I have a chip on my shoulder, but not in my card!

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills.
Topic Author
umfundi
Posts: 3361
Joined: Tue Jun 07, 2011 5:26 pm

Re: I have a chip on my shoulder, but not in my card!

Post by umfundi »

VictoriaF wrote:
umfundi wrote:The acid test is using an automated machine (or even a person) to buy a train ticket at Schipol airport

Keith
Thank you, Keith. I will do my acid test at Flughafen Wien-Internetseite. If it does not work I will walk to Bratislava.

Victoria
Victoria,

Regular cards work in the machines at Flughafen Wien, at least for the city train. I verified that last week! :) The card goes in the machine face up, with the magnetic strip on the bottom right.

Keith
Déjà Vu is not a prediction
marbat
Posts: 158
Joined: Fri Jan 07, 2011 8:02 am

Re: I have a chip on my shoulder, but not in my card!

Post by marbat »

VictoriaF wrote: Marbat,

Thank you for offering to answer our questions. I am taking you up on your kind offer:

1. Is "Chip and PIN" the same thing as EMV?

2. You wrote: "A combination of Chip and Signature and "No CVM" (No Cardholder Verification Method - essentially, the terminal doesn't prompt for a PIN or Signature) is." I am confused, because "No CVM" means no PIN and no Signature, whereas "Chip and Signature" includes signature.

3. At attended terminals I will use Chip and Signature.
3.a What happens at old unattended terminals? Do they take the card with a Chip and do not ask for PIN? That would seem to pose some security risks.
3.b How are new unattended terminals different from the old unattended terminals?

4. I can tell SDFCU when I will be in Europe. But I may be using the card in several countries and not know in advance all of them. How important is it to be specific?

Victoria
Victoria, let me know if this answers your questions:

1. NO! Definitely not. Chip and PIN is a type of EMV implementation. The other major type is Chip and Signature (and by extension, Chip and No CVM). Kind of like how a square is rectangle, but a rectangle isn't necessarily a square. It would be more accurate to say that EMV is Chip, but that's also technically wrong since the EMV standard also covers Contactless.

2. No CVM means no PIN and no Signature, however in our industry, it's typically lumped in with Chip and Signature because Chip and Signature cards almost always have NO CVM enabled. Note that a Chip and PIN card will always have Signature and typically No CVM enabled, in addition to PIN.

3. Correct! If an attended merchant refuses to accept your Chip and Signature card and you report them, they will be hit with massive fines.
3a. Some old unattended terminals may not accept a Chip and Signature/No CVM card because they may not be enabled for either Signature or No CVM. Some may be enabled for Signature via a Signature pad, others may be enabled for No CVM. Whether or not it poses a security risk shouldn't really matter to you. With US issued cards, you are not liable for fraud by law - banks are very, very good about Credit disputes. I've never heard of anyone losing a reasonable fraud dispute, ever.
3b. New unattended terminals should have No CVM, which essentially guarantees compatibility with a Chip and Signature/No CVM card.

4. Since I don't work for a bank, it's hard to say. Every bank has different customized fraud monitoring systems. I'd be as specific as possible about counties and dates to avoid issues. This issue is completely unrelated to EMV.
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: I have a chip on my shoulder, but not in my card!

Post by VictoriaF »

umfundi wrote:
VictoriaF wrote:
umfundi wrote:The acid test is using an automated machine (or even a person) to buy a train ticket at Schipol airport

Keith
Thank you, Keith. I will do my acid test at Flughafen Wien-Internetseite. If it does not work I will walk to Bratislava.

Victoria
Victoria,

Regular cards work in the machines at Flughafen Wien, at least for the city train. I verified that last week! :) The card goes in the machine face up, with the magnetic strip on the bottom right.

Keith
But that's not an acid test, that's a cop out,

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: I have a chip on my shoulder, but not in my card!

Post by VictoriaF »

marbat wrote:
VictoriaF wrote: Marbat,

Thank you for offering to answer our questions. I am taking you up on your kind offer:

1. Is "Chip and PIN" the same thing as EMV?

2. You wrote: "A combination of Chip and Signature and "No CVM" (No Cardholder Verification Method - essentially, the terminal doesn't prompt for a PIN or Signature) is." I am confused, because "No CVM" means no PIN and no Signature, whereas "Chip and Signature" includes signature.

3.a What happens at old unattended terminals? Do they take the card with a Chip and do not ask for PIN? That would seem to pose some security risks.

Victoria
Victoria, let me know if this answers your questions:

1. NO! Definitely not. Chip and PIN is a type of EMV implementation. The other major type is Chip and Signature (and by extension, Chip and No CVM). Kind of like how a square is rectangle, but a rectangle isn't necessarily a square. It would be more accurate to say that EMV is Chip, but that's also technically wrong since the EMV standard also covers Contactless.

2. No CVM means no PIN and no Signature, however in our industry, it's typically lumped in with Chip and Signature because Chip and Signature cards almost always have NO CVM enabled. Note that a Chip and PIN card will always have Signature and typically No CVM enabled, in addition to PIN.

3a. Some old unattended terminals may not accept a Chip and Signature/No CVM card because they may not be enabled for either Signature or No CVM. Some may be enabled for Signature via a Signature pad, others may be enabled for No CVM. Whether or not it poses a security risk shouldn't really matter to you. With US issued cards, you are not liable for fraud by law - banks are very, very good about Credit disputes. I've never heard of anyone losing a reasonable fraud dispute, ever.
Marbat,

1. To simplify, it seems that the term EMV is used for other than magnetic strip cards. The reason terminology matters is that if I will be reading something about it, I will know the context.

2. CVM stands for "Cardholder Verification Method." But from your comments it appears that entering a PIN or signing a slip or a pad are not cardholder verification methods. What is then an CVM?

3a. Can I assume that if I come across an old unattended terminal, either it won't accept my card at all, or I will have to enter a PIN, or there will be a signature pad? In other words, there are no situation where I will just enter the card without any other verification.

Thanks again,

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
marbat
Posts: 158
Joined: Fri Jan 07, 2011 8:02 am

Re: I have a chip on my shoulder, but not in my card!

Post by marbat »

VictoriaF wrote: Marbat,

1. To simplify, it seems that the term EMV is used for other than magnetic strip cards. The reason terminology matters is that if I will be reading something about it, I will know the context.

2. CVM stands for "Cardholder Verification Method." But from your comments it appears that entering a PIN or signing a slip or a pad are not cardholder verification methods. What is then an CVM?

3a. Can I assume that if I come across an old unattended terminal, either it won't accept my card at all, or I will have to enter a PIN, or there will be a signature pad? In other words, there are no situation where I will just enter the card without any other verification.

Thanks again,

Victoria
1. Close enough to be reasonably accurate. The important distinction that is always portrayed in a confusing way is that Chip and PIN = EMV, which is not exclusively true, as EMV can also commonly be Chip and Signature, among other things.

2. Entering a PIN or signing a slip ARE CVMs. Not sure where I indicated otherwise. A Cardholder Verification Method needs to be passed through the payment system to process a transaction. The 3 primary CVMs are: 1) Signature 2) PIN 3) "No CVM". Although the last one seems counter-intuitive, it is still a valid CVM from a systems perspective, as long as the card and terminal both support it. Essentially, a Chip and Signature card will have Signature and "No CVM" CVMs, while a Chip and PIN card will have all 3 CVMs. Since both Chip and Signature and Chip and PIN cards have both Signature and No CVM capabilities, Signature + No CVM is the global standard.

3. If you have a Chip and PIN card and you use it at an unattended terminal, one of three things will happen: 1) you could be prompted for a PIN 2) you could be prompted for a Signature (obviously, only if there is a Signature pad) 3) you could be prompted for nothing. This depends on which CVMs the terminal is set up to accept, and on what the order of preference is on your card and on the terminal.

Hope this helps!
Last edited by marbat on Thu May 30, 2013 4:33 pm, edited 1 time in total.
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: I have a chip on my shoulder, but not in my card!

Post by VictoriaF »

marbat wrote:
VictoriaF wrote: Marbat,

2. CVM stands for "Cardholder Verification Method." But from your comments it appears that entering a PIN or signing a slip or a pad are not cardholder verification methods. What is then an CVM?
2. Entering a PIN or signing a slip ARE CVMs. Not sure where I indicated otherwise. A Cardholder Verification Method needs to be passed through the payment system to process a transaction. The 3 primary CVMs are: 1) Signature 2) PIN 3) "No CVM". Although the last one seems counter-intuitive, it is still a valid CVM from a systems perspective, as long as the card and terminal both support it. Essentially, a Chip and Signature card will have Signature and "No CVM" CVMs, while a Chip and PIN card will have all 3 CVMs. Since both Chip and Signature and Chip and PIN cards have both Signature and No CVM capabilities, Signature + No CVM is the global standard.

Hope this helps!
Marbat,

It definitely helps; we are now down to just one item (#2) {grateful smile}. If the Cardholder Verification Method is "No CVM," does it mean that a terminal will not ask for either PIN or signature? Or with "No CVM" a terminal may still be used with either PIN or signature?

Thank you again,

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
marbat
Posts: 158
Joined: Fri Jan 07, 2011 8:02 am

Re: I have a chip on my shoulder, but not in my card!

Post by marbat »

VictoriaF wrote:
marbat wrote:
VictoriaF wrote: Marbat,

2. CVM stands for "Cardholder Verification Method." But from your comments it appears that entering a PIN or signing a slip or a pad are not cardholder verification methods. What is then an CVM?
2. Entering a PIN or signing a slip ARE CVMs. Not sure where I indicated otherwise. A Cardholder Verification Method needs to be passed through the payment system to process a transaction. The 3 primary CVMs are: 1) Signature 2) PIN 3) "No CVM". Although the last one seems counter-intuitive, it is still a valid CVM from a systems perspective, as long as the card and terminal both support it. Essentially, a Chip and Signature card will have Signature and "No CVM" CVMs, while a Chip and PIN card will have all 3 CVMs. Since both Chip and Signature and Chip and PIN cards have both Signature and No CVM capabilities, Signature + No CVM is the global standard.

Hope this helps!
Marbat,

It definitely helps; we are now down to just one item (#2) {grateful smile}. If the Cardholder Verification Method is "No CVM," does it mean that a terminal will not ask for either PIN or signature? Or with "No CVM" a terminal may still be used with either PIN or signature?

Thank you again,

Victoria
A "No CVM" transaction generally (with some technical exceptions that we need not concern ourselves with) means that neither PIN nor Signature were used or prompted for. However, an unattended or attended terminal that supports "No CVM" may or may not also support Signature and/or PIN. This means that the answer to your question is that for "No CVM" transactions, a terminal will not ask for PIN or Signature. But if a card and terminal both support "No CVM", that doesn't necessary mean that the transaction will proceed as "No CVM"; the card and terminal could both also support PIN, and they could both be technically set up to prefer PIN over "No CVM", or vice versa. In the future, all unattended terminals will support "No CVM", much like how all attended terminals today support Signature.
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: I have a chip on my shoulder, but not in my card!

Post by VictoriaF »

marbat,

Thanks again, I've got it.

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
Topic Author
umfundi
Posts: 3361
Joined: Tue Jun 07, 2011 5:26 pm

Re: I have a chip on my shoulder, but not in my card!

Post by umfundi »

It looks like Victoria will not be walking to Bratislava. :)

Keith
Déjà Vu is not a prediction
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: I have a chip on my shoulder, but not in my card!

Post by VictoriaF »

umfundi wrote:It looks like Victoria will not be walking to Bratislava. :)

Keith
If I feel eccentric, I can use the card, buy the ticket, and still walk to Bratislava.

Victoria
Last edited by VictoriaF on Fri May 31, 2013 8:27 am, edited 2 times in total.
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
marbat
Posts: 158
Joined: Fri Jan 07, 2011 8:02 am

Re: I have a chip on my shoulder, but not in my card!

Post by marbat »

umfundi wrote:It looks like Victoria will not be walking to Bratislava. :)

Keith
http://www.youtube.com/watch?v=1mYqY5YELd0

:P - for the record, I'm eastern European, and it isn't that bad over there! Eurotrip is a hilarious movie, though.
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: I have a chip on my shoulder, but not in my card!

Post by VictoriaF »

marbat wrote:
umfundi wrote:It looks like Victoria will not be walking to Bratislava. :)

Keith
http://www.youtube.com/watch?v=1mYqY5YELd0

:P - for the record, I'm eastern European, and it isn't that bad over there! Eurotrip is a hilarious movie, though.
It's a funny video. I am an Eastern European, too. Cпасибо,

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
Topic Author
umfundi
Posts: 3361
Joined: Tue Jun 07, 2011 5:26 pm

Re: I have a chip on my shoulder, but not in my card!

Post by umfundi »

Payments to SDFCU:

You can pay your credit card bill on their site, with a manual transfer from an outside bank account.

If you want automatic payments, there is a form you have to download, fill out, and mail in. I now have this working for me.

Keith
Déjà Vu is not a prediction
kevinpet
Posts: 107
Joined: Fri Jan 13, 2012 12:27 pm
Location: CA
Contact:

Re: I have a chip on my shoulder, but not in my card!

Post by kevinpet »

Gnirk wrote:We were told many times that Americans really don't have any security with their credit cards.
It appears the credit card companies have done a good job of PR in Europe. Americans have perfectly good security, it just happens to be legal rather than technological. Until 2009, the burden of proof was on the consumer that they were sufficiently careful with their card and pin. They've since moved to a more American style system of consumer protection (or if you prefer the economic point of view: putting the incentive to prevent fraud on the credit card company).

I'll still try to avoid a chip in my card for this reason when they start rolling them out in the US. Possibly I'd try to get a dedicated chip-and-pin low-limit card if I were travelling to Europe soon.
Post Reply