back to article Walmart sues Visa for being too lax with protecting chip cards

Retail giant Walmart has filed suit against Visa over the ability to force chip and PIN authorization for card purchases. In a suit filed to the New York State Court (PDF), Walmart claims that Visa is forcing it to accept customer signatures as authorization for payments when it wishes to mandate the use of PIN codes instead …

  1. John Tserkezis

    Australia now has a fully-non-signature credit card purchase system, and if you use paywave or simlar (NFC) *and* for less that AU$100 purchases, PINs are exempt.

    Although this has changed the usage patterns of credit card thieves (fraudulent purchases are now only <$100) If I had to present a 12-digit PIN for *all* purchases, (most are sub-$100) I'd be rightly annoyed.

    1. Somone Unimportant

      and therein lies the problem for Aussies

      The credit card providers have forced tap-to-pay technologies on the Australian banking system, and there is no way to opt of it and demand that only a PIN be acceptable on a credit card.

      We've gone from "low" security (a signature that placed the onus on the retailer to verify) to "some" security (a PIN) to no security (just tap here sir) for purchases below $100.

      My wife's cards were stolen on a Friday night, the thieves racked up $250 worth of purchases in the followng four hours - mainly petrol, ciggies and late night Maccas - we cancelled the cards at 8am when we realised the cards had been stolen and it took us 6 weeks to get the charges reversed. And because one of the stolen cards was linked to her savings account, we were really out of pocket for that 6 weeks.

      1. Cynical Observer
        Black Helicopters

        Re: and therein lies the problem for Aussies

        ...not just the Aussies.

        I suspect that a large percentage of those with an IT security background look at contactless and say "WTF!"

        IMOit really is a solution that should never be applied to the area of payments.

        RFID chips are fine for stock control, they are useful for tracking pets - but the committee* that thought they should be linked to things like passports and payment cards really should have been disbanded at first light.

        Of course that would have stymied the perceived agenda to move society closer and closer to a cashless society.

        “A committee is a life form with six or more legs and no brain.” – Lazarus Long

        1. CustardGannet

          "...should have been disbanded at first light."

          I hope that by 'disbanded', you mean 'shot'.

          1. a_yank_lurker Silver badge

            Re: "...should have been disbanded at first light."

            Shot, you are too kind.

        2. h4rm0ny

          Re: and therein lies the problem for Aussies

          Functionally it is little different from having cash stolen. They set the limit at X as a parallel to how much money you might be carrying in a non-card world. £100 probably isn't that bad they think as you'll get it back eventually.

          However, the system needs two things. One, the availability of cards without NFC payment enabled, and two - the ability to configure your own limits. (These can actually be the same thing given you could configure a limit of zero).

      2. Michael Wojcik Silver badge

        Re: and therein lies the problem for Aussies

        it took us 6 weeks to get the charges reversed

        Indeed. What Walmart means by "best practices for fraud prevention" is, of course, "best opportunity for transferring risk to the customer".

        That's the real driver behind EMV. It's much easier to dispute a signature.

    2. Shane McCarrick

      12 digit PIN? Freaking hell! Show me a single person who wouldn't be onto their bank to reset the sodding thing every second day. 6 digits is good enough for most people....... Also AU$100 seems rather high for tap and pay- its EUR30 in Ireland- I think its entirely fair to set it at a far lower level........

  2. aberglas

    Zip code for non-US cards

    One annoyance of the US system is that some places like gas stations demand the entry of a zip code instead of the non-existent US pin. And that means that they do not accept foreign credit cards.

    1. Number6

      Re: Zip code for non-US cards

      I once suggested to my UK credit card company that they should find a way to assign a 5-digit PIN to people wishing to use their cards in the US which would allow them to work in petrol pumps and provide a bit of security while doing so.

      You can normally use a foreign card, it just means you have to go in and see the cashier (and leave your card there, which is definitely dodgy) while you fill up, then go back in to complete the transaction afterwards. Or carry cash and use that.

      1. Cpt Blue Bear

        Re: Zip code for non-US cards

        "Or carry cash and use that."

        That's the best advice. When in the USA I rapidly learnt to keep my foreign credit cards (including the company Amex) for big hotels and the like where they were used to such exotic things.

      2. JBowler

        Re: Zip code for non-US cards

        Take your *debit* card. Find a US bank ATM that will accept it (ask your bank for locations first), withdraw the max (typically $300; the US bank rips per transaction not per amount so favours low transactions). Do this every day you are in the US. Pay cash. Cash is always welcome, up to $9,999.99 and in $20 bills and no more.

        That's what we do, for far less valid reasons.

        BTW I have to thank my mother and father (both UK) for this approach, so I can only assume that it was part of the standard advice given by whoever to older travelers from the UK. Finding the right bank can be a PITA but they both managed it, even in that benighted capital of dubious technology Seattle.

        One day we will have security for everyday people but we will probably no longer be the USA.

        John Bowler

    2. JeffyPoooh Silver badge

      Re: Zip code for non-US cards

      It really comes to a head when trying to fill up the fuel tank of a rented car just before returning it. Lacking a Zip Code, one wanders in to negotiate a payment algorithm. Wait in line forever while all the vagabonds do their Lottery dealings. Explain to the clerk's brainstem about foreign countries. They might offer Prepay, "How much gasoline do you want?" "I want to fill the tank, it's a rental, I have no idea how much it needs." One should allow an hour (or eight) for this. Then the uneducated hillbilly in the huge truck waiting at the pumps, stuck behind your rental car, will then murder you.

      NEVER attempt to fly out of the USA in the forenoon. It's impossible. If your flight is at 10AM, you'd have to set your wake-up alarm for 7PM the evening before, which ruins dinner. Any normal human should aim for a late-afternoon flight, but even that's risky.

      1. Anonymous Coward
        Anonymous Coward

        Re: Zip code for non-US cards

        You are exactly the type of git that would judge the whole country on the gas station next to the airport huh? Newsflash they suck ass even for the locals and in fact that one near Newark airport (including whole city and airport itself) is actually our worst face forward. As a foreigner on business travel you definitely want to go with the fuel option on car rentals which is often not that much more than DIY.

    3. JBowler

      Re: Zip code for non-US cards

      Yep. So here's a real story; my story. I live in a part of the US (SW Oregon) that one local musician's bumper sticker (a US custom) stated is "where Deliverance meets the Grateful Dead". So I don't buy gas in the Valley, I buy it in Grants Pass (seriously).

      And I used to buy it in a gas station heading home.

      One day I checked in and was, yeah, asked for the Zip code. 97531. Duly Bank of America charged the expected 18 gallons; I drive a Subaru . On the same day at the same time they charged me for another 24 gallons. Well, the Dude had a problem the first time he ran my card, I gave it to him again (you are permitted to call me a doofuss at this point; next time it happened at a different gas station in GP I gave everyone a really hard time, double checked transactions on my mobile and had the lead guy on the gas station give me a piece of paper - more so he remembered than any other reason).

      So, originally, I disputed that 24 gallons. No luck; BofA told me I was there (yep, I think I said that) and that therefore the charge was valid.

      Lesson; I will never go to that gas station again. My wife still insists on using the BofA card but I think I've managed to cut it to next-to-nothing per year.

      Not very helpful, but if you visit the US ask your credit card company for a TEMPORARY CREDIT CARD for the purposes of the visit. It's pretty easy to provide these; Visa already do it for online transactions in the US.

      John Bowler

    4. Hugh McIntyre

      Re: Zip code for non-US cards

      To be fair, US credit cards don't work in British petrol pumps either so the problem exists in both directions.

      And don't get me started on the impossibility of topping up a PAYG UK mobile phone with a non-UK credit card....

      1. Simon 49

        Re: Zip code for non-US cards

        The PAYG thing is insane, go to the trouble of getting your phone unlocked, manage to find a nano-SIM on a UK PAYG net, then find the only way to get more credit on it is buying a retail voucher - marked up massively compared with online. Seemed to be 4:1 last time I tried this, 2014 I think, I spent 100 quid on what online should have been 30.

        1. Hugh McIntyre

          Re: Zip code for non-US cards @Simon 49

          For travelers to the UK, what I did last time is to buy a voucher on mobiletopup.co.uk.

          This charges a 99p transaction fee but otherwise gives you a usable top-up voucher.

      2. joed

        Re: Zip code for non-US cards

        I can confirm, if had to stay in Germany for longer than 10 days I'd die of starvation (I was trying to outsmart the system and withdraw cash at better exchange rate outside an airport only to find that nobody took US cards outside the hostel I stayed at, rather small town; I did not want to risk my return trip and hypermiled every commute - German "clean diesel" did well for that).

        I could care less for C&P - mostly false security as far as I know and liability passed onto customer.

        Regarding 300$ withdrawal limits - banks have better ways to nickel and dime their customers. This limit is to protect account holders as fraudulent cash withdrawals are next to impossible to dispute/reverse.

        ZIP is not uniformly required at gas stations (no idea why), and has been - most likely - introduced to make it more difficult for crooks to test the card before buying big ticket items.

      3. david 136

        Re: Zip code for non-US cards

        I am still living a nightmare of French toll roads not accepting US cards, two years later.

    5. AndrueC Silver badge
      Meh

      Re: Zip code for non-US cards

      And that means that they do not accept foreign credit cards.

      I've never had any problems when I've visited the US. I only ever keep $50 in my wallet for emergencies and never needed it. I've paid for taxis, food, car rentals and some general purchases with my card. I was asked for a zip code at a couple of petrol stations in California but I just typed '111111' and the transaction went ahead.

      There's a discussion here.

      But it is odd how the US does sometimes lags behind in certain areas. Chip & PIN has been standard in the UK for a decade now. And of course there's still a lot of check (sic) transactions over there. I wonder if it's related to the fragmented nature of their banking system?

      1. AndrueC Silver badge
        Thumb Up

        Re: Zip code for non-US cards

        Lol. It appears that I may have accidentally entered a valid zip code. I mean, obviously not valid for me but I'm guessing it was enough to pass the UI validation to let the transaction proceed. Deeper into the system the code was presumably ignored because it had no way to check against a foreign issuer.

        The advantage of being a software developer I reckon. I assumed that all zeros wouldn't be valid :)

    6. Slx

      Re: Zip code for non-US cards

      I've had this issue with UK online stuff and Irish cards.

      Enter your address

      1 Fake Streer

      Ballyfake

      Co Fake

      Ireland

      Postcode : X11 1A1A (not my real code as they actually link to individual addresses in Ireland).

      Your postcode is invalid

      I try 00000

      Your postcode is invalid

      In the end I just end up putting in the code for Buckingham palace which works fine!

      1. Ol'Peculier

        Re: Zip code for non-US cards

        Ah, not just me then. I use SW1A 2AA - Downing Street's postcode...

    7. h4rm0ny

      Re: Zip code for non-US cards

      Well that explains why one of my cards didn't work over there.

      But using a ZIP code as a PIN is a terrible, terrible idea. Can we have an Edvard Munch icon, please?

      1. waldo kitty
        Boffin

        Re: Zip code for non-US cards

        But using a ZIP code as a PIN is a terrible, terrible idea.

        the ZIP code thing is not used for a PIN... it is matched with the billing address of the card holder... if the two ZIP codes do not match then the transaction is invalid...

  3. Number6

    Apparently Americans can't cope with having to enter a PIN (despite needing to for debit cards). That's the gist of what I got when my US credit card company upgraded me to chip-carrying cards. Even now, most of the readers I use have the chip slot taped up and people are expected to swipe the mag strip, so clearly there's still a long way to go.

    1. Anonymous Coward
      Anonymous Coward

      Make America Swipe Again!

  4. Anonymous Coward
    Anonymous Coward

    PIN?

    Last year the bank sent me a new VISA card with a chip... but no PIN. If asked for a PIN at the checkout, I'd have no clue. But I've never been asked. Can't even remember entering a ZIP code to buy gas recently.

    Edit: our gas pumps probably only demand a ZIP when there's a red flag... like a foreign card.

    1. Michael Wojcik Silver badge

      Re: PIN?

      Your card is probably chip & signature. The EMV spec allows this. If you use it with a working EMV reader, you should see a message telling you to withdraw the card after the transaction completes, and then you'll have to sign a slip as per normal.

      Some of my (US-issued) cards are C&P, and some are C&S. I don't remember which is which; I just use the card I want to use and then complete the transaction however the reader instructs.

  5. Neoc

    I blame this on the USA's over-reliance on cheques (checks for you over-the-ponder). It's made the concept of signing everything too ingrained. As for cash - I recently went to Europe (which, BTW, has a really lousy concept of ecommerce once you go beyond the multi-nationals) and even *there* I barely had to use cash.

    As for the ski-trip in NZ, I never had to use cash in and around Queenstown - *all* the shops there were more than happy to take overseas credit-cards.

    1. MrXavia

      Lousy concept of ecommerce?

      Not sure what you mean?

      Pretty much every shop has an online store of somekind over here (well UK anyway), and you can get everything delivered...

      But in the UK I often go months without spending cash.. Everything is paid for by credit card by me, from a pack of gum upto a car...

      1. Slx

        Re: Lousy concept of ecommerce?

        I have to say though things are changing rapidly when it comes to cheques in Ireland.

        I work freelance and at least 95% of my invoices are paid by e-banking with the IBAN (BIC is gone)

        Recently I was having work done on my house and I paid the builder, sparks, plumber and tiler the same way. All zapped through by electronic banking using IBANs

        What would make even more sense though would to link a "paying in" address to your verified mobile number. That way you could send payment without giving away banking account details.

        Transactions are free of charge and processed within 24h to any Eurozone bank account.

        You can include long messages and my online banking is secured with three factor authentication.

        (Log in ID, a security question, selected digits from a secret code and to actually transact anything you need to generate an authentication code using my debit card inserted into a little card reader. That also needs my chip and pin PIN)

        So pretty rock solid.

        1. Number6

          Re: Lousy concept of ecommerce?

          My idea, which does not exclude yours, is that banks should issue everyone with a second account number unrelated to your original, to be used for paying in only. That way, even if someone tries to use it to extract money, it will be flagged as invalid

        2. Boothy

          Re: Lousy concept of ecommerce?

          @ Slx

          Quote: 'What would make even more sense though would to link a "paying in" address to your verified mobile number. That way you could send payment without giving away banking account details.'

          That already exists, at least in the UK, and I'm sure other places will have the same or similar systems, either now or in the future.

          The UK system is called Paym. You only need to resister to receive money, to send money you just need your Bank to support the service and to use your Banks mobile app. The recipient needs to sign up for the service, usually via their Banks web site, and they register a phone number for the service (usually their mobile, or perhaps a business number).

          The sender just uses their regular Bank mobile app, selects Paym, types in the phone number for the recipient (or selects them from their contact list), enter what account you want to send from and the amount (there are limits). And click 'Next', the phone number is then validated against registered Paym recipients, and displays their name, as it is registered at their Bank, as confirmation that you are sending to the right person, (and to make sure you've not mistyped the phone number!) Click to confirm, and within hours (usually just a couple of minutes) the money has been transferred.

          No need for the recipient to provide any bank details to the sender at all.

          Edit: Typo.

          1. Slx

            Re: Lousy concept of ecommerce?

            AIB in Ireland had "You2Me" which worked like that for a while but they but they abandoned it.

    2. taxythingy

      That's because NZ set up EFT-POS systems back in the 80's left, right and centre. A fairly unified banking system helped, as did having only two processing groups for the banks.

      The only time I've used cash in the last two months, other than as a tooth fairy, was at a big field day for our local rescue chopper. The sausage sizzle and donations in a bucket still work better with cash. Normally, my wallet has no cash.

    3. Anonymous Coward
      Anonymous Coward

      We write "cheque" in Canada, too.

      Ironically, the NFC Forum has specs to secure transactions but they are optional.

  6. JBowler

    Only debit cards!

    The US does not issue chip'n'PIN *credit* cards, only *debit* cards. So...

    When a US debit card is run *without* the PIN it is billed as a credit card (for the store) and lots of steel-rice-bowl types (as my Chinese wife would refer to them) get humongous amounts of cut out of this. And the store gets Ripped.

    For years issuers of US *debit* cards have encouraged their recipients (often with money) to run them as *credit* cards. This is Walmart's response; it has nothing to do with security and it doesn't change a single thing about US credit cards (which don't have a PIN, full stop, end.)

    John Bowler

    1. Throatwarbler Mangrove Silver badge
      FAIL

      Re: Only debit cards!

      Your comment is interesting, in the sense that it is factually incorrect. I have a debit card in my wallet with only a mag stripe and a credit card with a chip (but no PIN that I'm aware of).

      1. Michael Wojcik Silver badge

        Re: Only debit cards!

        Yep. He's completely wrong about this. I have EMV credit cards from at least three US banks.

        Offhand I can't say which are C&P and which are C&S, but they're EMV.

    2. elkster88

      Re: Only debit cards!

      "The US does not issue chip'n'PIN *credit* cards, only *debit* cards."

      Umm, yes they do.

      My Andrews Federal Credit Union VISA credit card (most emphatically not a debit card) was specifically applied for before my last trip to Italy because it is a Chip & PIN, not Chip and signature.

  7. PAW

    Bah

    Nobody wants the bleedin chips except the credit card companies. They are the only ones that benefit. It's purpose is to send fraudulent charges back to the merchant that accepted the card. The card companies are not interested in PINs as that might cause them to take liability.

    The chip readers take much more time to process than magnetic swipers and they cost the retailer about $400 apiece. It's a win (credit card merchant) - lose (retailer) - loss (customer) situation. The only possible benefit for the user was that we'd finally have cards we could use at ATMs in Europe. But then they didn't give us PINs.

    BTW every time I use a gas pump that asks for a zip code I feel massive empathy for foreign drivers that likely have no idea why the pump has stalled and can't read the f*ing screen in the bright sun even if they did know english.

  8. jtaylor

    A holdout explains

    I haven't yet been convinced that PIN is better for me than a signature (and yes, my cards are now Chip + Signature).

    How difficult is it to obtain someone's PIN? With debit cards, a mirror or tiny camera or keypad overlay or just a nice viewing angle are enough.

    My credit cards are signed "See ID" on the back. Sure, someone can steal the card and make some charges, but unless they also thought to obtain my signature, it shouldn't be too hard to show that the purchase was not made by me. And that assumes the clerk didn't ask for ID.

    Given the choice between "less fraud, but I assume the risk" and "greater fraud but I am less liable" I prefer the lower liability.

    What am I missing?

    1. Credas Silver badge

      Re: A holdout explains

      What am I missing?

      That, as has been demonstrated many times in the past in many countries around the world including the US, you could probably sign as M.Mouse with a crayon gripped between your toes and a picture of your arse on your ID, and the average cashier would accept it without a second glance.

      What I seem to be missing is why something like C&P that works so well elsewhere in the world, and has done for years now, causes such controversy solely within the USA.

      1. Paul Crawford Silver badge

        Re: A holdout explains

        I noticed that when I visited NY years ago, cashier didn't even look at my signature. I think the most likely reason is the one given by @JBolwer above:

        "When a US debit card is run *without* the PIN it is billed as a credit card (for the store) and lots of steel-rice-bowl types (as my Chinese wife would refer to them) get humongous amounts of cut out of this. And the store gets Ripped."

      2. Triggerfish

        Re: A holdout explains

        My 6'3" Ex Rugby forward boss, used his wifes card over in th US when they emigrated and were getting settled. No one questioned at any point why he was listed as Mrs or called by a feminine name. They barely glanced at his signature.

      3. jtaylor

        Re: A holdout explains

        "you could probably sign as M.Mouse with a crayon gripped between your toes and a picture of your arse on your ID, and the average cashier would accept it without a second glance."

        Certainly. This is why I mentioned "Sure, someone can steal the card and make some charges, but unless they also thought to obtain my signature, it shouldn't be too hard to show that the purchase was not made by me." This is distinct from a PIN, which is easy to record and reproduce.

        I am willing to accept higher risk of fraud, as long as that comes with lower risk that I'll actually have to pay for it.

        I'm still curious what I'm missing. Or was your point that if someone signs as M. Mouse, that my credit card issuer will use that as proof that I was the purchaser?

    2. Anonymous Coward
      Meh

      Re: A holdout explains

      Some years ago, my Building Society provided Credit Cards that not only had your photograph but your signature embedded on the back of tthe card, pretty good quality images too - then the organisation got taken over and the cards got supplied by MBNA so it went away - a pity really

  9. David Roberts Silver badge

    Recent problem?

    A few years (4?) since I last visited the States but I don't recall any problems buying fuel or shopping with a UK credit card. Visited most of the West Coast.

    Oh, and for drawing cash from an ATM you may be better off with a credit card.

    Counter intuitive, but banks normally gouge you on the exchange rate and transaction charges.

    There are some cards which don't charge for currency conversion, and only charge a small amount of interest on cash withdrawals which turns out to be cheaper than being gouged for using a debit card

  10. Ol'Peculier
    WTF?

    US restaurant. Ask for the bill. Server comes with it in a little wallet thing. You put your card in it and pass it back who then goes off to process it. Comes back with ticket, you sign it, adding a tip as appropriate, take card back and hand folder back to server. Who has, at no point, actually seen your signature on the bill and your card.

    What can possibly go wrong?

    1. terry doyle

      [... You put your card in it and pass it back who then goes off to process it. Comes back with ticket,....]

      And your card has just been skimmed :-)

      1. Ol'Peculier

        I know. I've always used a currency card when away unless it's a big ticket item where I won't loose sight of the card.

        As an aside, had to laugh whilst at the CN Tower in Toronto last year when the poor waitress was having to explain to baffled Yanks how to use the card reader...

        1. Phil O'Sophical Silver badge

          at the CN Tower in Toronto last year when the poor waitress was having to explain to baffled Yanks how to use the card reader...

          I've seen the same thing in restaurants at Heathrow, US customers trying to persude the waitress just to take the card away & bring back a chit, and looking baffled when she tries to explain that she's not allowed to do that and has to bring the reader to the table. They just don't get that it's for their own protection!

        2. Number6

          That's changed - a lot of places in the US you're expected to swipe your own card in the reader, presumably for exactly the same reason. However, you often have to either show it to the cashier or hand it to them after swiping, it appears that they have to manually enter the last four digits of the card as some sort of proof that they've at least looked at the front.

  11. tiggity Silver badge

    I like sigs

    Signing is good though as it means your fingerprints end up on a physical piece of paper and thus proof you signed it (and conversely proof you did not sign if someone nicks your card and forges your sig).

    With PIN (as stated, easily acquired by should surf pre pick pocket, dodgy card readers in shops etc.), unless there happens to be CCTV of the transaction no way to prove who made the purchase..

    1. Test Man

      Re: I like sigs

      LOL fingerprints - what are you on about?

    2. ideapete
      Pint

      Re: I like sigs

      I leave my DNA everywhere its a cultural thing

  12. Efros

    No chips

    I have a number of debit and credit cards from major banks and minor ones in the US, none of them are chipped.

  13. Slx

    24 years of chip and pin in France!

    This is like a discussion from the late 1980s!

    France has been a successfully using chip and pin credit cards since 1992 with trials having been completed in tennis to late 1980s

    I don't know why US banks are being so slow about rolling them out. It's really starting to look like some kind of weird technological backwardness at this stage.

    That being said, banks are hardly shining examples of forward thinking and technologically savvy!

    My sense is that there's a major opportunity for someone to just tie up with Google, Apple and the telcos and completely bypass the old payment card duopoly.

    The whole concept of paying for things using largely trust based systems that mostly rely on a 16 digit card number and expiry and a few bits of fixed information crudely hacked on for security is beyond stupid.

    We should be in complete control and pushing payments to retailers in realtime. They've absolutely no need to store people's payment card details and we've no need to be using 1960s tech in 2016 either !

    1. Uncle Slacky Silver badge
      Holmes

      Re: 24 years of chip and pin in France!

      The US is notorious for NIH syndrome (see also Concorde).

      https://en.wikipedia.org/wiki/Not_invented_here

  14. Anonymous Coward
    Anonymous Coward

    Chip-and-pin «vulnerability»? No, it's not

    The link is interesting, and there is a real vulnerability, but it's not a c&p one. It's a protocol downgrade issue..

    Ie, the cashier asks for c&p, and you force it to accept magstripe. Except that works only if magstripe is allowed. In the Real World of chip-and-pin, ie, not the lab or the current US market or with Amex that has only recently switched to it, the transaction authorization systems would see a magstripe request for a c&p card on a c&p terminal, have red lights start flashing, and simply refuse it.

    1. Number6

      Re: Chip-and-pin «vulnerability»? No, it's not

      Yes, I've come across this one - swipe the card and the system tells you to insert it in the slot instead.

  15. -tim
    Coat

    Perceived fraud is the reason for so much silliness.

    I heard that Aussie fraud just hit $300 million for the year.

    The zip code is used on US petrol pumps because they had too much of a problem with people putting card skimmers on them and getting the real PIN.

    The Tap and Pay less than $100 is also because of people installing PIN scanning devices. It is simply a bank risk thing and the dollar amount for the transaction can be adjusted by the banks, if they choose to.

    As far as zip codes need for US systems, 99999 often works. Leading zeros sometimes work (Oz postcode 1234 would be 01234, SW1A0AA would be 00010). I expect most of the time when some trend works, it is because the foreign bank didn't bother to verify the data sent to it.

    The PIN infrastructure needs to be redone. There needs to be a PIN for small amounts, large amounts and a "Don't give me any money PIN" for holdup uses.

  16. Andrew Scott

    Recently tried to purchase a book at Barnes and noble. Card reader uses chip, but buzzed and denied my purchase. Turns out reader only accepts 6 digit pins. Mine is 7 digits. Works at other stores. No wonder book stores are going out of business.

  17. ideapete
    Joke

    No Fries with that

    So why can't I get Fries with that ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019