Using credit/debit card details vs swiping a card in a payment (credit card) terminalIs it safer to send credit card number via unsecured website form or by e-mail? What safer options are there?Which card data online merchant can store and what can he do with it?Who is legal owner of credit card, me or bank?How long does a retailer have to take payment?Prepaid VISA Debit Card declined on Amazon.comDispute credit card transaction with merchant or credit card company?How do service providers and payment processors process payment reversals?Will my Indian debit card work in the U.S.?When can a personal maestro prepaid debit card process payments without the owner entering the PIN number?Do card chips expire before the cards do?
Longest bridge/tunnel that can be cycled over/through?
Writing an augmented sixth chord on the flattened supertonic
Generate basis elements of the Steenrod algebra
Who won a Game of Bar Dice?
What aircraft was used as Air Force One for the flight between Southampton and Shannon?
Active low-pass filters --- good to what frequencies?
Artificer Creativity
Is using 'echo' to display attacker-controlled data on the terminal dangerous?
LuaLaTex - how to use number, computed later in the document
Finding value of expression with roots of a given polynomial.
Why are trash cans referred to as "zafacón" in Puerto Rico?
ed command: Delete from line 1 until the first blank line
How to safely destroy (a large quantity of) valid checks?
How to ensure color fidelity of the same file on two computers?
Is White controlling this game?
Is it expected that a reader will skip parts of what you write?
Extreme flexible working hours: how to get to know people and activities?
US doctor working in Tripoli wants me to open online account
Are polynomials with the same roots identical?
Has there been a multiethnic Star Trek character?
Let M and N be single-digit integers. If the product 2M5 x 13N is divisible by 36, how many ordered pairs (M,N) are possible?
If I leave the US through an airport, do I have to return through the same airport?
English word for "product of tinkering"
A word that means "blending into a community too much"
Using credit/debit card details vs swiping a card in a payment (credit card) terminal
Is it safer to send credit card number via unsecured website form or by e-mail? What safer options are there?Which card data online merchant can store and what can he do with it?Who is legal owner of credit card, me or bank?How long does a retailer have to take payment?Prepaid VISA Debit Card declined on Amazon.comDispute credit card transaction with merchant or credit card company?How do service providers and payment processors process payment reversals?Will my Indian debit card work in the U.S.?When can a personal maestro prepaid debit card process payments without the owner entering the PIN number?Do card chips expire before the cards do?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I was given by a seller an option to come to their office and swipe my credit/debit card there in their payment terminal.
Because it's a long way to get to their office, I asked the seller if he could just take my credit card details (number, expiration date, etc) over the phone and run the transaction by himself. He refused doing so.
I did not ask him why because he is a grumpy man.
What may be the reasons for this refusal, other than being mean?
If he has this payment terminal machine, does it not guarantee that he can run the transaction simply by having my credit card details?
Is it possible that running the transaction simply by using my card details, may cost the seller more than by me just swiping my card?
credit-card banking debit-card online-payment payment
asked May 23 at 8:27
raptrapt
25638
add a comment |
I was given by a seller an option to come to their office and swipe my credit/debit card there in their payment terminal.
Because it's a long way to get to their office, I asked the seller if he could just take my credit card details (number, expiration date, etc) over the phone and run the transaction by himself. He refused doing so.
I did not ask him why because he is a grumpy man.
What may be the reasons for this refusal, other than being mean?
If he has this payment terminal machine, does it not guarantee that he can run the transaction simply by having my credit card details?
Is it possible that running the transaction simply by using my card details, may cost the seller more than by me just swiping my card?
credit-card banking debit-card online-payment payment
asked May 23 at 8:27
raptrapt
25638
15
He's concerned that you might be committing fraud? "Hi, I'd like to pay you by reading these numbers to you that totally came off the card I'm holding and not from a list I downloaded from the dark web..."
– Stobor
May 24 at 1:04
5
Are you in the USA (considering swiping is still a thing)?
– gerrit
May 24 at 7:31
"I did not ask him why because he is a grumpy man." This is excellent advice.
– barbecue
May 24 at 16:00
@Stobor I don't know where you have been in the last 20 years. Downloadable card details are enough for paying on 99% of the e-commerce websites across the globe.
– rapt
May 24 at 23:47
add a comment |
I was given by a seller an option to come to their office and swipe my credit/debit card there in their payment terminal.
Because it's a long way to get to their office, I asked the seller if he could just take my credit card details (number, expiration date, etc) over the phone and run the transaction by himself. He refused doing so.
I did not ask him why because he is a grumpy man.
What may be the reasons for this refusal, other than being mean?
If he has this payment terminal machine, does it not guarantee that he can run the transaction simply by having my credit card details?
Is it possible that running the transaction simply by using my card details, may cost the seller more than by me just swiping my card?
credit-card banking debit-card online-payment payment
asked May 23 at 8:27
raptrapt
25638
I was given by a seller an option to come to their office and swipe my credit/debit card there in their payment terminal.
Because it's a long way to get to their office, I asked the seller if he could just take my credit card details (number, expiration date, etc) over the phone and run the transaction by himself. He refused doing so.
I did not ask him why because he is a grumpy man.
What may be the reasons for this refusal, other than being mean?
If he has this payment terminal machine, does it not guarantee that he can run the transaction simply by having my credit card details?
Is it possible that running the transaction simply by using my card details, may cost the seller more than by me just swiping my card?
credit-card banking debit-card online-payment payment
credit-card banking debit-card online-payment payment
asked May 23 at 8:27
raptrapt
25638
asked May 23 at 8:27
raptrapt
25638
asked May 23 at 8:27
raptrapt
25638
asked May 23 at 8:27
raptrapt
25638
asked May 23 at 8:27
raptrapt
25638
25638
15
He's concerned that you might be committing fraud? "Hi, I'd like to pay you by reading these numbers to you that totally came off the card I'm holding and not from a list I downloaded from the dark web..."
– Stobor
May 24 at 1:04
5
Are you in the USA (considering swiping is still a thing)?
– gerrit
May 24 at 7:31
"I did not ask him why because he is a grumpy man." This is excellent advice.
– barbecue
May 24 at 16:00
@Stobor I don't know where you have been in the last 20 years. Downloadable card details are enough for paying on 99% of the e-commerce websites across the globe.
– rapt
May 24 at 23:47
add a comment |
15
He's concerned that you might be committing fraud? "Hi, I'd like to pay you by reading these numbers to you that totally came off the card I'm holding and not from a list I downloaded from the dark web..."
– Stobor
May 24 at 1:04
5
Are you in the USA (considering swiping is still a thing)?
– gerrit
May 24 at 7:31
"I did not ask him why because he is a grumpy man." This is excellent advice.
– barbecue
May 24 at 16:00
@Stobor I don't know where you have been in the last 20 years. Downloadable card details are enough for paying on 99% of the e-commerce websites across the globe.
– rapt
May 24 at 23:47
15
15
He's concerned that you might be committing fraud? "Hi, I'd like to pay you by reading these numbers to you that totally came off the card I'm holding and not from a list I downloaded from the dark web..."
– Stobor
May 24 at 1:04
He's concerned that you might be committing fraud? "Hi, I'd like to pay you by reading these numbers to you that totally came off the card I'm holding and not from a list I downloaded from the dark web..."
– Stobor
May 24 at 1:04
5
5
Are you in the USA (considering swiping is still a thing)?
– gerrit
May 24 at 7:31
Are you in the USA (considering swiping is still a thing)?
– gerrit
May 24 at 7:31
"I did not ask him why because he is a grumpy man." This is excellent advice.
– barbecue
May 24 at 16:00
"I did not ask him why because he is a grumpy man." This is excellent advice.
– barbecue
May 24 at 16:00
@Stobor I don't know where you have been in the last 20 years. Downloadable card details are enough for paying on 99% of the e-commerce websites across the globe.
– rapt
May 24 at 23:47
@Stobor I don't know where you have been in the last 20 years. Downloadable card details are enough for paying on 99% of the e-commerce websites across the globe.
– rapt
May 24 at 23:47
add a comment |
5 Answers
5
active
oldest
votes
I see three possible reasons:
- He doesn't have a secure way (or any way) to manually enter card details. Most payment terminals have a keypad and can support manual entry (or PINs), but everything else in the ecosystem has to as well. If he doesn't have a way (or doesn't know how) to get the terminal to prompt for manual entry, then that's not an option.
PCI-DSS. It's possible that his PCI scope (how much liability he has) is based on never actually having the card number himself. Giving it to him over the phone would violate that. PCI violations could lead to the major card brands saying "You're not allowed to take credit cards any more", which would be fatal to most businesses these days. Violations would also leave him liable for any fraud that can be traced back to his store.
Interchange rates. He almost certainly pays more for a manually entered card than a swiped one, because the latter is more secure. If he has a way for you to insert your chip, that's even better, as well as making him not liable for fraud if your card was stolen (since the card brands would eat it). So by making you travel out there to physically present your card, he's saving himself money.
To put #3 another way: By making you show up in person, he makes it less likely you're using a stolen card number (because you'll have a physical card) and easier for him to prove that you did actually authorize the payment (because you'll sign a receipt and/or be caught on a security camera). That makes it less likely that it's a fraudulent transaction, which is why it gets a lower interchange rate.
answered May 23 at 12:06
BobsonBobson
1,238814
6
In my experience with small business owners, I'd say #3 is most likely, but I admit I have a pretty narrow view of it.
– JPhi1618
May 24 at 14:26
@JPhi1618 because for a small business doing high value low markup transactions, losing the retail value of a whole item can run your whole month. Due to the liability shift, if a brick and mortar retail store keyed in the numbers instead of doing chip, fraud is all on them. Naturally, that's what fraudsters want you to do.
– Harper
May 26 at 14:30
add a comment |
Using the physical card or not are two different scenarios, namely "Card Present" and "Card Not Present" (also known as MOTO as in Mail Order / Telephone Order). They may involve different contracts, different rates, different risks, and different equipment.
Some contracts will simply not allow Card Not Present transactions. You need to actually use the card in the terminal, either by swiping it, or by using the chip (and ideally pin). This adds an additional layer of verification (mostly if you use chip & pin, but even the magnetic stripe has info that is not available by reading the card), and the network and card issuer know if the card was actually used or not.
Likewise, some terminals will not enable you to do a card not present transaction. Even if it has a keypad, it may simply not have any feature allowing the manual entry of a card.
Since the merchant does not see the card, and none of the security features available with a payment terminal can be used, there is also an additional risk. This may involve higher fees for the merchant and/or a higher risk of a chargeback. Usually the risk lies with the bank if the transaction used one of the secure modes (chip + pin, or 3D secure when used online), while the risk lies with the merchant in other cases.
So, as a summary:
- he may just not be able to (contract or terminal won't allow it)
- it may cost him more (higher fees)
- it may involve a higher risk
Or he may just be grumpy :-)
answered May 23 at 16:50
jcaronjcaron
1,6501618
"Usually the risk lies with the bank" The risk pretty much always lies with a bank. With a secure mode, the risk lies with the issuing bank. With insecure methods, the risk lies with the acquiring bank (who then passes the chargeback along to the merchant).
– Acccumulation
May 24 at 14:45
@Accumulation so the risk is on the merchant, not the bank (other than a few cases where the merchant cannot refund the charge, but those are edge cases).
– jcaron
May 24 at 17:06
Basically, any terminal with a keypad will have the capability to enter a card number/transaction manually. That feature may be behind a password (either dynamically, or an options setting that is only accessible with a password) that the merchant, or the person running the terminal, does not know. For example, for terminals acquired from the processor, the merchant may have never been given the configuration password. It's also possible that the options are set such that the feature only appears when there are multiple failed attempts to read the card.
– Makyen
May 24 at 22:49
add a comment |
The reason I would consider most likely is "liability shift".
When a card transaction is flagged as fraudulent, the issuer will check whether the merchant who accepted the payment met agreed standards of:
- Security: is the payment system properly isolated, access to card details strictly controlled, etc
- Authentication: did the customer provide evidence that they were the card holder
If these standards are not met, then the merchant is charged for the flagged transaction; something they obviously want to avoid.
If you walked into the office, they could:
- Demonstrate security by using a dedicated hardware device, and never see your card number
- Authenticate you using chip-and-PIN, or checking a signature (in places where that's still accepted)
If you were buying something online, the equivalent would be:
- Isolating the page where you enter your card details from the rest of the system, and never logging the details entered
- Authenticating you by asking you to complete a 3-D Secure challenge (Verified by Visa / MasterCard SecureCode, or the newer Visa Secure / MasterCard IdentityCheck)
If you give details over the phone, some security can be demonstrated, but there is a risk of the operator memorising your details, and there is currently no good system for authentication. So such "MOTO" payments generally shift liability to the merchant.
answered May 23 at 17:41
IMSoPIMSoP
25916
add a comment |
Assuming his terminal is even set up for manual entry, I'm going to guess it's one of two things, it's a lot more work that he doesn't want to do, or he's worried you'll claim fraud later and then he's out item and price.
answered May 23 at 11:31
pboss3010pboss3010
56526
add a comment |
- They pay higher merchant fees for card-not-present transactions. This is often the case for shops that sell high-price-tag items; they don't care about per-transaction fees, but haggle hard to get the best percentage fee. Those best rates come with strings attached.
- There may be a high level of scams run on these items. They fear (reasonably or otherwise) that this "voice on the telephone" who they've never met is keeping a distance for a reason.
They are liable for fraudulent transactions done with "chip cards" that aren't processed via chip. This "liability shift" is new, and was done to motivate merchants to roll out chip machines. This is just plain self-preservation on the merchant's part; in a high priced merchandise business, one fraudulent transaction can ruin your whole month.- They are not equipped to securely handle your data via computer. Their systems would need to meet a "gold standard" of computer security called "PCI-DSS" which applies to every computer on every network capable of reaching that network.* This is a huge burden for a family sized business; it's simply impractical for them to comply.
Also, do not assume the ability to do perfect compliance with good policies. Having worked a high-value-item retail store, I can tell you that very often, the best you can do is honest and good salesmen who care about the customer and respect your business. If they loved technical stuff, they wouldn't be working here. They just can't/won't comply with the subtle details that are needed, and given the complexity you can hardly blame them. It is simpler to disallow the activity altogether, and set a good example by the owners not doing it either.
* The exception is things like the "swiper" machine or a "PayPal Here" swiperfob that use "Point to point encryption" aka a secure VPN tunnel, straight from the swiper to the bank's servers.
answered May 24 at 15:44
HarperHarper
27.3k64096
add a comment |
protected by JoeTaxpayer♦ May 26 at 13:26
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
I see three possible reasons:
- He doesn't have a secure way (or any way) to manually enter card details. Most payment terminals have a keypad and can support manual entry (or PINs), but everything else in the ecosystem has to as well. If he doesn't have a way (or doesn't know how) to get the terminal to prompt for manual entry, then that's not an option.
PCI-DSS. It's possible that his PCI scope (how much liability he has) is based on never actually having the card number himself. Giving it to him over the phone would violate that. PCI violations could lead to the major card brands saying "You're not allowed to take credit cards any more", which would be fatal to most businesses these days. Violations would also leave him liable for any fraud that can be traced back to his store.
Interchange rates. He almost certainly pays more for a manually entered card than a swiped one, because the latter is more secure. If he has a way for you to insert your chip, that's even better, as well as making him not liable for fraud if your card was stolen (since the card brands would eat it). So by making you travel out there to physically present your card, he's saving himself money.
To put #3 another way: By making you show up in person, he makes it less likely you're using a stolen card number (because you'll have a physical card) and easier for him to prove that you did actually authorize the payment (because you'll sign a receipt and/or be caught on a security camera). That makes it less likely that it's a fraudulent transaction, which is why it gets a lower interchange rate.
answered May 23 at 12:06
BobsonBobson
1,238814
6
In my experience with small business owners, I'd say #3 is most likely, but I admit I have a pretty narrow view of it.
– JPhi1618
May 24 at 14:26
@JPhi1618 because for a small business doing high value low markup transactions, losing the retail value of a whole item can run your whole month. Due to the liability shift, if a brick and mortar retail store keyed in the numbers instead of doing chip, fraud is all on them. Naturally, that's what fraudsters want you to do.
– Harper
May 26 at 14:30
add a comment |
I see three possible reasons:
- He doesn't have a secure way (or any way) to manually enter card details. Most payment terminals have a keypad and can support manual entry (or PINs), but everything else in the ecosystem has to as well. If he doesn't have a way (or doesn't know how) to get the terminal to prompt for manual entry, then that's not an option.
PCI-DSS. It's possible that his PCI scope (how much liability he has) is based on never actually having the card number himself. Giving it to him over the phone would violate that. PCI violations could lead to the major card brands saying "You're not allowed to take credit cards any more", which would be fatal to most businesses these days. Violations would also leave him liable for any fraud that can be traced back to his store.
Interchange rates. He almost certainly pays more for a manually entered card than a swiped one, because the latter is more secure. If he has a way for you to insert your chip, that's even better, as well as making him not liable for fraud if your card was stolen (since the card brands would eat it). So by making you travel out there to physically present your card, he's saving himself money.
To put #3 another way: By making you show up in person, he makes it less likely you're using a stolen card number (because you'll have a physical card) and easier for him to prove that you did actually authorize the payment (because you'll sign a receipt and/or be caught on a security camera). That makes it less likely that it's a fraudulent transaction, which is why it gets a lower interchange rate.
answered May 23 at 12:06
BobsonBobson
1,238814
6
In my experience with small business owners, I'd say #3 is most likely, but I admit I have a pretty narrow view of it.
– JPhi1618
May 24 at 14:26
@JPhi1618 because for a small business doing high value low markup transactions, losing the retail value of a whole item can run your whole month. Due to the liability shift, if a brick and mortar retail store keyed in the numbers instead of doing chip, fraud is all on them. Naturally, that's what fraudsters want you to do.
– Harper
May 26 at 14:30
add a comment |
I see three possible reasons:
- He doesn't have a secure way (or any way) to manually enter card details. Most payment terminals have a keypad and can support manual entry (or PINs), but everything else in the ecosystem has to as well. If he doesn't have a way (or doesn't know how) to get the terminal to prompt for manual entry, then that's not an option.
PCI-DSS. It's possible that his PCI scope (how much liability he has) is based on never actually having the card number himself. Giving it to him over the phone would violate that. PCI violations could lead to the major card brands saying "You're not allowed to take credit cards any more", which would be fatal to most businesses these days. Violations would also leave him liable for any fraud that can be traced back to his store.
Interchange rates. He almost certainly pays more for a manually entered card than a swiped one, because the latter is more secure. If he has a way for you to insert your chip, that's even better, as well as making him not liable for fraud if your card was stolen (since the card brands would eat it). So by making you travel out there to physically present your card, he's saving himself money.
To put #3 another way: By making you show up in person, he makes it less likely you're using a stolen card number (because you'll have a physical card) and easier for him to prove that you did actually authorize the payment (because you'll sign a receipt and/or be caught on a security camera). That makes it less likely that it's a fraudulent transaction, which is why it gets a lower interchange rate.
answered May 23 at 12:06
BobsonBobson
1,238814
I see three possible reasons:
- He doesn't have a secure way (or any way) to manually enter card details. Most payment terminals have a keypad and can support manual entry (or PINs), but everything else in the ecosystem has to as well. If he doesn't have a way (or doesn't know how) to get the terminal to prompt for manual entry, then that's not an option.
PCI-DSS. It's possible that his PCI scope (how much liability he has) is based on never actually having the card number himself. Giving it to him over the phone would violate that. PCI violations could lead to the major card brands saying "You're not allowed to take credit cards any more", which would be fatal to most businesses these days. Violations would also leave him liable for any fraud that can be traced back to his store.
Interchange rates. He almost certainly pays more for a manually entered card than a swiped one, because the latter is more secure. If he has a way for you to insert your chip, that's even better, as well as making him not liable for fraud if your card was stolen (since the card brands would eat it). So by making you travel out there to physically present your card, he's saving himself money.
To put #3 another way: By making you show up in person, he makes it less likely you're using a stolen card number (because you'll have a physical card) and easier for him to prove that you did actually authorize the payment (because you'll sign a receipt and/or be caught on a security camera). That makes it less likely that it's a fraudulent transaction, which is why it gets a lower interchange rate.
answered May 23 at 12:06
BobsonBobson
1,238814
edited May 26 at 17:28
answered May 23 at 12:06
BobsonBobson
1,238814
answered May 23 at 12:06
BobsonBobson
1,238814
answered May 23 at 12:06
BobsonBobson
1,238814
1,238814
6
In my experience with small business owners, I'd say #3 is most likely, but I admit I have a pretty narrow view of it.
– JPhi1618
May 24 at 14:26
@JPhi1618 because for a small business doing high value low markup transactions, losing the retail value of a whole item can run your whole month. Due to the liability shift, if a brick and mortar retail store keyed in the numbers instead of doing chip, fraud is all on them. Naturally, that's what fraudsters want you to do.
– Harper
May 26 at 14:30
add a comment |
6
In my experience with small business owners, I'd say #3 is most likely, but I admit I have a pretty narrow view of it.
– JPhi1618
May 24 at 14:26
@JPhi1618 because for a small business doing high value low markup transactions, losing the retail value of a whole item can run your whole month. Due to the liability shift, if a brick and mortar retail store keyed in the numbers instead of doing chip, fraud is all on them. Naturally, that's what fraudsters want you to do.
– Harper
May 26 at 14:30
6
6
In my experience with small business owners, I'd say #3 is most likely, but I admit I have a pretty narrow view of it.
– JPhi1618
May 24 at 14:26
In my experience with small business owners, I'd say #3 is most likely, but I admit I have a pretty narrow view of it.
– JPhi1618
May 24 at 14:26
@JPhi1618 because for a small business doing high value low markup transactions, losing the retail value of a whole item can run your whole month. Due to the liability shift, if a brick and mortar retail store keyed in the numbers instead of doing chip, fraud is all on them. Naturally, that's what fraudsters want you to do.
– Harper
May 26 at 14:30
@JPhi1618 because for a small business doing high value low markup transactions, losing the retail value of a whole item can run your whole month. Due to the liability shift, if a brick and mortar retail store keyed in the numbers instead of doing chip, fraud is all on them. Naturally, that's what fraudsters want you to do.
– Harper
May 26 at 14:30
add a comment |
Using the physical card or not are two different scenarios, namely "Card Present" and "Card Not Present" (also known as MOTO as in Mail Order / Telephone Order). They may involve different contracts, different rates, different risks, and different equipment.
Some contracts will simply not allow Card Not Present transactions. You need to actually use the card in the terminal, either by swiping it, or by using the chip (and ideally pin). This adds an additional layer of verification (mostly if you use chip & pin, but even the magnetic stripe has info that is not available by reading the card), and the network and card issuer know if the card was actually used or not.
Likewise, some terminals will not enable you to do a card not present transaction. Even if it has a keypad, it may simply not have any feature allowing the manual entry of a card.
Since the merchant does not see the card, and none of the security features available with a payment terminal can be used, there is also an additional risk. This may involve higher fees for the merchant and/or a higher risk of a chargeback. Usually the risk lies with the bank if the transaction used one of the secure modes (chip + pin, or 3D secure when used online), while the risk lies with the merchant in other cases.
So, as a summary:
- he may just not be able to (contract or terminal won't allow it)
- it may cost him more (higher fees)
- it may involve a higher risk
Or he may just be grumpy :-)
answered May 23 at 16:50
jcaronjcaron
1,6501618
"Usually the risk lies with the bank" The risk pretty much always lies with a bank. With a secure mode, the risk lies with the issuing bank. With insecure methods, the risk lies with the acquiring bank (who then passes the chargeback along to the merchant).
– Acccumulation
May 24 at 14:45
@Accumulation so the risk is on the merchant, not the bank (other than a few cases where the merchant cannot refund the charge, but those are edge cases).
– jcaron
May 24 at 17:06
Basically, any terminal with a keypad will have the capability to enter a card number/transaction manually. That feature may be behind a password (either dynamically, or an options setting that is only accessible with a password) that the merchant, or the person running the terminal, does not know. For example, for terminals acquired from the processor, the merchant may have never been given the configuration password. It's also possible that the options are set such that the feature only appears when there are multiple failed attempts to read the card.
– Makyen
May 24 at 22:49
add a comment |
Using the physical card or not are two different scenarios, namely "Card Present" and "Card Not Present" (also known as MOTO as in Mail Order / Telephone Order). They may involve different contracts, different rates, different risks, and different equipment.
Some contracts will simply not allow Card Not Present transactions. You need to actually use the card in the terminal, either by swiping it, or by using the chip (and ideally pin). This adds an additional layer of verification (mostly if you use chip & pin, but even the magnetic stripe has info that is not available by reading the card), and the network and card issuer know if the card was actually used or not.
Likewise, some terminals will not enable you to do a card not present transaction. Even if it has a keypad, it may simply not have any feature allowing the manual entry of a card.
Since the merchant does not see the card, and none of the security features available with a payment terminal can be used, there is also an additional risk. This may involve higher fees for the merchant and/or a higher risk of a chargeback. Usually the risk lies with the bank if the transaction used one of the secure modes (chip + pin, or 3D secure when used online), while the risk lies with the merchant in other cases.
So, as a summary:
- he may just not be able to (contract or terminal won't allow it)
- it may cost him more (higher fees)
- it may involve a higher risk
Or he may just be grumpy :-)
answered May 23 at 16:50
jcaronjcaron
1,6501618
"Usually the risk lies with the bank" The risk pretty much always lies with a bank. With a secure mode, the risk lies with the issuing bank. With insecure methods, the risk lies with the acquiring bank (who then passes the chargeback along to the merchant).
– Acccumulation
May 24 at 14:45
@Accumulation so the risk is on the merchant, not the bank (other than a few cases where the merchant cannot refund the charge, but those are edge cases).
– jcaron
May 24 at 17:06
Basically, any terminal with a keypad will have the capability to enter a card number/transaction manually. That feature may be behind a password (either dynamically, or an options setting that is only accessible with a password) that the merchant, or the person running the terminal, does not know. For example, for terminals acquired from the processor, the merchant may have never been given the configuration password. It's also possible that the options are set such that the feature only appears when there are multiple failed attempts to read the card.
– Makyen
May 24 at 22:49
add a comment |
Using the physical card or not are two different scenarios, namely "Card Present" and "Card Not Present" (also known as MOTO as in Mail Order / Telephone Order). They may involve different contracts, different rates, different risks, and different equipment.
Some contracts will simply not allow Card Not Present transactions. You need to actually use the card in the terminal, either by swiping it, or by using the chip (and ideally pin). This adds an additional layer of verification (mostly if you use chip & pin, but even the magnetic stripe has info that is not available by reading the card), and the network and card issuer know if the card was actually used or not.
Likewise, some terminals will not enable you to do a card not present transaction. Even if it has a keypad, it may simply not have any feature allowing the manual entry of a card.
Since the merchant does not see the card, and none of the security features available with a payment terminal can be used, there is also an additional risk. This may involve higher fees for the merchant and/or a higher risk of a chargeback. Usually the risk lies with the bank if the transaction used one of the secure modes (chip + pin, or 3D secure when used online), while the risk lies with the merchant in other cases.
So, as a summary:
- he may just not be able to (contract or terminal won't allow it)
- it may cost him more (higher fees)
- it may involve a higher risk
Or he may just be grumpy :-)
answered May 23 at 16:50
jcaronjcaron
1,6501618
Using the physical card or not are two different scenarios, namely "Card Present" and "Card Not Present" (also known as MOTO as in Mail Order / Telephone Order). They may involve different contracts, different rates, different risks, and different equipment.
Some contracts will simply not allow Card Not Present transactions. You need to actually use the card in the terminal, either by swiping it, or by using the chip (and ideally pin). This adds an additional layer of verification (mostly if you use chip & pin, but even the magnetic stripe has info that is not available by reading the card), and the network and card issuer know if the card was actually used or not.
Likewise, some terminals will not enable you to do a card not present transaction. Even if it has a keypad, it may simply not have any feature allowing the manual entry of a card.
Since the merchant does not see the card, and none of the security features available with a payment terminal can be used, there is also an additional risk. This may involve higher fees for the merchant and/or a higher risk of a chargeback. Usually the risk lies with the bank if the transaction used one of the secure modes (chip + pin, or 3D secure when used online), while the risk lies with the merchant in other cases.
So, as a summary:
- he may just not be able to (contract or terminal won't allow it)
- it may cost him more (higher fees)
- it may involve a higher risk
Or he may just be grumpy :-)
answered May 23 at 16:50
jcaronjcaron
1,6501618
answered May 23 at 16:50
jcaronjcaron
1,6501618
answered May 23 at 16:50
jcaronjcaron
1,6501618
answered May 23 at 16:50
jcaronjcaron
1,6501618
1,6501618
"Usually the risk lies with the bank" The risk pretty much always lies with a bank. With a secure mode, the risk lies with the issuing bank. With insecure methods, the risk lies with the acquiring bank (who then passes the chargeback along to the merchant).
– Acccumulation
May 24 at 14:45
@Accumulation so the risk is on the merchant, not the bank (other than a few cases where the merchant cannot refund the charge, but those are edge cases).
– jcaron
May 24 at 17:06
Basically, any terminal with a keypad will have the capability to enter a card number/transaction manually. That feature may be behind a password (either dynamically, or an options setting that is only accessible with a password) that the merchant, or the person running the terminal, does not know. For example, for terminals acquired from the processor, the merchant may have never been given the configuration password. It's also possible that the options are set such that the feature only appears when there are multiple failed attempts to read the card.
– Makyen
May 24 at 22:49
add a comment |
"Usually the risk lies with the bank" The risk pretty much always lies with a bank. With a secure mode, the risk lies with the issuing bank. With insecure methods, the risk lies with the acquiring bank (who then passes the chargeback along to the merchant).
– Acccumulation
May 24 at 14:45
@Accumulation so the risk is on the merchant, not the bank (other than a few cases where the merchant cannot refund the charge, but those are edge cases).
– jcaron
May 24 at 17:06
Basically, any terminal with a keypad will have the capability to enter a card number/transaction manually. That feature may be behind a password (either dynamically, or an options setting that is only accessible with a password) that the merchant, or the person running the terminal, does not know. For example, for terminals acquired from the processor, the merchant may have never been given the configuration password. It's also possible that the options are set such that the feature only appears when there are multiple failed attempts to read the card.
– Makyen
May 24 at 22:49
"Usually the risk lies with the bank" The risk pretty much always lies with a bank. With a secure mode, the risk lies with the issuing bank. With insecure methods, the risk lies with the acquiring bank (who then passes the chargeback along to the merchant).
– Acccumulation
May 24 at 14:45
"Usually the risk lies with the bank" The risk pretty much always lies with a bank. With a secure mode, the risk lies with the issuing bank. With insecure methods, the risk lies with the acquiring bank (who then passes the chargeback along to the merchant).
– Acccumulation
May 24 at 14:45
@Accumulation so the risk is on the merchant, not the bank (other than a few cases where the merchant cannot refund the charge, but those are edge cases).
– jcaron
May 24 at 17:06
@Accumulation so the risk is on the merchant, not the bank (other than a few cases where the merchant cannot refund the charge, but those are edge cases).
– jcaron
May 24 at 17:06
Basically, any terminal with a keypad will have the capability to enter a card number/transaction manually. That feature may be behind a password (either dynamically, or an options setting that is only accessible with a password) that the merchant, or the person running the terminal, does not know. For example, for terminals acquired from the processor, the merchant may have never been given the configuration password. It's also possible that the options are set such that the feature only appears when there are multiple failed attempts to read the card.
– Makyen
May 24 at 22:49
Basically, any terminal with a keypad will have the capability to enter a card number/transaction manually. That feature may be behind a password (either dynamically, or an options setting that is only accessible with a password) that the merchant, or the person running the terminal, does not know. For example, for terminals acquired from the processor, the merchant may have never been given the configuration password. It's also possible that the options are set such that the feature only appears when there are multiple failed attempts to read the card.
– Makyen
May 24 at 22:49
add a comment |
The reason I would consider most likely is "liability shift".
When a card transaction is flagged as fraudulent, the issuer will check whether the merchant who accepted the payment met agreed standards of:
- Security: is the payment system properly isolated, access to card details strictly controlled, etc
- Authentication: did the customer provide evidence that they were the card holder
If these standards are not met, then the merchant is charged for the flagged transaction; something they obviously want to avoid.
If you walked into the office, they could:
- Demonstrate security by using a dedicated hardware device, and never see your card number
- Authenticate you using chip-and-PIN, or checking a signature (in places where that's still accepted)
If you were buying something online, the equivalent would be:
- Isolating the page where you enter your card details from the rest of the system, and never logging the details entered
- Authenticating you by asking you to complete a 3-D Secure challenge (Verified by Visa / MasterCard SecureCode, or the newer Visa Secure / MasterCard IdentityCheck)
If you give details over the phone, some security can be demonstrated, but there is a risk of the operator memorising your details, and there is currently no good system for authentication. So such "MOTO" payments generally shift liability to the merchant.
answered May 23 at 17:41
IMSoPIMSoP
25916
add a comment |
The reason I would consider most likely is "liability shift".
When a card transaction is flagged as fraudulent, the issuer will check whether the merchant who accepted the payment met agreed standards of:
- Security: is the payment system properly isolated, access to card details strictly controlled, etc
- Authentication: did the customer provide evidence that they were the card holder
If these standards are not met, then the merchant is charged for the flagged transaction; something they obviously want to avoid.
If you walked into the office, they could:
- Demonstrate security by using a dedicated hardware device, and never see your card number
- Authenticate you using chip-and-PIN, or checking a signature (in places where that's still accepted)
If you were buying something online, the equivalent would be:
- Isolating the page where you enter your card details from the rest of the system, and never logging the details entered
- Authenticating you by asking you to complete a 3-D Secure challenge (Verified by Visa / MasterCard SecureCode, or the newer Visa Secure / MasterCard IdentityCheck)
If you give details over the phone, some security can be demonstrated, but there is a risk of the operator memorising your details, and there is currently no good system for authentication. So such "MOTO" payments generally shift liability to the merchant.
answered May 23 at 17:41
IMSoPIMSoP
25916
add a comment |
The reason I would consider most likely is "liability shift".
When a card transaction is flagged as fraudulent, the issuer will check whether the merchant who accepted the payment met agreed standards of:
- Security: is the payment system properly isolated, access to card details strictly controlled, etc
- Authentication: did the customer provide evidence that they were the card holder
If these standards are not met, then the merchant is charged for the flagged transaction; something they obviously want to avoid.
If you walked into the office, they could:
- Demonstrate security by using a dedicated hardware device, and never see your card number
- Authenticate you using chip-and-PIN, or checking a signature (in places where that's still accepted)
If you were buying something online, the equivalent would be:
- Isolating the page where you enter your card details from the rest of the system, and never logging the details entered
- Authenticating you by asking you to complete a 3-D Secure challenge (Verified by Visa / MasterCard SecureCode, or the newer Visa Secure / MasterCard IdentityCheck)
If you give details over the phone, some security can be demonstrated, but there is a risk of the operator memorising your details, and there is currently no good system for authentication. So such "MOTO" payments generally shift liability to the merchant.
answered May 23 at 17:41
IMSoPIMSoP
25916
The reason I would consider most likely is "liability shift".
When a card transaction is flagged as fraudulent, the issuer will check whether the merchant who accepted the payment met agreed standards of:
- Security: is the payment system properly isolated, access to card details strictly controlled, etc
- Authentication: did the customer provide evidence that they were the card holder
If these standards are not met, then the merchant is charged for the flagged transaction; something they obviously want to avoid.
If you walked into the office, they could:
- Demonstrate security by using a dedicated hardware device, and never see your card number
- Authenticate you using chip-and-PIN, or checking a signature (in places where that's still accepted)
If you were buying something online, the equivalent would be:
- Isolating the page where you enter your card details from the rest of the system, and never logging the details entered
- Authenticating you by asking you to complete a 3-D Secure challenge (Verified by Visa / MasterCard SecureCode, or the newer Visa Secure / MasterCard IdentityCheck)
If you give details over the phone, some security can be demonstrated, but there is a risk of the operator memorising your details, and there is currently no good system for authentication. So such "MOTO" payments generally shift liability to the merchant.
answered May 23 at 17:41
IMSoPIMSoP
25916
edited May 23 at 21:58
answered May 23 at 17:41
IMSoPIMSoP
25916
answered May 23 at 17:41
IMSoPIMSoP
25916
answered May 23 at 17:41
IMSoPIMSoP
25916
25916
add a comment |
add a comment |
Assuming his terminal is even set up for manual entry, I'm going to guess it's one of two things, it's a lot more work that he doesn't want to do, or he's worried you'll claim fraud later and then he's out item and price.
answered May 23 at 11:31
pboss3010pboss3010
56526
add a comment |
Assuming his terminal is even set up for manual entry, I'm going to guess it's one of two things, it's a lot more work that he doesn't want to do, or he's worried you'll claim fraud later and then he's out item and price.
answered May 23 at 11:31
pboss3010pboss3010
56526
add a comment |
Assuming his terminal is even set up for manual entry, I'm going to guess it's one of two things, it's a lot more work that he doesn't want to do, or he's worried you'll claim fraud later and then he's out item and price.
answered May 23 at 11:31
pboss3010pboss3010
56526
Assuming his terminal is even set up for manual entry, I'm going to guess it's one of two things, it's a lot more work that he doesn't want to do, or he's worried you'll claim fraud later and then he's out item and price.
answered May 23 at 11:31
pboss3010pboss3010
56526
answered May 23 at 11:31
pboss3010pboss3010
56526
answered May 23 at 11:31
pboss3010pboss3010
56526
answered May 23 at 11:31
pboss3010pboss3010
56526
56526
add a comment |
add a comment |
- They pay higher merchant fees for card-not-present transactions. This is often the case for shops that sell high-price-tag items; they don't care about per-transaction fees, but haggle hard to get the best percentage fee. Those best rates come with strings attached.
- There may be a high level of scams run on these items. They fear (reasonably or otherwise) that this "voice on the telephone" who they've never met is keeping a distance for a reason.
They are liable for fraudulent transactions done with "chip cards" that aren't processed via chip. This "liability shift" is new, and was done to motivate merchants to roll out chip machines. This is just plain self-preservation on the merchant's part; in a high priced merchandise business, one fraudulent transaction can ruin your whole month.- They are not equipped to securely handle your data via computer. Their systems would need to meet a "gold standard" of computer security called "PCI-DSS" which applies to every computer on every network capable of reaching that network.* This is a huge burden for a family sized business; it's simply impractical for them to comply.
Also, do not assume the ability to do perfect compliance with good policies. Having worked a high-value-item retail store, I can tell you that very often, the best you can do is honest and good salesmen who care about the customer and respect your business. If they loved technical stuff, they wouldn't be working here. They just can't/won't comply with the subtle details that are needed, and given the complexity you can hardly blame them. It is simpler to disallow the activity altogether, and set a good example by the owners not doing it either.
* The exception is things like the "swiper" machine or a "PayPal Here" swiperfob that use "Point to point encryption" aka a secure VPN tunnel, straight from the swiper to the bank's servers.
answered May 24 at 15:44
HarperHarper
27.3k64096
add a comment |
- They pay higher merchant fees for card-not-present transactions. This is often the case for shops that sell high-price-tag items; they don't care about per-transaction fees, but haggle hard to get the best percentage fee. Those best rates come with strings attached.
- There may be a high level of scams run on these items. They fear (reasonably or otherwise) that this "voice on the telephone" who they've never met is keeping a distance for a reason.
They are liable for fraudulent transactions done with "chip cards" that aren't processed via chip. This "liability shift" is new, and was done to motivate merchants to roll out chip machines. This is just plain self-preservation on the merchant's part; in a high priced merchandise business, one fraudulent transaction can ruin your whole month.- They are not equipped to securely handle your data via computer. Their systems would need to meet a "gold standard" of computer security called "PCI-DSS" which applies to every computer on every network capable of reaching that network.* This is a huge burden for a family sized business; it's simply impractical for them to comply.
Also, do not assume the ability to do perfect compliance with good policies. Having worked a high-value-item retail store, I can tell you that very often, the best you can do is honest and good salesmen who care about the customer and respect your business. If they loved technical stuff, they wouldn't be working here. They just can't/won't comply with the subtle details that are needed, and given the complexity you can hardly blame them. It is simpler to disallow the activity altogether, and set a good example by the owners not doing it either.
* The exception is things like the "swiper" machine or a "PayPal Here" swiperfob that use "Point to point encryption" aka a secure VPN tunnel, straight from the swiper to the bank's servers.
answered May 24 at 15:44
HarperHarper
27.3k64096
add a comment |
- They pay higher merchant fees for card-not-present transactions. This is often the case for shops that sell high-price-tag items; they don't care about per-transaction fees, but haggle hard to get the best percentage fee. Those best rates come with strings attached.
- There may be a high level of scams run on these items. They fear (reasonably or otherwise) that this "voice on the telephone" who they've never met is keeping a distance for a reason.
They are liable for fraudulent transactions done with "chip cards" that aren't processed via chip. This "liability shift" is new, and was done to motivate merchants to roll out chip machines. This is just plain self-preservation on the merchant's part; in a high priced merchandise business, one fraudulent transaction can ruin your whole month.- They are not equipped to securely handle your data via computer. Their systems would need to meet a "gold standard" of computer security called "PCI-DSS" which applies to every computer on every network capable of reaching that network.* This is a huge burden for a family sized business; it's simply impractical for them to comply.
Also, do not assume the ability to do perfect compliance with good policies. Having worked a high-value-item retail store, I can tell you that very often, the best you can do is honest and good salesmen who care about the customer and respect your business. If they loved technical stuff, they wouldn't be working here. They just can't/won't comply with the subtle details that are needed, and given the complexity you can hardly blame them. It is simpler to disallow the activity altogether, and set a good example by the owners not doing it either.
* The exception is things like the "swiper" machine or a "PayPal Here" swiperfob that use "Point to point encryption" aka a secure VPN tunnel, straight from the swiper to the bank's servers.
answered May 24 at 15:44
HarperHarper
27.3k64096
- They pay higher merchant fees for card-not-present transactions. This is often the case for shops that sell high-price-tag items; they don't care about per-transaction fees, but haggle hard to get the best percentage fee. Those best rates come with strings attached.
- There may be a high level of scams run on these items. They fear (reasonably or otherwise) that this "voice on the telephone" who they've never met is keeping a distance for a reason.
They are liable for fraudulent transactions done with "chip cards" that aren't processed via chip. This "liability shift" is new, and was done to motivate merchants to roll out chip machines. This is just plain self-preservation on the merchant's part; in a high priced merchandise business, one fraudulent transaction can ruin your whole month.- They are not equipped to securely handle your data via computer. Their systems would need to meet a "gold standard" of computer security called "PCI-DSS" which applies to every computer on every network capable of reaching that network.* This is a huge burden for a family sized business; it's simply impractical for them to comply.
Also, do not assume the ability to do perfect compliance with good policies. Having worked a high-value-item retail store, I can tell you that very often, the best you can do is honest and good salesmen who care about the customer and respect your business. If they loved technical stuff, they wouldn't be working here. They just can't/won't comply with the subtle details that are needed, and given the complexity you can hardly blame them. It is simpler to disallow the activity altogether, and set a good example by the owners not doing it either.
* The exception is things like the "swiper" machine or a "PayPal Here" swiperfob that use "Point to point encryption" aka a secure VPN tunnel, straight from the swiper to the bank's servers.
answered May 24 at 15:44
HarperHarper
27.3k64096
answered May 24 at 15:44
HarperHarper
27.3k64096
answered May 24 at 15:44
HarperHarper
27.3k64096
answered May 24 at 15:44
HarperHarper
27.3k64096
27.3k64096
add a comment |
add a comment |
protected by JoeTaxpayer♦ May 26 at 13:26
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
15
He's concerned that you might be committing fraud? "Hi, I'd like to pay you by reading these numbers to you that totally came off the card I'm holding and not from a list I downloaded from the dark web..."
– Stobor
May 24 at 1:04
5
Are you in the USA (considering swiping is still a thing)?
– gerrit
May 24 at 7:31
"I did not ask him why because he is a grumpy man." This is excellent advice.
– barbecue
May 24 at 16:00
@Stobor I don't know where you have been in the last 20 years. Downloadable card details are enough for paying on 99% of the e-commerce websites across the globe.
– rapt
May 24 at 23:47