NFT: Dumb question re: credit card security

give a shit.

In Europe, you need a Pin for most credit card purchases. In the US, credit card companies decided that it would slow down transactions requiring the input of the Pin or people have to search or forget their Pin. So far they’ve decided that it’s cheaper up pay the fraud costs rather than require the
added security

Shift in the US a couple of years ago that was intended to reduce fraud by shifting liability to merchants who used a magnetic stripe to accept chip card transactions. Because of a backlog in terminal upgrades and certification many merchants continued to use mag stripe terminals with a higher incidence of card or terminal fraud

A lot of fraud has shifted from in store to e-commerce so best to only use your credit cards at sites that have additional security controls. Apple Pay and Android Pay have two step biometric authentication so even though they work by just tapping against a terminal, there is an additional layer of security

thanks guys

but have decided that the customer experience is more important than security, so they've bypassed them.

That's why so many don't require you to change your passwords on online accounts more frequently, and why there was such a reluctance to move to a chip based credit card despite the success it was elsewhere.

I've worked in banks for the last 20 years, and every single time there was a security measure bypassed that was client facing, it was always 'customer experience'. I've never seen the surveys myself, and have always wondered why people wouldn't put up with some inconvenience up front to avoid having their shit compromised every time a big retailer or a point of sale system gets hit.

but I've been out of that industry for over a decade now, so I'm not sure this is still relevant.

What I know is in the past, they wanted to hold onto the higher fees they collect from merchants on credit transactions compared to debit ones. Part of a big lawsuit way back when involved Wal-Mart, who tried to get fees lowered. Arguments made by the card associations was that they had high costs related to fraud, debit transactions were then ruled to be lower cost to the associations and banks due to the pin requirement.

The higher fees collected more than offset the fraud charges and (I expect) have continued to do so. To that end, they would rather keep the risk and higher fees than require pin transactions and lower their fees.

Makes money on fraud. The way it works is the issuer is paid what is called an Interchange rate from the brand (Visa, MC) on every sale. Interchange averages around 2%.
So when you have fraudulent transactions the issuer still gets paid the Interchange and the issuer collects a chargeback from the merchant where the fraudulent transaction occurred.