Now if we could only eliminate them for everything else.
Buying and selling houses is excruciating thanks to the number of signatures required.
I went to a closing on behalf of my then-wife who didn’t want to deal with it; because it was her house we were selling, I had to sign all the paperwork on her behalf, which involved a signature plus some additional verbiage. My hand was in pain by the time we were finished.
Most of the time a signature isn’t for verification but rather for acknowledgment.
I don’t give two shits what you put down as a signature, I just want a record that you consciously were present and signed something, so I don’t get accused of trying to pass off something quietly that you never agreed to.
If I have some scribble you made at a time and place, the onus is on you to prove it wasn’t you who did that.
Provide an index sheet attached to a stack of papers acknowledging documents included (title, version, date on document, page count). Check by each line, one signature overall.
Nope, too easy to argue you signed a bunch of things you did not see. I want each page initialed and important disclaimers signed at the location they appear. Will make it much easier for me in court. Much harder for you.
I have a genuine question, and because text doesn’t convey emotion I want to be very clear that my curiosity is genuine: what is it that you’re doing that is, by appearance to me, a common transaction (perhaps multiple times per day?) wherein you want to be absolutely sure that the customer assented to lengthy terms and conditions and you’re often going into court (at least so often that you want it to be “easier for” you)?
And, as a follow-up, how does this relate to a signature being used as confirmation of payment? (Or did you mean in relation to the signatures for housing transfers?)
When we raised money from several VCs (using some of the top legal firms in silicon valley and NYC) all we had to sign was the very last page which had only the signature lines on it.
It could have been attached to anything. And in fact, sometimes, they emailed us the signature page separately for us to sign, scan and send back.
So I don't really think there is really much legal benefit to having stuff on every page to sign.
Just because you don't understand it doesn't mean there isn't a legal benefit.
A paper contract must be done in two copies. Every page numbered and signed by both parties. That's the only way to cover your ass against the other party replacing pages and terms.
Actually, it's the other way around. The credit card company, and by extension the merchant, have to prove that's your scribble.
Here's one way to think about it. If it was the way you suggest then all an identity theif would have to do is to draw something on the dotted line and all of a sudden you're in a position where you have to prove your innocence.
It depends on how much money is at stake, what the alleged issue is, and what card network and network was used. Amex is infamous for almost always finding in favor of its cardholders, even more so than already cardholder biased CC isuers.
My recent apartment lease was delivered online, but required me to go through every page and click a button that filled in my initials in a cursive font. It’s silly, yes, but I’m sure it’s just there to “prove” that I acknowledged each page individually.
That's the e-equivalent of initialing every page of a contract. The cursive part is funny. Rituals change slowly. People trust moused signatures and fax machine timestamps more than RSA public keys.
If it's DocuSign, they actually let you pick your own font from a list, so you can claim it's "your" handwriting because you chose it. And it's been a while, but I think they let you mouse a signature and initials if you don't like any of the fonts.
The funny thing is that for the last few years, I've been trying to make my own handwriting resemble an italic serif font as much as possible, so I actually do write like a font. But for everything except my signature. I never sign anything the same way twice, and my signature is always just a random scribble. Sometimes it's even an X.
It is, but it means parent will lose any contractual dispute ever on the signature proof part.
Here is how it goes in a dispute. You have A saying B signed a contract, and B saying he didn't. It's A's job to prove he did first, and he indicate there is a signature on there, and it's B's. So now it's B's turn, and he needs to show it isn't his (if he does, then A become accused a making a false, and will need to prove he didn't).
To do that, B needs to prove that he usually signs a different way, so he provides other signatures everywhere to show it. Since parent signs differently everywhere, he cannot show that he has a regular signature that doesn't match the one on paper. In fact, it shows that any scribble CAN be his signature as long as there is one, and thus the court will tend to assume the one on the contract is his.
So parent's strategy is terrible, and you really shouldn't be playing that game, because it doesn't catch you until it really does.
> To do that, B needs to prove that he usually signs a different way, so he provides other signatures everywhere to show it. Since parent signs differently everywhere, he cannot show that he has a regular signature that doesn't match the one on paper.
How often does that work? Presumably a fraudster would copy B's signature from a receipt out of their trash or something (a priori they have no way of knowing that B signs differently every time); how likely is it that someone going to that effort would not get a signature that's a "good enough" match compared to B's normal signature, however careful B is about always signing the same way?
The vast majority of cases where this relevant (99+%) are identity theft, where you got the name / ssn /address through some mail or website or whatever and uses that to contract things on someone else's name.
Also, finding differences in signature is much easier and much more advanced / developed than you would think. Even if you copy mine after seeing it or having a model, the places where you slow down your pen etc... Vary compared to me, and that can be detected.
Is it possible with technology to make a perfect copy? Of course, but then you just move to the next steps of the case, and you already cleared out the majority of bogus cases.
So having a fixed stable signature is a very good thing for you the user, and it always surprise me when I see people who think they played the system when they screw their own protection like parent.
> Also, finding differences in signature is much easier and much more advanced / developed than you would think. Even if you copy mine after seeing it or having a model, the places where you slow down your pen etc... Vary compared to me, and that can be detected.
It's a bit nonsensical that it should fall on a person to prove the negative (that they didn't sign something), as opposed to the party claiming that an action took place having to substantiate their own assertion. But I can believe this ended up being the precedent based on the "golden rule".
It seems like a pragmatic individual solution to address this would be to sign with an X or line or whatever, and diligently keep a log of everything you sign (perhaps facilitated with a phone app, with a conf code to write next to your signature). Then, when the supposed event isn't in your log, it should be back on the aggressor to prove their case.
I rented a property a couple weeks ago in Massachusetts, USA. The rental agency used a web form for signatures. My new landlord used something that looked like Comic Sans. So, I guess this is a thing now. I was a little surprised.
Funnily enough I sold a house from a foreign country at the end of last year, and while I found the process annoying (there are always problems with buying/selling property), the number of signatures wasn't a problem.
One of the problems I came across was the number of things I had to send through the postal system. Apparently scanned documents (signed) weren't good, and using a fax machine wasn't an option either.
So I had to print forms, sign them, and then mail them - always with tight deadlines. Luckily only one piece of mail was lost en route, and it was skipped in the end.
(I also had to mail back the physical bundle of title-deeds, something I was told previously was all electronic these days. Fascinating documents though, I remember when we paid off the property we received them and there are copies of each sale contract/price details since the place was built in around 1890. First sale was for £400, then the next for £1200, and every 1, 5, 20 years it would sell for more. Went for £162,500 when I sold it. That's a huge jump from the starting price!)
The kind of fraud prevented by a PIN enabled chip card is supposedly pretty rare. What would be more useful is a standard for browser attached chip card readers to bring the anti-fraud protections of a chip card to everyday Internet transactions.
I didn't know about the first attack you mentioned, but it still seems to boil down to cloning non-EMV card onto card that behaves like EMV. For this to work I think that the terminal must be horribly misconfigured and then it almost certainly defrauds the merchant and not the original cardholder as I don't see how merchant's bank would ever authorize such transaction.
The second on you mention is based on exploiting flawed RNGs in certain ATM implementations and using that to replay transactions that happened elsewhere. Fix is obvious: don't use flawed RNGs.
Third known attack on EMV is similar to the "accept any PIN" part of the first, but done by MitMing the interface between terminal and card. This relies on the fact, that "No PIN was required" and "Correct PIN entered" produces same transaction certificate. This also can be mitigated by altering the terminal configuration.
Light Blue Touchpaper talked about this all at some length.
On the one hand it's true that all these flaws can be worked around. But on the other hand, how did card companies not bring in cryptographers to help them get this stuff right in the first place? Did they not think it was important?
The TLS journey is illustrative. Originally SSL is hand-rolled crypto. And so SSL 1.0 is so bad it was never really used, their second attempt, SSL 2.0 is still pretty flawed, it's no longer "Herp, I eat paste" bad but even SSL 3.0 still suffers from some pretty bad decisions where clearly engineers who've heard of encryption but aren't experts are making too many cryptographically important decisions.
TLS 1.0 goes to the IETF. So now there's a wider pool looking at this stuff, but firstly it's still trying to be compatible with SSL and secondly these are still just more engineers, not cryptographers. Even in TLS 1.2 actual crypto people only get involved at the end, and they're basically asked (like a poor submission to r/crypto) "Is this OK?" rather than "What would _you_ do here?". It's hard to say "This is not OK" even if your gut instinct is screaming, unless you can prove it. So that's weaker than we'd like.
Finally in TLS 1.3 crypto people are involved from the outset, serious mathematical crypto people who say things like "In this paper we show that under the stated threat model an attacker cannot discover key C in this protocol without having key A if the PRF meets the criteria laid down in reference Z" and they helped produce what we expect to be the most secure version of TLS.
Now, TLS 1.3 took _years_ longer than SSL 2.0, but banks don't do anything quickly anyway. So why didn't EMV take its time and produce something better by hiring in cryptographers to design this stuff? No cryptographer would go "Oh, yeah, just ask for four numbers and if they're all different that's good enough".
This already exists. If EMV specified an X.509 certificate instead of a proprietary one, then we could be doing card-present transactions over the Internet right now thanks to TLS client certificates.
The RSA certificates used in EMV are not used to authorize transactions, but only to authenticate card to the terminal (and optionally to encrypt communication between pin pad and the card). Only effect of using full-blown X.509 for that would be that the certificates will be three times larger. Transactions are "signed" with issuer-specific symmetric algorithm (the specification AFAIK recommends CBC-MAC and HMAC), original motivation for this constructions seems to be backward compatibility in the sense that the algorithm can be designed such that it produces 8 digit decimal numbers that can then pass through various backend systems in field originally intended for swipe card online authorization code.
And by the way nothing technically prevents the issuers to combine EMV application with some PKCS#11 applet with X.509 certificate on the same physical card. EMV is in fact to some extent explicitly overdesigned to allow not only this but even multiple EMV "cards" on same physical chip.
One interesting idea would be to do EMV transaction over the internet by just forwarding the PDUs sent to the card over the internet, but it has lots of subtle usability and security issues to be really practical.
There is definitely nothing that prevents another applet (JavaCard, not PKCS#11 -- that's just a generic interface) from running on smartcards currently running the EMV applet. Or any other smartcard from running more than one applet -- this is a result of ISO7816 more than EMV.
But my point is that if EMV had chosen to use X.509 instead of inventing their own certificate format then we could re-use the existing infrastructure with zero cost.
Passing arbitrary APDUs from webpages to your card isn't a great idea and it will be SLOW since it will require multiple round-trips -- it's already slow enough just reading objects from smartcards. This is the mechanism used by Citrix/MS Remote Desktop, which is to forward a PC/SC connection -- this has a disadvantage that the remote side must have drivers and is also real slow, but the advantage that the resource can be used for anything, just like it were local.
For what it's worth, I'm the author of some smartcard middleware (CACKey) and have worked with the EMV specification and EMV applets to a lesser degree.
> The kind of fraud prevented by a PIN enabled chip card is supposedly pretty rare.
Are lost and stolen cards not a common problem? I suppose if the card holder reports it to the credit card company fast enough, it would prevent fraudulent charges from going through, but it would be nice if the person who found/stole the card(s) wasn't able to just use it without having to enter a PIN to do so.
Both the card and the terminal are able to make a decision about whether this transaction must be "online", a live session. If either insists on being "online" and that's not possible the transaction fails.
If the card is reported stolen, all such online transactions are (should be) blocked, and the risk is up to both the issuer (you could ship cards that insist on all transactions needing to be online, and some cards intended for people who struggle to manage their money do that) and the merchant (you can insist on going online for every transaction).
However, forcing every transaction online is super annoying. Train sat in a tunnel? No card purchased G&T for you until it gets out again. Internet down at the burger shack? No burger until their Internet is back up. Merchants would usually rather risk some fraud for smaller purchases, than lose sales when there's a problem.
"Weird money" causes the same issues, it's rare in the US but some places deliberately issue loads of different money that's all theoretically worth the same but you rarely see some types. In England for example a Scottish or Northern Irish bank note, issued with the name of some company you've never heard of, is still "worth" the same as familiar English notes. Except if you live closer to France than Scotland you've probably never seen one before. Maybe it's fake. Should you, as a shopkeeper, risk taking this weird-looking money? Again, risk of fraud versus risk of a lost sale.
My understanding is that lost and stolen cards are a very small portion of fraud compared to industrial scale skimming, cloning, hacking operations. Lost stolen cards only account for 14% of fraud cases. [0]
In Australia, all in-person card transactions above the $100 PayWave/PayPass limit require PINs.
Fraud cause from in-person transactions is very low and hence our merchant fees are also very low. 10-20¢ for debit transactions and approx. 1.2% for credit transactions.
If even that. You're usually hard-pressed to find people who charge a transaction fee (that is, not built into the price of the goods/service). I can think of a handful I encounter with any level of semi-regularity.
I was talking about the underlying merchant fees. In the US, it’s not unusual to pay 3% on cars transactions and I can’t help think that a large part of that is to deal with fraud.
After all, Australian banks are some of the most profitable per customer in the world.
Here in NZ we don't sign for credit card transactions - I can't remember the last time I had to sign. Instead you insert your card into the reader and use your PIN to verify the transaction. And if the card reader has contactless payments (PayWave, PayPass, etc) then you don't even need your PIN for transactions less than $80.
Are you sure those are credit card (e.g. Master Card) and not debit (e.g. Maestro) transactions? I’ve noticed outside the USA credit cards are used very rarely while debit cards are used very heavily.
In the USA, we have to sign at most places for any transaction over $50, but not under.
I've definitely had credit cards like that (also note that both MasterCard and Visa offer debit cards in many countries though). The point of sales terminal doesn't care, the only difference between credit and debit cards is on the banking side, and when making ATM withdrawals.
NZ, Aus, UK, are pretty much on the same level banking tech-wise (with UK bank-to-bank transfers being much quicker). Credit cards are common enough, but most people only have one or two, with lower credit limits than in the US.
Yes. My AU credit cards - both Amex and a local bank-issued one via Citibank(?) - allow me to change my PIN through my online account settings. I use my credit card exactly as I use my debit card - tap for paypass/paywave if under AUD$100, or tap/insert and enter a PIN for over $100.
From experience, a signature in the checkout line usually takes about 5-10 seconds. Removing it may seem like a small negligible change for users, but for retailers, it most likely adds up.
Imagine being able to pick up your receipt and leave. What I see being the stalwart of signatures are probably restaurants. They require that extra step with the tip.
The way tipping works in Canada: you get handed the card-reader, and it tells you the subtotal and asks what tip you would like to add. Then, the card-reader asks you to either tap or insert your card.
> From experience, a signature in the checkout line usually takes about 5-10 seconds. Removing it may seem like a small negligible change for users, but for retailers, it most likely adds up.
Your right, can we also remove that stupid bag tax in SF. It easily takes 20 - 30 seconds per transaction.
"Do you want a bag?"
"Ugh, yeah I do"
"Alright that's 50 cents"
"wait, could I get three bags, not two - I don't want my bag to rip"
The grating, low-grade, annoying, time-wasting inconvenience is supposed to continue to irritate the purchaser until they decide to bring their own bags.
Its funny - I do bring bags, but often I get more than one or two items. Aka I'll often get more than planned, as I look for sales.
Regardless, and to the point the whole line is slowed down by this transaction. Meaning every time I went to the store I had to wait an extra few minutes for this.
Moving back to Illinois recently, I find it amazing that the lines most move at least 3× faster. Probably in part due to the more "let's get shit done" attitude of the Midwest, but also the lack of bag related questions.
I then come home with my paper bags and recycle them. It honestly seems like more harm to the environment the waste of time + the polyester bags we buy instead
Or even not a bag at all. I walk into a store, I want a bottle of Coke, and a pack of coconut biscuits. I see a Mars bar, yeah, OK, Mars bar too. I blip them through, shove them in my pockets, walk out. No problem. No bag needed.
In the old days, this is instantly suspicious but now it makes sense to people even if they aren't thinking about the environmental consequences. A bag is say 15 pence, why pay 15 pence extra for three items?
Barcode is how it works in Europe. Recently, also smaller bags for groceries are being taxed in many countries as there are compulsory reduction quotas to be fulfilled.
It's really important for the environment and frankly, the majority of groceries don't need any bag as they have skin.
> It's really important for the environment and frankly, the majority of groceries don't need any bag as they have skin.
I mainly bag things due to blood leaking out of meat packages. It leaks onto carts, baskets, and other food.
I put an extra bag around my meat, but I see others who don't. And some grocery stores don't have plastic bags available in the meat section, I have to go bag to veggies to get a bag to keep blood from getting everywhere!
We have PayWave in Singapore where you can just swipe your credit card for amounts under 100$, but most of the time you have to wait pretty long for the approval to go through, it feels a bit like the time benefit is eaten up by that. Only very few merchants have fast lines, but then it’s really fun!
In Australia, the PayWave system for $100+ purchase will take no longer than signatures if the person doesn't make a mistake. It's just tap your card, press 5 buttons, then a 2-3 seconds processing time and you're off.
The process will naturally become faster as adoption increases and more people get familiar with it.
I had to sign approval for a field trip for my daughter once. Her teacher returned it with her the next day because it needed to be "a real signature."
Signatures haven't been required for credit cards in many other countries for quite some time now.
I have often wondered why the US has historically lagged behind for everyday banking. (e.g. email money transfers, chip enabled cards, pin number verification, tap to pay)
because legacy tech wants to be amortised over long time periods. If you start implementing things later you can pick the best tech. US banking was among the first to become digital and thus still has to maintain technical choices of the past
The UK were the first in the world to have ATMs, so there is plenty of ageing infrastructure in the UK. But the banks were forced (partly by the EU and partly by fraud) to move to chip and pin and they did relatively quickly.
The resistance to change can be explained much simpler:
It benefits only consumers, while costing the banks and payment providers. It's the same excuses for still having critical banking infrastructure written in COBOL.
> It benefits only consumers, while costing the banks and payment providers
Hogwash. Yes I know all bankers live in extinct volcanoes but one thing they know a lot about is money. It is ridiculously expensive to support the US's conservatism when it comes to finance. The lack of chip and pin pales into insignificance compared to their addiction to paper checks, for example.
It would be completely in the banks' interests if everyone moved to internet banking, NFC cards etc because the running costs and fraud costs are vastly less. The problem is all those pesky, inertia-laden customers.
> The lack of chip and pin pales into insignificance compared to their addiction to paper checks, for example.
Paper checks are indeed a silly cost, but NFC provides banks no gain over chip. Chip provides gain over magnet stripe by basically rendering skimmers ineffective, but only basically in that credit card fraud is still a big business. Instead of skimmers, you use trojans or data leaks. Physical credit cards also sell very cheap on the black market.
In other words, NFC benefits only consumers, not banks. Chip benefits banks a little bit.
> if everyone moved to internet banking, NFC cards etc
Those are very different things. Internet banking benefits banks directly because they can shut down local branches and screw over customers (which they do here—I have to drive to a different city to insert cash, and can only do so within very limited hours).
NFC has no benefit to them (and might slightly increase fraud that the bank will have to cover by allowing ~$40 withdrawals made wirelessly from quite a far distance). Chip presents a pretty tiny benefit to them.
And most certainly, if you have a customer that already use a magnet stripe credit card, giving them an NFC card will result in instant adoption of the feature. We had some statistics when the feature rolled out—it was adopted by everyone with a supported card on the spot. It's much different when you're trying to change a check user to be a credit card user, but that might be more of an issue with the consumer experience with the bank—credit and debit cards over there sound so cumbersome compared to our system where the bank issues both credit and debit cards tied to your account. We don't have the "benefit" card mess.
The benefit of NFC for banks would be an image and PR boost, the bank could say that they are the hip and trendy bank, come to us. Then other banks would have to follow eventually.
Why else would banks in europe adopt NFC or contactless payments?
I am only speaking for a single EU country here. In DK, features such as NFC are released for all banks simultaneously (that is, fully implemented and functioning) through the national payment provider, who is also the issuer for our national credit card type (which is a dual-type card by also being a VISA for international use, and is tied directly to a bank account). I don't think they have a choice, and they certainly gain no PR or image from it.
Now, the national payment provider (a private company) does it because they earn money on terminals, and want to fight to stay relevant in a world of emerging mobile payment solutions such as MobilePay (a Danish mobile payment solution of which over half the population are users).
The only exception to this rule appears to be Apple Pay, which is implemented by some individual banks. I am not sure if this is due to platform differences, or whether it is just the national payment provider fighting back. I'd suspect the latter, as Apply Pay just see our dual-type credit cards as VISA, sending them transaction fees that the national payment provider lose out on.
Other than that, banks here are only differentiated based on their financial solutions, and maybe in some rare cases by their mobile/internet banking solution (all have feature complete variants, but some are nicer than others).
Apple pay and Samsung pay have contact free payments, and it's also more secure than signatures.
But as new payment infrastructure is expensive they will just move if they have to. Perhaps too slow, as their competitor are gnawing at their profit margins.
Also due to some ODD ideas about banks by some of the founders you have not got the nationwide consolidation you did in the EU - the federal nature and relatively weak central government doesn't help either.
With a small number of banks and a stronger central government which can exert pressure you can see why the UK and EU are ahead.
US here, got issued a chipped card about a year ago and noticed quickly that any attempt to swipe with my card would be greeted with an error message and instructions to insert the chip. For all systems I've seen, it seems that if the merchant accepts chips and if the card has a chip, the chip must be used, regardless of any user reluctance.
Most readers I have experimented with in the US will allow a swipe after 3 unsuccesful chip reads (inserting card in opposite direction w/ chip exposed).
Also Australian used to using Paywave. I traveled through Europe in January. My card was accepted without issue in most countries. There were a few countries like Greece where I need to use Pin. Outlier was in the UK where I had to sign and show photo id, which I found strange.
> Outlier was in the UK where I had to sign and show photo id
How long ago was this? Signatures haven't been a thing here for well over a decade. Also is Paywave just contactless? Because we've also had contactless for a fair while.
When I visited the US in late 2014, most places didn’t support contactless payments; a few did, but the operators didn’t necessarily know it, because basically no US cards supported it. I really confused a Subway employee near San Francisco by using it, and stopped to explain how it was that the transaction had gone through without him noticing.
Most chip readers in the US are incredibly slow. Like 10+ seconds just top read the card. There are faster authentication schemes that some of the readers use, but it's rare that using the chip is very fast, while swiping is always instant.
In the US, the biggest adopters of Apple Pay have been big chain grocery, drug, convenience, etc. stores. For decades, there has been a (somewhat class-based) stigma about holding up the line in these kinds of places by paying with check, government benefits, coins, coupons, or anything else besides cash and credit.
There's also a separate, arguably more deserved stigma about entitled people causing trouble by using unnecessary technology.
These together, along with a reluctance to cause trouble for low-wage clerks, make people reluctant to risk holding up the line by using Apple Pay.
That means fewer people even try Apple Pay, so fewer other businesses see the need to make it available.
Contactless payment is so widely adopted that it's given me no particular reason to use Google Pay or any other mobile payment system as they're not particularly better from just using my card...
It might be faster if it works. If you try it and it doesn’t work and the cashier tries to help and then you have to go back to using a credit card anyway, it’s slow and people get annoyed.
If that reliably didn’t happen, things would be fine. Unfortunately, payment processing in the US (or at least in Maryland where I live) is a mess:
- Point-of-sale devices are frequently broken, with post-it notes taped over the chip slot saying “CHIP READER DISABLED”. I’ve dealt with buggy readers that force you to swipe, then go “Oh that’s a chip card, insert it!”, then when you insert it they go “Chip not supported, reverting to swipe as a backup method”. We’re struggling enough with the basics.
- I’ve seen stores that put a “We accept ApplePay” sign in their window, but when you go in, it’s a gamble as to whether all the dependencies from the reader to the network to the payment processors are working today. When I’ve asked cashiers, their responses range from a despondent “I just don’t know anymore” to a cautious “We have it but I haven’t seen anyone use it in a while.”
- Complicating all of this is the fact that all of the POS devices in my area look identical, whether they support NFC payments or not. I have a hunch that the hardware vendor just ships NFC-capable units to everyone, but only turns them on in certain conditions (maybe related to the type of contract the merchant has?)
If anyone has plumbed the depths of this issue and can explain what’s going on, I’d appreciate it.
I've worked for a large retailer who has purchased a sizable number of verifone devices (hundreds of thousands). The devices do have NFC-enabled readers in them to support Apple Pay, however, the contract that the retailer has with Verifone specifically says that Apple Pay is disabled: The retailer does not want to pay for the development cost for enabling Apple Pay in their Point of Sales stack.
It's a great add-on for Verifone: A couple of bits get flipped in fipay and in their backend and boom: Apple Pay (as long as the payment processors support it).
The most bizarre one is at a Subway I go to once in a while: they have signs all over saying they accept Android Pay, but when I go to use it the phone vibrates like it worked but the terminal replies "insert chip," or maybe it's "chip required." The cashiers claim it works for other people though. I tried it several times over a year just to see if it was a one-off error, but it always did the same.
I really like Android Pay/mobile payments when they work, the only problem is, I stopped really using it because the success rate is so low. The card readers seem like they aren't that strong, have difficulty sensing the phone, and when it does sense it there seems like a lot of weirdness/try agains. I tried to use it once at a vending machine and I just couldn't figure the thing out, the payment went through but when I selected something nothing happened. Credit card worked fine though.
It was so unimportant when I got a new phone I ended up getting one without NFC.
Oh, I'm pretty sure the “CHIP READER DISABLED” thing is just the merchant didn't set up their account with chip enabled, not any problem with the hardware itself.
> I'm pretty sure the “CHIP READER DISABLED” thing is just the merchant didn't set up their account with chip enabled.
It’s generally the fault of the POS software. In many (most?) cases, enabling EMV on the terminal requires the use of a new API. The POS software has to write code to support EMV.
your cards themselves can disallow contactless payment when a chip reader is present. Discover did this to me when they sent me a chip card - I had been using my discover card contactless for a while with android pay, and all of a sudden it stopped working on all new terminals and started saying "insert chip", assuming the terminal had a chip reader in it. I switched to using my visa card with google pay and it continues to work mostly everywhere, even though I have a chip in my visa card as well.
I find I only use google pay when I'm not in a hurry or when I'm very familiar with the specific reader and it has a long track record of working. If I go somewhere new, I always use my card unless I have time and the store isn't busy.
Exactly. If I'm in the grocery store, I know that I can take my credit card out of my wallet, insert it into the machine (or swipe it), maybe scrawl a wiggly line, and remove the card all in about 10 seconds. Alternatively, I can fiddle with my phone, get it to recognize me, hope it works, etc. which--even if it doesn't always take longer--is certainly less deterministic while the person behind me is probably going through their own version of the internal sigh I have when the person in front of me is fiddling with some non-routine payment method.
About the only time I use Apple Pay is when I'm traveling to Europe because it tends to work faster than when I have to do the non-standard (for there) chip and signature.
> Alternatively, I can fiddle with my phone, get it to recognize me, hope it works, etc. which--even if it doesn't always take longer--is certainly less deterministic while the person behind me is probably going through their own version of the internal sigh I have when the person in front of me is fiddling with some non-routine payment method.
I don't recognise this at all.
Pull phone out of pocket, touch the fingerprint reader to unlock it, wave it at the reader.
Done.
That's quicker than getting my card out of my wallet, let alone swiping and then signing something.
Pull phone out of pocket, touch the reader, nothing happens.
Theory 1: I’m not touching the reader in the right place. Maybe the sensor is on this side or that. Try hovering the phone all over the POS box.
Theory 2: Maybe my phone is not working. Try waving it around again while cashier has this “get your shit together” look on his face. Pull out CC.
Theory 3: The reader supports NFC but not ApplePay, so now I’ve wasted my time. Pull out CC.
Theory 4: Its not even a NFC reader (because there seems to be no standard way of telling by just looking at them). So, now I’ve wasted my time. Pull out CC.
Or the arbitrary transaction limit is set to less than the amount I owe.
At least domestically, I find credit cards almost always straightforward while Apple Pay is hit or miss having the line behind me giving me dirty looks because the entitled tech shit is holding up checkout playing with their gadget.
Never had any of this happen, it's quicker and easier than even using contactless credit cards for me. And it's becoming really commonplace in the UK.
1) You've never unlocked your phone before? How weird.
2) How broken is your phone? Never had this issue (I use android pay multiple times per day)
3) This is unusual, to the point of not being a thing here - Applepay is compatible with contactless EMV, as is Android Pay and there's basically nothing to be done at the merchant end to support it.
4) Of course there's a way to tell, they all have the four lights at the top, either physically or on-screen, plus there's the contactless logo the display on-screen.
These imagined impediments are hilarious though, you should have a sketch show.
I use android pay when it's available in the US, but the first time you encounter any specific reader, there's a learning curve. By "reader", it should be obvious we mean the reader that is in the store that you tap your phone or slide your card into, not the fingerprint reader on your phone.
Most of them look like this: https://en.wikipedia.org/wiki/Payment_terminal#/media/File:P... and will occasionally have a contactless payment icon or an apple/android pay logo on the screen when you walk up to it. In the case of this card reader, the NFC point is at the bottom of the screen and you basically have to rub your phone on the screen to get it to read.
Sometimes they look like this one: https://www.flickr.com/photos/jeepersmedia/14128014654 but that big pad at the top is a lie - those have never actually worked and if there's not a sign on it, the cashier will tell you it's "broken".
I'd say about half of my credit card transactions these days involve me handing a card to someone who swipes it directly into the register - there's no way to possibly use NFC or enter a PIN for debit/etc.
The NFC area is consistently at the top, and is consistently visible. If the standards aren't being followed in the US reader market then clearly that's not going to help anyone, but it's just more evidence that the US credit card technology market is outdated and a very weird outlier.
US fraud rates are so low it's cheaper to eat the cost than to change the system. A more interesting question is: why are fraud rates so high elsewhere?
[The] U.S. the third-highest rate of fraud worldwide, and was the only country to remain in the top three from 2014 to 2016.Additional research from the Nilson Report, October 2016 stated that in 2015 alone, the U.S. accounted for 38.7 percent of the worldwide payment card fraud losses
In Canada I have not signed for a credit card transaction in years. Everything is tap to pay and chip-and-pin for larger amounts. Extremely convenient.
When I go to the U.S. I usually have to produce ID when using my credit card. Is this because I am from out of country or do they do this with everyone paying by credit card?
It's because you're from out of country. You'll almost never be asked to produce ID with a standard credit card purchase in the US, unless it's unusual in amount.
I'm in my late 30s and have never once been asked to produce proof of ID in relation to a standard credit card purchase. Whether at a grocery store, restaurant, etc. I've never seen anyone else have to show ID either, maybe once in the 1980s.
I've been doing this for 2 decades. I once had a surreal experience when one store clerk in the US complained that my signature did not match the one in the back of the card. My pleas of "that's not a signature, it's a request to check my ID, which you haven't done" did not move him so I had to request his manager's presence.
It only happened once and that was many (15+) years ago, but if you ever wondered if it could happen, yeah it could. :)
I do this, and I was very confused to find out that if you try to do this at some government buildings (post office for me) they will completely reject your card and not let you use it.
I have both my signature (because it's required for the card to be valid) and "See ID" on the back of my card. I get asked for my ID about half of the time or so. It's rare to be asked at restaurants, but retailers are pretty good at checking.
I've always thought the signature was security theater, asking for a photo ID is way better from a security standpoint.
In the UK, I don't think you can opt to sign instead of enter a PIN if it's a PIN terminal and your card has a PIN set. Only if it doesn't have a PIN (as with American cards) will it then automatically ask for a signature. Isn't allowing the user to opt to just bypass the PIN a bit of a security hole?
There are a handful of places in the UK that don't have PIN terminals at all and do classic swipe-and-sign transactions, though. The one I encounter most commonly is the onboard cafe car on Great Western Railway trains.
> Isn't allowing the user to opt to just bypass the PIN a bit of a security hole?
That's a valid point of view, but I actually believe that the business is taking (the bulk of) the risk. In case of a chargeback, the business has to prove that I made the purchase, and a PIN is better evidence that I actually made it compared to just a signature.
This means that businesses might accept signature only for relatively low amounts. Indeed, it's not uncommon that neither is needed for amounts under a couple of lunches or so, to make lunch queues quicker. I assume the throughput is sometimes worth the risk.
It's a bit of a prisoners-dilemma thing: new technology can only be adopted with sufficient coordination, but each individual party is only interested in cooperating if they think they will "win" from it more than their competitors.
The US seems to be a very bad place for consumer advocacy in general. Perhaps it's seen as "anticapitalist". I don't know if the patchwork regulatory environment of the states helps or hinders this?
I don’t know, Australia’s got only four banks which dominate the market and yet they are pretty aggressive in innovative products. We just got instant bank transfers and that required cooperation amongst them to adopt standards and protocols.
To me, the culture of Australia has always been that being clever and helpful trumps being richer or beating the other guy. So there is value in companies being known as offering clever, helpful solutions.
In the US it's almost exclusively about beating the other guy.
Can anyone explain why credit cards are preferred in the US? In the Netherlands they're basically an obscurity, and I couldn't even pay for my groceries with one. We all have debit cards that charge directly from your bank here.
For consumers, credit cards offer benefits, such as cash back, "point rewards" systems, and so on. The price is the same, credit or debit, so why not credit?
IMO, Most American got used to the life use the money in future. CC is the simplest way to loan money from the bank now, and pay it back in future. Meanwhile, the bank also like this, as lots of people wouldn't able to pay the debt on time with full balance, so they can make money from the interest.
Also please make handing me a receipt extinct too or only if requested. Especially at drive thru(s) where the receipts become trash I later have to do work .. aka clean up this annoying trash in my car.
Doesn't a drive thru also hand you a disposable bag filled with a bunch of other stuff that's about to become trash- napkins, wrappers, straws, etc...? Just toss it in there dude, try not to let it bother you.
Nope they all hand me the receipt when the hand me back my bank card. Then I have to deal with a bag of food, a drink, placing my bank card back in my wallet and dropping the receipt wherever to drive off quickly!
The receipt needs to go the way of signatures and hopefully soon.
Not sure if you are a UX person, but the receipt in 2018 is bad UX for the customer and the business! Just like signatures have been for years..pointless, frustrating and annoying!
It's going to take time for payments to all go digital but they will. Whipping out your phone and swiping it and then your done is way quicker and easier then the current payment UX we are doing now.
If it's not an itemized receipt its not going to be accepted for an expense report unless the charge is very, very small. (I think my company is less than $25 doesn't require a receipt) I'm not going to screw around with being unable to prove my business expenses and being potentially liable for paying them personally.
Even if they were itemized, I question if my company would accept it over the "official" receipt. Anyway, in this case you are just talking about moving to digital receipts, which is surely convenient, but its not "go[ing] the way of the dodo bird," it's "going digital."
The current failure rate of mobile payments is currently much too high for me, personally, to move them them. I love the idea in theory but currently the execution is poor. Its just embarrassing for me to be standing there fiddling around with my phone for 60 seconds so its not even worth attempting when I know my credit card will always work.
As soon as there's an electronic equivalent that's universally compatible, as cheap and reliable, and is accepted by insurers/government/corporate expensing. Credit card and checking account statements are getting close but they don't list the items purchased, only the money.
Home Depot emails me a receipt after every credit card transaction with them. Is PDF not an open standard and a piece of data that could be routed appropriately?
Electronic documents can already carry the same force as paper legal documents. What’s the holdup?
Does Home Depot remember your email address based on your credit card number, or do you have to key your email address in every time? I never put it in because I always assume I will have to type in my full email address at every transaction on their somewhat archaic keypads.
Remembers my card number. I just push “email receipt” on the keypad after inserting my chip card. My gmail filter than archives it and labels it “Receipt”.
A paper receipt is still printed, which is annoying, but I toss it right into the trash under the automated checkout device.
As a business owner - nope, handing receipts should be mandatory by law with heavy fines for not doing so(as it is where I'm from - Poland). I've had so many employees stealing by just not registering the order and pocketing the money - but fortunately, the law that requires that a receipt is produced fixed most of that.
Whether you give the receipt to the customer doesn't really matter for that?
The reason business here have to offer a receipt (but the customer can reject it) is because the customer is supposed to be certain that the transaction is taxed. Typical small businesses with easily hidden turnover (such as restaurants) some times register only e.g. 1/2 purchases, thereby dodging a lot of the taxes. Having to offer a receipt on every purchase makes that harder.
Of course when they get the payment electronically, it's hard to dodge taxes. Where I live I am usually asked whether I want the receipt or not, which is printed in any case.
It does, because the tax office very frequently sends undercover inspectors to buy something in your shop, and if they don't get the receipt they will fine you huge sums of money. My employees certainly have it drilled into them that any customer could be an inspector and they have to offer the receipt to everyone.
And yes, of course - the tax office inspectors are doing this to make sure that taxes are paid on each sale - but it has the added benefit of making sure that the money for each sale is actually going in my register, not in the pocket of my employee.
Some of us prefer getting receipts. Not only does it let us check that everything is correct, but also to record the information later or to get reimbursed if it's a business expense.
It turns out that a signature on a bank check means nothing. Neither does the payer name on the check. Not the amount in cursive. Nor does the check paper.
The only things that are checked are the digits of the amount, and the account number.
The rest of the check can be complete garbage, and the check will go through and the bank will pay it. Then the banks will blame you, the account holder.
I just want to take a moment, and tell you that you're wrong about what happens and what matters when a check is deposited (or cashed) and then cleared by the issuing account.
The courtesy amount is the digits. The legal amount is the written expression for dollars.
The legal amount matters, and had you taken your bank to court (if you didn't sign your legal rights over to arbitration), the legal amount prevails.
There are rooms full of people working minimum wage night jobs, to verify checks that have values in conflict with each other, associated documents, or are generally illegible. Something like 90% of checks are verified by OCR, and deposited for an amount often within a margin of $2.50 per deposit.
The remaining ten percent are processed by hand, balancing deposit to written amount, usually within the $2.50 same margin. This represents hours of checking transaction amounts for tens of thousands of transactions, as a fraction of the automated processing. The $2.50 is usually reviewed by managers in an end-of-day report.
For maybe a quarter of a million documents processed in one evening by a room full of around fifty people running OCR equipment (made by IBM and Unisys), and performing manual image review and physical document inspection, maybe 200 are kicked out by the machinery and software to be deciphered by hand.
Sometimes people get lazy, and are on the verge of quitting anyway because night jobs suck, and if you argued until you got your way, you were probably dealing with such a situation.
Common is a stretch compared to how common they are in the US. Banks in Brazil still give them to costumers, but I’ve never seen anyone use them. In the US, mailing checks around is a common occurrence.
It amazes me that cheques are still used. I'm 36 and I've never issued a cheque, I think I was issued a cheque book with my first account but never used it.
Landlords only want cashier's checks if they don't trust you. If they don't trust you, they're less likely to rent to you. So requiring cashier's checks is uncommon, barring some extenuating circumstance like you've previously written a bad check or been late.
As a landlord, I always request cash or cashiers check for move in money. I don't want you living there for 3 months for free while I fight your bad check through the court system to get you evicted.
It may sound shocking, but some people will do this. Source: me, landlord since 2001.
On behalf of the cardholder they do. When a cardholder complains the card company just reverses the payment to the merchant in a 'chargeback', sometimes months later. Then the merchant has to appeal to get it back. So no the credit card companies don't care about fraud.
In the US, bank transfers are reversible? (Here in Germany, if you sent the money it's basically gone, you can only reverse payments that the other side "pulled" from your account) Always interesting how the types of service available and their rules shape what's used where.
I was always asked for the deposit in cashier's check form, and I had a credit rating over 800 and a steady high paying job. It's a real hassle when you're new to the area and don't have the bank account moved over. Luckily convenience stores will write them for you but they charge for it.
I'm 36 too but I've issued hundreds of checks... and also issued some indirectly (Bank of America's bill payments issue paper checks to companies when they don't accept electronic payments)
Fair warning, I used to work for the company that makes BofA’s bill pay product, and it can have a mind of its own. Even payments that should always be electronic will sometimes decide to mail checks for reasons that you’ll never a get a good explanation for.
I've been going back to written checks lately because of huge timewasting problems with electronic billpay systems - problems like the bank says they transmitted the money go talk to the vendor. The vendor says they never got it, go talk to the bank. Around and around and around.
In the past, I'd wave around the cancelled check and resolve it quickly. With ebanking, it's hours and hours on the phone and sitting in the bank manager's office refusing to leave until they deal with it.
With that particular one, I eventually made the bank issue a "clawback" on the funds they transmitted. Wonder of wonders, this caused the vendor to find the money they'd received :-)
I've never had a problem with Bank of America bill pay in the decade plus of using them. Never had to write a check in my life or have a checkbook. You just put in the name and address of who you want to pay, the amount, and BoA mails a check to them.
The payments clearinghouse in USA is in need of an upgrade but no one wants to pay for it or suffer any downtime or errors. Waiting up to three days is the reason why Paypal/Venmo, credit cards, cash and wire transfers are still so popular but these fast options can carry hefty fees. e.g. Credit cards skim 2% of businesses' revenue, ATMs can charge $3, and wire transfers are 25USD. Banks also benefit from the liquidity problems that can result - it's another reason to apply for credit or leave a larger cash reserve on deposit.
Do you still live with your parents or rent from a slum lord who only takes cash? Most landlords seem to only take cash or checks, it's really only the national apartment companies that take online payments.
Here in Australia I'm not even sure if my real estate agent would accept a cheque for rent at all - I'm pretty sure they told us from the outset that electronic payment was the only option they offer.
Australia, pretty much everyone accepts BPay which is an online direct payment system or direct bank to bank transfers. These both take < 3 business days
Even waiting one day is pretty poor when it comes to funds transfer times, let alone three!
It's a significant burden on commerce, businesses, and individuals to be without their funds for that long. And a big win for greedy banks who boost their balance sheets and profits by holding all those "in transit" funds.
In the UK, the "Faster" payment system, introduced about 10 years ago, means that the vast majority of bank-to-bank funds transfers are completed instantly.
What's fun is that last I looked the banks still didn't have any actual technology to support this feature. The rules they're obeying explain how the feature works for customers, but the implementation is left for them. And so their actual implementation is blind trust, settlement for the transactions happens at the old rate, hours or days later. The balance updates happen instantly for end users, but if any of the banks is engaged in fraud, that won't be detected until it's probably too late.
I expect this seems like a great cost-benefit trade, right up until a multi-billion fraud wipes out one of the banks, and then suddenly they'll be really excited about something better than "cross your fingers" as a resolution mechanic.
It'll be real-time with the New Payments Platform (NPP) being brought in this year.
BPay is only for bills and stuff - I'm sure my power company don't care that much that if I pay my bill on Friday night it doesn't clear until 9am on Monday morning... (it still counts as the bill being paid on Friday). It usually clears next day on business days anyway.
Also, the bank's balance sheets don't get a "boost" from holding payments. Deposits and other customer funds are strictly a liability to the bank (they owe them back to you), and they don't automatically get interest on them. So they don't have as much incentive as say a company does to pay invoices late to collect more interest.
They can be pretty handy. I don't have a physical checkbook and that causes problems for me once or twice a year. Typically when I am buying motorcycles. Those transactions tend to take place on weekends when my bank is closed and for amounts larger than my ATM cash withdrawal limit. They also tend to occur with parties that do not accept electronic payment methods.
I think the "parties not accepting electronic methods" bit is more surprising to people in places with more modern banking systems...
In Australia you can hardly buy anything anymore with ordinary cheques (you can still use a bank cheque for a car from a dealer or deposit on a house something, but that's the kind that you go to the bank, pay a fee and they print it out).
Hardly any private seller for a car or anything would ever take a cheque though - it's mostly always electronic. This year they're bringing in a real-time system (the current one is free overnight transfer to other banks and immediate for the same bank) which you can send people money immediately with just a mobile number.
The last motorcycle I bought I had to wait two days to go to a physical branch and get a (free!) cashiers check then go back to the shop to buy the bike. We made the deal on a Saturday and the guy asked for a check and I said "It's 2018, I don't have a checkbook" to which he chuckled but it wasn't clear what I would have used instead. Normally I would just carry cash but I don't make habit of holding on to that much cash. There are billpay methods I could use with my bank but they are not instant, anything instant would have cost something like 3% which on ~$5,000.00 is not feasible.
This is how it has always been (tm) here. It's interesting to hear about the glorious future that other countries have. How do you identify the account you are transferring to? I was technically interacting with a business, do they just give me a phone number/email and I use that?
I think my bank is working on a way to do instant transfers but I'm not sure how any of that works.
With BPay, you have a biller code (six character number) and a reference (which is longer, like 12 characters - usually this is like your customer number with that biller, so it doesn’t change). Generally every bill you get will have those details on them. It’s free which is nice.
For a regular transfer, you have a six digit number that identifies the bank/branch, and an account number (variable length, depends on branch). You just always use this method and your bank checks whether it’s a BSB at the same bank and does an instant transfer, and if not clears it through the central bank. I think batches run at 9am and 5pm every business day for that.
For those kind of payments, they’re bringing in two new things this year - a new real-time clearing system for small interbank transfers (that is, under like $100k or $250k or something - larger payments you have to use a special system called RTGS), and ‘PayID’ where you can have a mobile number for an individual or your Australian Business Number for a company, and I think internally it resolves back to the account number / BSB (I guess like a DNS system for banks).
Sounds like the case of a $5,000.00 motorcycle deal on Saturday afternoon still isn't handled "instantly" in the same way a check would be. At least not until the real-time system arrives.
FWIW, that's mostly a non-issue because of the Direct Debit guarantee:
> If an error is made in the payment of your Direct Debit, by the organisation or your bank or building society, you are entitled to a full and immediate refund of the amount paid from your bank or building society
Inter-bank (wire) transfers aren't that hard. You just need to ask your bank to do it. Sometimes you have to come in person to do it, sometimes a faxed signature is all you need. I've always been slightly nervous about how easy it is in fact, since anybody can forge a signature and send a fax.
The big caveat is that the Fed likes to sit on the transfer for a day or two, or sometimes more. Very annoying if you are on a deadline for the money.
Some banks allow customers to send cheques/checks printed by the bank, even on a schedule. This makes it easy for the bank customer to routinely pay predictable bills or send someone money on a schedule without having to go through the hassle of setting up direct deposit to their bank account (which is needlessly difficult even transferring money across two customers of the same bank, or across two banks in the same country). But the paper sent is far too revealing. The amount of information printed is remarkably high in order to do something that should be considered routine by now. And cashing or depositing still requires physically depositing paper somewhere like a bank teller's station or some ATMs. Remarkably few places will accept a picture and conduct the transaction from information gleaned from the picture.
I'll write a check if charged a fee not to write one. A few years back, I lived in an apartment building that added the 3% processing fee if you paid by credit card and 1% to pay electronically from your checking account. I'd write a check and just drop it off when walking through the lobby. (They eventually dropped the charge for one's checking account.)
The only check I routinely write now is to the gas company. They use Western Union as their payment processing vendor and WU charges $2.95. It's petty, but it's easy enough to write a check.
I’m 29. I and many people I know have used checks several times over the past decade. It always surprises me when I read these stories on hn about how checks are dead, but this is not dissimilar to the mentality that self driving cars will be ready any day now.
Maybe this is how life is like in the Valley, but even so I doubt it’s the experience or thought process of the non-tech worker.
I just used a check this month to pay for my earnest money deposit for a house I’m buying. Before that, I’ve had to use either money order or personal check for the deposit and application fee of every apartment I’ve ever rented. Several landlords only accepted checks for the regular rent as well.
They weren’t slumlords (as some of the other commenters here assume), those who took only checks for rent were individuals who rented out a house or apartment building and took good care of it.
I’ve paid my gas bills with checks back when I lived with college roommates.
Checks aren’t as ubiquitous as they once were, but I remember in my life time, growing up, when they were ubiquitous.
In the US, they're still a pretty standard way for individuals to pay each other or to settle accounts with service people. I don't write a lot but it's how I would square up with someone for a weekend trip or pay for my housekeeper or furnace servicing. I also "write" checks through my online banking but don't do those by hand.
I use checks (USA) for all my bills (including online payment they my bank where they mail the checks for me) because most places either do not accept credit cards or they charge an outrageous fee to accept credit. Lots of local businesses, especially contractors, cleaners, etc, either do not accept credit or highly resist it.
> The only things that are checked are the digits of the amount, and the account number.
Well, the payee is also usually verified to match the destination account, and a few other elements are technically required for it to be a legal financial instrument (even if banks don't spend the time to check them every time). Legally, a check could be written on the back of a napkin and still be valid - as long as it has a few required details.
The thing I've come to learn about checks is that their security features are not necessarily intended to prevent fraud, but rather to legally prove fraud after it has occurred. So no, banks often will not check those things, but anyone with access to the ACH network can reach into anyone's account and move funds around if fraud is suspected (it's basically a shared database with surprisingly little security). It inherently relies on the legal system to sort things out after the fact, which is a completely different approach from what we see in modern information security (where preventing unauthorized access/behavior upfront is the primary concern).
> It inherently relies on the legal system to sort things out after the fact, ...
This is why it’s critical to have transaction alerts for all activity for your financial accounts. Otherwise you could have an ACH slip through that drains your account. You wouldn’t notice till the next time you logged in or, more likely, when you try to use your debit card and realize it’s cleaned out.
On that note, also consider your daily transfer limit.
Often times banks will set these limits unnecessarily high ($10K is common). Alerts are a good way to spot the fraud, but limits cap how much they can take in the mean time. Even if you will ultimately get refunded, it could take months of a slow investigation before that occurs.
I have mine set to double the most we've ever spent in a single month, and I've only had to increase it once (vehicle downpayment).
> The dangerous ones are those that take tiny amounts monthly that you just won't notice.
Wait, what? How are you not going to notice? Every transaction is a line on your statement which, I think, all banks issue monthly.
Besides, if you have a computer, you can download all transactions (to Quicken or similar software) every day or two and verify all your new transactions. If you have a phone, Many banks and cards can even be set up to notify you on each transaction.
If there was fraud on my account I’d know instantly, at worst within two days.
Most statements (at least in the US) have very cryptic descriptions though. For example there might be an entry for EPC #008 for $2.95, and by deduction I can figure out that is the identifier for the coffee kiosk in the lobby of my building, but there is no way I would be be able to identify all transactions. Normally it doesn't really matter except for large transactions which I would remember. I can see a small fraudulent charge going unnoticed.
For all intents your checking account is a locker full of money that’s unlocked for the taking. The check is nothing more than an archaic means of conveying your “locker number” to someone else’s bank. I highly recommend keeping your checking account balance as low as you can, and either disable overdraft protection on it or point the overdraft protection to a credit account.
The other info on the check isn’t meaningless. It will (should) be examined when there’s some kind of fraud or dispute about a check payment - but it effectively does nothing to prevent fraud or theft.
That figures. Well at least the number isn’t floating around out there. But unfortunately many CUs have just a single digit difference between accounts.
Don't have non-investment money? Investment accounts can hold treasury bills and short to intermediate term bonds and bond mutual funds. Your checking account just needs to hold enough money to pay a month's worth of bills or so.
That's not always true. I bought a car in 2012 and paid by check. Unfortunately I tranposed the cents amount for 89 and 98 in the two number fields. I got a call a few days later saying the check didn't clear because of the mismatch and that I needed to come back ASAP and write a new check with the proper amount in both fields.
Fun fact. You can theoretically write a USA legal bank check on the back side of a napkin and it will be honored. As you point out, it just needs the correct bank routing number and account number.
Most banks now have clauses allowing them to reject non-standard checks. Too many people writing “pay to the order of” on coconuts and pigs and other non-machine-readable items
Probably people who believe that the payment they are making is unjust. Former scum landlord is charging you to repaint the walls because you "ruined them" when they were in fact pristine when you left, just because he doesn't want to foot the bill for finally getting rid of that 70s era mustard yellow color. You could fight it, but he has a lot more time for small claims court than you do, and you now live halfway across the country.
That has not been my experience. I've had multiple checks rejects for mis-matches between the written out line, and the numeric amount. I've also had checks deducted based on the written amount and the numeric amount ignored.
In the old days, they would print a computer-readable version of the amount on the bottom of the check, right-justified with the account number. Once that was there, most banks just processed that, and ignored the rest of the check.
This is untrue. The signature and the amount in cursive do matter, but not in the way most people think, they matter only after the fact. If a check is unsigned and someone cashes it then you can usually get that money back in small claims court, though not always. Or if the signature doesn't match on a check you can use that to convince your bank that the check is fraudulent. Also, if the amount that the check was cashed for differs from the amount written in cursive, again you have avenues of redress there including small claims court.
As you say, none of this will prevent basically any amount of money from being withdrawn from your account however. But you do absolutely have routes available to you to get your money back. If your bank blamed you instead and didn't let you know what options you had then you had a shitty bank that rolled you, you should get a new bank (or a credit union).
Back in the day, I had a case of the opposite problem: my check to the phone company got cashed for $89.89 rather than the $89.98 that was due, even though I had written both the digits and the spelled-out version of the number indisputably correctly. So PacBell decided to slap me with a $35 fee for not paying my balance off on time. The cancelled check that I had in hand clearly showed that the mistake wasn’t mine, and it also had been imprinted with the wrong amount at some processing step along the way. Needless to say both the bank and PacBell declined to take any responsibility, and it took a lot of time on the phone before getting a sympathetic rep who could reverse the fee “for goodwill“.
Surely this must not be a unique case; what’s supposed to happen in this sort of situation?
> The only things that are checked are the digits of the amount, and the account number.
YMMV. Simple won't let me deposit a check made out to "Me and Wife" in my personal account - I can only deposit it in our joint. They'll permit me to deposit "Me OR Wife".
I had a really negative issue with Simple: a garnishment (wasn't my garnishment -- there's someone with my same first and last name with the same birth date who has a different middle name) that was incorrectly applied to my account. When I presented Simple (and their controlling bank) notification from the garnishing agency that they had garnished the wrong account (and deposited the check from the garnishing state's treasury back into my account), Simple's response was...to garnish my account.
Suffice to say, I went back to my neighborhood bank.
To Simple's credit: Their customer support was beyond fantastic -- they were at the mercy of their controlling bank...who was receiving the garnishment request.
When Simple switched banks last year, I received a check in the mail for $3 and change for the amount that I had left in my account after moving my direct deposits and such over. Just...a massive headache.
Yeah, I'm really baffled as to why people write checks this way, I've schooled a few people on this - always write Person 1 OR Person 2, that way either of them can handle it the way that make most sense for them. Whenever I pointed out the issue with writing "and," I always get "oh, I didn't know that." To me that's obvious?
I suggested that approach, as well as having her file a support request authorizing it through her own Simple account. Apparently their parent bank's policies prevent both.
This was before they had the joint offering, so we had to request a new check. Now we just put stuff in the joint.
Just last November I miswrote a check where the digits and written amount differed, and it was processed for the written amount, which has traditionally been the controlling value.
I was taught to write the number as $400 23/100 One day about 3 years ago, all such checks started coming through as $4.00, and I wound up with late fees and such. Although the bank denied it, it was pretty obvious they'd just changed their OCR software. I now write the checks as $400.23
That's what I mean. Normalizing input from weakly defined fields is a nightmare. Every time you think you've gotten every edge case someone will come along and prove you wrong. And then your employer is mad at you because you didn't think anybody was still writing their checks with Roman Numerals or something.
>>The only things that are checked are the digits of the amount, and the account number.
Ha! Not even that. In the cheque clearing process, about the only thing that ever gets checked (even by automated processes) is the MICR line (account/transit and institution number).
Everything else (EVERYTHING ELSE) is just assumed to match whatever the person entered at the ATM/image capture app/teller window. The bank considers it your problem, as the cheque writer, to catch any issues on your next statement, and then they'll review the image of the cheque (in many jurisdictions now, the physical cheque is destroyed pretty early in the process). You should really never ever give a cheque to someone you don't trust. It's pretty silly, but that's the reality.
Although, fun fact, it's the cursive amount that is the 'official' one if there's a mismatch between that and the digits, since it's much more difficult to subtly adjust that.
Source: work for an institution that processes literally millions of cheques (I'm not in that area, but yeah).
Came here to say this. The "spelled out" amount takes priority if there's a conflict in the two values.
Also worth noting, it doesn't need to be in cursive. I spent all my life struggling with writing in cursive on checks (because it's pretty much the only place I ever do it). One day, someone told me I could print it (it just never occurred to me that this was acceptable) and I've been much happier ever since (during the, you know, 10 times a year I actually write checks).
I'm down to 4 checks per year now. City and County taxes, twice per year. For some reason the local government still uses a credit card processor that adds 3% on top of whatever you pay, and when you're talking about property tax that's painful. The stamp is much cheaper.
I've been printing the amount for years now, as my cursive was never terribly legible to begin with and has decayed from lack of use. The whole point of that field is to make it so someone can't just add some zeros to the end of the value. Just write the value out and draw a line through the rest of the field.
Is this hyperbolic or do they actually add 3% on to your amount? If so that is just disgusting. I can understand it from ticketek or similar, but from a government body?
Better than my apartment building's utility provider (for water and such) -- any payment, even if you're being so direct as to be foolish by sending cash through the mail, incurs a 7% fee.
The government doesn't handle CC purchases directly, they hand it off to a third party. The third party passes on all of the CC overhead plus a bit for themselves to you. It's small government in action.
Yup! I worked for a property management company that was rolling out check scanning (X9 imaging, not ACH/ARC) to 150 locations. In every group that was rolled out there was inevitably at least one person that would scan a batch of checks and enter the amounts really incorrectly.
I work for a UK business and we have had a number of queries from our bank because of an unrecognised signature on a cheque written from our account. So some banks in some places di check the signature
Yeah, I once wrote my landlord a check and totally forgot to sign it. The bank cashed it just fine, I was surprised.
It also depends on the teller, how much of a hardass they are going to be about cashing it. I guess I don't know what the protocol is for for mobile deposit, they may or may not have manual review.
Wow. They don’t even require you to enter a PIN number or show your id here for small amounts. Just put the card near the reader (NFC) and go. Now I understand why Apple Pay is a thing
When you sign a receipt, you’re not just providing a sample of your signature for comparison against the one on the card. You are signing a document, usually saying that ‘I agree to comply with the terms of the cardholder agreement’
If this is no longer necessary, the card issuers must have determined that they have other legal agreements which cover purchases, and that the signature on each transaction is not necessary.
Also missing is a discussion of why PINs are not seen by the banks as an obvious next step.
You already made that agreement when you signed up for the credit card. You havn't needed a signature for _every_ purchase in a long long time. This is just getting rid of them all together.
Where does it say on the receipt that I am agreeing to the cardholder agreement?
This sounds like the old myth that "if you don't sign the back of your card, you can't be held liable for the debts you incur if you contest it later."
It depends on the receipt, but many receipts do say that you agree to pay for the purchase in accordance with the cardholder agreement, or some such wording. This has been decreasingly common in recent years, and I don't know the requirements, but it's not gone.
You're right about the old myth you cite. The cardholder agreements are usually accepted either by signing the card or by using it.
The wording is highly dependent on the country. I don't think I've seen that in Australia in a long long time, on the rare occasion that I've had to sign rather than use PIN or contactless, but I've been in Asia for the past three weeks and did a lot of signing for my card with wording that sounds like that.
Obviously on the front with all the other printed text.
If your question is whether it actually does say it, I just pulled the most recent receipt out of my wallet, and this is what is printed right above the blank for my signature: "I agree to pay the above total amount according to the card issuer agreement."
I checked two other receipts from different businesses and they say the same thing.
It might or might not be legally binding or necessary, whether it's there is pretty clear. It is. At least where I live (US), it is.
>Where does it say on the receipt that I am agreeing to the cardholder agreement?
It used to be standard ~15-20 years ago. I don't see that verbiage any more.
Fun fact, when I worked in retail in the late 90s, the full card number was not really treated as a secret that needed to be protected - the registers we had had a full audit trail printed on a receipt roll inside the register, every time any transaction was inputted the receipt roll would print the details of the transaction. The full card number was first printed on that. Then it was printed on the signature paper. The receipt itself had the last 4 only.
This is in fact the only reason for a signature, it does fuck all to identify somebody, even if merchants were to check it, which they never do.
But with the amount of CCTV nowadays, that's probably more reliable than a signature.
Also ironic that anybody would describe PINs as the next step, I can't remember a time before PINs were used. Even EMV contactless payments are pretty common now, and provide benefits to the banks (liability shift/less chance of PIN compromise) and customers (quicker).
It's not a tech problem, it's a cultural one. You don't realise how much less friction, less hassle it can be until you've lived it. From my time in the US, it seems like it isn't exposed to outside ideas that much, maybe due to it's size.
I wouldn’t call it a cultural problem: there are many people in the US who really want contactless payments, and there is no group of voters or consumers campaigning against them for “tradition’s sake” (or any reason).
It seems like a legacy tech problem, held up by the same institutional forces that keep large financial systems in COBOL or FORTRAN.
The incentive for the merchant to collect signatures is fighting chargebacks. If there is a disputed transaction and the merchant cannot retrieve a receipt the customer automatically wins regardless of almost any other fact(s). But on purchases of less than $50 it was decided by the market that skipping the signature saved more money in faster checkouts than it saved in dispute resolution.
The EMV standard includes a purchase total verification step where the customer is shown the number and must press OK to confirm. But again speed has been considered more important. That OK? prompt is going away and Quick Chip will first authorize a dummy amount and send the real amount after the transaction is totaled up. It's not like USA market was using PINs for two factor authentication anyway. Restaurants are allowed to adjust purchase totals for tips and closing out tabs.
Actually, doing away with the signature seems a bit odd, given all the machine learning flying around. An electronic signature that records the speed strokes in the signature are made, as well as the final result, is probably a really good way of identifying the purchaser. Of course then a lot of the smaller merchants would have to upgrade their 90's era dial-up credit card processing.
> An electronic signature that records the speed strokes in the signature are made, as well as the final result, is probably a really good way of identifying the purchaser.
Not so sure about that. If I use a different mouse then my "signature" using those metrics will fail, as I'm basically a completely different (inept) person using other mice. Just an example, but I don't think that e-signatures can be trusted by using machine learning techniques, at least not any that I know of today.
Yes, part of it would require some level of standardization of the electronic pad/pen.
I'm not really suggesting it as "trust" thing, but a better "pin" code that could be combined with the current shopping history/etc metrics being used to detect fraud.
Handwriting analysis was pseudo-scientific to begin with. The payments market has to accommodate illiterate customers, disabled customers, and people who have a broken hand at the moment.
CC networks currently use previous purchasing patterns, location, time of day, etc.
It's the same reasons why biometrics is not a magic security solution. Authentication must be based of something that's hard to fake, cheap to verify, random, and easy to change. What threshold would you set to balance false negatives and false positives? In comparison the private key in your chip card meets all of the criteria.
Indeed. Chip & PIN system at least in Europe has been a way to shift the abuse risk to the customer away from the banks. It's a lot easier to contest a signature than prove that you haven't been careless with protecting your PIN.
That assumes you are signing things often enough to have a signature that is reliably the same each time, which for me has _never_ been the case.
Also, since developing a disability in my hands, that _can't_ be the case -- there _will_ be variations in stroke speed due to level of pain/stiffness at the time.
I took my new chip enabled CC to Germany 3 yrs ago and paid for a train ticket with it. The clerk said "ugh an American card" and had me sign some random piece of paper. I felt like an antique.
Most European cards use Chip & PIN with pin preference: If the terminal supports it the card will ask for a chip instead of a signature. Chip-based signature transactions are only used as fallback if the terminal doesn't support pins (which is very uncommon).
Unfortunately most US cards don't use a pin code at all. There are a few issuers that provide you with a pin code, but even in those cases there's typically a signature preference and the pin code is only used as fallback if the terminal doesn't support signatures. So if you're using a US card in Europe pretty much the only places where you can use the pin code are automated terminals (e.g., at train stations). At most other places you're going to have to use a signature.
There are a few US issuers that issue Chip & PIN cards with PIN preference - for example UNFCU and First Tech Credit Union. Those cards work great in Europe, but are sometimes a pain to use in the US. E.g., if you're paying at a restaurant and you have to go with the waiter to the terminal in some backroom, because the terminal asks for the pin. That's not an issue in Europe, as waiters usually carry mobile terminals with them.
> Those cards work great in Europe, but are sometimes a pain to use in the US. E.g., if you're paying at a restaurant and you have to go with the waiter to the terminal in some backroom, because the terminal asks for the pin.
Huh? I have a European card (chip & PIN, PIN preference), and at restaurants in the US I've always signed and never had to go to the terminal in some backroom.
Depends on the restaurant. Most of the times the terminal doesn't support PINs and so it falls back to signatures. But some restaurants use PIN-capable terminals in which case that issue occurs.
That's only for US debit cards where a debit transaction requires a PIN code, but a credit transaction prefers signatures. For credit cards with PIN preference it shouldn't make a difference, as it's up to the card to decide which mode to use (based on the options that are supported by the terminal).
I know some terminals here in the UK lie about their capabilities, for example they'll tell the card they're offline only even if they do support online transactions.
I've had a restaurant in silicon valley (three years ago?) tell me that they couldn't use my card because the machine kept asking for some number and they kept entering zeroes and it didn't work.
> I have a European card (chip & PIN, PIN preference), and at restaurants in the US I've always signed and never had to go to the terminal in some backroom.
I had that a few times in Asia (think Vietnam). I quite appreciate the times it happened. Instead of taking my credit card then hoping for the best I specifically have to authorize the transaction. In Europe they usually just bring you a portable device.
Yeah, When the pin first became popular in canada the technology was already wireless. They have a pretty good range too and i've never had a problem even on the largest of patios or the deepest corner of any underground hipster joint.
In Brazil wireless credit card terminals are also very common, and all I've seen use cell phone radios, so they work anywhere a cell phone from the same telco would work. Once in a while you still see the old wired terminals (which use wired phone lines), they are slower since they have to dial to the backend. And of course there are the terminals wired directly to a POS terminal (but places with these usually have wireless credit card terminals as a backup).
There are a few cards available in the US that do chip + PIN. Debit cards also work.
I have one credit card that I mostly don't use anymore, and keep the account open only because it does chip + PIN so I can use it at train-station kiosks in Europe.
These are mostly examples of inventions like the television that were not in practice some "out of the blue" discovery but instead a product of lots of small innovations at the same time. If the person who is usually acknowledged as "inventor" of these things had instead done something else they would anyway have come into use at about the same time but in a slightly different form and with some different person as inventor.
For your example of "the Internet" that's true only if you squint and choose TCP/IP as "the Internet". But if you take a step back the Network is a more or less an inevitability, I would insist on dating _that_ to at least the Treaty of Bern (1874) and perhaps earlier. Of course Bern moves actual paper letters, rather than just bits, but the central idea is there - the network effect, we must communicate with absolutely everybody, if we let national sovereignty get in the way of that we lose out.
For Visa, the merchant should require your card to be signed because a card with no signature is invalid. Other credit card companies are probably the same.
> Unsigned Cards
> While checking card security features, you should also make sure that the card is signed. An unsigned card is considered invalid and should not be accepted. If a customer gives you an unsigned card, the following steps must be taken:
> • Check the cardholder’s ID.
> Ask the cardholder for some form of official government identification, such as a driver’s license or passport. Where permissible by law, the ID serial number and expiration date should be written on the sales receipt before you complete the transaction.
> • Ask the customer to sign the card.
> The card should be signed within your full view, and the signature checked against the customer’s signature on the ID. A refusal to sign means the card is still invalid and cannot be accepted.
> • Ask the customer for a different signed Visa card
> “See ID”
> Some customers write “See ID” or “Ask for ID” in the signature panel, thinking that this is a deterrent against fraud or forgery; that is, if their signature is not on the card, a fraudster will not be able to forge it. In reality, criminals often don’t take the time to practice signatures. They use cards as quickly as possible after a theft and prior to the accounts being blocked. They are actually counting on you not to look at the back of the card and compare signatures; they may even have access to counterfeit identification with a signature in their own handwriting.
> In this situation, follow recommended steps listed above under Unsigned Cards.
Ha. I stopped doing this in 1993. I only had one person every complain, a cashier at CompUSA in 1994-ish. He wouldn't accept it until I signed the back of the card so I wrote "Please check ID" instead of signing it. He was fine with that.
They check in certain countries. I live in Sweden, but recently started to travel to Taiwan regularly. I never signed my card in Sweden, but I've been asked to sign it in Taiwan.
Funnily enough, I have been refused to pay a hotel bill with my unsigned card, since the clerk couldn't verify the signature. So he had me - in front of his eyes - first sign my card, then sign the bill, and then he double checked that the signatures were identical (which they're not - my signatures always come out different).
I worked the night shift at a hotel in college. I turned down a "SEE ID"-signed card once, where the guy started the transaction with "hey loser, got a room?" to amuse his girlfriend. Turns out that's an excellent way to get me to be nitpicky about the rules.
None. It's just store policy. If the store can decrease its liability by checking for the presence of a signature they will train employees to do so. In other countries no one ever checks.
I travel a lot between the US and Europe and the cultures are very different:
In the US I have my real signature at the back of the card but I just draw a straight line when signing the receipt. No one ever complained about that.
In Europe I sign with my real signature (because I know that cashiers there are more strict) and even then sometimes hear complaints that the signature on the receipt doesn't exactly match the one on the card.
My apartment's leasing office accepts UPS/USPS/FedEx/etc. packages on my behalf when I'm not available. Whenever I go in to pick up a package, they ask me for both my ID and my signature on a tablet. Immediately after I tap the 'Confirm' button, I get an email with a PNG of the signature I just "signed". When I first moved into my apartment, I made some effort to give my regular signature. Nowadays, I just make a couple waves with a single finger movement which looks like nothing out of the alphabet. The mailroom staff really couldn't care less how I sign since they've already looked at my ID.
I always wonder what the point of the signature is in this scenario.
What I'm suggesting is that if you are taken to court, and you understand what defense to use, they literally will lose the suit and you will win the right to have it removed from
your credit report for good.
I spoke to a lawfirm in PA who has literally won 100% of the time against Capital One in hundreds of debt cases because they can't provide the proper documentation required by law when asked to collect on their debts.
They primarily rely on people being afraid or ignorant of the laws.
This was mind blowing to me when I first realized it and then researched it and saw actual cases in real time be ruled for the defense.
The only time I ever sign for credit card stuff is when I visit the US. When it comes to banking it feels like the US is always chasing Canada who is always chasing Europe.
On the other hand, a large number of merchants in Germany still don't accept credit cards. Many are even cash-only. Run across them all the time in Munich, whereas not accepting credit cards was rare in the bay area, even at stands at farmer's markets, or at food trucks.
Nothing irritates me more than people taking idioms literally, with the exception of discussions where strictness/correctness is required (e.g. engineers building a bridge, court proceedings, etc.)
Can we also standardize the noise the machine makes when the transaction is a success? You know that sound "ENGHH ENGHH ENGHH" that is somehow a positive sound? It's like an alarm clock sound. Why is it not a positive "Ding!" And some will say well it's to remember your card. Well if that's the case, how about force the POS system not to print the receipt until the card is pulled? Or better yet, why does the card have to stay in the machine so long?
Some places have done this. E.g. Safeway/Vons/Pavilions vs. Trader Joe's, one of them has a neutral sound, the other has that error-sounding notification.
I believe the latter is the generic notification sound and vendors who customized their solutions post-chip swapped it. I just can't remember which is which right now.
I'd be happy if the text didn't change until it was done. Many of the machines I encounter change the "Wait, don't remove card" text location three or four times, each time you think it is done.
The problem is the text "Don't remove the card" contains the phrase "remove the card". I wish they just used a positive statement like "Keep card inserted" instead, and then changed to "Remove card".
Just another one of those minor accessibility things that would be dead simple to fix if the people in charge gave a shit about usability.
On the other side, many of the machines I use don't even change the text at all: it just keeps saying "leave card inserted" and the cashier tells me "just remove your card... it's long done".
Visit Japan and you’ll hear ATMs play a little tune as they hand you money. The sound design everywhere you go is amazingly and thoughtful. America can be way too brutalist.
If we could only get them to work with microwave makers (or recently inductive "portable" single heating plates) in the US/Europe. New microwaves are IMHO the worst, why does every microwave seem to have a different UX? I often end up just picking the least-button-pressing method in lieu of recommended temp/time settings to avoid diving into multiple sub-menus. Am I the only one who can't stand those beeps? The finished repeated triple-beeps are the jarring cherry on top.
Sound design in Asia in general is amazing. I remember the sound when the metro arrives in Taiwan (both Taipei and Kaohsiung)being both really fun and effective at informing you. What really impressed me is how even the garbage trucks sing a little lullaby when they pick up the garbage at night.
It is sad we don't pay as much attention to this in Europe and America and usually just go for loud beeps. Sounds can be functional and pleasant at the same time.
Not sure what to tell you. That’s not my (limited) experience. Certainly you’ve heard the sound design elsewhere — from trains boarding and leaving, to the sound of rice makers and dish washers letting you know they’re ready.
This is dependent on the machine reading the card, not the card, or technology, itself. This horrid noise is not present on machines used by many vendors..
I would, but there are certain institutions that don't accept any other form of payment other than check or money order. Even if they do accept a credit card payment, they add a 3% or greater convenience fee to the amount.
Surely you can do internet banking transfer to the recipient's bank? In New Zealand, we didn't used to have many credit cards so that's how you'd pay your bills, buy a house, pay small businesses, or just about anything that can wait a day.
>Surely you can do internet banking transfer to the recipient's bank?
No, there isn't really a "standard" to do this.
As far as bills go, each company has their own billpay system. Small businesses pretty much all take credit or debit cards now. If they don't you pay by check. I pay my property taxes with a check because if you do an electronic payment with their system they want you to pay like a $3 fee. Buying a house requires you to get a cashier's check.
You can do "billpay" online with your bank, but if their systems aren't "hooked up" to the other party's systems the bank will mail a physical check to the other party. None of it is instant or even fast.
Do you find any that only take check and have to be paid in a timely fashion (like in a line at a store) to complete a transaction?
Last time I changed banks (about 6 years ago) I decided to experiment and not order any checks. Every person I've encountered who needs a check will wait for them, so I just add them to bill pay and have the bank deal with printing and mailing them a check. So far I haven't run into a situation where I was cursing myself for not having actual physical checks.
> ShopKeep and Square, two popular small business payment systems, said they do not plan to immediately update their systems to allow retailers to skip signatures on all transactions. (Both currently allow merchants to disable them on transactions below $25.)
> “We’ll play it a little bit by ear,” said Michael DeSimone, ShopKeep’s chief executive. “Right now, I don’t think there’s a high level of awareness about this. Let’s get the changes in place and see how they work operationally, and then we’ll adapt.”
I can't imagine the hell of a place that must be to work when extending a feature which works at $25 to any sum — or no sum at all — is that hard. I can think of some really good reasons for it to be that difficult, but all of them sound like a terrible working environment.
540 comments
[ 3.3 ms ] story [ 519 ms ] threadBuying and selling houses is excruciating thanks to the number of signatures required.
I went to a closing on behalf of my then-wife who didn’t want to deal with it; because it was her house we were selling, I had to sign all the paperwork on her behalf, which involved a signature plus some additional verbiage. My hand was in pain by the time we were finished.
I don’t give two shits what you put down as a signature, I just want a record that you consciously were present and signed something, so I don’t get accused of trying to pass off something quietly that you never agreed to.
If I have some scribble you made at a time and place, the onus is on you to prove it wasn’t you who did that.
And, as a follow-up, how does this relate to a signature being used as confirmation of payment? (Or did you mean in relation to the signatures for housing transfers?)
It could have been attached to anything. And in fact, sometimes, they emailed us the signature page separately for us to sign, scan and send back.
So I don't really think there is really much legal benefit to having stuff on every page to sign.
A paper contract must be done in two copies. Every page numbered and signed by both parties. That's the only way to cover your ass against the other party replacing pages and terms.
Here's one way to think about it. If it was the way you suggest then all an identity theif would have to do is to draw something on the dotted line and all of a sudden you're in a position where you have to prove your innocence.
The funny thing is that for the last few years, I've been trying to make my own handwriting resemble an italic serif font as much as possible, so I actually do write like a font. But for everything except my signature. I never sign anything the same way twice, and my signature is always just a random scribble. Sometimes it's even an X.
Is that legal? o.O
The hairy part is if you say it isn't your signature.
Here is how it goes in a dispute. You have A saying B signed a contract, and B saying he didn't. It's A's job to prove he did first, and he indicate there is a signature on there, and it's B's. So now it's B's turn, and he needs to show it isn't his (if he does, then A become accused a making a false, and will need to prove he didn't).
To do that, B needs to prove that he usually signs a different way, so he provides other signatures everywhere to show it. Since parent signs differently everywhere, he cannot show that he has a regular signature that doesn't match the one on paper. In fact, it shows that any scribble CAN be his signature as long as there is one, and thus the court will tend to assume the one on the contract is his.
So parent's strategy is terrible, and you really shouldn't be playing that game, because it doesn't catch you until it really does.
How often does that work? Presumably a fraudster would copy B's signature from a receipt out of their trash or something (a priori they have no way of knowing that B signs differently every time); how likely is it that someone going to that effort would not get a signature that's a "good enough" match compared to B's normal signature, however careful B is about always signing the same way?
Also, finding differences in signature is much easier and much more advanced / developed than you would think. Even if you copy mine after seeing it or having a model, the places where you slow down your pen etc... Vary compared to me, and that can be detected.
Is it possible with technology to make a perfect copy? Of course, but then you just move to the next steps of the case, and you already cleared out the majority of bogus cases.
So having a fixed stable signature is a very good thing for you the user, and it always surprise me when I see people who think they played the system when they screw their own protection like parent.
How often is this actually effective/useful?
It seems like a pragmatic individual solution to address this would be to sign with an X or line or whatever, and diligently keep a log of everything you sign (perhaps facilitated with a phone app, with a conf code to write next to your signature). Then, when the supposed event isn't in your log, it should be back on the aggressor to prove their case.
Yeah, I know :'(
> thanks to the number of signatures required.
What!? You found that the hardest part?
One of the problems I came across was the number of things I had to send through the postal system. Apparently scanned documents (signed) weren't good, and using a fax machine wasn't an option either.
So I had to print forms, sign them, and then mail them - always with tight deadlines. Luckily only one piece of mail was lost en route, and it was skipped in the end.
(I also had to mail back the physical bundle of title-deeds, something I was told previously was all electronic these days. Fascinating documents though, I remember when we paid off the property we received them and there are copies of each sale contract/price details since the place was built in around 1890. First sale was for £400, then the next for £1200, and every 1, 5, 20 years it would sell for more. Went for £162,500 when I sold it. That's a huge jump from the starting price!)
https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/
https://www.theregister.co.uk/2012/09/13/chip_and_pin_securi...
The second on you mention is based on exploiting flawed RNGs in certain ATM implementations and using that to replay transactions that happened elsewhere. Fix is obvious: don't use flawed RNGs.
Third known attack on EMV is similar to the "accept any PIN" part of the first, but done by MitMing the interface between terminal and card. This relies on the fact, that "No PIN was required" and "Correct PIN entered" produces same transaction certificate. This also can be mitigated by altering the terminal configuration.
On the one hand it's true that all these flaws can be worked around. But on the other hand, how did card companies not bring in cryptographers to help them get this stuff right in the first place? Did they not think it was important?
The TLS journey is illustrative. Originally SSL is hand-rolled crypto. And so SSL 1.0 is so bad it was never really used, their second attempt, SSL 2.0 is still pretty flawed, it's no longer "Herp, I eat paste" bad but even SSL 3.0 still suffers from some pretty bad decisions where clearly engineers who've heard of encryption but aren't experts are making too many cryptographically important decisions.
TLS 1.0 goes to the IETF. So now there's a wider pool looking at this stuff, but firstly it's still trying to be compatible with SSL and secondly these are still just more engineers, not cryptographers. Even in TLS 1.2 actual crypto people only get involved at the end, and they're basically asked (like a poor submission to r/crypto) "Is this OK?" rather than "What would _you_ do here?". It's hard to say "This is not OK" even if your gut instinct is screaming, unless you can prove it. So that's weaker than we'd like.
Finally in TLS 1.3 crypto people are involved from the outset, serious mathematical crypto people who say things like "In this paper we show that under the stated threat model an attacker cannot discover key C in this protocol without having key A if the PRF meets the criteria laid down in reference Z" and they helped produce what we expect to be the most secure version of TLS.
Now, TLS 1.3 took _years_ longer than SSL 2.0, but banks don't do anything quickly anyway. So why didn't EMV take its time and produce something better by hiring in cryptographers to design this stuff? No cryptographer would go "Oh, yeah, just ask for four numbers and if they're all different that's good enough".
And by the way nothing technically prevents the issuers to combine EMV application with some PKCS#11 applet with X.509 certificate on the same physical card. EMV is in fact to some extent explicitly overdesigned to allow not only this but even multiple EMV "cards" on same physical chip.
One interesting idea would be to do EMV transaction over the internet by just forwarding the PDUs sent to the card over the internet, but it has lots of subtle usability and security issues to be really practical.
But my point is that if EMV had chosen to use X.509 instead of inventing their own certificate format then we could re-use the existing infrastructure with zero cost.
Passing arbitrary APDUs from webpages to your card isn't a great idea and it will be SLOW since it will require multiple round-trips -- it's already slow enough just reading objects from smartcards. This is the mechanism used by Citrix/MS Remote Desktop, which is to forward a PC/SC connection -- this has a disadvantage that the remote side must have drivers and is also real slow, but the advantage that the resource can be used for anything, just like it were local.
For what it's worth, I'm the author of some smartcard middleware (CACKey) and have worked with the EMV specification and EMV applets to a lesser degree.
Are lost and stolen cards not a common problem? I suppose if the card holder reports it to the credit card company fast enough, it would prevent fraudulent charges from going through, but it would be nice if the person who found/stole the card(s) wasn't able to just use it without having to enter a PIN to do so.
If the card is reported stolen, all such online transactions are (should be) blocked, and the risk is up to both the issuer (you could ship cards that insist on all transactions needing to be online, and some cards intended for people who struggle to manage their money do that) and the merchant (you can insist on going online for every transaction).
However, forcing every transaction online is super annoying. Train sat in a tunnel? No card purchased G&T for you until it gets out again. Internet down at the burger shack? No burger until their Internet is back up. Merchants would usually rather risk some fraud for smaller purchases, than lose sales when there's a problem.
"Weird money" causes the same issues, it's rare in the US but some places deliberately issue loads of different money that's all theoretically worth the same but you rarely see some types. In England for example a Scottish or Northern Irish bank note, issued with the name of some company you've never heard of, is still "worth" the same as familiar English notes. Except if you live closer to France than Scotland you've probably never seen one before. Maybe it's fake. Should you, as a shopkeeper, risk taking this weird-looking money? Again, risk of fraud versus risk of a lost sale.
[0] https://www.nasdaq.com/article/credit-card-fraud-and-id-thef...
Fraud cause from in-person transactions is very low and hence our merchant fees are also very low. 10-20¢ for debit transactions and approx. 1.2% for credit transactions.
After all, Australian banks are some of the most profitable per customer in the world.
In the USA, we have to sign at most places for any transaction over $50, but not under.
NZ, Aus, UK, are pretty much on the same level banking tech-wise (with UK bank-to-bank transfers being much quicker). Credit cards are common enough, but most people only have one or two, with lower credit limits than in the US.
Imagine being able to pick up your receipt and leave. What I see being the stalwart of signatures are probably restaurants. They require that extra step with the tip.
Your right, can we also remove that stupid bag tax in SF. It easily takes 20 - 30 seconds per transaction.
"Do you want a bag?"
"Ugh, yeah I do"
"Alright that's 50 cents"
"wait, could I get three bags, not two - I don't want my bag to rip"
"Sure, we can do that, 75 cents"
Every. single. time.
The grating, low-grade, annoying, time-wasting inconvenience is supposed to continue to irritate the purchaser until they decide to bring their own bags.
Regardless, and to the point the whole line is slowed down by this transaction. Meaning every time I went to the store I had to wait an extra few minutes for this.
Moving back to Illinois recently, I find it amazing that the lines most move at least 3× faster. Probably in part due to the more "let's get shit done" attitude of the Midwest, but also the lack of bag related questions.
I then come home with my paper bags and recycle them. It honestly seems like more harm to the environment the waste of time + the polyester bags we buy instead
In the old days, this is instantly suspicious but now it makes sense to people even if they aren't thinking about the environmental consequences. A bag is say 15 pence, why pay 15 pence extra for three items?
Makes a lot more sense. :)
I have also seen stores that put a barcode on the bag and the bag gets scanned just like any other item. That, IMHO, is the best way to go.
It's really important for the environment and frankly, the majority of groceries don't need any bag as they have skin.
I mainly bag things due to blood leaking out of meat packages. It leaks onto carts, baskets, and other food.
I put an extra bag around my meat, but I see others who don't. And some grocery stores don't have plastic bags available in the meat section, I have to go bag to veggies to get a bag to keep blood from getting everywhere!
The process will naturally become faster as adoption increases and more people get familiar with it.
I have often wondered why the US has historically lagged behind for everyday banking. (e.g. email money transfers, chip enabled cards, pin number verification, tap to pay)
It benefits only consumers, while costing the banks and payment providers. It's the same excuses for still having critical banking infrastructure written in COBOL.
Hogwash. Yes I know all bankers live in extinct volcanoes but one thing they know a lot about is money. It is ridiculously expensive to support the US's conservatism when it comes to finance. The lack of chip and pin pales into insignificance compared to their addiction to paper checks, for example.
It would be completely in the banks' interests if everyone moved to internet banking, NFC cards etc because the running costs and fraud costs are vastly less. The problem is all those pesky, inertia-laden customers.
Paper checks are indeed a silly cost, but NFC provides banks no gain over chip. Chip provides gain over magnet stripe by basically rendering skimmers ineffective, but only basically in that credit card fraud is still a big business. Instead of skimmers, you use trojans or data leaks. Physical credit cards also sell very cheap on the black market.
In other words, NFC benefits only consumers, not banks. Chip benefits banks a little bit.
> if everyone moved to internet banking, NFC cards etc
Those are very different things. Internet banking benefits banks directly because they can shut down local branches and screw over customers (which they do here—I have to drive to a different city to insert cash, and can only do so within very limited hours).
NFC has no benefit to them (and might slightly increase fraud that the bank will have to cover by allowing ~$40 withdrawals made wirelessly from quite a far distance). Chip presents a pretty tiny benefit to them.
And most certainly, if you have a customer that already use a magnet stripe credit card, giving them an NFC card will result in instant adoption of the feature. We had some statistics when the feature rolled out—it was adopted by everyone with a supported card on the spot. It's much different when you're trying to change a check user to be a credit card user, but that might be more of an issue with the consumer experience with the bank—credit and debit cards over there sound so cumbersome compared to our system where the bank issues both credit and debit cards tied to your account. We don't have the "benefit" card mess.
It's a bit too easy to blame user inertia.
Why else would banks in europe adopt NFC or contactless payments?
Now, the national payment provider (a private company) does it because they earn money on terminals, and want to fight to stay relevant in a world of emerging mobile payment solutions such as MobilePay (a Danish mobile payment solution of which over half the population are users).
The only exception to this rule appears to be Apple Pay, which is implemented by some individual banks. I am not sure if this is due to platform differences, or whether it is just the national payment provider fighting back. I'd suspect the latter, as Apply Pay just see our dual-type credit cards as VISA, sending them transaction fees that the national payment provider lose out on.
Other than that, banks here are only differentiated based on their financial solutions, and maybe in some rare cases by their mobile/internet banking solution (all have feature complete variants, but some are nicer than others).
My point was that NFC provides no benefit over chip.
Apple pay and Samsung pay have contact free payments, and it's also more secure than signatures.
But as new payment infrastructure is expensive they will just move if they have to. Perhaps too slow, as their competitor are gnawing at their profit margins.
With a small number of banks and a stronger central government which can exert pressure you can see why the UK and EU are ahead.
Anyone with some insight as to why want to chip in?
Unintentional pun. The US public seems to have a huge reluctance to use the chips in the cards too. It's swipe and sign.
(I'm also from Australia and signing for a credit card purchase went away decades ago. PayWave is really popular, my 89 yo mother loves it.)
If they do use the chip, then the card issuing bank is responsible for all fraudulent transactions.
This rule was supposed to go into place over a year ago. But most places couldn’t be bothered to update their equipment, so it had to be postponed.
Even now, many places still can’t be bothered. Makes me care about them just that much less.
How long ago was this? Signatures haven't been a thing here for well over a decade. Also is Paywave just contactless? Because we've also had contactless for a fair while.
There's also a separate, arguably more deserved stigma about entitled people causing trouble by using unnecessary technology.
These together, along with a reluctance to cause trouble for low-wage clerks, make people reluctant to risk holding up the line by using Apple Pay.
That means fewer people even try Apple Pay, so fewer other businesses see the need to make it available.
However 'Tap and go' is so widely adopted that I haven't carried cash in months and I know people that legitimately don't know their own PIN
In my experience Apple Pay is faster than other payment methods.
In what way do you see it as slower?
If that reliably didn’t happen, things would be fine. Unfortunately, payment processing in the US (or at least in Maryland where I live) is a mess:
- Point-of-sale devices are frequently broken, with post-it notes taped over the chip slot saying “CHIP READER DISABLED”. I’ve dealt with buggy readers that force you to swipe, then go “Oh that’s a chip card, insert it!”, then when you insert it they go “Chip not supported, reverting to swipe as a backup method”. We’re struggling enough with the basics.
- I’ve seen stores that put a “We accept ApplePay” sign in their window, but when you go in, it’s a gamble as to whether all the dependencies from the reader to the network to the payment processors are working today. When I’ve asked cashiers, their responses range from a despondent “I just don’t know anymore” to a cautious “We have it but I haven’t seen anyone use it in a while.”
- Complicating all of this is the fact that all of the POS devices in my area look identical, whether they support NFC payments or not. I have a hunch that the hardware vendor just ships NFC-capable units to everyone, but only turns them on in certain conditions (maybe related to the type of contract the merchant has?)
If anyone has plumbed the depths of this issue and can explain what’s going on, I’d appreciate it.
I've worked for a large retailer who has purchased a sizable number of verifone devices (hundreds of thousands). The devices do have NFC-enabled readers in them to support Apple Pay, however, the contract that the retailer has with Verifone specifically says that Apple Pay is disabled: The retailer does not want to pay for the development cost for enabling Apple Pay in their Point of Sales stack.
It's a great add-on for Verifone: A couple of bits get flipped in fipay and in their backend and boom: Apple Pay (as long as the payment processors support it).
I really like Android Pay/mobile payments when they work, the only problem is, I stopped really using it because the success rate is so low. The card readers seem like they aren't that strong, have difficulty sensing the phone, and when it does sense it there seems like a lot of weirdness/try agains. I tried to use it once at a vending machine and I just couldn't figure the thing out, the payment went through but when I selected something nothing happened. Credit card worked fine though.
It was so unimportant when I got a new phone I ended up getting one without NFC.
Oh, I'm pretty sure the “CHIP READER DISABLED” thing is just the merchant didn't set up their account with chip enabled, not any problem with the hardware itself.
It’s generally the fault of the POS software. In many (most?) cases, enabling EMV on the terminal requires the use of a new API. The POS software has to write code to support EMV.
I find I only use google pay when I'm not in a hurry or when I'm very familiar with the specific reader and it has a long track record of working. If I go somewhere new, I always use my card unless I have time and the store isn't busy.
About the only time I use Apple Pay is when I'm traveling to Europe because it tends to work faster than when I have to do the non-standard (for there) chip and signature.
I don't recognise this at all.
Pull phone out of pocket, touch the fingerprint reader to unlock it, wave it at the reader.
Done.
That's quicker than getting my card out of my wallet, let alone swiping and then signing something.
Theory 1: I’m not touching the reader in the right place. Maybe the sensor is on this side or that. Try hovering the phone all over the POS box.
Theory 2: Maybe my phone is not working. Try waving it around again while cashier has this “get your shit together” look on his face. Pull out CC.
Theory 3: The reader supports NFC but not ApplePay, so now I’ve wasted my time. Pull out CC.
Theory 4: Its not even a NFC reader (because there seems to be no standard way of telling by just looking at them). So, now I’ve wasted my time. Pull out CC.
At least domestically, I find credit cards almost always straightforward while Apple Pay is hit or miss having the line behind me giving me dirty looks because the entitled tech shit is holding up checkout playing with their gadget.
1) You've never unlocked your phone before? How weird.
2) How broken is your phone? Never had this issue (I use android pay multiple times per day)
3) This is unusual, to the point of not being a thing here - Applepay is compatible with contactless EMV, as is Android Pay and there's basically nothing to be done at the merchant end to support it.
4) Of course there's a way to tell, they all have the four lights at the top, either physically or on-screen, plus there's the contactless logo the display on-screen.
These imagined impediments are hilarious though, you should have a sketch show.
Most of them look like this: https://en.wikipedia.org/wiki/Payment_terminal#/media/File:P... and will occasionally have a contactless payment icon or an apple/android pay logo on the screen when you walk up to it. In the case of this card reader, the NFC point is at the bottom of the screen and you basically have to rub your phone on the screen to get it to read.
Sometimes they look like this one: https://www.flickr.com/photos/jeepersmedia/14128014654 but that big pad at the top is a lie - those have never actually worked and if there's not a sign on it, the cashier will tell you it's "broken".
The rest of them look like this: https://twitter.com/dionlisle/status/768124197549723648 and there's no clear indication or consistency where the NFC contact point is, or it is also a lie and you shouldn't even bother.
I'd say about half of my credit card transactions these days involve me handing a card to someone who swipes it directly into the register - there's no way to possibly use NFC or enter a PIN for debit/etc.
That last Ingenico is, IMHO, very poorly designed as it hides them.
In the UK (for instance) they almost all look like this one with virtual LEDs on screen -
https://metrouk2.files.wordpress.com/2016/07/ad_214433704.jp...
or this -
https://cdn.barcodesinc.com/images/models/lg/Ingenico/ipp320...
The NFC area is consistently at the top, and is consistently visible. If the standards aren't being followed in the US reader market then clearly that's not going to help anyone, but it's just more evidence that the US credit card technology market is outdated and a very weird outlier.
https://due.com/blog/addressing-rising-payment-fraud-rates-u...
When I go to the U.S. I usually have to produce ID when using my credit card. Is this because I am from out of country or do they do this with everyone paying by credit card?
I'm in my late 30s and have never once been asked to produce proof of ID in relation to a standard credit card purchase. Whether at a grocery store, restaurant, etc. I've never seen anyone else have to show ID either, maybe once in the 1980s.
I’m astonished when someone actually does check my ID.
It happens maybe once or twice a year.
It only happened once and that was many (15+) years ago, but if you ever wondered if it could happen, yeah it could. :)
I've always thought the signature was security theater, asking for a photo ID is way better from a security standpoint.
Everyone uses NFC credit cards now (and if the amount is over ~$40 or a daily limit has been reached, with pin).
For us, chip and pin is basically deprecated, and no one has used magnetic strips in a decade.
–"The system says 'signature needed', was that intentional?"
It _is_ practical though, if you forget your pin code and need to pay something.
It used to be very common in bars/clubs too, at least before contact-free cards, to speed up the payments.
There are a handful of places in the UK that don't have PIN terminals at all and do classic swipe-and-sign transactions, though. The one I encounter most commonly is the onboard cafe car on Great Western Railway trains.
That's a valid point of view, but I actually believe that the business is taking (the bulk of) the risk. In case of a chargeback, the business has to prove that I made the purchase, and a PIN is better evidence that I actually made it compared to just a signature.
This means that businesses might accept signature only for relatively low amounts. Indeed, it's not uncommon that neither is needed for amounts under a couple of lunches or so, to make lunch queues quicker. I assume the throughput is sometimes worth the risk.
It's a bit of a prisoners-dilemma thing: new technology can only be adopted with sufficient coordination, but each individual party is only interested in cooperating if they think they will "win" from it more than their competitors.
The US seems to be a very bad place for consumer advocacy in general. Perhaps it's seen as "anticapitalist". I don't know if the patchwork regulatory environment of the states helps or hinders this?
In the US it's almost exclusively about beating the other guy.
I mean, in tech, look at the HTTP "referer" header, which is spelled wrong. Imagine what a hassle it would be to fix that.
If there was a Leviathan that could force every vendor and user to eliminate the old spelling or else, it could get done a lot faster.
Just what does the CC system offer over debit?
The receipt needs to go the way of signatures and hopefully soon.
Not sure if you are a UX person, but the receipt in 2018 is bad UX for the customer and the business! Just like signatures have been for years..pointless, frustrating and annoying!
I wish I could use Apple Pay everywhere!!!
The receipt needs and will go the way of the dodo bird, credit card signatures and etc...
It's going to take time for payments to all go digital but they will. Whipping out your phone and swiping it and then your done is way quicker and easier then the current payment UX we are doing now.
Even if they were itemized, I question if my company would accept it over the "official" receipt. Anyway, in this case you are just talking about moving to digital receipts, which is surely convenient, but its not "go[ing] the way of the dodo bird," it's "going digital."
The current failure rate of mobile payments is currently much too high for me, personally, to move them them. I love the idea in theory but currently the execution is poor. Its just embarrassing for me to be standing there fiddling around with my phone for 60 seconds so its not even worth attempting when I know my credit card will always work.
Electronic documents can already carry the same force as paper legal documents. What’s the holdup?
A paper receipt is still printed, which is annoying, but I toss it right into the trash under the automated checkout device.
The reason business here have to offer a receipt (but the customer can reject it) is because the customer is supposed to be certain that the transaction is taxed. Typical small businesses with easily hidden turnover (such as restaurants) some times register only e.g. 1/2 purchases, thereby dodging a lot of the taxes. Having to offer a receipt on every purchase makes that harder.
And yes, of course - the tax office inspectors are doing this to make sure that taxes are paid on each sale - but it has the added benefit of making sure that the money for each sale is actually going in my register, not in the pocket of my employee.
The only things that are checked are the digits of the amount, and the account number.
The rest of the check can be complete garbage, and the check will go through and the bank will pay it. Then the banks will blame you, the account holder.
I learned this the hard way.
The courtesy amount is the digits. The legal amount is the written expression for dollars.
The legal amount matters, and had you taken your bank to court (if you didn't sign your legal rights over to arbitration), the legal amount prevails.
There are rooms full of people working minimum wage night jobs, to verify checks that have values in conflict with each other, associated documents, or are generally illegible. Something like 90% of checks are verified by OCR, and deposited for an amount often within a margin of $2.50 per deposit.
The remaining ten percent are processed by hand, balancing deposit to written amount, usually within the $2.50 same margin. This represents hours of checking transaction amounts for tens of thousands of transactions, as a fraction of the automated processing. The $2.50 is usually reviewed by managers in an end-of-day report.
For maybe a quarter of a million documents processed in one evening by a room full of around fifty people running OCR equipment (made by IBM and Unisys), and performing manual image review and physical document inspection, maybe 200 are kicked out by the machinery and software to be deciphered by hand.
Sometimes people get lazy, and are on the verge of quitting anyway because night jobs suck, and if you argued until you got your way, you were probably dealing with such a situation.
even in cases of fraud?
I didn't need 90 days to find a new bank. (A credit union, in fact.)
But my last two apartments required cashier's checks for both... so honestly, I don't expect to write another check my whole life.
It may sound shocking, but some people will do this. Source: me, landlord since 2001.
I use a credit card much more often these days, because the CC company takes fraud seriously. The banks don't. At least my bank did not.
On behalf of the cardholder they do. When a cardholder complains the card company just reverses the payment to the merchant in a 'chargeback', sometimes months later. Then the merchant has to appeal to get it back. So no the credit card companies don't care about fraud.
I would ask for cash...
Bank: "Why?"
Tenant: "Well my landlord [tale of woe]."
Bank: "So I'm hearing that the payment was unauthorized."
Tenant: "Yes!"
Bank: "Reversed."
Landlord: "... YOU DID WHAT?!"
Bank: "sigh We don't want to be in this discussion."
Landlord: "YOU HAD ONE JOB!"
Bank: "It's not sitting between two adults trying to figure which of them screwed the other. We've got courts for that. Good luck."
In the past, I'd wave around the cancelled check and resolve it quickly. With ebanking, it's hours and hours on the phone and sitting in the bank manager's office refusing to leave until they deal with it.
With that particular one, I eventually made the bank issue a "clawback" on the funds they transmitted. Wonder of wonders, this caused the vendor to find the money they'd received :-)
It's a significant burden on commerce, businesses, and individuals to be without their funds for that long. And a big win for greedy banks who boost their balance sheets and profits by holding all those "in transit" funds.
In the UK, the "Faster" payment system, introduced about 10 years ago, means that the vast majority of bank-to-bank funds transfers are completed instantly.
I expect this seems like a great cost-benefit trade, right up until a multi-billion fraud wipes out one of the banks, and then suddenly they'll be really excited about something better than "cross your fingers" as a resolution mechanic.
BPay is only for bills and stuff - I'm sure my power company don't care that much that if I pay my bill on Friday night it doesn't clear until 9am on Monday morning... (it still counts as the bill being paid on Friday). It usually clears next day on business days anyway.
Also, the bank's balance sheets don't get a "boost" from holding payments. Deposits and other customer funds are strictly a liability to the bank (they owe them back to you), and they don't automatically get interest on them. So they don't have as much incentive as say a company does to pay invoices late to collect more interest.
In Australia you can hardly buy anything anymore with ordinary cheques (you can still use a bank cheque for a car from a dealer or deposit on a house something, but that's the kind that you go to the bank, pay a fee and they print it out).
Hardly any private seller for a car or anything would ever take a cheque though - it's mostly always electronic. This year they're bringing in a real-time system (the current one is free overnight transfer to other banks and immediate for the same bank) which you can send people money immediately with just a mobile number.
This is how it has always been (tm) here. It's interesting to hear about the glorious future that other countries have. How do you identify the account you are transferring to? I was technically interacting with a business, do they just give me a phone number/email and I use that?
I think my bank is working on a way to do instant transfers but I'm not sure how any of that works.
For a regular transfer, you have a six digit number that identifies the bank/branch, and an account number (variable length, depends on branch). You just always use this method and your bank checks whether it’s a BSB at the same bank and does an instant transfer, and if not clears it through the central bank. I think batches run at 9am and 5pm every business day for that.
For those kind of payments, they’re bringing in two new things this year - a new real-time clearing system for small interbank transfers (that is, under like $100k or $250k or something - larger payments you have to use a special system called RTGS), and ‘PayID’ where you can have a mobile number for an individual or your Australian Business Number for a company, and I think internally it resolves back to the account number / BSB (I guess like a DNS system for banks).
Here in Australia, I can just give out my bank account number freely -- the worst you can do to me with that information is send me money.
> If an error is made in the payment of your Direct Debit, by the organisation or your bank or building society, you are entitled to a full and immediate refund of the amount paid from your bank or building society
https://www.directdebit.co.uk/DirectDebitExplained/pages/dir...
The big caveat is that the Fed likes to sit on the transfer for a day or two, or sometimes more. Very annoying if you are on a deadline for the money.
The only check I routinely write now is to the gas company. They use Western Union as their payment processing vendor and WU charges $2.95. It's petty, but it's easy enough to write a check.
Maybe this is how life is like in the Valley, but even so I doubt it’s the experience or thought process of the non-tech worker.
I just used a check this month to pay for my earnest money deposit for a house I’m buying. Before that, I’ve had to use either money order or personal check for the deposit and application fee of every apartment I’ve ever rented. Several landlords only accepted checks for the regular rent as well.
They weren’t slumlords (as some of the other commenters here assume), those who took only checks for rent were individuals who rented out a house or apartment building and took good care of it.
I’ve paid my gas bills with checks back when I lived with college roommates.
Checks aren’t as ubiquitous as they once were, but I remember in my life time, growing up, when they were ubiquitous.
Well, the payee is also usually verified to match the destination account, and a few other elements are technically required for it to be a legal financial instrument (even if banks don't spend the time to check them every time). Legally, a check could be written on the back of a napkin and still be valid - as long as it has a few required details.
The thing I've come to learn about checks is that their security features are not necessarily intended to prevent fraud, but rather to legally prove fraud after it has occurred. So no, banks often will not check those things, but anyone with access to the ACH network can reach into anyone's account and move funds around if fraud is suspected (it's basically a shared database with surprisingly little security). It inherently relies on the legal system to sort things out after the fact, which is a completely different approach from what we see in modern information security (where preventing unauthorized access/behavior upfront is the primary concern).
This is why it’s critical to have transaction alerts for all activity for your financial accounts. Otherwise you could have an ACH slip through that drains your account. You wouldn’t notice till the next time you logged in or, more likely, when you try to use your debit card and realize it’s cleaned out.
Often times banks will set these limits unnecessarily high ($10K is common). Alerts are a good way to spot the fraud, but limits cap how much they can take in the mean time. Even if you will ultimately get refunded, it could take months of a slow investigation before that occurs.
I have mine set to double the most we've ever spent in a single month, and I've only had to increase it once (vehicle downpayment).
This is barely dangerous imo. Inconvenient perhaps but not dangerous. The reason being your bank will refund the money.
The dangerous ones are those that take tiny amounts monthly that you just won't notice.
Wait, what? How are you not going to notice? Every transaction is a line on your statement which, I think, all banks issue monthly.
Besides, if you have a computer, you can download all transactions (to Quicken or similar software) every day or two and verify all your new transactions. If you have a phone, Many banks and cards can even be set up to notify you on each transaction.
If there was fraud on my account I’d know instantly, at worst within two days.
Thanks to this I caught a fraudulent online transaction for 1.2 million columbian pesos(?) and was able to block my card immediately after.
The other info on the check isn’t meaningless. It will (should) be examined when there’s some kind of fraud or dispute about a check payment - but it effectively does nothing to prevent fraud or theft.
* A share account is what they call it at a credit union.
Checks have many safeguards against fraud. "Catch me if you can" exploits have protection.
In the old days, they would print a computer-readable version of the amount on the bottom of the check, right-justified with the account number. Once that was there, most banks just processed that, and ignored the rest of the check.
As you say, none of this will prevent basically any amount of money from being withdrawn from your account however. But you do absolutely have routes available to you to get your money back. If your bank blamed you instead and didn't let you know what options you had then you had a shitty bank that rolled you, you should get a new bank (or a credit union).
Surely this must not be a unique case; what’s supposed to happen in this sort of situation?
YMMV. Simple won't let me deposit a check made out to "Me and Wife" in my personal account - I can only deposit it in our joint. They'll permit me to deposit "Me OR Wife".
Suffice to say, I went back to my neighborhood bank.
To Simple's credit: Their customer support was beyond fantastic -- they were at the mercy of their controlling bank...who was receiving the garnishment request.
When Simple switched banks last year, I received a check in the mail for $3 and change for the amount that I had left in my account after moving my direct deposits and such over. Just...a massive headache.
This was before they had the joint offering, so we had to request a new check. Now we just put stuff in the joint.
My renter's for 1.5 years wrote me cheques with payee of wrong first name, and typo in last name.
No issues depositing any
Ha! Not even that. In the cheque clearing process, about the only thing that ever gets checked (even by automated processes) is the MICR line (account/transit and institution number).
Everything else (EVERYTHING ELSE) is just assumed to match whatever the person entered at the ATM/image capture app/teller window. The bank considers it your problem, as the cheque writer, to catch any issues on your next statement, and then they'll review the image of the cheque (in many jurisdictions now, the physical cheque is destroyed pretty early in the process). You should really never ever give a cheque to someone you don't trust. It's pretty silly, but that's the reality.
Although, fun fact, it's the cursive amount that is the 'official' one if there's a mismatch between that and the digits, since it's much more difficult to subtly adjust that.
Source: work for an institution that processes literally millions of cheques (I'm not in that area, but yeah).
Also worth noting, it doesn't need to be in cursive. I spent all my life struggling with writing in cursive on checks (because it's pretty much the only place I ever do it). One day, someone told me I could print it (it just never occurred to me that this was acceptable) and I've been much happier ever since (during the, you know, 10 times a year I actually write checks).
I've been printing the amount for years now, as my cursive was never terribly legible to begin with and has decayed from lack of use. The whole point of that field is to make it so someone can't just add some zeros to the end of the value. Just write the value out and draw a line through the rest of the field.
http://www.wastedtalent.ca/comic/unavoidable-result
It also depends on the teller, how much of a hardass they are going to be about cashing it. I guess I don't know what the protocol is for for mobile deposit, they may or may not have manual review.
When you sign a receipt, you’re not just providing a sample of your signature for comparison against the one on the card. You are signing a document, usually saying that ‘I agree to comply with the terms of the cardholder agreement’
If this is no longer necessary, the card issuers must have determined that they have other legal agreements which cover purchases, and that the signature on each transaction is not necessary.
Also missing is a discussion of why PINs are not seen by the banks as an obvious next step.
This sounds like the old myth that "if you don't sign the back of your card, you can't be held liable for the debts you incur if you contest it later."
This is of course not true.
You're right about the old myth you cite. The cardholder agreements are usually accepted either by signing the card or by using it.
Obviously on the front with all the other printed text.
If your question is whether it actually does say it, I just pulled the most recent receipt out of my wallet, and this is what is printed right above the blank for my signature: "I agree to pay the above total amount according to the card issuer agreement."
I checked two other receipts from different businesses and they say the same thing.
It might or might not be legally binding or necessary, whether it's there is pretty clear. It is. At least where I live (US), it is.
It used to be standard ~15-20 years ago. I don't see that verbiage any more.
Fun fact, when I worked in retail in the late 90s, the full card number was not really treated as a secret that needed to be protected - the registers we had had a full audit trail printed on a receipt roll inside the register, every time any transaction was inputted the receipt roll would print the details of the transaction. The full card number was first printed on that. Then it was printed on the signature paper. The receipt itself had the last 4 only.
This is in fact the only reason for a signature, it does fuck all to identify somebody, even if merchants were to check it, which they never do.
But with the amount of CCTV nowadays, that's probably more reliable than a signature.
Also ironic that anybody would describe PINs as the next step, I can't remember a time before PINs were used. Even EMV contactless payments are pretty common now, and provide benefits to the banks (liability shift/less chance of PIN compromise) and customers (quicker).
It's not a tech problem, it's a cultural one. You don't realise how much less friction, less hassle it can be until you've lived it. From my time in the US, it seems like it isn't exposed to outside ideas that much, maybe due to it's size.
It seems like a legacy tech problem, held up by the same institutional forces that keep large financial systems in COBOL or FORTRAN.
The EMV standard includes a purchase total verification step where the customer is shown the number and must press OK to confirm. But again speed has been considered more important. That OK? prompt is going away and Quick Chip will first authorize a dummy amount and send the real amount after the transaction is totaled up. It's not like USA market was using PINs for two factor authentication anyway. Restaurants are allowed to adjust purchase totals for tips and closing out tabs.
Not so sure about that. If I use a different mouse then my "signature" using those metrics will fail, as I'm basically a completely different (inept) person using other mice. Just an example, but I don't think that e-signatures can be trusted by using machine learning techniques, at least not any that I know of today.
I'm not really suggesting it as "trust" thing, but a better "pin" code that could be combined with the current shopping history/etc metrics being used to detect fraud.
CC networks currently use previous purchasing patterns, location, time of day, etc.
It's the same reasons why biometrics is not a magic security solution. Authentication must be based of something that's hard to fake, cheap to verify, random, and easy to change. What threshold would you set to balance false negatives and false positives? In comparison the private key in your chip card meets all of the criteria.
Also, since developing a disability in my hands, that _can't_ be the case -- there _will_ be variations in stroke speed due to level of pain/stiffness at the time.
Unfortunately most US cards don't use a pin code at all. There are a few issuers that provide you with a pin code, but even in those cases there's typically a signature preference and the pin code is only used as fallback if the terminal doesn't support signatures. So if you're using a US card in Europe pretty much the only places where you can use the pin code are automated terminals (e.g., at train stations). At most other places you're going to have to use a signature.
There are a few US issuers that issue Chip & PIN cards with PIN preference - for example UNFCU and First Tech Credit Union. Those cards work great in Europe, but are sometimes a pain to use in the US. E.g., if you're paying at a restaurant and you have to go with the waiter to the terminal in some backroom, because the terminal asks for the pin. That's not an issue in Europe, as waiters usually carry mobile terminals with them.
Huh? I have a European card (chip & PIN, PIN preference), and at restaurants in the US I've always signed and never had to go to the terminal in some backroom.
I had that a few times in Asia (think Vietnam). I quite appreciate the times it happened. Instead of taking my credit card then hoping for the best I specifically have to authorize the transaction. In Europe they usually just bring you a portable device.
I have one credit card that I mostly don't use anymore, and keep the account open only because it does chip + PIN so I can use it at train-station kiosks in Europe.
Don't feel so bad - remember that we invented the credit card.
Also the phone.
And the Internet.
For your example of "the Internet" that's true only if you squint and choose TCP/IP as "the Internet". But if you take a step back the Network is a more or less an inevitability, I would insist on dating _that_ to at least the Treaty of Bern (1874) and perhaps earlier. Of course Bern moves actual paper letters, rather than just bits, but the central idea is there - the network effect, we must communicate with absolutely everybody, if we let national sovereignty get in the way of that we lose out.
Your argument looks a lot like a fallacy, to me.
I wondered, which kind of graphology training do Tesco cashiers go through in order to be able to identify a fake signature?
> Unsigned Cards
> While checking card security features, you should also make sure that the card is signed. An unsigned card is considered invalid and should not be accepted. If a customer gives you an unsigned card, the following steps must be taken:
> • Check the cardholder’s ID.
> Ask the cardholder for some form of official government identification, such as a driver’s license or passport. Where permissible by law, the ID serial number and expiration date should be written on the sales receipt before you complete the transaction.
> • Ask the customer to sign the card.
> The card should be signed within your full view, and the signature checked against the customer’s signature on the ID. A refusal to sign means the card is still invalid and cannot be accepted.
> • Ask the customer for a different signed Visa card
> “See ID”
> Some customers write “See ID” or “Ask for ID” in the signature panel, thinking that this is a deterrent against fraud or forgery; that is, if their signature is not on the card, a fraudster will not be able to forge it. In reality, criminals often don’t take the time to practice signatures. They use cards as quickly as possible after a theft and prior to the accounts being blocked. They are actually counting on you not to look at the back of the card and compare signatures; they may even have access to counterfeit identification with a signature in their own handwriting.
> In this situation, follow recommended steps listed above under Unsigned Cards.
https://usa.visa.com/dam/VCOM/download/merchants/card-accept...
I'm still waiting.
The signature generally smears off after a few weeks anyways.
Funnily enough, I have been refused to pay a hotel bill with my unsigned card, since the clerk couldn't verify the signature. So he had me - in front of his eyes - first sign my card, then sign the bill, and then he double checked that the signatures were identical (which they're not - my signatures always come out different).
In the US I have my real signature at the back of the card but I just draw a straight line when signing the receipt. No one ever complained about that.
In Europe I sign with my real signature (because I know that cashiers there are more strict) and even then sometimes hear complaints that the signature on the receipt doesn't exactly match the one on the card.
I always wonder what the point of the signature is in this scenario.
This is a business decision they've made not to be in compliance.
Cases are routinely deemed uncollectible in court when challenged and they are required to remove the items from your credit report.
I spoke to a lawfirm in PA who has literally won 100% of the time against Capital One in hundreds of debt cases because they can't provide the proper documentation required by law when asked to collect on their debts.
They primarily rely on people being afraid or ignorant of the laws.
This was mind blowing to me when I first realized it and then researched it and saw actual cases in real time be ruled for the defense.
During election years, I always tell myself I'm going to sign as the presidential candidates, but I never get around to it.
I believe the latter is the generic notification sound and vendors who customized their solutions post-chip swapped it. I just can't remember which is which right now.
Just another one of those minor accessibility things that would be dead simple to fix if the people in charge gave a shit about usability.
It is sad we don't pay as much attention to this in Europe and America and usually just go for loud beeps. Sounds can be functional and pleasant at the same time.
It comes off more like "Get your money and get the hell out" than a pleasant tune.
No, there isn't really a "standard" to do this.
As far as bills go, each company has their own billpay system. Small businesses pretty much all take credit or debit cards now. If they don't you pay by check. I pay my property taxes with a check because if you do an electronic payment with their system they want you to pay like a $3 fee. Buying a house requires you to get a cashier's check.
You can do "billpay" online with your bank, but if their systems aren't "hooked up" to the other party's systems the bank will mail a physical check to the other party. None of it is instant or even fast.
Last time I changed banks (about 6 years ago) I decided to experiment and not order any checks. Every person I've encountered who needs a check will wait for them, so I just add them to bill pay and have the bank deal with printing and mailing them a check. So far I haven't run into a situation where I was cursing myself for not having actual physical checks.
> “We’ll play it a little bit by ear,” said Michael DeSimone, ShopKeep’s chief executive. “Right now, I don’t think there’s a high level of awareness about this. Let’s get the changes in place and see how they work operationally, and then we’ll adapt.”
I can't imagine the hell of a place that must be to work when extending a feature which works at $25 to any sum — or no sum at all — is that hard. I can think of some really good reasons for it to be that difficult, but all of them sound like a terrible working environment.