cancel
Showing results for 
Search instead for 
Did you mean: 

Discover no longer issuing non-EMV designs?

tag
Anonymous
Not applicable

Re: Discover no longer issuing non-EMV designs?


@BottomRanker wrote:

@Luscher wrote:
They no longer offer them. Chip is safer anyway, I would recommend upgrading

...unless you plan to use Discover in China and Japan, in which case the card likely stops working.

 

So I'm really in no rush to upgrade my Discover to EMV...


Yeah I'm not sure why the card readers in those two countries can't handle falling back to swipe. Square doesn't support chipped Discover cards either and manages to do that fine.

Message 11 of 35
Anonymous
Not applicable

Re: Discover no longer issuing non-EMV designs?


@core wrote:

Maybe I shop at the wrong stores and I'd rather get the heck out of there rather than enjoying the ambiance of Walmart.  (Only there in the first place due to Serve, and the 24hr availability.)  And it's NOT FIVE SECONDS.  In every EMV-required store I shop at, the cashier has to press the 'Credit' button before anything happens at all.  They're usually busy sacking my stuff up, and they don't look at the screen until I say "Ummm, that's credit".  So I'm standing there for WAY longer than 5 seconds before anything even starts to happen.  It's freaking insane and I don't know where you people shop that your card is out of the slot in 5 seconds.

Or maybe I'm very attached to my credit cards and I don't want one of my precious children sitting in a slot instead of my hand.  Did you think of that?

ronpa-  Cloning is not the problem.  The problem is the crooks had the numbers to make the clone in the first place!  They could have just as easily bought very liquid things online with those same numbers.  And I would wager that 99% of this data is not collected from skimming mag stripes.  I say that after hanging out in some nasty circles.  This entire load of bull is misguided.


At least the card's still in your sight. Restaurants are probably going to keep taking them away though simply because 99% won't ask for a PIN.

 

Also, let's say we went with point to point encryption (P2PE) instead of chip like what some major retailers wanted to do. Yay POS malware can't skim our card data any more, right? Still leaves other avenues of fraud open though. Also, external magstripe skimmers have gotten really small and difficult to easily find these days.

Message 12 of 35
Anonymous
Not applicable

Re: Discover no longer issuing non-EMV designs?

CVV1 data, which is only stored on the magnetic strip is a barrier to one seeking to create a cloned card from just a card number alone. The track data on physical cards contain more than just the primary account number (often same as card number), but also a 3 digit CVV1 security code, which is different from the 3 digit (4 for Amex) CVV2 code printed on the back. Whether card processors always check the CVV1 code, I don't know, but it's barrier, nevertheless.

 

So there's primative security on regular cards, and it's generally been good enough until the advent of point of sale (pos) terminals running full-fledged operating systems. Back in the old days, pos security was relatively simple and most compromises required physical access. Nowadays, many pos systems are full-featured computers that are difficult to secure; made less secure for convenience, such as allowing remote logins - that's how many pos systems are being compromised and infected with malware, such as a ram scraper, that copy track data in bulk to facilitate the creation of cloned cards.

 

On-line fraud will presumably increase, but that's a different problem. EMV addresses the cloning problem well, and has a proven track record in Europe and elsewhere that's been using it for upwards of a decade. While it would be great to swipe and go, the best one can hope for now is using NFC instead. Maybe some merchants will allow for insertion and removal of an EMV card prior to the purchase completing (much like how Target does for regular cards now), but not sure if the EMV specs allow for that.

Message 13 of 35
core
Valued Contributor

Re: Discover no longer issuing non-EMV designs?

And are merchants forbidden from storing CVV1 like they are for CVV2?

Message 14 of 35
Anonymous
Not applicable

Re: Discover no longer issuing non-EMV designs?


@Anonymous wrote:

CVV1 data, which is only stored on the magnetic strip is a barrier to one seeking to create a cloned card from just a card number alone. The track data on physical cards contain more than just the primary account number (often same as card number), but also a 3 digit CVV1 security code, which is different from the 3 digit (4 for Amex) CVV2 code printed on the back. Whether card processors always check the CVV1 code, I don't know, but it's barrier, nevertheless.

 

So there's primative security on regular cards, and it's generally been good enough until the advent of point of sale (pos) terminals running full-fledged operating systems. Back in the old days, pos security was relatively simple and most compremises required physical access. Nowadays, many pos systems are full-featured computers that are difficult to secure; made less secure for convenience, such as allowing remote logins - that's how many pos systems are being compremised and infected with malware, such as a ram scraper, that copy track data in bulk to facilitate the creation of cloned cards.

 

On-line fraud will presumably increase, but that's a different problem. EMV addresses the cloning problem well, and has a proven track record in Europe and elsewhere that's been using it for upwards of a decade. While it would be great to swipe and go, the best one can hope for now is using NFC instead. Maybe some merchants will allow for insertion and removal of an EMV card prior to the purchase completing (much like how Target does for regular cards now), but not sure if the EMV specs allow for that.


I really don't understand how leaving the card in the reader is that big of a deal. A lot of ATMs have done that for a long time.

Message 15 of 35
Anonymous
Not applicable

Re: Discover no longer issuing non-EMV designs?


@core wrote:

And are merchants forbidden from storing CVV1 like they are for CVV2?


Not sure about CVV1, but often wouldn't matter, since much of the cloning problem is due to ram scrapers hiding in pos devices copying the track data during processing.

 

P.S. I'd add that Krebs On Security http://krebsonsecurity.com/ features many articles regarding EMV and cloning.

Message 16 of 35
core
Valued Contributor

Re: Discover no longer issuing non-EMV designs?


@Anonymous wrote:
I really don't understand how leaving the card in the reader is that big of a deal. A lot of ATMs have done that for a long time.

What else are you going to do while standing at an ATM, change your oil?  You're pretty much just standing there anyway doing nothing, so it matters little.  Whereas when you've got 15 grocery sacks on the counter you've got stuff to do before you can leave.  You guys don't understand:  Yes it's only 30 seconds.  It doesn't matter what I get paid per hour.  It's 30 seconds that I DIDN'T HAVE TO WAIT BEFORE.  And I'm downright pissed off about it, because it doesn't benefit me in the least.  It only benefits the credit card companies.  Now if Discover wants to give me a $0.25 credit for each EMV purchase that I have to endure, I think that's equitable.

Message 17 of 35
Anonymous
Not applicable

Re: Discover no longer issuing non-EMV designs?


@Anonymous wrote:

CVV1 data, which is only stored on the magnetic strip is a barrier to one seeking to create a cloned card from just a card number alone. The track data on physical cards contain more than just the primary account number (often same as card number), but also a 3 digit CVV1 security code, which is different from the 3 digit (4 for Amex) CVV2 code printed on the back. Whether card processors always check the CVV1 code, I don't know, but it's barrier, nevertheless.

 

So there's primative security on regular cards, and it's generally been good enough until the advent of point of sale (pos) terminals running full-fledged operating systems. Back in the old days, pos security was relatively simple and most compremises required physical access. Nowadays, many pos systems are full-featured computers that are difficult to secure; made less secure for convenience, such as allowing remote logins - that's how many pos systems are being compremised and infected with malware, such as a ram scraper, that copy track data in bulk to facilitate the creation of cloned cards.

 

On-line fraud will presumably increase, but that's a different problem. EMV addresses the cloning problem well, and has a proven track record in Europe and elsewhere that's been using it for upwards of a decade. While it would be great to swipe and go, the best one can hope for now is using NFC instead. Maybe some merchants will allow for insertion and removal of an EMV card prior to the purchase completing (much like how Target does for regular cards now), but not sure if the EMV specs allow for that.


The ram scrapers are the thingys they're leaving at our gas stations and atm's now, right?  And what about Walmart?  Aren't they using this new system?  Thx

Message 18 of 35
Anonymous
Not applicable

Re: Discover no longer issuing non-EMV designs?


@core wrote:

@Anonymous wrote:
I really don't understand how leaving the card in the reader is that big of a deal. A lot of ATMs have done that for a long time.

What else are you going to do while standing at an ATM, change your oil?  You're pretty much just standing there anyway doing nothing, so it matters little.  Whereas when you've got 15 grocery sacks on the counter you've got stuff to do before you can leave.  You guys don't understand:  Yes it's only 30 seconds.  It doesn't matter what I get paid per hour.  It's 30 seconds that I DIDN'T HAVE TO WAIT BEFORE.  And I'm downright pissed off about it, because it doesn't benefit me in the least.  It only benefits the credit card companies.  Now if Discover wants to give me a $0.25 credit for each EMV purchase that I have to endure, I think that's equitable.


don't worry, you'll get used to it soon. Smiley LOL

Message 19 of 35
Anonymous
Not applicable

Re: Discover no longer issuing non-EMV designs?


@core wrote:

@Anonymous wrote:
I really don't understand how leaving the card in the reader is that big of a deal. A lot of ATMs have done that for a long time.

What else are you going to do while standing at an ATM, change your oil?  You're pretty much just standing there anyway doing nothing, so it matters little.  Whereas when you've got 15 grocery sacks on the counter you've got stuff to do before you can leave.  You guys don't understand:  Yes it's only 30 seconds.  It doesn't matter what I get paid per hour.  It's 30 seconds that I DIDN'T HAVE TO WAIT BEFORE.  And I'm downright pissed off about it, because it doesn't benefit me in the least.  It only benefits the credit card companies.  Now if Discover wants to give me a $0.25 credit for each EMV purchase that I have to endure, I think that's equitable.


The stores I go to around here usually bag your items for you (and put them back in the cart, if you went into the checkout line with one). This just means that you're waiting for the receipt at the card reader instead of the very end of the checkout line with your bags. +/- a couple of seconds to read the chip, of course.

Message 20 of 35
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.