On 25-Feb-12 15:48, Roland Perry wrote:
In message , at 15:28:15 on Sat, 25 Feb
2012, Stephen Sprunk remarked:
No, UK credit cards also have a magnetic stripe on the back, so
they can
be swiped through a US retail terminal. You just have to sign on the
transaction, rather than use your PIN.

Only if, as above, the transaction is above the merchant's floor limit.
When using my UK credit card in the US I only needed to sign for some
transactions.

There's some over-simplification here. While I agree that some retailers
(especially high-margin ones like restaurants) may not require a
signature, there's a second floor limit above which they have to call
the credit card company. That limit seems to me to be much lower than
you'd get in the UK for a similar transaction verified by PIN.

By "call the credit card company", do you mean actually speak with a
human, or just do a standard automated authorization?

With a human.

Perhaps I just don't spend enough money to run into that ceiling, but I
regularly charge amounts up to ~USD 3k.

My bank does periodically call me /after the fact/ to verify atypical
transactions, but merchants never see that: their authorization goes
through normally.

The occasional machine, e.g. at gas stations, wanted to know my home
zip code (which, of course, I don't have) but I was able to pay in
the kiosk. (US gas stations need payment before dispensing fuel,
rather than afterwards, as in the UK.)

There's some over-generalisation here, it depends where you are in the
USA; some places need payment first, others don't. It depends a little
on the local demographic.

More specifically, it will depend on the drive-off (i.e. theft) rate at
that location or in that neighborhood.

And you can't predict that by the demographic, of course.

Was that sarcasm?

Yes, there are many demographic factors that correlate well with local
crime rates, and a customer can fairly accurately predict (from a brief
look around the area) whether prepayment is required at a gas station.
However, card processors don't care about demographics; they only care
about chargeback rates.

Notably, certain industries (eg. retail electronics) are known to have
high chargeback rates regardless of demographics; others (eg. fast food)
are known to have low chargeback rates. As a result, merchant policies
vary in ways that are _not_ consistent with demographics.

S

--
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking

John Levine wrote:

PS: Don't waste time arguing with Adam, unless you fancy a battle of wits
with an unarmed opponent.

Everyone should follow John's lead as the model of on line decorum and
adult behavior, certainly.

Stephen Sprunk wrote:
On 25-Feb-12 11:30, Adam H. Kerman wrote:
Roland Perry wrote:
at 16:40:17 on Sat, 25 Feb 2012, Adam H. Kerman remarked:

Really? There's no concept of pre-authorizing the transaction, then
charging the customer the approved charge in two separate steps, both
performed at the retail terminal?

No. I routinely spend amounts of the order of a thousand dollars at
retailers by Chip and PIN card, and it's a one-shot process.

If that's true, then I suspect your credit limit is stored on the card.

In a typical transaction in the US, the customer or cashier swipes the
card at the terminal (which one does it depends on the layout). Data is
exchanged with the credit card processor's server. Data sent back to
the merchant's terminal is the account credit limit (not disclosed to
the cashier unless there is a situation with a high-value purchase like
jewelry) and authorization code.

Really? I've never heard of card processors telling merchants what the
credit limit (or available credit, which is what I suspect you meant) on
a card is, just whether the authorization attempt succeeded.

No, I don't mean available credit nor total credit, neither of which
are the merchant's business. I mean an amount frozen to be used for
that particular transaction, that isn't available for other transactions,
until cleared.

Note that an authorization is for a particular amount of money, so there
is no _need_ for the merchant to know how much credit is available in
excess of that.

The amount held for the transaction is somewhat higher than the amount
charged because it's rounded up.

The authorization code is critical, which is why merchants cooperate
in pre-authorizing sales. If a merchant submits a transaction that
wasn't pre-authorized and the bill isn't paid, the merchant's account
is charged back.

That's not how it works. Authorization is confirmation from the card
issuers that a charge for the specified amount (or less) can be posted
successfully.

I have no idea what distinction you are making, and neither do you.

It has no effect on chargebacks; a customer can dispute posted charges
whether or not they were authorized first.

I made no comment about customer disputes. If the bill isn't paid because
it's legitimate or because it's illegitimate (stolen card, identity theft),
the merchant's account is charged back.

It also has nothing to do with whether the bill is paid, which is
entirely a matter between the card issuer and the customer.

Bull****. If the transaction wasn't authorized, and the bill isn't
paid, the merchant is out the money. That's why they have the card
terminals to obtain authorization, duh, and they don't use the
impression machines to make old fashioned charge slips.

During authorization, there is a temporary freeze put on the cardholder's
credit limit in some fixed block amount, such as rounding up to the next
$100. This block must exceed the actual purchase amount.

Perhaps your issuer does that, but every card I've had puts a "hold" on
the exact amount the merchant requested authorization for.

Not between the time the authorization is requested and the transaction
ID number is issued, it's not, and sometimes, the higher amount doesn't
clear for a couple of days. It got to be a problem at gas stations.

Gas stations usually authorize for $1 and then (try to) post the full
amount.

Not true. The amount might be $75, depending on if it's Visa or MC.
Sometimes gas stations have signs up telling purchasers that if the tank
purchase exceeds that amount, the purchaser has to break up the purchase
into two transactions. The credit card clearing houses know when cards
are used at gas pumps for this reason.

Roland Perry wrote:
at 17:30:39 on Sat, 25 Feb 2012, Adam H. Kerman remarked:

I routinely spend amounts of the order of a thousand dollars at
retailers by Chip and PIN card, and it's a one-shot process.

If that's true, then I suspect your credit limit is stored on the card.

It isn't. What you have to accept is that things are done differently in
USA vs the rest of the world.

No, I don't believe that your purchases aren't getting authorizations, sorry.
The account has to be verified as active and that your available credit
is sufficient for the transaction. It's basic fraud fighting.

On 25/02/2012 21:52, Roland Perry wrote:
In message , at 19:02:04 on Sat, 25
Feb 2012, " remarked:
UK credit cards and proximity cards are different things.

They are "converging things". I don't know of any post-payment proximity
cards that aren't also conventional credit cards. But only a few
conventional credit cards have the proximity technology.

Barclays Bank, IIRC.

Barclaycards, which were at one time all VISA, but I have a Barclay
Mastercard, just to prove it's possible.

I was referring to the fact that Barclays Bank apparently offers the
proximity service with its card.

On Sat, 25 Feb 2012 21:54:30 +0000, Roland Perry
wrote:

In message , at 21:47:58 on
Sat, 25 Feb 2012, Charles Ellson remarked:
I'm told about 1:10 proximity card transactions require a PIN. Whether
it's random, or by profiling the retailer/customer, I doubt is in the
public domain.

http://conversation.which.co.uk/mone...tactless-card/
refers to a PIN being used for any transaction over 15 UKP or any
taking the running daily total over 50 UKP.

£50 sounds a lot like "the average amount you'll run up before meeting a
random PIN check". Do any of the banks publish the algorithm?

Barclays themselves seem to present it as a random check but various
reports/reviews/etc. by third parties on an assortment of dates imply
a 50 UKP cumulative "trigger" which presumably does not need all
following transactions on the same day to be PINned unless they also
trigger any warning signs typical of fraudulent activity.

In message , Stephen Sprunk
writes

AIUI, in Europe the customer is liable for fraud with EMV cards,

Not in the UK. A law was introduced back in 2009 to require banks to
reimburse cardholders unless they can actually prove that the fraudulent
transaction was approved by the cardholder.
--
Paul Terry

In message , at 23:36:53 on Sat, 25 Feb
2012, Adam H. Kerman remarked:
I routinely spend amounts of the order of a thousand dollars at
retailers by Chip and PIN card, and it's a one-shot process.

If that's true, then I suspect your credit limit is stored on the card.

It isn't. What you have to accept is that things are done differently in
USA vs the rest of the world.

No, I don't believe that your purchases aren't getting authorizations, sorry.
The account has to be verified as active and that your available credit
is sufficient for the transaction. It's basic fraud fighting.

They are getting authorised, but by C&P, not by the "two step process"
you were speculating about.
--
Roland Perry

In message , at 16:10:19 on Sat, 25 Feb
2012, Stephen Sprunk remarked:
AIUI, in Europe the customer is liable for fraud with EMV cards, which
is why banks and merchants have pushed it there--

Then your understanding is incorrect. There's no extra risk from the
customer using EMV.

but US law doesn't allow that, at least not yet.

--
Roland Perry

In message , at 16:55:37 on Sat, 25 Feb
2012, Stephen Sprunk remarked:
There's some over-simplification here. While I agree that some retailers
(especially high-margin ones like restaurants) may not require a
signature, there's a second floor limit above which they have to call
the credit card company. That limit seems to me to be much lower than
you'd get in the UK for a similar transaction verified by PIN.

By "call the credit card company", do you mean actually speak with a
human, or just do a standard automated authorization?

With a human.

Perhaps I just don't spend enough money to run into that ceiling, but I
regularly charge amounts up to ~USD 3k.

My bank does periodically call me /after the fact/ to verify atypical
transactions, but merchants never see that: their authorization goes
through normally.

Like I said before, I had a $300 transaction in the USA which resulted
in the retailer having to make a phone call, and subsequently asking me
for ID (which I thought wasn't allowed, but there you are). After the
transaction went through, my bank tried calling me to verify that it was
OK, but by then it was the middle of the night and it went to voicemail.
I spent much of the next day working out how to collect my voicemail
from 'overseas' (I'd just switched mobile service).

The occasional machine, e.g. at gas stations, wanted to know my home
zip code (which, of course, I don't have) but I was able to pay in
the kiosk. (US gas stations need payment before dispensing fuel,
rather than afterwards, as in the UK.)

There's some over-generalisation here, it depends where you are in the
USA; some places need payment first, others don't. It depends a little
on the local demographic.

More specifically, it will depend on the drive-off (i.e. theft) rate at
that location or in that neighborhood.

And you can't predict that by the demographic, of course.

Was that sarcasm?

Indeed. I used a gas station in the bad part of town (here in UK) this
week, and I've never seen one with so many notices saying it was an
offence to drive off without paying (even then, they were using
post-payment).

Yes, there are many demographic factors that correlate well with local
crime rates, and a customer can fairly accurately predict (from a brief
look around the area) whether prepayment is required at a gas station.
However, card processors don't care about demographics; they only care
about chargeback rates.

Notably, certain industries (eg. retail electronics) are known to have
high chargeback rates regardless of demographics;

And your hypothesis is that stolen/skimmed cards will turn up equally
likely in retail electronics outlets in the good and bad parts of town?

others (eg. fast food)
are known to have low chargeback rates. As a result, merchant policies
vary in ways that are _not_ consistent with demographics.

Of course the policies can vary according to more than one metric. The
type of retail and the location both play a part.
--
Roland Perry