhone.
I'm in the UK, and had a NFC "smart tag" on the phone I threw away a year ago. Never bothered getting a new tag for my new phone. Maybe when I next upgrade my phone and get one with built in NFC.
We also have the cheque/savings/credit buttons which I've not seen anywhere else in the world (besides NZ). I have my Westpac debit card set up to use cheque/credit for my personal account and savings for my joint account, but I've not met a single other person who makes use of this feature..
I don't know much about PayWave and PayPass, but this actually sounds even less secure than credit cards. And it still relies on the big two. Sounds like a step in the wrong direction.
It's not about convenience, it's about security and reliability. That's the direction we need to take.
It's less secure than chip and pin credit cards, but it does require the presence of an object that can execute the right encryption operations with the right private keys, which makes it more secure than easily cloned mag-stripe cards. Because it is less secure, there's typically a low transaction limit (in the UK 15-20 pounds).
And it is about convenience - people are willing to accept the risk for the added convenience.
Transaction limits are absolutely an important factor in limiting these kind of risks.
In Netherland, there's also one electronic payment system that does not require a PIN: the "chip knip" (chip wallet). You explicitly transfer an amount of money from your account to the chip (often about $20), and you can use that to pay. You still need to approve the payment by pressing a button on the machine, but if you lose it, you don't lose a lot.
And it probably works without a phone/internet connection, because the money is right there on the card and nothing needs to be verified on any server.
EMV where you need to input a PIN Number is simply a way for VISA/MC to push all the liability onto the customers for stolen credit cards. If a purchase is made with the credit card and PIN, then the issuing bank can simply let the liability fall on the customer, instead of the bank eating the costs, like how it's done today.
In the UK at least this is not true. The bank have to demonstrate you did not take reasonable care to protect your PIN (e.g you left it written down in your wallet).
See some of the following case studies by the FOS that support the fact that the customer is not always liable even if the PIN is used:
Merchants eat the costs where no EMV card was used.
Customers eat some costs where the bank can prove negligence, and face court if the bank can prove fraud (i.e. signed statement it wasn't you but later the CCTV footage is found. Oops)
Other than that, here in Europe, customers are protected by law from having to take on the liability. Varies by country, but basically it's a case of "you're responsible to see that nobody else gets to take my money, that's why you're a bank numbnuts"
As I Canadian I also read this with a little sadness. It's something I have always wanted ... but now someone made it just as we're close to finishing the transition to EMV.
It can actually be a bit tricky to use my company card to buy lunch at restaurants sometimes because "there's no chip".
Their FAQ says future versions of Coin will support EMV, but I'm not familiar enough with the hardware to know how difficult that is.
Would be good for those stupid loyalty/membership cards I guess, if you are good with explaining what the hell this weird card looking thing is and why it will work like the normal cards every single damn time you use it.
The EMV transaction process has "application selection" as one of its early stages, and some cards do contain multiple applications. However AFAICT this is never across banks or across schemes. So you may get a card that has (say) a Mastercard application on it for domestic use and another for foreign use.
In theory, you could slam mastercard, visa, amex, credit, debit, whatever else you want, all on the one chip. Depending on the exact card and terminal implementation a transaction would either use the default application or get an on-screen display asking you which you would like to use. But you'd have to get the banks to load the app on there as there are sensitive keys involved.
That's not exactly the same as Coin - you couldn't pre-select which card to use in which situation, and you couldn't load them yourself. I suppose in theory you could have multiple EMV chips on a card like Coin and have a circuit-switching arrangement of some sort. There would need to be a way to embed them there and that would put a limit on things...
--edit-- about the stupid loyalty card things - in Australia I noticed most of them had started working on barcodes, and people had smartphone apps that gave them a menu and displayed the right code, pretty cool.
One, you may not be able to download the card app from one card and upload it to another. My GlobalCard fu is not well honed enough to tell you what ADPU you'd need to invoke in order to try, but it goes against the goals of the product to allow this anyway.
Two, if a credit card company provides you with an EMV card, it's got a private key loaded into the card, and may have even originally been generated on the card. It is outright not allowed under any circumstance to download that private key and upload it to another chip; that would be a major hole in the scheme.
Three, not all banks use the same crypto. Even if they all agreed to a single kind of crypto operation, different EMV chips have different performance characteristics when carrying out crypto operations. If the bank can't control the actual EMV chip any more, then they cannot control elements of their payments processing (e.g. session closure within a certain time frame). This problem is the easiest to solve of these three problems.
So, unless the banks get on board with allowing their apps and their keys to be provisioned on an already existing card, or provide some kind of proxy mechanism whereby an EMV card can delegate another card to act on its behalf (and imagine the security concerns with that) then this isn't going to happen.
I don't see the benefit to the banks for doing this. You're far more likely to see paypal succeeding in turning your phone into your wallet (and they are doing it) then you are to see Visa or MC allowing you to link multiple EMV cards into one.
The technical issues are solvable (by any reasonable issuer bank), but Visa/MC simply prohibit you to put competitors together with their cards.
Want to add some loyalty cards on the same chip? Sure!
Want to combine two different MC products? Sure!
Want to have Mastercard together with Visa or some local card network that we dislike? Nope, we don't want that so we'll not allow you to issue such cards.
1) Agree, you can't get at various bits of data that must be present in order for the card to be able to do what it does. Most likely sits in private 'files' that READ DATA can't access.
2) Yup, and combined with '1' this means that you'd have to get the banks to do it
3) You'd have to get some more cross-scheme standards about the crypto capabilities sorted out. I estimate we could have all the schemes in agreement by... 2025? Or is that optimistic?
The benefit would only be to the consumer, in the same way that Coin may benefit people, however any method of doing this with EMV would present some sort of extra attack surface and that's generally Bad(TM).
1. Chip cards do make this almost completely irrelevant
2. Supporting EMV is going to be tricky, because cloning those cards is also tricky (skimmers have spent hundreds of thousands on it and haven't figured it out).
3. Most membership cards, even ones that have magnetic stripes on them, actually use the barcodes on the card. Safeway, CostCo, Shoppers, etc. all have mag stripes, but they all use the barcodes. The Coin won't help you with a single one of them.
4. If, as a cashier, someone handed me a Coin and said 'It's okay, it's a Visa', I would say 'no'. No signature, no card number, no anything. There's no difference from my perspective between a person putting their Visa onto the Coin and a person putting someone else's Visa onto the coin, and I'm not going to start accepting obviously cloned cards regardless of who's holding it.
Americans going to Europe: Remember that your credit card might not work as often in Europe. Be prepared for hearing "We only take chip & pin cards here" in shops etc.
I've had the same issue in the past which can be frustrating (though now I always travel with enough cash).
I actually called Visa about it and they told me that any vendor accepting Visa transactions is required by their contract with Visa to accept swipe transactions. She said it was there because the US was still rolling out chip and pin cards.
I keep hearing this but I spent six months in Europe and the only place that wouldn't take my swipe card was SNCF ticket kiosks. Wasn't a problem anywhere else.
It varies a lot by country. In Ireland, for instance, POS terminals deployed in the last five years or so in smaller shops typically don't have a swipe reader at all, and even where a swipe reader is available, the company may have a policy of not accepting swipe cards.
Actually, most places WILL take the old 'swipe' cards. But most cashiers and either never worked with or forgetting about swipe cards. You just have to be very verbal and upfront and let them know yours is a swipe/ swipe and sign job.
Actually, in the Netherlands, even supermarkets stopped accepting swipe cards. The machines are still physically capable of reading swipe cards, but the supermarket simply won't let you, presumably exactly because of this risk.
Note that a lot of places wouldn't accept credit cards in the first place (swipe or not), only debit cards.
Many won't take it though, because of the increased fraud risk. I agree that the majority of cases are simple misunderstanding, but that isn't always the case.
Thought that was all chip-and-signature instead of chip-and-pin.
Chip-and-sig is almost useless.
Also, I'm a stingy bastard with the fabled Unicorn Card (Zync) that's no longer offered. I think any changes would mean a forced upgrade. I'm worried about a forced upgrade when the card expires too.
There are a handful of credit unions that issue dual C&S/C&P cards. It's a little harder to get one than an ordinary card, but probably worth it if you're traveling abroad. (I got one from Andrews.)
Whether chip and sig is accepted in places around europe will probably depend on the software they have, the merchant's agreement with their acquirer, whether it's an unattended terminal and a bunch of other stuff.
Surprised to hear it's next to useless, but not really surprising that it's less useful.
I was up in Canada a few months ago, where EMV cards are ubiquitous. C&S is accepted everywhere, but merchants routinely get confused by the second receipt printing out. I've heard it's the same in Europe.
I didn't realize European automated machines would basically never accept my cards. On a subsequent trip I tried to get chip card, but neither my personal banker nor the branch manager at Wells Fargo had ever even heard of them and insisted I was confused about the problem.
Marriott Rewards Credit Card by Chase offers a Chip and Pin card. They also have a 70K sign-up bonus points going on right now. If you are new to Marriott Rewards, send me an e-mail and I can send you a referral that qualifies both of us for bonus points.
I had a really tough time with credit cards in Denmark.
I had one chip & sig card that didn't work except in like one restaurant I went to. A couple of places I could use any regular credit card though. Ended up having to go to ATMs and carry cash, which is so uncommon that people think you're a drug dealer. :D
While I don't have that Chase card, I do know very well that most BofA branded cards have far less lucrative rewards than many of their competitors. FIA has a few great cards and they're owned by BofA. But even when I became a so-called "platinum privileges" bofa customer their best card was not very attractive.
Flat 2% cashback cards are great. Rotating 5% category cards a great. Big signup bonuses are great.
I have a Chase British Air card I opened with a 100,000 mile bonus, plus a companion pass once a certain spending level was reached. Long story shorter, we opened two (one for me, one for my wife). Pooled the miles together. We have 220k miles and a companion pass. We're using this for 2 first class tickets from SFO to Europe in the spring. That is, literally, $25,000 in airfare.
Oh, and it's chip + sig :)
tl;dr Often annual fees are very worth it. And also often, an issuer will waive them in all or part.
For Debit cards payment scheme's are already joined on 1 EMV chip. The terminal configuration decides which one is used. To join issuers on 1 card I agree cross-bank cooperation will never happen.
Credit cards are divided by payment scheme's. Banks just issue cards for 1 of the scheme's eg. Mastercard or VISA, ... don't think Mastercard. In this field I don't think Mastercard will want their competitor on the same card. Even technically it's not so easy to implement for a payment processor (I work for a payment processor).
This is a total stab in the dark from a foreigner, but I though that it was only recently that US banks could be larger than a state-level entity. My entirely uneducated guess would be that with only state-level banks, none of them would have the pure muscle to push something as big as this.
Credit card fraud is generally not a problem in the US for consumers or the credit card companies, the two groups that would be in a position to adopt a new credit card technology. The merchants accept all the liability in the US credit card system, and they're at the mercy of the credit card company's policies, and the consumer's desire to use their card of choice or go somewhere else. As a consumer, I avoid cash-only businesses, and even tend to frequent ones that accept my card of choice (Discover) over those that only accept the cheaper cards (Visa/MC.) Businesses know this, and they're willing to accept credit cards so that they can earn most people's business.
I love cash-only places. You know all your money is going to the hard working people making your sandwich instead of the big four credit card corporations.
Exactly, just more for Uncle Sam. At least credit card companies are re-investing their profits to cut down fraud and try to make money transfer easier in general. Could they be doing more? Of course, but the CC corporations have done a lot of good, even for the little SMB / mom & pop shop. The transaction rates these companies charge is very low, and that's all thanks to the competition that has driven down the price over the years
That was exactly the same in Europe. Yet the bank pushed EMV hard.
And the EMV transition has been going on behind the scenes in the US for years too, so expect to start getting cards with a chip as your cards expire over the next couple of years.
No, the merchant takes reasonable liability - if they permit non-EMV transactions (in a customer-present scenario) they assume the risk.
Under law in much of Europe, the consumer is not under much risk. In the UK (for example) the credit card provider is legally a party to the debt and has a responsibility to refund the consumer on demand if the consumer is willing to state (in a legally binding way) that the transaction was not authorised by them. Debit cards are governed by different rules that amount to much the same, though the legal protections are weaker.
EU law shifts pretty much all liability away from consumer.
There's a cap of EUR 150 consumer liability for lost&stolen (physically) cards up until you notify the bank; zero liability for lost&stolen cards after the time of notification, and zero liability for any fraudulent transactions if your card isn't lost or stolen.
Only UK law (and MC/Visa rules for UK) is a bit different, but another poster describes them below.
I don't know about the US, but professional swipe-card fraud is something that the average European will typically have read about in their local newspaper by now.
The US hasn't adopted EMV because it isn't necessary. EMV was created because in Eastern Europe many businesses didn't have sufficiently reliable phone and internet connections to validate credit cards -- in the US we have no such problem.
The cost of rolling out EMV was determined to be greater than the cost credit card companies paying for the increase in fraud and chargebacks out of pocket.
Many credit card companies are starting to issue new cards which are completely flat, making it impossible to make imprint. My new CapitalOne card is an example of this. Is your company planning on refusing to do business with them?
My girlfriend's family wanted to rent bikes at Blazing Saddles in SF and the cashiers there threw a big fit when they realized her card wasn't imprintable. They wouldn't photocopy it or write the number down, they just flat-out declined the business.
Off-topic, but they should have gone to http://thebikehut.org/ : the guys are lovely, the bikes are great, and you only need to give your name and passport number (that they don't even check) before renting a bike. That's right, no deposit. I paid by cash when I brought the bike back at the end of the day. Amazing trust.
I recently used a temporary travel card at Blazing Saddles, and that wasn't imprintable but they didn't make any note of it. They may have changed their policies.
Everyone loses in this case. The card is supposed to facilitate a transaction and it failed to do so; the shop went without their money, the family went without their bikes, and all of the various financial institutions went without their cut.
Which is why the poster above is warning about this; if there will be merchants out there who won't accept it, it's pretty much DOA as you can't replace all the cards in your wallet with it.
Flat may be fine.
However, from what I've seen in the video, the Coin is not only flat but also almost totally anonymized. The cashier would not be able to verify the name against a photo ID or even take a picture of the card. This would be possible with a non-imprintable card.
Unless required by local or state law, most major credit card companies prohibit the requirement of supplementary identification to complete a transaction.
With that said, they require verification of the signature on the back of the card with the one on the receipt / screen.
In the event that the card is not signed, you are then allowed to require identification and the card must be signed by the customer before it is used.
"See ID" is also a signature if done own handed. I've seen a court decision to the effect that you can declare your signature anything you write. Important is if _you_ accept it as such later on.
@Coin twitter confirmed that the coin card actually does have a signature field on the back that you would sign, so the vendor can use that to compare with your receipt.
https://twitter.com/coin/statuses/401939329506746368
Great. That way they can just sign it themselves. That way if a merchant does signature verification, it matches! And then when your CC company comes back and says "Chargeback is in dispute. The signature matches" you'll have to explain why you didn't follow the terms of the cardmember agreement.
Now, this is all very hypothetical for many reasons, but generally it's my practice to follow cardmember agreements that I am, after all, agreeing to follow.
How would the CC company know that the signature matched? At no point will the thief-signed card ever be sighted by anyone other than the merchant, briefly. The thief is going to dispose or destroy the card when they're finished with it; your bank/issuer is never going to see it to compare.
Per the terms of the cardmember agreement that you agreed to, you are required to sign the back of the card. If you do not, you are not authorized to use the card for any transactions.
It's all very silly anyway given that online credit card transactions almost never require a signature.
Quite honestly though, once a thief has access to your card, you have other problems. If they're close enough to see it, they're likely close enough to duplicate it and leave you the card with you ever knowing.
If the signature is that concerning, then use one signature consistently for your credit card transactions that's unlike the one you use for anything else.
If you don't like that option, then you probably shouldn't be using credit cards currently offered.
These are "electronic" credit cards, they've been around for years and they are flat so not to be usable for offline processing (that's when they take an imprint, you sign it, they take the imprint to the bank and it settles in a week).
Except that you can still use just the CC#, Name, and Expiry to authorize a purchase (both online and offline). I've done this at craft shows and such with vendors that didn't have mobile CC reader/app.
Agree, SUPER clever idea. I'm wondering how this would work to make purchases _online_. I know, I know. I'd use my real card. But it strikes me as ironic that the big idea for this digital card is that I don't have to carry my 'analog' cards around. Unless I want to make a digital purchase. Then I need my analog card.
That's not how I read that tweet: just that it shows your name, signature and CVV. The video on their website appears to confirm that. Unless you've memorized your CC#s, you'll still have to pull out the real card when purchasing online... unless you can see the full photograph of the card in the mobile app. Which is still annoying, but at least better.
As an avid road fan, I've been in 47 out of 50 states (no Hawaii, Alaska or Vermont) and roadtriped around 50.000 miles, in the course of 7 years.
I've stayed in hundrends of small cities, from Ogalala, NE to Ozona, TX and Oatman, AZ, and used my credit cards for all kinds of purchases, from Kroger and CVS, to outlet stores, gas, local shops, small eateries, fast food places, restaurants etc.
It still happens. I had it happen at a gas station in the middle of nowhere Nebraska or South Dakota (where he probably didn't have internet) as well as at a gas station in a bigger town where their internet was out.
Older ones did. Newer ones tend to run over the internet. They don't tie up a phone line at either end of the connection, and the information transfer is much quicker, so in most circumstances it works better for everyone.
Yeah, it's a low-end version of a pre-authorization. If the room is already paid for in advance, and you have no extra charges, they can just shred that imprint.
Had my own car for the trips, but have used cabs for convenience in Chicago and NY. I usually pay cabs in cash though (probably because I never think of cabs as accepting cards, thinking by my country's norms).
Better to ask, have you been _outside_ America. For I presume, in most countries who adopted CCs fairly recently, the concept of 'offline transaction' is entirely foreign.
How can you prove the pictures is the card and not just 'shopped though. With an imprint there's a larger barrier, creating an embossed card, doable but a barrier nonetheless.
With credit cards, unless there was a unique image on it then you'd often be able to guess from the number what the other card details should look like.
I'd argue that shopping a believable picture of a credit card that stands up to scrutiny is a higher barrier than the imprint - which really just involves some movable letters and carbon paper...
I go weeks at a time without getting asked for identification when paying with a credit card. Most merchants will happily swipe the coin and move on with their life. Those that question it can still check ID or make a copy of the driver's license. This is a sweet product and I can't wait to dump the 7 cards in my wallet. One extra backup card, a good thing to have regardless, will take care of the occasional merchant who won't accept coin.
btw, it sounds like you should have had a lawyer handling some of those chargebacks, particularly if you had captured the driver's license info. We started using a (cost conscious) lawyer to deal with every chargeback and our win rate went way up. And by "dealing with a chargeback" I mean forwarding along our response on his letterhead.
Merchants aren't allowed by their merchant agreements to require your id in order to accept a credit card. They are supposed to check your signature. https://www.privacyrights.org/ar/Alert-FS15.htm
They are not asked to accept a credit card in the case of Coin. They are asked to accept a device that contains an unauthorised reproduction of the mag-stripe contents of a credit card.
I think you are mistaken about card rules. To protect themselves against chargebacks the merchant needs to keep a copy of the signed credit card slip, not a physical imprint of the card. That's actually better than a physical imprint (which is impossible on many cards these days anyway) because a matching signature can prove who used the card, not just that the card was physically present.
Worth looking into! Thanks. I know there's been at several cases where we specifically lost because of lack of imprint, but another thing I've learned in dealing with the credit card issuers is that, despite what we hope, there is MASSIVE inconsistency in the application of chargeback rules. Sometimes you'll lose a chargeback because the issuer just wants to be nice their cardholder (Amex is guilty of this) and they'll literally make up reasons for the loss.
We actually had Amex _negotiate_ with us over a chargeback once. I had no idea this was even possible -- they actually said "So how about we'll agree to split the loss. We'll cover half, you guys cover half." I had no idea that was even an option.
My understanding is that US banks can write a proportion of the loss off against tax, so 50/50 splits are not that unusual. But it probably depends on the circumstances.
I'm in the UK and this is not really my area, so you'd probably have a better chance of verifying that than me.
If you swiped my card AND took physical imprints, I would be really suspicious that you were storing my credit card information for future fraud. There's no reason for you to take an imprint as well as swipe, since you have the authorization code for the card present transaction, and the signature, which should be enough to fight chargebacks.
I don't understand America's love for credit cards. They're unsafe, both for users and for merchants. PIN cards are safer, and they're much clearer about where the risks and responsibilities lie. Of course modern credit cards also support PIN, but I never see them used that way.
A more convenient way of handling credit cards is a useless idea to me. What we need is a safer and more reliable way to handle transactions. Preferably one that doesn't rely on politically motivated monopolists.
I work for a merchant also... high volume low ticket. My thought is: Since most of our customer transactions (swipes) occur without any cashier involvement - how would V/MC know that the "real" card wasn't present?
My latest Visa credit card has the numbers printed onto the plastic; the numbers are not relieved/raised. How do you take a physical imprint of these types of cards?
You took the words out of my mouth. No merchants should accept this card unless they want to be liable for chargebacks. If this product is actually released I wouldn't be surprised if a clause is added to merchant agreements to explicitly disallow accepting this type of card.
Merchant agreements already disallow accepting it, since it is not a valid card - it's not issued by a valid issuer, it has no Visa/MC logo, it doesn't have the signature on it, etc - the 'Card Present' rules would say that this object is not a creditcard.
It's just like any cloned card - I can easily make a blank white card with a copy of my creditcard's magstripe, and technically it will work in a swipe POS-terminal, but any merchant is required to refuse such a card, and recommended to detain the card and me, if it's safe to do so, or call the cops.
I love the idea behind Coin but what I need is a fat wallet.
I carry 19 cards, of which 16 are essential. Some of them are not for swiping so they wouldn't benefit from Coin. The solution for me is a wallet that can hold 20 to 30 cards, but as far as I can tell there's no such thing.
Out of curiosity, what do you do that requires 16 cards on a regular basis? At some point, the limiting factor of how many cards you can carry becomes your pant pocket (or purse). My jeans wouldn't stand more than a few cards and far less than 30.
* three loyalty shopper cards for my common stores (I need the physical card because none of the apps I've tried using that scan the bar codes work with store scanners)
* a card to pay for my train rides,
* bank debit card for ATMS
* business credit card
* personal credit card
* medical insurance card (this one would be easy to just use a photo of)
* AAA card (would be easy to use photo of)
* Zip Car Card
* Bus pass card for corporate shuttle
* Airlines MVP card (likely easy to just use a photo of, I think....though I'm not sure about speedy checkin).
* Access card for corporate office.
* Drivers license
I have about 25 other cards that I keep at home, like Library, more shopper perks cards (usually because they can lookup by my email address in store), etc..
This doesn't really help my wallet situation that much.
That Lemon Wallet app looks really nice. I'm going to give it a go... I've tired some others, but didn't like them.
Also, I was a user of both Belly and Level Up for awhile. But the merchants around here have been finicky with the services and some of the shops I frequent stopped using them.
Don't know if your personal card is an Amex or not, but my Amex is a Costco Amex and doubles as my membership card.
I'm surprised your loyalty cards aren't the smaller key ring ones. I have half a dozen on my keys and barely notice them.
I leave my AAA and Airline cards at home and pull them out when I need them for trips. Could probably do the same for your Zip Car card (unless you use the service multiple times a week or something) and other rarely used cards.
Last year my medical insurance company switched to paper cards which are much thinner and easier to deal with even if they're less sturdy. Same as my car insurance.
All that being said I still walk around with about a dozen cards in my wallet, so I can definitely sympathize. But I could probably edit out 3 or 4 right now and not really miss them.
The problem is any time you edit some of them out, you realize soon after that you don't have the one you need. If I don't carry around the cards I will need every day, I am likely to forget to take the ones I need only occasionally when I do need them.
The problem is that Coin doesn't really solve this. It only encodes credit cards; most of the other cards either don't have mag stripes or require other information on the cards than just what's on the mag stripe.
Ironically, I think my AAA card could double as a AMEX. But I don't use it for that.
I do have a lot of the shopper cards available on key. But I run uber-light on my keys and shifting cards from one pocket to another doesn't really help me gain anything. Also, with the key-ring versions, I've shared them with my S.O. so we can keep all our groceries and loyalty points together so they add up faster for household items or discounted gas, etc...
The problem with leaving a card like Zip Card at home is I'm inevitably going to be somewhere that's not home and need a Zip Car.
I managed to cut down the bulk in my wallet by 3 cards by photocopying the barcode side of my loyalty cards and sticky taping them to other cards which don't need to be swiped (nfc based transport card, nfc based car share card)
Ooooh....this low-tech idea is very good. I've often wanted to create a single card (same shape and size of credit card) that I could print my essentials on so they could be scanned by a red laser scanner.
That's why the majority of them stay at home. For some reason, the grocery stores, when doing self-checkout and such, don't have email input or phone number. :(
EDIT: I should add that the main grocery store I shop at, you scan your card when you enter and are given a wand to checkout your groceries as you add them to the bag.
I have an airlines reward card, a business card, and an ATM card. I don't think there's a way to combine the airlines reward with the ATM, even though they are from the same bank.
It's pretty funny, because all of these except a couple (which I noted) are pretty necessary and no work around. It's like people commenting to this thread didn't even read what I originally wrote. Anyway, I'm adding here a list of more cards that stay at home that I occasionally use.
Also, I could elaborate more on why certain cards need to be with me, but I thought things like Costo & Zip Car were pretty obvious.
So the list of home cards:
* MTA Metro Card for when I'm in NYC.
* USA Cycling license for racing (they have an app now that I can use when I show up at races)
* Best Buy Rewards card (I know, I know....but they can look up by my email)
* Several complimentary coffee cards for Peet's coffee (Yeup, they are useless to me at home, but I got tired of carrying them around)
* Borders Reward card (ooops, looks like I haven't cleaned out my home stack in awhile)
* Amtrak rewards card (just need the number and website has this remembered)
* Local Library card (they can use my driver's license, but I can't use the self checkout, which is OK becasue the line isn't ever long and I don't use often enough)
* Library Card for the bigger city by me
* NSSA Press Credentials (only needed when attending certain sporting events - I grab this one as necessary)
* APIS Press Credentials (same as above)
* Bike Club Membership card (provides discounts at local stores, but they know me and I don't need it anymore)
* Panera card (I think I needed this at one time to access Wi-Fi or something)
* Card for my season ski tune & discount (though customized, I think they just look me up in the computer or remember my face)
* Season pass card to get into a apre-ski venue for free
* AMC Entertainment gift card (I go to the movies once/year, and everytime I forget to bring this thing)
* Safeway Card (only useful when I'm on the West Coast grocery shopping. I've since learned to use my Brother's phone number)
* EFTA racing license for mountain bike race series around here in the summer time.
* NEMBA Membership card (mountain bike related)
* Gift Card to another coffee shop
* Home Depot Gift card (exact credit card shape and size)
So, as you can see, I've optimized a good chunk out of my wallet , but it's not all the way there. Though a couple of my cards "could go" there's still about 12 or 13 essential cards I must carry with me.
I carry two government-issued ids; one driver's license; two medical ids; three credit cards, two debit cards and two coordinate cards (two-factor auth) related to three bank accounts; my mother's two debit cards and one medical id (she's elderly and I take care af all her needs); and one medical emergency info card. That's 16. Membership and discount cards are the non-essential ones.
I do have all of those cards scanned and stored in dropbox with 1password, but I don't have good 3g coverage so I carry them just in case.
I carry my fat wallet in a fanny pack. Not very elegant, but incredibly practical.
Many Americans do, indeed, keep bulging tri-fold wallets in their rear pockets. And they even drive their cars and sit at their desks with them.
Often you will spot them with a month's worth of paper receipts crammed inside so the poor wallet is about to burst.
It is just conventionally where a man's wallet goes in America--One of those things where you don't apply common sense because it's just "how it is" and you've never really thought about it.
I'm American and I never understood the back-pocket thing until I moved to the West Coast and started carrying my (bulky, remote) car key in addition to just house keys. Once you have those and a phone in your front pockets, something has to go in your back pocket.
Born and raised in Cali. I've always had keys in my right, phone in my left, wallet in back right.
I remember before I even had a cell phone myself and people in general still put their wallets in the back right, and it was cool to have a chain attached to it and hooked to your front right belt loop. I'd use my front pockets for all sorts of random crap, but I think I always had my keys in my front right. I've been really good about virtually never having lost a key in my life. I used to carry a pocket watch in my left.
Now I am faced with a pocket dilemma. I carry one phone for data and a 5s that I am using with a SIM (connected via pdanet/foxfi hotspot). So the two phones are taking up both front pockets! I'm currently either putting my keys in my jacket or in my back left pocket, which can potentially be quite uncomfortable to sit on. Would be cool if there was an easy way to flatten keys like a wallet.
I simply do not buy pants which don't come with extra pockets over the thighs. They are really hard to find, but they Solve The Problem. (I'm Brazilian, but atypical in this habit)
I have a money clip, a smart phone and keys. Phone needs to be in a front pocket so that I don't sit on it and break it. Keys need to be in my front right pocket so that they are accessible and I do not sit on them and never sit again.
Thus my billfold must go in one of my rear pockets.
For me, the money clip and keys are in the right pocket, and the smart phone goes in the left front pocket.
The keys and money clip are distinct enough that I have no problem pulling out the right thing. And the keys are not going to damage the money clip like they would damage the phone.
Same here. Phone in left. Keys, money clip, change, pocket knife and everything else in right. I try very hard to never put anything in my pocket with my phone. mostly for ease of access but also to avoid scratches.
Phone is too big to be comfortable in a pocket, so I use a horizontal belt clip, which is pretty unobtrusive, especially if you wear a jacket or loose shirts. Wallet and keys in front pockets, leaving my arse free for comfortable sitting.
lmao, so do I. I got a slimmer wallet though, no coins and not much room for junk, six cards and a note container. Made out of plastic. Lasts forever. Kinda destroys the magnetic strips on credit cards though, oops, and cards in the back aren't very accessible.
16 "essential" cards? And most/all are mag-stripe and could go on coin? I have a DL and a credit card. Everything else can be easily stored on my phone.
Answered elsewhere but the Coin is not a good idea for reasons also answered elsewhere (merchants wouldn't take it, your account could be flagged, etc).
I supported the ThinFolio, I'm hoping to have another go with minimizing my wallet utilizing low-tech photocopying/pasting of bar codes to a single card & Lemon Wallet.
I think I'll be able to get down to about 8 essentials, and hope I don't forget the others when needed.
It's paper thin, but strong enough that it hasn't fallen apart after years of use. It only has 6 pockets though, so it's not going to separate all of your cards.
Exactly. I feel like they would have been more successful going after things like rewards cards first and then after proving legitmacy and market need there, trying to take a stab at the credit card market.
Wondering if they could develop a multi-factor auth model to complement the card to make the CC company's happy.
Thinking out loud here... could you make the use of the Coin card dependent on being within range of your bluetooth enabled cell phone. If the card knows that it is being swiped (not sure if it does)... then the in-range phone could know and send a msg to the CC company with the shared secret saying "yo, it's legit". Now a thief would have to steal both the phone and the card for it to work. I'm sure there are a million holes in this, but just putting it out there.
Similar concept could work regular CC's as well. CC company comes up with "card swiper 2.0!" and deploys them to merchants. I as a consumer get some incentive from the CC company to register my device with them. When my card get's swiped at a merchant... card swiper 2.0 tries to detect my device. If it sees it, great, lower chance of fraud. If it doesn't, give me a ring to see if I'm aware that my card was used or deny the charges. Might help the triage the sheer number of transactions out there for what's fraud and what isn't.
Some POS systems ask the cashier to type in the last 4 digits of the imprinted number on the card, which wouldn't work for this. I also know of several merchants (Hertz was one, a casino was another) that actually runs a card through a scanner and records an image of both the front and back. There are several scenarios where this wouldn't work.
On the other side of it, I love the idea, and the only way to get merchants and card companies to begin changing their policies is for someone to be first through the door. This will not work for all situations at first, but if it proves popular it could easily sway these policies. Imagine some of the possibilities. Just as an example, imagine getting a pre-approved credit card offer in your email, then having the new, swipeable card instantly downloaded to this device after a few verification questions. Credit card companies that worked with Coin could gain an instant competitive advantage in the cut-throat credit card marketing business. This could also revolutionize the loyalty card business.
The display on the coin shows you the selected card, the expiration date and the last 4 digits of said card. So I believe your first point is moot, assuming the display stays active at all times or for a long enough duration that the cashier can get the last 4 digits as needed.
You're right that it displays the last four, but the whole reason why the cashier has to type in the last four digits is a check that the physical imprinted numbers on the front of the card match the data on the magnetic stripe.
Typing in the last four on the coin completely bypasses this anti fraud measure since the last four will always match on the coin because the digits it displays come directly from the magnetic stripe data.
Cool product. I want it to work, but I fear it won't be widely accepted.
That said, if they were to license the visa and mastercard logos for it, that would probably be enough to get it accepted during most transactions by cashiers who aren't savvy or don't care.
This is BS. No one takes imprints and you dont need to. I worked in the service industry for years and took a credit card from 80% of all my customers and never once took a imprint or needed to.
I have seen flat cards without numbers that would be impossible to imprint.
I can't remember the last time any merchant took an imprint of my credit card. Certainly not this year, not even on large transactions.
Given your large average ticket, it makes sense to be extra paranoid and take an imprint (mostly to avoid scammers), but certainly doesn't apply to 99% of merchants.
I don't think this would be a roadblock for them. Unless, of course, Visa/MC/Amex finds some obscure legal clause (or technical way to detect the different card) to shut them down.
I purchased one and I'll use it for all my loyalty cards which should help my wallet to be thinner - except Costco since they require you to show it! Not sure I would use it with my actual debit card but it does have the "that's cool" factor, congrats to the team I expect this to be a very successful launch!
Related...some stores have started entering the last 4 digits of the credit card into their POS. This will work even if the card is flat and is obviously used to verify that the card number encoded on the mag strip is the same as the one on the face of the card.
If this becomes more widespread coin will have problems.
For most self-swipe checkouts, it seems like this card would work well (coffee shop, grocery store, etc). But, it isn't too uncommon to have a merchant request to see the card, and some larger retailers (e.g., Lowes) have to input numbers off the front of the card, as well.
Your business is a fringe case that you admit takes "super extra precautions", which clearly doesn't represent the majority of merchants. In fact, as a consumer I can't remember the last time a merchant took an imprint of one of my cards.
Many card reading devices these days support near-field communication and will allow you to pay using your smartphone. In this case there isn't even a card. So some merchants will surely be fine with this physical card solution.
These are some very solid counter-arguments to the awesomeness of what Coin could be, and I really hope you're wrong... but you make some very solid points, with the experience to back it up.
We have already built basic precautions where Coin couldn't be used for skimming. Give us ab it more time to show how when a Coin user walks through the door, you can count on a valid user.
How do you explain the plethora of online stores, including massive and presumably legitimate ones like Amazon, which accept Visa and other major credit cards?
No, most retailers can't accept online payments (or "like an online payment") - if they want to, that's a different kind of agreement with different (higher) fees and more liability for fraudulent transactions.
If they want to book it as 'card present' transaction, then they have to follow the 'card present' guidelines - which, by coincidence, would require them to see the actual card, not just it's magstripe data in some fancy device.
knucklebusters (card imprinting machines) are not required or even recommended by processors. The tide had turned on imprinting in the majority of industries.
As a merchant, however (which I am), there is no chance I would accept this. None. Unless the issuers (that is, Visa, MC, Amex) drastically change their policies, which I don't see happening anytime soon.
Why? Because the issuers are very clear about a few things: When push comes to shove and it REALLY gets down to it, unless the merchant takes a physical swipe of the actual card AND has backup to prove it (i.e. an imprint of the physical plastic), the issuers will side with a consumer in the event of a fraud dispute.
So why, do you ask, do most merchants not bother taking imprints of the actual cards? Because a visual verification and physical swipe is usually enough (for 99% of cases). Instances of fraud via card duplication are rare, so it's usually not worth the hassle. But in some cases, it is.
My business runs large-ticket purchases though CCs (average is $2000), and we take super extra precautions when our customers buy from us. We take magnetic swipes, visually verify, AND take physical imprints.
We've lost several chargebacks because of lack of doing this. You'd be surprised how these little-known rules crop up when you least expect them. "Sorry, customer claims charge not authorized. Merchant doesn't have physical imprint. Chargeback approved." It's happened and we've been defrauded out of $thousands because of it.
The ONLY way we've been able to successful combat chargeback fraud is through the multi-layered approach.
Anyway, I know this is a fairly esoteric perspective and my business may be different from lots of others where this isn't an issue, but I have a feeling V/MC/Amex aren't going to get behind this.