Not only data breaches, but people skimming or copying the card. I went to a restaurant a while ago and some random employee decided to grab our bill to “help out”, not our waitress. I was splitting the bill with someone else and both our cards had fraudulent charges in the following days. I still find it crazy that we let waitstaff walk away with our cards in the US.

One of my cards is very thick and metal. I found that one had fraud on it at a much higher rate than any of the plastic cards I’ve had. It was heavy to the point that it would get comments from about 40% of the people I handed it to. I can only theorize, but my guess is that card signaled a higher value and was more likely to draw the attention of someone who may care to go on a spending spree.

While I can report the issues and get a refund and a new card, it was always a real hassle. Since I stopped carrying that card and use it exclusively online, I don’t think I’ve had a single incident in several years. I used to have it happen about once per quarter.

This is a wild amount of fraud. Is this US-specific? Are cards still using magstripes there?

Cards still have magstripes, but we generally use chip + signature or tap-to-pay now. I haven’t actually swiped my card in a couple years.

Visiting Europe, I really like that the transaction is done right in front of you. The pain point is that my card is chip + signature, when everything there is chip + pin. When I last visited London I would stop into the store and went to the self-scan. I had to wait for the attendant to print out a physical receipt for me to sign, which always took a while. In the US we can sign on the electronic pad. It’s all a formality anyway, since no one checks and everyone just scribbles whatever.

The problem with magstripes is I'm fairly sure there are some skimmers which basically read the card number off the mag-stripe when you insert it for a chip and pin transaction.

Because my card has been skimmed twice. The first time we were 100% it was a major retailer who was insisting my wife needed to swipe the card for a particular discount, but the second time the only in-person use we could remember was at a service station where we inserted the card to pay and pretty much the whole card goes in the slot.

You can read the magstripe from as little as about 1/3rd of the strip...though it's also possible someone is just embedding a scanner element to optically grab numbers nowadays, the tech is certainly cheap enough.

The trouble is it's really hard to reliably demagnetize a credit card, and the magstripe-less card rollout is being done incredibly slowly.

Newer cards don't have embossed numbers on the front anymore, only on the back, and these days I put electrical tape over them just in case someone is watching cameras. But I can't delete the magstripe and be sure it's gone reliably.

Using chip and pin is what makes the system secure. The PIN is verified by the chip on the card so it can't be skimmed. (You can copy the PIN of course, but you also need the same physical chip to clone a transaction.)

Signing the recipe is a useless security theatre. That's why it's not done in Europe.

I agree 100%. I am very annoyed by it. When I go to the website for the card they proudly proclaim that it uses a signature, as if it means something. It’s also sold as a travel card, and the signature makes it a pain for travel. I had a hell of a time buying a train ticket at the airport in Germany. None of the machines worked, I assume because they wanted a PIN, so I had to try and hunt down a person who would sell me a ticket.

Now that I think about, I wonder if this signature business is a result of our restaurant norms. Since the waiter takes the card, runs it, and then brings back a bill to sign. If they switch to a PIN, every restaurant would be forced to upgrade to handheld devices, or have the customer pay up front on the way out. A worthwhile change imo, but I can see lobbyists fighting to avoid it.

It's a remnant from when physical card theft was the main concern: You're supposed to sign the back of the card when you first get it, then each time the receipt is signed the cashier is supposed to compare the signature on the receipt to the one on the card.

I remember as a teen reading some stories about how cashiers wouldn't accept cards that didn't have a signature on the back and made people sign it right there in the store, apparently not at all understanding the purpose of it.

That’s what’s supposed to happen, but in my 20 years of using a credit card I can only recall having my signature checked like this one time. I assumed the person was new. She ended up getting the manager and I had to show multiple forms of ID to prove I was me. It was a whole thing.

Now that we sign electronic pads, it’s even worse. There is no record of the signature on the back of the card to compare to, no one looks at it, and most of the pads are sensitive enough to sign properly. It’s a really expensive rubber stamp.

Credit cards don't use a PIN in the US. Debit cards also work on credit card networks, so PINs are at best optional and are never required, making them entirely worthless.