Why does the US seem so far behind when it comes to banking?
- Chip and PIN has been in the UK since 2004 and mandatory since 2006. It wasn't until a decade later that the US caught up.
- Faster Payments allow for instant bank transfers (usually) between any bank account for free. Receiving transfers from clients in US (even with a US Wise bank account) was always a nightmare.
- Since the EU introduced Strong Customer Authentication, most new payments have to be authorised in your mobile banking app or by some other means of 2FA.
- Even before SCA, you'd have to get the Postcode (often digits that mattered) and CVV correct at the very least.
These measures seem like a way of banks shifting the responsibility for fraud onto the customer. In either case though, it's the customer who loses out. In a culture that accepts widespread card fraud, costs increase to offset it.
As a Canadian, it does feel like stepping out of a time machine when you pay at restaurants in the USA. Instead of using a terminal at the table to pay yourself, you need to give the server your card and wait for them to manually process it somewhere. Maybe things have progressed in recent years. But we haven't done it that way in Canada since the early 2000's.
I was visiting Seattle (from Vancouver) a few years ago, and they didn't want me to use my chip card as a chip card because if they did then I couldn't tip. What the heck is that all about?
Also, we're still hearing stories about merchants in the US starting to accept Apple Pay, whereas it worked fine in almost every retailer in Canada the day it was available - even though it wasn't available in Canada for a long time, American visitors (or Canadians with American credit cards) could use Apple Pay on launch day at any retailer that supported tap-to-pay, which was easily most of them.
It was probably an issue with that particular merchants POS. Merchants have very little incentive to update their POS systems so technology changes are very hard to get rolled out. Especially for smaller merchants which many restaurants are.
It’s a network effect thing. Because tap to pay wasn’t supported by the POS vendors US consumers did not get much improvement in experience because of it, so there wasn’t demand from merchants. With Apple Pay there is a huge improvement for consumers (not having to carry the credit card) it has finally forced merchants and their supporting POS vendors to support it.
Between that and the disruption in the POS market the iPad (and similar devices) brought, POS vendors have had to become more flexible.
Tax fraud? I've never seen a card reader in a restaurant (here in europe) where they couldn't either enter a completely arbitrary amount to pay, or add a tip.
Re: Apple Pay acceptance, some of the big chains took the chance to push hard for their own payment solutions ("Walmart Pay") in the hopes of not having to pay card processing fees anymore. Obviously the market has spoken and one by one they've been giving up.
I've started to see more and more servers using a mobile POS with built in credit reader and receipt printer. They hand it to you for tip and signature and you don't have to hand your card to anyone.
> Majority of restaurant is all about experience and event payment system should match that experience.
I'm in the UK. I go to many high-end restaurants, cocktail bars, etc. Portable card terminals are essentially universal in these places. The fact it's the same everywhere is a feature, not a bug.
It's quick. Your card never leaves your sight. No pen is required. Payments up to £100 can be done using contactless on a physical card. Even higher amounts with smartphones/smart watches. Tipping is often integrated into the terminal where tipping is common. It's rare to have to put the card into the terminal.
I don't think it detracts from the experience. On the contrary, I think it streamlines the bit between being finished and wanting to leave:
"Please can I have the bill and a card machine, please".
I've lived in Japan for so long now that paying at restaurants in other countries where it's done at the table seems so awkward.
In Japan, you don't pay at the table, you get up when leaving and pay at the exit. If you're at a high-end establishment entertaining guests, this also leaves you the opportunity to "go to the restroom" late in the dinner and pay ahead of time so that the "mess" of payments is completely forgotten.
It also means waiters don't need to run around the place with cards/readers/cash, you don't need to fumble when you left your wallet in your coat that's been hung up, don't need to squint to read receipts in the dim mood lighting in the eating area, etc etc.
But now they get to see how much you're tipping them! Like they literally have to wait while you punch it in, increasing the social pressure to make up for a broken system.
I don't go to restaurants anymore. Too much pressure.
Respectfully, this seems like social anxiety or hyperbole. You don't go to restaurants because of the stress of the cultural norm of tipping? Seems more accurate to say you don't like eating out in general or because of the price of eating out once you factor in a tip...
Things have definitely changed here recently. At least in San Francisco, at-table terminals are now the norm in sit-down restaurants. Staff generally use the same device for order-taking and payment.
> Things have definitely changed here recently. At least in San Francisco, at-table terminals are now the norm in sit-down restaurants. Staff generally use the same device for order-taking and payment.
I used to work in PoS industry.
This tech is new-ish to the US but not to the rest of the first-world. 15 years ago, paying with a CC @ the table was common in Europe, but the terminal could ONLY do payments. The devices that have been rolling out to the US are more like android tablets in that they can run the order taking half of it, too. Selling hardware to a restaurant is tricky and "oh, no, this only allows you to move the payment portion to the table; staff still have to go to central spot to find a table that can accommodate guests and place their order" was basically a non-starter. The sales pitch is a lot easier now that everything can be done table-side.
For sure. "Bring the card to the device" and "bring the device to the card" seem about equivalent to me in convenience unless the device is something that the waitstaff is going to carry all the time anyhow.
> In a culture that accepts widespread card fraud, costs increase to offset it.
Maybe, maybe not, but this is a very simplistic way of looking at it. If credit card fraud is responsible for X% of total charges, they can spend effort to deal with it, OR they can simply not deal with it and keeping the transactions going while eating the cost, they may be able to serve Y% more customers where Y > X and thus end up with more profit in the long run.
This works for a lot of businesses in America because the sheer scale is massive (take McDonalds for example, they would probably be better off processing their lunch rush quickly due to the margins they are making rather than take even 1 second to verify there is no fraud). This may not work in Europe, but IMO you're missing an entire dimension when analyzing the true costs.
If the fraud/benefit scale ever tipped away from favoring the companies, I think we would see all these major fraud prevention mechanisms kick in almost immediately in the US.
> serve Y% more customers where Y > X and thus end up with more profit in the long run.
That’s the micro/local view, and any rational company in the US will do something close to that. There is no local incentive to set the “fraud/friction” to anything other than their competitors.
On the macro level though, if the dial is moved for everyone (i.e. by regulation; the card schemes have tried to make this happen via incentives in the form of the liability shift, but it still wasn’t enough), there’s a chance for increased total efficiency.
The cool thing is that Europe is running this experiment currently – let’s see how it goes.
First, compared to the rest of the EU, Germany is a weird outlier with the number of banks they have (which, by the way, has been declining steadily for 15 years).
Setting that aside, you missed the "deregulated" part.
As I understand it (and I grant my understanding is pretty cursory) Germany has a much stronger central regulating body, and is subject to overall EU regulations as well.
The US has multiple regional banking authorities and a ton of responsibility is delegated to the states, and in general government intervention is seen as a last resort.
And also, a lot of german banks are actually federated with centralized IT departments (like Finanz Informatik) providing the entire bank as "blueprint". Yes, even if they aren't called Volksbank or Sparkasse. For instance, if you get an EC/GiroCard from DKB, the letter is suspiciously typeset in Sparkasse's corporate font.
> First, compared to the rest of the EU, Germany is a weird outlier with the number of banks they have (which, by the way, has been declining steadily for 15 years).
Still, the absolute number itself seems to be not really the issue here. (I assume the number of US banks has similarly declined in the US, as fusions reduce cost.)
> Setting that aside, you missed the "deregulated" part.
If Germany is anything like the Scandinavian countries, those banks will just be branches of a handful of different banks.
We really don't have any microbanks that need to roll out their own tech for everything - most are just part of the larger banks, and get all the infrastructure provided for them.
None of these comments seem relevant to TFA, which is specifically about card-not-present fraud.
Chip and PIN doesn't work for internet payment.
Bank transfers don't work well internationally.
It is trivial to turn on AVS (address verification) and CVV, but it can result in more declined-yet-legitimate transactions. Sometimes that outweighs the fraud risk that these catch.
The responsibility for fraud is pushed to the merchant, not the customer. Yes, customers pay higher prices because merchant fraud gets passed on eventually, but only in the sense that all fraud costs get passed on to consumers eventually.
I mean the "real thing" is 3D Secure, which isn't exactly 2FA and card issuer dependent, but makes things a hell of a lot more of a PITA to execute for fraudsters.
"ahead" and "behind" halt thinking, and turn the entire topic into some kind of number-line position. It is not. This is complex and actors on both sides of the Atlantic are playing in bad faith to exploit changes. Second you ignore the roles involved. Mid-20s person with steady job is a smaller and smaller part of the system-in-fact, for many reasons. Some people say that working 20-somethings are abused and disenfranchised, including in the EU and elsewhere.
In my view, the U.S. is leading the way in this area.
Europe seems to be shifting the burden of fraud prevention onto customers with methods like SMS notifications and pins. In contrast, in the U.S., banks and businesses are primarily responsible for dealing with fraud.
It's not leading the way technically but for the end consumer it might be better. If I get charged unfairly my bank will tell me to go to the police. Americans can easily just refuse it.
Not if you use a credit card; a quick call to Visa/MC/Amex will get your money back instantly in Europe too.
The main difference is that, in Europe, debit cards are often used in the same way as a CC - except they are just a direct pipe to one's bank, and once the money comes down the pipe there is no easy way to push it back up.
I'm sorry but using strong authentication to make my payment is not a burden, it's a bloody feature.
Here's how much of a "burden" that is: you hold your ATM card next to the terminal. Done. Paid. Every once in a while (based on a configurable max per week) it will prompt for a PIN. Which you enter in 5 secs. That would be 1 in 10 payments.
Online payment: scan payment QR with phone, which takes me to my banking app. Authentication is FaceID, TouchID or PIN. Then you click "Yes". Done.
Both methods are highly secure, require no or minimal input and are extremely fast.
On the other hand, the EU caps credit card fees at 0.5% by law while in the US merchants will pay 3 times that at a minimum.
I suspect that in the US CC processors are incentivized to increase their processing fees to cover the cost of fraud instead of building features to prevent it because they can and it's easier than building features. Businesses are incentivized to increase prices to cover the cost of fraud (and CC processing costs) since processors offer such poor tooling to prevent it.
In the US the burden of fraud prevention is squarely on the honest consumer's wallet.
It's curious that the same product isn't cheaper in Europe compared to the U.S., despite Europeans not funding fraud. I can't help but wonder where those extra savings go.
Products are more expensive in Europe because we have (on average) ~20% sales tax. And because the general tax pressure is higher because we have more state services.
In terms of PPP someone should look it up (on mobile)
Oh, please. You're grossly misinformed. If anything, US is lagging lightyears behind Europe in terms of fighting fraud and fighting card schemes, which are stripping everyone equally in US, banks and customers alike.
PSD2 directive intruduced a lot of novelties, which no one at the time had (and very few do, not even US). For instance, specific to this situation - remote payments above 30 eur must be SCA (strong customer authentication, similar to 2FA, but more elaborate) verified (small value exception from PSD2 RTS). Also, banks must have both real time and post-time transaction monitoring in place, i.e. they must have systems to detect and prevent such fraudulent attemtps. There literally tens if not hundreds of fraud fighting measures in PSD2, which all banks (both acquirer and issuer) must come mply with. I could go on and on (not the place and format).
Frankly, it's utterly unbelievable that this kind of thing could happen without anyone (either acquirer or issuer) intervenining. Not what could (should) happen here in Europe.
Chip and PIN isn't mandatory in the UK - it's just the default. My debit card is not Chip and PIN, because I asked the bank very nicely.
The problem isn't the Chip and PIN itself, although it has been implemented less securely than it could be. The problem, as you point out, is that the liability for fraud has been shifted in law to the card holder, and that is what I objected to. See https://www.chipandspin.co.uk/ for more.
> These measures seem like a way of banks shifting the responsibility for fraud onto the customer.
Onto the vendor, not the customer. The customer can chargeback anything instantly, and the vendor is on the hook for the fraud.
It's intentional, so the banks and payment processors can make more profits. By making it easier for customers to chargeback, they incentivize customers to buy more stuff, by getting the customer to feel more comfortable charging everywhere. Charging more stuff makes payment processors more money.
A lot of it has to do with legacy POS support and a strong disinclination on the merchants part to upgrade. Terminals are costly and configuration non trivial. Plus a strong “if it ain’t broke don’t fix it” culture and resistance to any change. Add to it a relatively weak consumer protection regulatory regime and you’ve got the US.
I would say it’s not worse than most of the world though. Much of the world is rampant with fraud borne entirely by the consumer. For instance QR based bank transfers are popular in much of the world outside the western developed world. Fraud is insanely rampant but the ease and utility vs cash makes it acceptable. Transactions costs are near or actually zero and there’s no POS infrastructure. But people meticulously check their transactions because theft is so rampant. The banks and governments seem unconcerned though.
As such I put the US somewhere in the midpoint globally for this space. There are some smaller economies with strong regulatory regimes that do better for sure. There are many more that do much worse. Obviously the goal is the better not the worse, but I think it’s cherry picking to lump the US into being the worst.
We still do not use chip-and-pin on credit cards in the US. We use chip-and-signature for most credit cards.
I'm not saying there aren't credit cards with chip-and-PIN, there are a some.
We do use chip-and-PIN on most debit cards, but even that can be bypassed on 99% of terminals to fall back to chip-and-signature.
What's super interesting to me, lot of countries that you would expect to be behind the US on that topic actually have state-of-the-art banking techs. Even the EU is behind some of the stuff I've seen in LATAM.
With a UK card pretty much any transaction I do online requires me to Auth it in app.
I even found I had to do it recently for things like car hire, and those websites are generally just wrappers around local company searches (though higher sums overall).
- Chip and PIN has been in the UK since 2004 and mandatory since 2006. It wasn't until a decade later that the US caught up.
- Faster Payments allow for instant bank transfers (usually) between any bank account for free. Receiving transfers from clients in US (even with a US Wise bank account) was always a nightmare.
- Since the EU introduced Strong Customer Authentication, most new payments have to be authorised in your mobile banking app or by some other means of 2FA.
- Even before SCA, you'd have to get the Postcode (often digits that mattered) and CVV correct at the very least.
These measures seem like a way of banks shifting the responsibility for fraud onto the customer. In either case though, it's the customer who loses out. In a culture that accepts widespread card fraud, costs increase to offset it.