Jun 27, 2006

The pains of travelling and paying in a world moving to EMV

Paying abroad is becoming more inconvenient for US cardholders as they travel in a world quickly moving to EMV chip cards.

The explosion in ATM/debit card fraud shows how fraud can move to the US from other parts of the world, like the UK, where card issuers are adopting the more secure EMV chip card standard. Some US banks have responded by putting a temporary hold on all ATM transactions in the UK, leaving some customers stranded. Cardholders are advised to alert their bank when they plan to travel, and to carry multiple cards for multiple accounts and extra travellers’ cheques, just in case. Wow. Blast to the past. Back to the good old days of travellers' cheques and envelopes filled with cash.

US travellers are also being warned that paying in places like Britain could become more of a hassle, since British banks require all local card transactions to be done using new “chip and PIN” cards. Apparently, some merchants are unaware that old style American cards don’t need a chip and can simply be processed the old way, by swiping the card and checking the signature. California's San Jose Mercury News tells customers, "You may have to insist if you want to use your card. "

I remember this happening to me in France almost 15 years ago, after all cards had been converted to chip and I was still using my US issued Visa card. Outside the tourist areas, merchants would sometimes try to insert my card in the chip reader before realizing that it was a foreign card needing to be swiped. Wait, there’s more. Merchants in France have lost the card swipe wrist movement. They often don’t swipe fast enough, or they swipe too fast, or they swipe the side of the card that doesn’t have a magnetic strip. They rub the card on their sleeve then try again. When they can’t get the wrist movement right, most are happy to let me take the terminal and swipe my card through myself.

As US banks invest in contactless cards, which are chip cards after all, it would be really smart (and inexpensive) to put the EMV standard contacts on the front of the cards so they can be used in any EMV terminal anywhere in the world. I don't have the faintest idea why they are not doing this.

The reporter for The Mercury News writes, "I still don't know whether American Express, Diners or MasterCard are also switching to new technology, or whether it has yet spread to other European countries. I also haven't heard whether card companies in the United States plan to adopt the new system, although, given the results in Britain, it certainly sounds like a good idea."

Yes, a good idea indeed.


Anonymous said...

1. Not all merchants in US are installing contactless readers.
2. It will be very expensive to replace the cards & POS devices with out a beneficial business case.

Aneace Haddad said...

The problem that appears here concerns magstripe cards that are cloned then used overseas to withdraw cash. I am suggesting that when banks like Chase issue contactless cards, they should make sure those cards are also compliant with the global EMV standard so they can't be cloned. Since a contactless card is already a chip card, there is virtually no additional cost, and customers with such a card can travel the world hassle free.

Tom R said...

If the US Issuer put an EMV chip on the card would their auth./clearing systems be able to handle the EMV / PIN auth. and messaging our would the transaction just end up reverting to magnetic stripe anyway?

Aneace Haddad said...

If the issuer doesn't want to upgrade their authorization and clearing systems to handle EMV right now, there should still be a way to use the chip to at least ensure that a cloned card is not used. For example, the magstripe would include the EMV parameter to indicate that the card is equipped with a chip, so when an EMV compliant terminal or ATM reads the card it knows that it must absolutely use the chip to process the transaction. At that point, the device could certainly revert to magstripe type authorization which doesn't require the issuer to upgrade its systems.