US hotels hit by payment card slurping malware

US hotels hit by payment card slurping malware

6
287


US hotels hit by payment card slurping malware


6 COMMENTS

  1. as someone from the UK, it seems strange that the USA hasn’t adopted chip&pin yet, as it’s been the standard here for a decade or so.

    ]]>

  2. The US has adopted chip cards, or is supposed to have done, as noted above. Apparently there was pushback about having PINs, howeer, so the compromise was “chip and sign”, which sounds ridiculous except that the main problem with checking signatures seems to be that no one bothers (a part of the protocol that PIN entry avoids). Nevertheless, the chip part of each card is much, much harder to clone. So far so good.
    I hope I have this part right – correct me if not – but it seems that the incentive needed to accelerate the acceptance and real-world use of chip cards in the USA (and to encourage people to bother upgrading before their current stripe-only card runs out) is missing.
    IIRC, merchants who use old-school card processing equipment bear all liability for fraud, while those who switch to chip-capable PoS devices don’t. So far so good.
    Except that if you run the magstripe of a chip-capable card through the magstripe reader of a chip-capable PoS device, you get the same liability protection as running the chip through the chip reader. So even in chip-ready point-of-sale devices, magstripe use is still the norm, and there is no liability-based incentive to switch. I have even heard stories of merchants taping over the chip-reader slot, allegedly to “encourage” purchasers to pay in the old way…apparently it’s slightly faster and that means happier customers.
    Backward compatibility. Heigh ho.

    ]]>

  3. As a USA-ian I can confirm much of this. I don’t know about the magstripe use of chip-capable gear, but…
    – my ‘other’ bank could not offer me a PIN longer than 4 digits 🙁
    – last year our facility’s banquet hall had me on high alert watching new CC readers plug in and phone home (abracadabra)
    – I’ve noticed any scribble can authorize a transaction and even have heard of smiley faces doing so
    – the chip transactions to seem to take slightly longer, maybe ten, fifteen seconds
    – we Americans are notorious for cramming schedules too full and being impatient–albeit not that I contrast much with that
    – aside learning security principles (i.e. here at NS) I’ve seen nothing to encourage my own card upgrade
    To exacerbate the last point… I memorize all my CC numbers. Depending on use it takes a week or so but routinely proves itself extremely handy. My bank just today texted me that they’ve sent a new card (xxx-xxx-1234, a new card number) to supplant the one which expires 2017/11. I’ll need to memorize a new card now and will activate it for the security benefits I know it brings, but were I not a Junior Proselytizer I’d fight them until next November.

    ]]>

  4. I never saw a chip card until maybe 18 months ago. We can be a stubborn lot–we’ve toyed with and neglected the metric system for 50 years now.
    Then again… using it now would certainly make that old Proclaimers song difficult to sing:
    And I would walk 804.672 kilometers
    And I would walk 804.672 more
    Just to be the man who walks 1609.34 kilometers
    To fall down at your door
    Bah, you Euros can keep your changes for another deca-year.

    ]]>

  5. All systems of measurements are “metric systems” 🙂 The US is a holdout against using the SI system…
    The UK, happily, went SI around the time of the millennium (I saw a TV quiz show the other day where a guy in his mid thirties wasn’t 100% sure that there were 12 inches in a foot, which I thought was a delightful sign of scientific and engineering progress).
    But there is an annoying exemption for signposted speeds and distances, leading to the absurdity that the distance *markers* on public roads are in kilometres (the highway agency marker posts every 100m or 200m) while the signs for drivers are in miles.
    Of course, the US doesn’t use the Imperial system either (thus your tons and pints are different from what they used to be in the UK and its former empire).
    And you guys don’t use the ABC paper sizing system. Even the UK adopted that, more than 50 years ago. (The system where A0 is a sheet of one square metre in the ratio 1 to root(2), and where you get the next size down by the brilliant expedient of folding the current sheet in half.)
    But I digress.

    ]]>

  6. Institute a “swipe tax” and things should start to turn around. That approach worked rather well a couple of dozen decades ago… not too many tea drinkers here in the USA! 😉

    ]]>

LEAVE A REPLY

Inline
Inline