First time here? Check out the site's "greatest hits" or read a random post from the archives. Feel free to ask a question, and consider subscribing to the latest posts via RSS or e-mail. Thanks for visiting!

Remember the difficulties which blog readers (and I) shared regarding the use of American credit cards overseas, when the only way to complete a transaction was using “chip-and-PIN” technology?

The argument for the chip-and-PIN technology has always been enhanced security. Signatures were too easily faked (or ignored), the argument goes, and protection of having an embedded chip containing the card data, plus a numeric PIN, overrode the inconvenience caused to those (often international) customers whose cards didn’t have the requisite chip.

Chip-and-PIN terminals were supposedly tamper-proof, and the multiple-layers of security allegedly decreased risk to both the customer and the retailer.

Until now.

Researchers at the University of Cambridge have hacked a chip-and-PIN box, and in a demonstration of the machine’s weakness, reprogrammed it to play Tetris. A less jesterlike hacker might hack a box and use the terminal to capture card numbers and PINs. So much for a better mousetrap. See here. Be sure to scroll down to watch the video.

Think this new evidence will cause European credit card issuers to make it easier to use a non-chip card when making purchases? Don’t bank on it.

Related:
- Update: How to beat the chip and PIN credit card requirement?
- Rotten in Denmark: Credit cards with mandatory PIN
- “We prefer Visa cards” — just not yours

(via boingboing)

When John Brownlee, expatriate American and co-captain of the Consumerist.com ship, isn’t discussing how my building’s current lack of hot water affects my privates, he’s offering helpful advice and a platform for people who’ve been wronged by lousy customer service.

Via e-mail, he suggests this potential workaround to chip-and-PIN requirements for non-European credit card holders. He verifies that this trick works in Ireland:

I don’t know if this will work in Denmark, but what I used to do (when I lost my pin) was plug it in and just wait. After about twenty seconds of you not doing anything, a receipt is automatically printed out.

Obviously this won’t work at self-service gas stations or train ticket vending machines, but it’s worth a shot if you encounter a clerk who’s unwilling/unable/untrained to print out a swipe-and-sign receipt.

Whether you want to stand there and wait 20 seconds, doing nothing, when people are waiting behind you is a another matter.

Related:
- Rotten in Denmark: Credit cards with mandatory PIN
- We prefer Visa cards, just not yours

(image: PanDeva)

Reader Mike writes in:

I thought I’d share something I encountered on a recent vacation to Denmark. When I tried to use any of my credit or debit cards at stores, I was asked to enter a PIN code. It turns out that in Denmark, they instituted a PIN code to replace signatures, and this is different from an ATM PIN code you would have for a debit or credit card. Some stores were able to bypass the PIN and then print a receipt for a signature - hotels and some restaurants did this - but most other stores - supermarkets, mobile phone stores, gas stations - did not. I had a mobile phone store even call American Express, and eventually told me they could not process a purchase without a PIN code. As a result, we simply used the ATMs to withdraw and pay with cash.

We’ve mentioned this phenomenon before in an earlier post about the frustrations of not having a “ChipKnip” feature when traveling the Netherlands with U.S.-issued credit cards. But the chip-and-PIN requirement wasn’t nearly as widespread in Holland. We got off comparatively easy. It sounds much closer to mandatory in Denmark.

The whole point of a global credit card network like Visa or MasterCard is that you can use your card globally. If you have extra local requirements that take precedence, then Danish Visa cards might as well drop the Visa name. (Heck, call them Carlsberg cards.)

Of course, Danes can bring their cards to the U.S. to swipe and sign, so they enjoy the advantages of a global card network. But shouldn’t the major credit card networks clamp down on this kind of local variation?

Which countries are the biggest offenders? The issue seems isolated to Europe thus far. We count the UK and the Netherlands as moderately problematic. Germany and France are no problem at all. And Denmark is trouble with a capital T.

Where else? Comments are open, e-mail tips encouraged.

Related:
- We prefer Visa cards, just not yours

(image)

James Gilden offers a primer for confused Americans who encounter “chip and PIN” credit card transactions when visiting Europe. Since credit cards not issued locally aren’t able to perform these PIN-based transactions, international travelers are commonly forced to fight for their right to the old-fashioned swipe-and-sign. It’s a must-read for travelers to Europe.

But paying with your non-local credit card is not always as easy as asking the waiter for an old-school swipe of the plastic. I faced this myself, and much less happily than James Gilden, when I was in the Netherlands earlier this year.

In Holland, there are a number of locations where it is ONLY possible to make purchases using chip-and-PIN, but *not* with regular credit cards, even when the list of accepted payment forms includes all the flavors of credit you know and love. Two examples come to mind: Train ticket vending machines accept coins or “Chipknip,” the local flavor of chip-and-PIN in Holland. The Dutch transfer money from one of their accounts onto their card’s chip at “Chipknip” stations, making the cards prepaid debit cards.

With a US-issued credit card, with or without a chip, I couldn’t simply swipe it and go. I even had a US-issued Amex card with chip and a PIN for ATM withdrawals, but that didn’t work either. The only solution was to get in line to buy the tickets — and pay a teller-surcharge to boot.

Far more frustrating was the phenomenon of the fully-automated self-service gas station. While I’m a big fan of pay-at-the-pump in the U.S. and Canada, my cards were useless in the Dutch countryside. Our rental car was getting low, so we pulled into a station, only to be denied access to the pumps with each and every card in our wallets. And,with no attendant, and no option for cash payment, we had to trek onward on fumes, looking for a station that accepted cash or “old-fashioned” credit.

It’s not clear if, say, British chip-and-PIN cards would have worked. All I know is that it was a pain in the butt. I understand the benefits of the PIN — increased security over regular credit card transactions. But making a local proprietary payment system that overrides the global Visa/Mastercard/Amex network is a blow to travelers’ convenience.

(image)
tags: travel | credit cards | chip and PIN | Chipknip