Re: Please, use a different colour!
I suspect that's a subtle security feature, to stop people easily reading the number from a distance ...
Embossed numbers on credit cards are here to stay, and probably for a very long time, say the big three credit card issuers. The raised numbering on credit cards may seem anachronistic given that EMV chips are increasingly being adopted around the world, while magnetic strip cards have been with us for decades. The long …
I suspect that's a subtle security feature, to stop people easily reading the number from a distance ...
It's more an annoyance that it wears off so easily, within a year several numbers can be unreadable (bar tilting to get the shadows), flat numbers under a clear coat would be fine and durable.
No good to a click clack reader if they're flat
the paint wears off anyway
re blackspots, surely the reader could store the details until it found itself in a whitespot? again and then complete the transaction.
Essentially what the guy would be doing with the click-clack, but without the fuss.
Totally makes sense in backwater locations though, such as New Zealand :D
Joke or not, this might actually be a very bad idea.
Although the rep chose not to mention it, another scenario is "Credit Card company's system goes tits up for several hours on December 23rd". I'm guessing, but I imagine the company's IT people really don't want "several hours worth" of queued transactions automatically pouring into the system moments after they bring it back up.
I'll have you know that the NZ banking system was waaay ahead of a lot of other countries and has been for some time. I couldn't believe the backwardness of the American banking system when I worked there in the late 80's, and ditto for the UK. Used to take ages for cheques to clear through the banking system there whereas NZ has had an electronic clearing system for ages. IIRC about the 70's.
Oh, is that what you meant when you were talking about backwater locations. America!
Even the smallest corner store in NZ does has an EFTPOS terminal these days. They would go out of business if they didn't, and they will nearly all also do cash back - assuming there is enough cash in the till.
We bought some stuff from a gift shop in Tanzania earlier in the year that didn't have fallback to click-clack and we had to drive about 5 miles with a bloke from the shop to get signal at all...
Your country's small and therefore pretty easy to wire up. Now try a country as big as the United States with vast rural areas and lots of topography to consider (two mountain ranges, one pretty high, vast plains and a decent desert to the southwest). Unlike in New Zealand (or other tiny and dense countries like say South Korea), it's VERY easy to find yourself in "The Middle of Nowhere", with essentially no civilization for a large radius.
The "click clack" readers seem to be used in many restaurants when the systems goes down.
Although I know of one petrol station whose systems went down, had no readers and was still letting people fuel up with no warning creating utter chaos as people had to walk 400 yards up the road to withdraw cash.
Paris because she can cure any 'flexible friend' problems.
What Yank would walk 400 yards??? They'd hire a cab...
The other big clue about that not being in the US is the use of the word "petrol" as opposed to "gas"...
I took a pre-paid cash card on holiday to Canada/USA last year which was smooth rather than the usual raised letters.
3 out of every 4 attempts to use it got odd looks and "is this card for real?"
I used one in Australia last November without any issues at all!
Well, apart from the issue that after a suspiciously short amount of time I didn't have any more money on it.
They ask you if a card is for real, but have no problems authing a cheque with an iPhone app. American banking is bizarre.
Bizzarre? You bet.
In an Irving, TX, branch, tried to cash a travel(l)ers check(cheque) once.
Wanted 2 forms of ID. Passport OK, International photocard driving licence wasn't.
"What's the problem?"
"Your driving licence isn't acceptable - it's foreign".
"OK, so's my passport. Plus, if I wasn't foreign, why would I be cashing TRAVELLERS cheques???"
Had my freshly photoshopped (not really, but could've been) company ID round my neck.
"Oh, that's OK..."
Anyone seen the film "Catch me if you can"? They haven't changed much since then.
Having said that, UK ain't much better. I received some money from them. "Where do we send the cheque to?"
"No, here's my account number, and IBAN number."
You're ahead of me. The cheque for some thousands took about 7 weeks for me to receive the money. I was charged 10% for the 'privilege'.
If you ever have a card run through a click-clack reader, make sure you ask for the slip of carbon between the two copies ... there was a well known scam years ago where employees used these to make fraudulent purchases.
Also, since no shopkeeper ever needs the CV2 number, best to memorise it, and scratch it off.
They use NCR paper these days - or at least the ones we use for backup at work do.
And there's 4 copies.
(We use them a lot at work. Our IT dept is pretty useless. Last time the excuse was that a cable had fallen out...)
re: VCC2 number - if you scratch it off, you reveal the "VOID" text under the signature strip.
Wandering slightly off the main topic: I wish online transaction sites would let you enter the spaces between the groups of digits --- it makes it so much easier to check you've typed it correctly!
Or are e-shop programmers really incapable of writing code to skip the spaces in the number you've entered?
I couldn't agree more.
What's worse is a combination of inconsistency and lack of labelling.
If the site doesn't say "Keep your filthy spaces off me, you damned dirty serf" I instinctively enter the spaces. And if I'm able to enter the full number with spaces (ie the field isn't limited to 16 characters), I'll carry on... and only find out they didn't want them when the transaction fails.
Because programming the system to automatically remove them is such a difficult task.
Or maybe some twat's gone and patented doing that, so everyone else has stopped doing it.
I write exactly the systems you speak of, however mine will strip anything that isn't a number from the string, this means you can delimit the card number with almost anything you want
"1234 abc 5678 / 1234 - 5678" would be read as "1234567812345678"
I also do exactly this on my company's websites.
It's a single line of code, along the lines of:
$ccpan = preg_replace('/\D/', '', $_POST['ccpan'] );
So there's really no excuse, and any programmer that doesn't do it is either incompetent or just plain fucking lazy, or both, and should be sacked forthwith.
Ditto for phone numbers.
Any attempt to put spaces or dashes in is liable to be denied.
I keep most of my phone numbers in international format, including the + and country code, then no matter where I am I don't have to worry about it. I don;t know if phones are clever enough to realise that when you are in the same country as the country code, and will strip it or whether the phone companies themselves do the job, but either way it works, and so I have a tendency when filling in phone numbers to use the full international number.
I thought American programmers or functional specifiers were particularly insular as far as foreign formats (expecting all postal codes to be like a ZIP) but at least most were capable of recognising said input without throwing a hissy fit.
"So there's really no excuse, and any programmer that doesn't do it is either incompetent or just plain fucking lazy, or both, and should be sacked forthwith."
I have a sneaking suspicion that the problem is that many web sites are constructed by 'web designers' and not programmers at all, and so lack the fundamental knowledge of how to make something adequately resilient.
Maybe next time I should try entering something along the lines of '; DROP TABLE CREDIT_CARDS; -- in one of the fields...
I had an emboss taken at a (small regional branch, admittedly) global car hire firm as recently as January; in a location that definitely had internet and phones available - an airport.
Have a feeling they may have taken the emboss away and run it through a terminal as the payment came through very quickly, not the days to weeks it took when they were common place.
Given that you were at a car hire firm (I believe Americans refer to them as car rental agencies), the embossment in this case was for the sake of a paper trail: proof that the card was physically present when you performed the transaction. Given the nature of the transaction (a car hire/rental), some heightened scrutiny is warranted.
It's so that when all your speeding and parking tickets come through on that car, they can charge them all to your card.
If that was a joke, that fell flat since policemen are instructed to use your driver's license when issuing speeding tickets. So it wouldn't matter which car you drove, the fine would still fall to you with no involvement from the agency. As for parking tickets, I believe the car would be traced, determined to be a rental, and proper notifications be made then (the rental company could be contacted to fill in the renter's information). Either the driver is informed by the agency to pay up or the driver does it himself when he finds the citation. Again, the card doesn't have to be involved. And since the car has to be returned, it would be inspected for damage before the final bill is made, so the card isn't a necessity there, either.
I didn't know, and I live in one of those "developing countries."
Hmm... click clack sounds like a Captain Beefheart track.
Anyway, I remember seeing a transaction on a train, where the man coming round taking bookings for dinner did not have a click clack machine. He had a bunch of slips that had already been impressed with the companies info. When he wanted to impress the customers info, he used an individual portion of jam! He placed the slip over the credit card and rubbed the jam pot over it to take the impression. What a wonderful use of technology.
Was this train a grey tube that houses people's debts,
Their very preserves and transactions?
Another benefit of embossed numbers is that its a way for cash machines etc to check you are putting the card in the right way
No, they work just fine with electron type cards which don't have embossed numbers.
The cash machines around here have a little magnetic sensor that only opens the card slot if you insert a card with a magnetic strip in the right place.
Oh, and the cash machines read the mag-strip, not the chip. I had to get money from my account when I left my card at home (sitting on my keyboard, having used it to buy something online). The bank guy took a "blank" card, passed it through the mag reader/writer on his desk, then handed it to me. It put it in the machine and money came out instantly...
Not one mention of the obvious advantage of the raised digits, my nan who's blind is able to feel the digits on the card which allows her to make transactions by phone!!! Remove them and she wont!
how blind merchants would get along with a card and a click-clack machine. They can probably manage chip & pin. On the other hand, you could sneak up and just quietly take the merchandise without them knowing, unless they have a specially designed creaky floor like in [You Only Live Twice] (the book anyway).
A nightingale floor, you mean? That was a real-life concept. Many people who study Japanese architecture have probably read of the nightingale floor.
If you write see ID instead of signing the card the card is not valid. Now I've yet to see a merchant refuse to take a CC that was not signed or has see ID on it. But if some thing goes wrong and the CC finds out that the card did not have a signature on it, the merchant is on the hook.
Anyway I don't get it. Why do you not sign the card? What ID are we talking about?
I have a small signature; accordingly I sign the card several times, using all the space. Otherwise, it might be possible for someone to remove the signature and write in their own version. But UK commerce is now mostly chip & pin exclusively (or cash), I think, and the signature doesn't come into it.
You could sign your name and then write "wants you to ask for a photo ID", or something.
I run a stall at a market once a month and occasionally I get American customers who haven't bothered to sign their cards because they're so used to handing over their driving licence as proof of ID when they use the card.
In any case, if I have to use the manual backup eg because my GPRS terminal won't connect, I phone for authorisation on any transaction which is above my "floor limit" (amount which my card processing company sets). This doesn't guarantee payment, but at least it means that, at the time of the call, the card hasn't been reported lost or stolen.
We don't leave the card unsigned because we're so used to being asked for ID, we don't bother signing it because nobody ever bothers to check for a signature. I can't remember the last time I was asked for ID when I used a credit card.
Missed one other obvious reason - embossed cards are just another thing that needs to be forged, making it slightly harder to make fake cards. Yes, I know there are crims out there doing it, but if all you had was a printed face it would be easier to forge.
The last time I rented a car, they used the click-clack machine to make an "open voucher". This is, they clack the card, then use the phone method to pre-authorize a charge (about $700 USD) and store the voucher.
When I brought back the car 3 days later, they again use the phone to turn the "preauthorized" charge into an actual charge for the real amount (which was $100). Then the amount and auth code is put on the click-clacked voucher along with the amount.
So the system is sometimes used with the same lifecycle as the electronic POS, but done by phone.
Even with Chip&Pin, the credit card system is horribly broken. The non-stored CVV number is a slight attempt to repair the problem, but its still broken.
The cards with a small LCD and keypad are the solution, and are a solution that will work both online and offline with equal effectiveness. There is one element missing, and that is a way for the vendor to communicate to the card, and this can be solved by adding a small photosensor to the card.
For online transactions, you hold the photosensor on the card up to transaction hotspot on the screen for a few seconds, and by displaying an animated/modulated coloured square, so receive the vendor name and transaction amount to your card. The card displays the vendor name and amount, and you enter your PIN to authorise, receiving a one-time use CVV number in return.
For offline use, the vendor ID and amount can be entered using the keypad.
A colour encoded animated GIF, flickering 30 frames per second, with say 4 bits per colour channel, might be able to transmit 360 bits per second. At 60 character vendor name, is around 300 bits, add in 32 bits for the transaction amount, add in another, say, 128 bits for a signature of some kind, and add 25% for error correction, you can transmit the the whole lot in 2 seconds or so. No fancy RF or NFC needed, just a some basic photo diodes and some filters.
Because otherwise the whole concept falls apart when the battery's dead. Most NFC solutions are inductive so rely on the vendor transmitting power to power the process: much more reliable. Your SecureID falls flat at one important aspect: simplicity.
I've had my credit card spoofed on a number of occasions, none of which caused me to be out of pocket.
I happen to agree that certain aspects of the credit card system need reviewing and updating, especially in the "going after the bastards" department - I've had at least two instances when I could have led police to the perp's door had I been in the same state, but the CC bank was not interested in doing anything about it. Oh well.
But in terms of consumer protection, credit cards are pretty far ahead of the pack.
At my local US post office they will refuse to accept an unsigned credit card until you sign it. They also compare the signature on your credit card to the signature on your ID. Its rare but it does happen.
In 2010 I was director of retail sales (US) for a fairly large sporting goods retailer and one of our larger shows was an outdoor event in Southwest Virginia. We were doing direct sales of about $375k during the three day event. The location made any sort of Internet connection impossible so we had to use a click-clack device to record customers transactions then call them in to the bank later.
In the U.S. there is no space on the three part click-clack receipt for the CCV so we had to scribble it on the 'Merchant Copy' - which isn't very professional and just looks shady to customers. Right off the bat we were paying a higher rate for processing because we didn't have the card in hand and the processor agent thought it was fishy we needed to call in so many transactions.
Secondly, we ran out of click-clack compatible receipts during the 2010 event. Try finding them... Our bank was BB&T and I went to three different locations trying to find more receipts. The kids working at the bank had no idea what I was talking about and tried to upsell me on their in-house processing options. Ha!
There are places in the U.S. without Internet service and there is a use for old school credit card machines. Our banks just don't want to deal with those things though.
The BB&T people were probably amazed to find a place where there was no way of performing any form of electronic communication AT ALL: no direct internet, no cell phone service so you can use stuff like Square or GoPayment, not even a telephone line for a dialup modem,.
DTraceunder the GPL
Biting the hand that feeds IT © 1998–2018