I don't want pin. I have half a dozen credit/debit cards in my pocket (the card I use for almost everything, my backup card just in case the first is lost, my HSA card, my company card, a debit card, and the store care for a store I shop at often) there are another half a dozen that the issuers want me to carry but are not worth the space they take up. I cannot mentally manage that many different pins.
verification comes in 3 parts: something you carry (card), something you know (card number, pin), something you are (your signature, fingerprint). Generally you need two. However since the card number is memorable (hard but possible) the pin is no additional security.
- You can have the PIN reset for all of those cards so that they all match, (or better we should be using PK based push notifications to a smart phone app; plug in the card, and you get a push notification to deny/allow on your phone, instead of entering in a PIN.)
- Signatures aren't even verified the vast majority of transactions. They only come into play if you catch fraud and report it. So it's used after the fact, not in advance.
- Signatures are predicated on pen on paper on a flat writing surface perpendicular to gravity. Your signature is not at all the same to a handwriting expert if you change any of those things, and in particular the digital capture of signatures is complete utter bullcrap: no angular, or pressure information is captured. We should just use smiley faces on all such POS systems, in lieu of even attempting a signature (it is in fact what I do).
Digital signatures are Tonka Toys. They are nothing like a finger print.
I don't use my PIN either, for a different reason.
I force them to process it as a credit card because I get the consumer protections of the CC processing agreements. If I use my PIN, it's more like an ATM transaction.
Which law applies to the transaction is what the card account is; not the transaction. TILA applies to credit cards, and EFTA applies to debit cards.
Whether you're costing the merchant more money with higher fees for credit transactions, or if this gets normalized to a debit transaction later on, I'm not sure. But either way it's ridiculous to "force" a credit card transaction on the merchant.
Even though the different transactions on a debit card may have the same legal status by law, banks typically apply "zero liability" to transactions processed by Visa/MasterCard, while holding users accountable for fraudulent debit transactions processed by ATM networks, up to $50 if you report within 2 days, then $500 within 60 days, and then unlimited customer liability after that.
There is no benefit to me to go with a debit transaction and the risk of significant liability if there is a data breach. So, I don't do debit transactions.
> either way it's ridiculous to "force" a credit card transaction on the merchant.
I do it more often because of the number of times I've been screwed by trying to use debit mode and end up with a non-functional gas pump or forced to reswipe with the mag stripe because they only support credit transactions from the chip.
verification comes in 3 parts: something you carry (card), something you know (card number, pin), something you are (your signature, fingerprint). Generally you need two. However since the card number is memorable (hard but possible) the pin is no additional security.