although heavily misunderstood, this is built into cryptocurrencies since day 1 (many critics have long thought crypto requires power and internet access, many proponents also don't know otherwise)
with card networks learning from competition and functionally being public-only keys, this should be even simpler to implement
Checking the signature on some blob that says "this be money" is not enough.
For example, when each transaction is done, both parties might keep a cryptographic proof which they are required to submit once they are online again.
Failing to submit could result in a small fine (to encourage submission) and double spending which can then be detected could result in a large fine (or even a prison sentence), for example.
There is, perhaps, a privacy issue, just like with blockchain. But it's not more of an issue than online transactions.
The offline credit card system does not proof fraud but just has insurance.
Offline payment specifically allows double-spending. If you have offline payment, you don't need a ledger at all; you can just use PGP.
Even better, when you're back online the network will run a sanity check to protect against the evils of inflation.
(Note: inflation-check fees will vary between 0 and 100% per payee.)
This worked nicely until the tensions in Europe lead to more cyberattacks rolling in and suddenly you have people not being able to buy food, medicine, and so forth. Not too long after, there was a government advisory urging people to keep some cash reserves in case a larger cyberattack happens, but cultural habits at large are hard to change. This is of course a coarse simplification of the context, but might help understand this incentive a bit better.
it's really visa lobbying to destroy the (somehow worse than visa) easy credit new players. they give credit like candy because being online and low value only it's easier to avoid (or swallow) fraud.
forcing their hand to accept offline sales mean they can't decide on the spot, and now those 5k credit lines which they only allow transactions for sub 100 purchases at a time will be wide open for offline fraud they can't detect, and which visa already know how to handle/sustain.
this will probably be lobbied elsewhere soon. i predict Netherlands is next.
Are you sure this isn't impression you've gotten from isolated reactions involving a small number of individuals, perhaps just a single individual? I can't relate to the sentiment at all, having lived here for just over three decades and experiencing the popularity shift from cash to debit card. I can, in fact, not recall a single time ever that someone has divulged the opinion that they consider cash "dirty and criminal".
More than anything else the Swede's favor of debit card is the convenience. Second to that I would say is the security of not immediately losing funds if you misplace the card or it being stolen - it feels less risky carrying a debit card, in particular if you're the type who prefers having more than a few "tens" on you in case you'd need or want to buy something.
Cash is the ultimate privacy payment.
I don't love the law, but having cash on its own is not grounds for seizure. Having expensive goods that you cannot explain how you managed to pay for is what they are targeting, according to your source.
This is basically a law that takes your expensive shit away if you are too stupid to launder your ill-gotten cash.
By the way, have you ever wondered what the definition of "expensive goods" is? Of course, the powers that be want to make it all about the Rolexes and Lamborghinis, but a cursory peek at the actual law reveals [1]:
> Section 4 If the property has been seized and the value of what may be confiscated does not exceed one tenth of the price base amount according to Chapter 2, Sections 6 and 7 of the Social Insurance Code, a question about confiscation of the property may be examined by 1. a police officer, or 2. another employee of the Police Authority or the Security Service appointed by the respective authority.
Which effectively means that using the "price base amount" value of ~59k SEK in 2025, you are subject to asset forfeiture at the whims of any police officer once you have more than 600 bucks in your wallet or under the mattress.
But I'm sure they will only use it on brown gang bangers or knife wielding foreign drunks and not law abiding citizens such as myself, so it's fine!
[1] https://www.riksdagen.se/sv/dokument-och-lagar/dokument/sven...
You said: "Sweden has introduced civil asset forfeiture where the mere possession of cash can make you a suspect." in a conversation about cash in Sweden, and posted an article about how there is a law that allows police to seize goods in certain circumstance.
I pointed out that cash != luxury goods.
I already said it was a law I don't agree with. But it also isn't a law that says that police can just take cash from you according to your sources . The section that you quoted doesn't seem to support your assertion about cash either, but I need the rest of the context.
In reading the law it is allowed to seize cash under very specific circumstances, but simply possessing cash is not enough evidence to seize it.
Cash seizure ("penningbeslag") can be used in an investigation concerning independent forfeiture ("utredning om självständigt förverkande").
The initiation of an investigation and the use of "penningbeslag" are contingent on the "reason to assume that property originates from criminal activity." This implies that merely possessing cash, without any connection or suspicion of it being linked to criminal activity, would not be sufficient grounds for seizure under this law. There needs to be an antecedent suspicion that the cash is proceeds of crime.
An investigation for independent forfeiture should be initiated "if there is reason to assume that property originates from criminal activity" (2 kap. 2 §). The purpose of such an investigation is to "investigate whether the property originates from criminal activity" (2 kap. 1 §).
Therefore, the primary circumstance for cash seizure is when there is reason to believe that the cash originates from criminal activity.
> You can put lipstick on a pig all you want, but if you reverse the burden of proof from "we have to prove your money is dirty" to "you have to prove your money is clean", that is a very clear cut case of "possessing cash is grounds for seizure" to me.
Swedish law does not describe such a reversal for the initial act of seizure or investigation. As previously discussed, the law states: "En utredning om självständigt förverkande ska inledas om det finns anledning att anta att egendom härrör från brottslig verksamhet" (2 kap. 2 §). This means there must first be a "reason to assume" that the property (including cash) originates from criminal activity before an investigation is initiated and seizure measures like "penningbeslag" (cash seizure) are applied.
> Section 4 If the property has been seized and the value of what may be confiscated does not exceed one tenth of the price base amount according to Chapter 2, Sections 6 and 7 of the Social Insurance Code, a question about confiscation of the property may be examined by 1. a police officer, or 2. another employee of the Police Authority or the Security Service appointed by the respective authority.
This section, "Beslut om förverkande" (Decisions on forfeiture), discusses who can decide on the forfeiture of already seized property (beslag or penningbeslag) if its value is below a certain threshold. It pertains to the administrative decision to forfeit after the property has already been seized based on the criteria in 2 kap., not the criteria for the initial seizure itself.
When I joined my gamedev studio I had colleagues asking me why I had cash, and many of them didn’t even recognise what it looked like (there was a switchover of the notes a year or two prior).
There was an insinuation that I would use it for drugs. So, I suspect that the parent is right here.
Add.: another poster suggested that someone had a bit of a laugh with you by saying it, which is also entirely possible. Basic joke.
https://en.wikipedia.org/wiki/United_States_five-hundred-dol...
https://en.wikipedia.org/wiki/United_States_one-thousand-dol...
https://en.wikipedia.org/wiki/United_States_five-thousand-do...
https://en.wikipedia.org/wiki/United_States_ten-thousand-dol...
Your best bet of happening into a $50 is if you go to a bank for an in-person withdraw and they ask you for preferred denominations. Generally the money is dispensed in $20s even there unless specified.
Your second best bet would be if you're selling something "on the side" and the purchaser uses a $50 in a transaction, which I would say is also rare these days, most people use Venmo or equiv.
Your best bet of handling a $50 is probably as a bartender, or of course as a bank teller.
I have held $50s a few times in my life, and even my reaction is "huh, a $50, don't see those often"
Nowadays that's less common from tourists from Europe, but tourists from Asia are still likely to bring cash.
Let me introduce you to a $2 note.
They are effectively becoming the new $20 with inflation continuing upwards, and I expect their popularity to continue to increase.
I have had many places reject $100 bills though.
I’m that weirdo that tries to pay cash for most everything, so sample size is large and across a diverse set of businesses.
Due to what I tend to pay cash for these days (lunches, drinks with a friend, etc.) and prices being what they are, they are rapidly becoming my “go-to” denomination.
See also: https://www.bbc.com/news/business-48993008
which as well as explaining the background to the note and debates over whether it should be taken out of circulation also points out the context the average British adult was making about 20 cash transactions a month as of 2018 (none of them involving £50 notes)
A friend's dad showed me one when I was at school - that's it. He seemed amused I hadn't seen one before, then after making a minor show of it, as if it was some precious, rare item, said he'd never previously seen one either. They've been uncommon my whole life, and apparently could/can be difficult to actually use, shop assistants being unfamiliar with them and not confident in their legitimacy.
I expect today most people would use bank transfers for the sort of sum where the sheer number of notes would make a £50 one useful.
But when the bill is £45, there's no problem anyway.
I felt like I was very cool considering how rare they are.
(Maybe they're a bit easier to get hold of now, especially with recent inflation? But I don't use cash as much as I did when I was younger.)
I believe them. Cash machines dispense(d) them, but usually only if you withdraw 1000DKK or more in a single transaction. That's unusual for people that rarely use cash.
I had them as I was following the official advice to keep some cash around in case the banking system is hacked etc, but I spent them and withdrew 100DKK notes when the advice was updated to point out that if everyone had only 500DKKs at home it wasn't very flexible.
I am slightly ashamed to realise that my banking app shows I haven't made a cash withdrawal in Denmark for more than 12 months — the second part of the official advice is to use cash occasionally to keep that system working.
No insight provided nor sources.
Just an opinion, a strong assertion, confidently stated with a tone of superiority.
Depends. Very long time ago I was approached by a group of seemingly friendly people asking for direction, then I felt sharp object to my belly and they told me to walk slowly towards cash point. They said they'll stab me if I don't withdraw all money I can. So I did. When cards were not popular, I would have small amount of cash in the wallet and anything more substantial hidden in a sock or elsewhere. Thieves would take what would be comfortable for me to lose. I guess it can be the same with cards - have a card with small amount and actual card hidden, but it is not as easy to hide as cash. Then you have whole other kettle of fish - banking apps. There's been instances of people being forced to do transfer at knifepoint. For that reason I don't use any apps, apart from throwaway bank account - again with small balance just in case. Shame more banks are restricting web access, which I think is most secure.
Wow. What country is/was that?
Swedish here. The impression is common. Sweden is a small country and has long had a fairly cohesive culture. The culture has decided that digital payments are the way. Deviation from the collective way is always suspect.
No.
Swedish here, too.
Your impression is misguided. Maybe it's the norm in Stockholm, but 80% of the population live elsewhere. We do use cash and nobody thinks its suspicious to pay with cash, stop making stuff up.
I have barely used cash in 25 years. This doesn't mean anything at all. You're probably putting this solely in the context of using cash for significantly large purchases, e.g. higher 4 digit sum or above, or as in your example a craftsman who want to exempt it from his or her accounting. Nobody bats an eye at a person buying groceries, or some gadget for a couple of hundred, with cash.
You are spewing complete nonsense.
Here's some perfectly normal stuff I use cash for in sweden on the regular:
- flea markets
- strawberry stand by the road
- unmanned vegetable shop has a cash bin and a pay-for-what-you-take sign
But I do see people paying with cash in supermarkets etc, and I don't judge them as criminals. Some people just prefer to manage their money that way.
I got caught out by a thing like this, recently. (I'm on the east coast of the US.)
My kids had a day off from school, and it was a nice day to ride bikes. There's a small municipal park around 5 miles (8 km) away, with a nice mini-golf course and a grill/cafe next to it. They were eager to go by themselves, so I told them they could ride their bikes there and gave each kid enough cash for a round of mini-golf, a cold drink and some lunch.
The park was card only! While that has been happening more and more, I was not expecting that from a city park. Thankfully, they're not shy kids, and they persuaded one of the park employees to use a personal card in exchange for cash. But I was shocked. They're 10 and 13 years old... it had not previously occurred to me that I should give them cards of any kind.
But yeah you still give cash to kids.
But you've reminded me of a case I still use cash: on business trips abroad with a mixed group of people from several countries, most people put money on the table to pay their share.
I feel sorry for you and those people.
Tradespeople sometimes request cash payment or provide a good discount for cash payments (well above any fee they would be charged). I guess where you are no one considers this dubious (really???) but at least in discussions with family the feeling is that the request for cash only payment is dubious.
We also have a local retail establishment that is cash only. I think it's looked at dubiously.
I personally have experienced it. Someone wanted to split payment on something between cash and a check so they could report the value of the item was lower because it would save them taxes every year. Again, the use of cash was I think a bit dubious.
Note: Cash allows you to avoid all sorts of obligations (tax / family support / debt collection and garnishment etc etc), ineligiblity for banking (europe is pretty strict in some cases for example with folks with no legal status with banking) and is still used in things like the drug trade. Even if everyone around you considers large cash transactions reasonable that might be naivety or they may simply not have been exposed to larger cash transaction activity.
I do like and carry cash.
This is what people think of when someone "uses cash". Not hauling tens of thousands to buy a used car or to settle the bill for having your bathroom tiled, which would be cases I too would raise an eyebrow over.
If a merchant tries to promote cash options I immediately think they’re doing it for tax evasion reasons - not because of the touted reason that “card payments cost more to process” (they don’t once you factor in the cost of handling cash).
With credit cards you pay a fee, but you don't have to deal with all of those other things that people often don't consider.
Apart from a transit card (all the mass transit also takes cash ... no fee added), I'm not going to pay to feed the surveillance machine.
Where I live in Seattle, a lot of businesses simply don't handle cash at all, because break-ins for the cash register are quite expensive to deal with, and they circumvent that problem by simply posting outside the business that there is no cash.
One of the few businesses near me that must take cash, a dispensary, recently had an issue where somebody tried to break in using a stolen pickup truck to crash into the building. They didn't get the cash because they didn't get past the interior bollard system, but they did cause enough structural damage that the roof partially collapsed into the street.
But i've paid with cash all over europe, and except for some vending machines, i've never been turned down, be it london, paris, berlin, belgrade or athens... from large supermarkets and museums, to local corner newsstands with a small fridge and cold drinks and local fast food joints. On the other hand, the most unsafe I ever felt as a traveller was in chicago, supposedly in a "nicer/safe area", and I've been through the balkans in the 1990s.
https://www.seattletimes.com/seattle-news/politics/king-coun...
I’m definitely looked as crazy in my friend group from time to time, but over the years I’ve just become known as the guy who will always have cash on him if necessary so I guess the walking ATM bit helped with acceptance of it?
I figure that if folks don’t take a stand and use cash even if they don’t need to now, we will lose the ability to later. I don’t want to live in a world where all my purchases are mineable, because that eventually turns into monitored and then authorized.
The inconvenience is a small price to pay for freedom from surveillance.
It has amused me though over the years how bad cash handling skills have become. When I was a cashier as a teenager 25+ years ago, myself and all my fellow coworkers could break change at relative light speed and often just from mental math/memory. Now it’s amusing watching a young cashier give change back on a $48.31 order after handing them a $100 bill. Sometimes takes longer than the proverbial grandma writing a check back in my day.
I believe it was part of an agreement with the card companies over anti-competitive behavior.
What's your opinion on that? In NA, for small businesses it's common to offer to pay in cash to avoid paying sales tax.
It's also not common (and illegal).. this account posts a lot of vague platitudes.
This is almost always in a portion of the invoice written up at around half the agreed amount, and the rest in cash. Or for smaller jobs just on the side with no paperwork involved outside of a firm handshake.
This is the norm for the lower end of the trades. If you’re dealing with a single owner company with a few employees I’d be very surprised if they would not be willing.
Yeah, once you get into “real companies” that are charging upper middle class rates on million dollar properties it changes.
I haven’t had trades work done in Mexico, but considering all my visits were effectively cash only transactions I’d be pretty surprised if it wasn’t at least as common as in the US.
I don't know about Australia, but in New Zealand many small retailers and restaurants add a card payment surcharge (typically 1.5%-2.5%) automatically when you pay by card. So you are somewhat penalised for the convenience of using a card. This never happens in Europe.
Visa and Mastercard have successfully lobbied and conspired with local banks in both countries to bury EFTPOS, which were national debit card payment systems with a flat transaction fee ranging between 10 and 50 cents per transaction (depending on the bank).
A while back, Visa/MC realised that debit card transactions, being on the rise, were a highly lucrative market to tap into that they had been missing out on, so they set out on a war of attrition and conspired with the local big banks to phase out EFTPOS cards in favour of Visa/MC debit cards, where the cost of transaction was to be passed on to the card user. Tiered debit cards quickly followed (Platinum, etc.), that attracted higher fee percentages for Visa/MC – payment network commission fees are published on the respective payment network websites. Other than consumers, all parties involved (big banks, payment networks) became moist with excitement at getting a huge slice of the card transactions pie.
But there is the light at the end of the tunnel (other than the light of the oncoming train) – the RBA has moved to ban all card surcharges from July 2026.
In the EU you can not charge a card fee on consumer transactions, so the merchant has the eat the cost.
If your revenue is - 2-3000 Eur a month, payment fees (and terminal subscription fees) can have a big impact.
If I were charging £3k/month, I'd be just above the threshold where paying £19.99/month to get a transaction fee of 0.99% saves money overall.
Additionally, and specifically in Sweden, the fees that banks charge businesses for handling cash (picking it up and depositing it at the end of each business day) have increased significantly in the last decade or two. This has been a significant factor in driving businesses away from cash - it's just expensive for them to deal with.
The US has a much less secure system specifically because there was much less credit card fraud in the US than in Europe.
Chip and PIN was an attempt to combat the rampant fraud in Europe.
It may be true at this point, I haven’t been tracking recently, but it wasn’t in the past.
So if you are a law abiding citizen you can easily be pissed off that you get to pay taxes and they don't.
For a few years "we don't take card" was widely interpreted as a strong indicator the merchant would evade taxes, and "I won't go there anymore" was a common reaction from some people. These days it's technically illegal and yet you will still find _some_ shops that only want cash.
That seems totally fair if they can’t pass that cost on to you for using a card. Why should they have to pay to accept your patronage?
And you didn’t answer why you shouldn’t pay that fee.
Managing cash has costs too, they're just harder to quantify: you have to ferry it to a bank, you have increased risk of theft, fraud, and robberies, you need extra time to actually check the register etc.
And then you risk losing business if you don't offer card payments because it's just more convenient for most customers (you may like wise lose some if you don't take cash, but that's a vanishing market).
That's what makes interchange and network fees so much more problematic than acquiring fees. There's very healthy competition between credit card acquirers and payment service providers on both features and price, but in the end, you have to accept whatever card your customer has or there won't be a transaction.
And you're mistaken if you think cash is cheaper for most stores. You risk theft (so need to pay for measures against that), you have straight losses from mistakes, have to spend time handling and counting cash, spend time depositing, spend time buying change, etc etc
Regarding cash, does your bank not charge a fee for depositing cash?
At this point the cost of handling cash is way higher than handling cards and as no one in Sweden ever uses cash its no longer relevant at all anyway. Now many (maybe even most?) dont accept cash to avoid the cost of handling cash instead.
(The fact that credit card networks continue doing business in Europe proves they're still profitable and the US is getting ripped off by these fees)
Paying for a used car in cash would actually be difficult because handling an amount greater than the equivalent of around USD $1k immediately starts tripping KYC/AML flags at any bank if you try to deposit it, and it's hard to use in day to day life because few places other than grocery stores even accept cash anymore.
Honestly, that system sounds a bit Orwellian. But also, does that mean that you have to pay a bank transfer fee every time you buy anything?
It's also worth noting that credit card interchange fees are price controlled in Europe; there's a EU directive that caps the interchange fees at 0.2% for debit cards and 0.3% for credit cards. Because of this, cashback on credit cards is pitiful in the EU; you can get 0.5% cashback but not much more than that.
No, not at all. The Swish rails are free to users. But I've never had to pay any transfer fees for domestic transfers anyway. They are just much slower than using Swish (instant transfers) and much more clunky (bank account number etc. vs. phone number/QR-code).
It didn't have proper two-factor authentication when you just had to tap a button on the smartphone to approve a log-in or a bank transfer (and users didn't always tell which was which). Now it requires reading a QR code — which it should have done all the time.
AFAIK it still does not use any secure key storage on the smartphone, so if your phone gets rooted by an attacker, the attacker could gain access to your bank accounts. So far, frauds have been much easier to pull off, so criminals have not bothered to hack it. (that we know of)
1. BankID always allowed to have different settings for login and for signature. I have done that since forever. For example, I configured login to allow biometrics but not signature. If it's forcing me to enter the security code I know it is a signature, which forces me to pause. I cannot sign anything by mistake (like a transfer) because I'm forced to enter my long security code to complete it. And for the much more frequent scenario of pure logins, I can just use my finger.
2. I believe it does use the hardware-backed keychain if the device has one. I cannot prove it as the source code is not available, but I remember being curious and checking this on a rooted device.
Cash is simply not used anymore by normal people.
Electronic payment (including between friends) just works here. It is easier and faster to pay with mobilepay than to use cash.
Doing this in a digital system requires first some computing device (be it phone or laptop or whatever) then check the account value, read it correctly, then do some arithmetics and then interpret the result. That's a year or two older.
Swish is the de facto standard for sending money between individuals [2], and that's what grandparents tend to use to send money to their grandchildren. It's fee-less (for person-to-person transfers use at least) and it connects your bank account with your phone number. So if anyone wants to send you money, they can just open Swish and enter your phone number (or scan a QR code) and send you some. You also have to sign the payment with the BankID app, which is the de facto standard for authentication [3].
And when I write de facto standard I really mean it. 99.9% of Swedish residents age 18-67 have BankID (8.6M users), while Swish has 8.7M private users (93% of which use Swish at least once per month).
[1] https://www.swedbank.se/privat/kort/bankkort/bankkort-master...
When counting money is just arithmetics and never cash, something is missing, and it's very clear in many young kids. Money is just points in a game, suddenly you're out, and then you can't get what you want anymore.
That said, nobody thinks of cash as dirty, just annoying. Also our payment system has always been able to work offline, because it started rolling out in the 80s.
EFTPOS is our national post of sale system, it has very low or no fees for any party involved. Merchants pay a fixed machine rental per month which can include unlimited transactions, or may have a per transaction fee of up to $0.20. Most individuals do not pay a fee for using EFTPOS and there’s normally no card fee, though some banks have accounts with fees that have other benefits (eg higher deposit interest rates to encourage saving).
Contactless goes via the standard card network extortion. Since 2022 the interchange rate has been capped by legislation which has helped merchants a lot, but the per transaction fee over the card network is still far higher than EFTPOS.
Contactless EFTPOS does exist in Australia - we share a lot of the underlying tech - but the banks won’t activate it here because they’d lose the interchange fees.
Online EFTPOS is starting to gain market share though, which is nice.
Regarding places not accepting cash: NZ First (political party) is proposing to protect the right to use cash and make all businesses accept cash for up to $500 items.
> The Cash Transactions Protection Bill would mandate businesses in trade accept cash payment for goods valued up to $500.
It is capped at $300 per card used and 200 transactions stored (I believe some large merchants can vary this, but not by much), it’s only for temporary failures not multi-hour outages.
You can quickly find information with your favourite search engine.
Just to reiterate how ubiquitous Swish and BankID are here: 99.9% of Swedish residents age 18-67 have BankID (8.6M users), while Swish has 8.7M private users, and 93% of those users send or receive money via Swish at least once per month.
As a swede, your statement is outlandish and false.
We use cash all of the time.
Someone selling a used bike, or other items of similar value, on second hand market and not accepting Swish would maybe not directly be considered criminal, but would for sure raise an extra eyebrow about the origins of the goods.
Otherwise correct, nobody would blink if you use cash for other daily purchases like ice cream or groceries, even if unusual.
https://www.riksbank.se/en-gb/payments--cash/payments-in-swe...
Most of us don't use cash all the time unless you're a kid or >60. I can't even remember the last time I used cash.
I haven't used a banknote in more than 15 years. During this time I can't recall a single time I saw anyone using a banknote either.
Here in Malmö where I live, especially since COVID, you'll be searching more and more to find stores that take cash (besides supermarkets and kiosks and the like). I would say more than half of them don't accept cash any longer. Speaking of restaurants or pubs, my estimation would be that 2/3 have signs that say "no cash". Maybe more.
You can't do simple things as taking public transport if you want to pay by cash. You can't pay in the bus. You can't buy in the machine. It's all card or app only. You'll need to search around for an equivalent of a 7-11 kiosk to be able to buy a ticket using cash. Depending on where exactly you are when you need that, it may take as much walking than you wanted to save by taking public transport.
If you took a daily trip to the Danish side (Copenhagen) and need to come back home, I'm not even sure if it's possible to get back if you need to buy a ticket and only have cash on hand. Only Skånetrafiken sells that particular ticket and only via machines that don't take cash.
Handling cash became more expensive than taking card payments. It's also more complicated in terms of logistics and payments take longer. With this set of incentives, it's understandable why the shift happened.
Not saying I particularly like this development. Just reporting my anecdotal experience.
Similar instant payment systems have really blossomed across the world, especially in recent years. One by one, countries are finally figuring out that there's no reason to rely on American brands for all of the payment processing.
Can you use it without local ID/phone and with foreign bank account?
https://www.riksdagen.se/sv/dokument-och-lagar/dokument/sven...
I have paid 0.5DKK on a card when I've forgotten to ask beforehand for a plastic bag, and the shopkeeper cares to make me pay after.
Is it because it's considered dirty and criminal, or is it because it's a pain in the ass to deal with, and most people have no reason to bother with regularly withdrawing it, and then carrying it around?
It is interesting how the European cash culture is so very different between the countries. In Austria I struggled to find places that would take any kind of digital payments. Germany wasn't as bad, but was pretty bad. My experience is about 3 years old.
These days, the needy on the streets accept our local app based payment system called Swish. Still not joking.
source in swedish: https://www.aftonbladet.se/minekonomi/a/aPrJWL/hackergruppen...
And yes, we use cash so seldom that most people cannot from memory recall what the bills/coins look like!
It didn't help that the Riskbank replaced all bills and coins during a relatively short time period, and did it badly. People used up/deposited their old and didn't get new.
The new coins and bills have unnecessary denominations and bad design that made cash bothersome to use. They introduced an unnecessary 2 SEK coin, that is almost indistinguishable from the 1 SEK coin — especially if you are unused to them. They also introduced an unnecessary 200 SEK bill, that was just too big to be useful for small purchases. Several times I've seen people at ATMs withdrawing 100 SEK over and over again, just because they wanted the more useful 100 SEK bills.
Sounds like GrapheneOS.
Clearly the right thing for Sweden and others to do. Also worrying that even 3yrs into the Russian invasion, bordering countries are urgently increasing their preparedness for future conflicts.
I suspect this could be implemented with just policy and config changes, with no need to reissue cards or deploy new readers.
Payment terminals might be trickier as we've observed during outages that they currently don't fall back to offline transactions. But their software and business rules can obviously be updated.
Most people here pay by card and I would say the vast majority use debit cards. A lot of people don't even have credit cards, unlike the US.
I'm no expert so may be wrong about some of this, and maybe huge events like these have these systems in place due to the risk of having to shut down bars etc. Many events are completely cash less these days.
I was able to pay "offline" for my groceries at corner store nearby when their terminal had really bad or no connection at all - and that did happen a lot. They were just gathering all payments and when the "computer guy" was around he'd upload these to the Internet. The only caveat was that for some reasons these payments would be stuck for more than a week on transactions list
[1]: https://en.wikipedia.org/wiki/Kaseya_VSA_ransomware_attack
But there was always a risk of cheques being unsafe so that's why there is bank drafts. It seems that this is more similar to bank drafts than cheques.
If you really try to sum it up, I know I am going to do a grave misjustice but even a cash could be thought of a cheque from the govt. (well a cheque is meant to be unconditional but its based on the banking laws of a govt. and cash is a promissory note which is a promise made by the govt. so yeah....)
As another HN commenter pointed out here,this decision might be partially due to swedish culture of how they view cash which you can find here.
For no good reason, I keep a list of why I use checks (in the U.S.):
- Charitable donations because charities maximize every penny, and electronic contributions eat into that
- Paying the accountant - Good accountants make every penny count, and aren't interested in paying credit card overhead.
- Tipping the paperboy at Christmas
- Tipping the doorman at Christmas
- Business license renewal in certain cities
- IRS payments without a fee
- Gas bill. Gas company charges $5+ to pay by credit or debit card.
- Rent. Building charges $50+ to pay by debit card, $200+ to pay by credit card.
- Electric bill. Electric company charges $5+ to pay by credit or debit card.
- Passport renewal fee (Though I believe this is finally possible with a credit card, I haven't had the opportunity to see yet.)
- My company requires me to send it a check for the amount I receive from the government for jury duty.
- My company allows me to buy computers and other equipment it no longer needs. Checks only. (And an M2 MacBook Pro for $200 woot!)
- Fee to pay for a new car title. No credit cards accepted in my jurisdiction.
> My company requires me to send it a check for the amount I receive from the government for jury duty
That just sounds like something that shouldn't be allowed. I don't know the rules.
My company claims that allowing me to have both my regular pay and the government pay would be considered an over-payment, and the accountants say it triggers all kinds of messy things.
However, at the same time, it is illegal to do this in some American states where we have offices. So it must somehow be possible for the accountants to allow it.
It seems to vary from county to county. When I served, we were given a pamphlet stating that the rate had recently been raised.
I don't remember the exact figure, but it was well above minimum wage. Something like $80 for the first and last day, plus $120 for each day between, plus transportation costs.
Far less than what I make as a super cool tech dev bro, but I can see it taking a lot of the pain away for the average person.
Was this recent? The highest daily rate there is $15 per hour.
I’m in New Zealand and that’s fractionally more than minimum wage.
I'm sure some jurors got more. My county's jury pay/reimbursement is primarily mileage based and I live 2 miles from the court house.
Most of these reasons just sound like fee-issues to me. I use a debit card (or Swish) to pay for everything and there's never a cheaper payment option. The fact that checks somehow cost less to use than debit/credit cards sounds ridiculous tbh, especially with all the added handling that must go into dealing with them (it just seems so inefficient).
People say things like this as if the money taken in a fraudulent transaction just disappears and is untraceable, and unrecoverable. That is false.
It's one of those scare tactics that the middlemen use to sell a vision of financial-techno-secure-utopianism in order to collect a percentage of the money. Don't fall for the marketing.
The money has to go somewhere: Into another bank account, usually, which is easily traceable since banks by law have to know who they're dealing with.
Even if a check gets cashed at a check cashing store, the store requires ID, the person getting the money is on video, sometimes they have their fingerprints taken by the store, and if something still goes wrong, the store is on the hook for the money when the transaction is reported as fraudulent and reversed.
These are all problems that were largely solved last century.
Yes but you actually need to notice that it happened which requires them to actively monitor their transactions on all of their accounts. They then need to use their own time to report these transactions and wait for banks to resolve it. And that's just in the good case where bank doesn't dispute it. If they do, you now need to file official complaint with regulators or sue them. Former can probably be done by highly educated people by themselves (others likely need some legal help), in latter case you are going to need a lawyer. I'm not even sure if you are eligible to recover costs for those.
Why is this better than just not allowing pulls without explicit authorization by the consumer (SEPA Direct Debit) or just asking consumer to actually send the funds (bank transfer)?
Do they not have account alerts in your country? Any time any of my balances change, I get an immediate push notification.
Just to be clear, I currently live in the US. In Finland some banks offer email/SMS notifications but they often have fees associated with them.
Frequent notifications can create notification fatigue and that's not really great either as I'm sure anyone who gets false positive alerts from monitoring system knows.
- bank transfer
- bank transfer
- cash
- cash
- direct debit
- bank transfer or PAYE
- direct debit
- standing order (recurring bank transfer)
- direct debit
- card
- ? You pay your employer what you were paid for jury service? Bank transfer I guess, but also probably illegal
- would likely be deducted on payslip (because tax & accounting implications of below market value gift) or via a third-party that would most likely accept card
- free
That happens when you are salaried and your company pays you your normal salary for the time you are in jury duty. They already paid for your time, they are entitled to the (generally much lower) compensation that the state pays you.
Seems like it would be easier in US case just to reduce pay though, time off at 80% or whatever rather than full and then request it paid back...
I thought printed papers were all but dead even in the US and can't recall the last time I saw a stand or store where I could buy one. They faded away unceremoniously, like phone booths.
That there is enough money in it to motivate kids to get up in the morning still today I would never have guessed.
Also astonishing are the size and presence of the various fees! Around here a 5 dollar fee for invoicing is the highest I've seen, and it raises eyebrows even among the Mercedes/BMW crowd because everyone knows it doesn't cover any actual additional costs, so it's basically a scam. A way for companies to say "interest free" while still collecting interest.
In its last financial statement, the New York Times reported 600,000 print subscribers. (Plus something like 20 million paid online subs.)
Newsstands are mostly gone (though there are a few), but my experience over the last few years is that outside of tourist areas, print newspapers are available at most chain drug stores, book stores, and some gas stations. The more urban you are, the more likely you are to find them. They also remain popular in ethnic communities. I recently picked up a monthly printed newspaper in Japanese that is distributed in the DC area.
I can think of five places with six blocks of me that sell newspapers (two drug stores, two bodegas, and a bookstore).
The latest Superman movie even did a PR stunt where the movie company printed up thousands of Gotham newspapers with Superman headlines and distributed them to newspaper racks. I saw them at Walgreens.
Charities in Europe very much want an electronic donation, since the cost is far less than handling either cash or cheques. More importantly (I think), it also gives them much more opportunity to get a recurring donation.
Example UK prices (since cheques still exist there)
- Depositing cash, 70p per £100 deposited.
- Depositing cheque, 60p per cheque.
- Receiving one-off electronic payment, 10p.
- Receiving a recurring electronic payment, 4p.
Edit: on second thought, that doesn't really make sense and would be a great way to defraud the network of a ton of guaranteed money
On planes they often accept credit cards even when there's no internet. I assume this is a trust in-credit-based system because they don't accept debit cards, i.e. if you are worth being trusted with a card you can have your sandwich now and we will take care of the bank processing once we are on the ground. So maybe this will be like we trust you enough with basic goods that once we get a connection things will be sorted out situation?
What would asking for the ZIP code help if it can't be validated on the spot? If the terminal submits the transaction in batch later, it's too late for that to catch a stolen card.
Providing an incorrect ZIP code also makes the transaction more likely to be declined than not providing one at all for card-not-present transactions (and is also allowed), so it really makes no sense for a merchant to do that.
Edit: OK maybe there's different level of trust and some take a leap of faith :) In my experience debit didn't work but it appears that its not the same everywhere.
Edit: I've also seen it when paying on the cafe car while on train trips in Spain. Even without any cellphone/internet coverage they'll let you pay, but only with credit.
When a debit card prompts for a PIN, don’t enter it, press submit, and it runs as credit instead of debit, but functionally works the same as far as the card-holder is concerned. It might take slightly longer to settle, and the merchant likely gets charged higher fees, but it works just fine. When I got my first debit card 20+ years ago my bank specifically told me to select credit and using it, instead of using it with the PIN as a debit card.
These days I’ve noticed the systems tend to auto-prompt for the PIN instead of asking credit or debit. But skipping it functionally works the same as pressing credit used to.
Most people who have terrible credit have still have credit cards.
Debit cards are from banks, not supermarkets. A debit card is backed by a checking account, typically.
Plenty of places allow debit cards that don’t allow prepaid cards.
star/plus/cirrus etc - pure debit-only networks - aren't accepted on a plane
debit cards that are on one of the credit card rails (visa, mastercard, etc) are very common. those work because they're just a normal visa transaction
I wouldn’t be so sure about that. In some payment situations you’re asked whether you’d like to have the transaction go through as debit or as credit—so those two must be different somewhere. And probably in more than just a bit in a packet, as, for example, paying with debit Visas or MasterCards (normal ones, not Electron resp. Maestro) in the Netherlands (where locals almost universally have credit cards) is something of a crapshoot.
Some payment providers ask up front to simplify the flows as it's not totally trivial to determine what sort of card it is, and also because different fees apply - historically some merchants added specific fees to basket etc. (less so nowadays but the UI convention sticks)
And because the same card can be both. At least here in Brazil, most bank cards have multiple uses (credit, debit, ATM) in the same card. AFAIK, they're separate applications within the same chip, and the terminal has to select which one to use before starting.
Nope, even this is identical. These days the difference between a debit/credit card is pretty much aesthetic, from a transaction processing perspective there generally isn’t any actual differences. Differences that people see today are most artificial for the purpose of justifying extra fees, or higher interchange based an entirely arbitrary factor that has zero correlation to any risks that appear in the transaction processing and clearing mechanisms.
Basically the only reason anyone really bothers keeping the difference between credit/debit cards around, is as a technical excuse for discrimination and abusive fees. Notably in the EU nobody cares if a debit or credit card is used, because the EU outlawed all the crazy fees and other bullshit, so now there’s no commercial reason to differentiate between the two 99% of the time.
But to your wider point; from a transaction fee point of view you are dead right. Of course a credit card has other attractions; for example it's credit :D but also things like section 75 protection.
From the perspective of the card network and the merchant, there is no difference here. The card network has a contract with the issuer, so all transactions, in all scenarios, are always first paid by the issuer. It’s then the issuers problem to figure out where they get the money from.
It’s entirely possible to perform transactions on debit card that will place the account attached to it in a negative balance, and for the person owning that account to vanish. The card issuer is still on the hook for the money, neither the card network, nor the merchant, care if the issuer recovers the funds or not, they always get paid.
But there is a lot more complexity than, I think, you are glossing over. For example, you also likely have at least one technical services partner in the flows, probably two.
Additionally, money often doesn't move in real time, especially when credit cards are involved. The process is, intentionally, split.
Your point on that is fair, but remember, many credit providers are also not banks, and the money is in a bank account owned by a third party. So, as a trivial example, I can't just assume money coming to me from Bank A is related to transactions from Bank A's cards.
A lot of people don't realise that the main way all of this works is through very large batch files with lists of transactions in moving back and forth between various parties behind the scenes.
(We are on semantic points, though, but I just wanted to clarify the complexity behind the scenes that most people don't see or understand)
The BIN will tell you which bank was the issuer and which class of card you have, like standard or premium, though most readers probably don't take that into account beyond the card scheme and card type associated with the range that the individual BIN is in. Many banks will have multiple BINs for the same card type if they are large.
Credit / online debit / offline debit usually get different ranges. The reader gets a list of the ranges when it updates and they don't change super often. Offline readers can be configured to reject cards with a number in an online only range.
Before that, there was the service code on the magnetic stripe, which also can convey things like "online only" or "domestic use only".
The BIN is only involved in risk management on the terminal's side: Many of these in-flight terminal accept deferred online transactions, which means that, even though they're completely offline, they take the risk of accepting an online-only card. (For truly offline capable cards, the risk is often with the issuing bank.)
That type of risk management can benefit from knowing what type of card it is, and prepaid cards are often seen as riskier (because customers might intentionally drain them before a flight). Of course, debit and credit cards can also be empty/marked as stolen, but these are marginally harder to get and replace.
Your correct on the risk spread. I wasn't confident last night (I'm not totally versed on the terminals) but looked it up. As I understand if you choose to accept offline only payments then you accept the risk of the transaction failing. If it's the issuers choice they own the risk.
> I wouldn’t be so sure about that.
I would be very sure about that.
> In some payment situations you’re asked whether you’d like to have the transaction go through as debit or as credit—so those two must be different somewhere
Yes, that is correct.
Here,
And I guess if one has never seen these, I need to explain. In order to leave an impression on the carbon paper (I should probably explain that, too, huh?), a fair amount of pressure was needed (those old card imprinters didn’t require a gym membership, but a child could not operate one). That rolling pressure would eventually wear on the surface of the card, and turn the numbers white when the outer layer wore through.
IIRC, the merchant gets paid if hitting a credit limit or similar decline reason. The card holder then gets hit with a financial penalty (usurious interest rates, or extra charges). If the card has been stolen, it ends up in a big phonebook-like book for offline use (otherwise the merchant just called it in for big purchases).
If you mean chargebacks: I believe imprinters had card issuer liability for the longest time, at least as long as the transaction was under the (network-defined) "floor limit".
So if these were relatively low value transactions, the bank would simply not have any standing to decline payment.
Calling a call centre to verify every transaction is too expensive so only purchases over certain limits came in following BofA/Visa - and that stated that way till the late eighties when larger stores started using back office to talk to Visa network etc. but even so the ability to do live updates and verification was too much and there were weird cacheing tricks
So banks could easily approve or be liable for transactions they would prefer not to approve - so they only gave credit to the rich at first, and then to those who paid back regularly. This info was shared and became credit reference agencies - because the credit card companies shared it initially like casinos but the abuse and mistakes brought legislation
I think what i am saying is our consumer credit culture was not designed, it just grew.
I last used a carbon credit card in the early 00s. Electronic swipe and sign for a credit card had gone pretty much everywhere I went except the US by about 2010
I am not sure how valid it was, though they would take a deposit and a card imprint until we got the car accessories back.
It put all the transaction risk onto the employer, and had a high fee per-use, but since they only had these 'stock clearance' sales to employees once a year it was fine.
If you had any interest in any topic you read about on the web or in a book, that was the only way to get things even if you had the money otherwise.
Btw, what typography magazine was it?
In the backlog of my things to do is a best-of compilation of articles from the published (and one planned but unpublished) issues.
Gave me a bit of a surprise when he cashed in the paper copy two years later and I hadn't been to Australia since...
I think there was a limit of something like 60 days. At least my bank apparently refused all transactions that were settled too late.
I had a job which involved a lot of taxi trips, and when I cross checked 30% of the trips where never charged my account. I suppose they just filled up the glove box with old slips until they couldn't shut it. Hotels never failed.
So it's not _just_ blind trust.
phone auth was added later for "online" auth, then machines that automated it
The card has a variety of risk counters on it that allow it to securely decide whether an offline transaction can proceed, at least some of which are also exposed to the terminal which can have its own separate policy. I imagine internally the banks and payment gateways have a huge variety of internal related tuneables.
Auth before capture doesn’t generally reduce interchange. What it primarily does is shift liability in the event of a dispute. If a chargeback is raised, and no auth happened, then the merchant simply looses immediately. They have no mechanism for fighting the chargeback. If they auth first, and got an approval, then it’s the banks problem in the event of a customer dispute. The merchant can reply to the chargeback by pointing out the valid auth they received from the bank, and the bank has to go pound sand.
You may see this as different “interchange” rates from a specific gateway. But that’s simply not true at the network level. The difference in pricing just exists so the gateways themselves can price in the additional risk associated with auth less captures, given the gateways are always on the hook, even if a merchant goes bust. The major networks force gateways to have funds kept in escrow that are guaranteed to cover any shortfall that might occur due to individual merchant failure, or failure of the gateway itself. That how networks make sure that zero real risk every accrues with them, they make everyone else put up huge stacks of cash to ensure that every virtual cent that’s in flight at any moment, is backed by a real cent in escrow somewhere.
Plus you need to analyse how the different messages types and sequence of messages interact with the transaction processing rules, which are also hundreds of pages long.
Suffice to say, the entire system is insanely complicated, and just about everyone out there implements it all incorrectly, with the whole system on working because partners are only allowed to complain about the insanity if they actually loose money. Until that point they’re expected to just handle everything as best they can.
I find that super annoying, as it's bitten me more than once in the past when I used the wrong card for a given order without instant feedback.
Instead they effectively make all the parties that connect to the network responsible for rule enforcement. If a merchant follows all the rules correctly then they receive extremely strong chargeback protection, I.e. if an issuer sends a chargeback, and the merchant has plenty of grounds to dispute the chargeback and win.
If merchants don’t follow all the rules, then issuers can send chargebacks, and it’s much harder for the merchants to defend themselves.
In all scenarios it up to the issuers and merchants to explain in the chargeback what rules have been broken, by which party, and thus who should win based on network transaction rules. The networks themselves don’t even make a ruling directly, instead the issuer and merchant decide who wins via a back and forth process that includes escalating fees paid to each other, until one side gives up. The networks only get involved the two sides can’t resolve the issue themselves, and will charge the looser a significant fee for the privilege, so there’s a strong incentive for the parties to resolve the issue themselves.
How does of this interact with 2FA, auths etc etc. Basically 2FA, and ordinary auths are all just things a merchant can do, or trigger, to reduce their liability and get better chargeback protection. If the merchant performed a full 3DS auth, where the issuer is asked to perform 2FA, then they have pretty complete chargeback protection in the event of fraud, because they’ve basically asked issuer to make absolutely 100% that this transaction has been approved by the issuer’s customer, so there’s zero grounds later to claim that a stolen card was used or something similar. If the issuer’s customer wants to dispute the transaction, that’s the issuers problem.
But all of these mechanisms reduce checkout rates, and thus merchant revenue. As a result some extremely large merchants make a trade off of basically accepting all the risk of fraudulent transactions, and give up chargeback protection, but not following all the rules. The merchant does this because they’ve basically asked believe they have enough data to prevent fraudulent transactions, without using any of the tools the card networks provide.
For merchants that can do this (like Amazon), they build in-house fraud detection systems, and payment systems that evaluate the risk of each transaction, then change the exact way they perform the transaction to either reduce friction (because the transaction is very low risk) or increase friction (because the transaction is higher risk), thus allowing them to capture more revenue, without taking on more risk (because they have confidence their ability to detect fraud, and thus don’t need help from the issuers).
But there are very few merchants that can even do this, as it generally requires either a very collaborative payment gateway (who are ultimately on the hook for merchant misbehaviour), or a direct connection to the card networks (who aren’t interested in talking to people not moving millions of dollars every day). Which is why it tends to pretty rare.
The API call is labelled "sale", but it performs an auth and at the end of the day the system still generates a capture or settlement-style message.
If the gateway allows you to complete a sale request at 7am that doesn’t start an auth until 9pm, you have an offline payment by any other name.
If you’ve already tokenized the card on a gateway for a particular merchant, for example, they may allow you to keep pushing multiple charges while on their end still using the original network auth from the first tokenization - which ends up being entirely opaque to you, the client of the gateway.
Essentially you don’t have to care what the card network rules are, just how your gateway presents functionality to you.
Your experiences in the UK are almost certainly linked to the card issuer you were using (was it a Monzo card by any chance), and nothing to do with it being the UK. The vast majority of the legacy banks have always used offline transactions for contactless.
However there has been a bit of shift towards online transactions, driven by EU rules likes strong customer authentication, which requires regular pin entries determined by cumulative spending and duration limits (which ever is hit first). It’s a lot easier to reliably meet the requirements of SCA using online transactions.
As for how offline transactions work. It’s reasonable simply. The terminal asks the card to sign the transaction using the cards private key. Now there is an extremely complicated set of rules around how liability shifts in the event of a fraud claim, depending on many factors like the type of transaction, if a pin was entered and validated by the card, if the card ask to go online and the terminal ignored the request, they type of merchant, the exact region your in etc etc.
But regardless of all that nonsense. The technical process is very simple. The terminal has the transaction cryptographically signed using symmetric encryption with a private key that is only known to the card and the issuer of the card. That signed transaction can later be presented to the issuer so the merchant gets paid.
Given it’s a symmetric key, you may wonder what happens in the event of a dispute between the issuer and the merchant, where the issuer claims they received a forged transaction. To which the answer is, the issuer sends a signed and sealed letter to card network operator saying they have double checked the transaction signature, and believe it to be forged. And if anyone doesn’t believe them, they can sue em (this is not at all a joke, it’s literally the documented and contractual process used by the major banks and card networks).
The offline card was from a current account with an overdraft and also worked as a cheque guarantee card, for cheques up to £250 under the (discontinued ~2011) cheque guarantee scheme[0] and had a special hologram on the back. The retailer would watch you sign the cheque and write details about you, the card and any CCTV etc. on the back of the cheque. I imagine the offline behavior of the card was similar, and was a carry over from that.
The online card was from a basic account with no overdraft facility and acted a bit like a prepaid debit card.
Not just a bit of a shift: Offline-preferred transactions are basically a thing of the past. EU rules have nothing to do with it (offline EMV is fully SCA compliant as well, as the chip can keep count, although it's a bit annoying to keep counters in sync if there's more than one); it's mostly for risk management and simplification reasons, I believe.
> The terminal has the transaction cryptographically signed using symmetric encryption with a private key
Offline transactions essentially always require card authentication as well, which requires asymmetric cryptography. (Otherwise, you could trivially forge valid-looking cards and offline terminals would be none the wise since they obviously don't hold the symmetric keys for every card issued; that would be way too risky).
EU rules have everything to do with it. Meeting EMV with offline counters is tricky to get right. The reason I can confidently claim the SCA drove the migration of online transactions is because I was responsible for the technical implementation of SCA for a bank, and was part of the industry wide conversations that happened as banks figured out who they would comply with the rules, and tried to figure out what wiggle room existed. So I know SCA was a driver, because I talked to the people making this decisions.
> which requires asymmetric cryptography. (Otherwise, you could trivially forge valid-looking cards and offline terminals would be none the wise since they obviously don't hold the symmetric keys for every card issued; that would be way too risky).
This is where you are simply wrong. Again speaking as someone with actual experience working on this stuff, and having dealt with actual forged offline transactions as well. I can tell you the card uses symmetric encryption, the terminals themselves have zero ability to validate the signature a card produces. The terminals include some data that allows them to validate if a card number is routable, and also a hot list of card numbers to always reject, and thus reject transactions that can never be fulfilled, but they have no way of validating that a specific card or transaction hasn’t been forged.
The entire system depends on the physical security of the chips in cards to make key extraction extremely hard, and to also make the correct mimicking of cards extremely hard. But it’s hardly impossible, and there’s plenty of demonstrated EMV attacks out there in the wild. It’s just that they all hard to replicate, require special equipment, and generally make you look very dodge in the moment because you have to have a weird card with wires running your shelves so you can intercept the card comms. The manufacturer and distribution of the chips in cards is extremely tightly controlled, so you can’t just buy them. In theory anyone with a million dollars and ASIC contract could manufacture their own ICs, but there simply easier ways to steal money.
Ultimately EMV only needs provide enough security to make other methods of stealing more palatable. Cards are used for pretty low value transactions, so breaking EMV isn’t a very scalable way to steal money. You would be better off stealing products from merchants using decent pair of running shoes, rather than creating crazy ways to trick their payment terminals. Running shoes are cheaper and much more accessible than ASIC production.
Ok, "nothing to do with it" was too strong: I don't doubt that SCA was the death knell for many offline implementations. However, I've seen online-only cards in the field by many banks well before SCA became effective.
And on the other hand, I also know SCA-compliant EMV implementations that do still support offline transactions. As you say it's tricky, but it's possible. Europe is large, and you probably haven't talked to every single bank/processor :)
> This is where you are simply wrong. Again speaking as someone with actual experience working on this stuff, [...] they have no way of validating that a specific card or transaction hasn’t been forged.
Huh? If you have worked on this stuff, surely DDA and CDA ring a bell? They're both based on asymmetric cryptography, and they absolutely allow the terminal to dynamically verify whether a given card is authentic or cloned, without having to go online.
Without that, you could indeed copy the static signature data from any EMV card and replay it to an offline terminal and get away with it. That's why SDA has long been deprecated for offline transactions.
> The manufacturer and distribution of the chips in cards is extremely tightly controlled, so you can’t just buy them. [...] In theory anyone with a million dollars and ASIC contract could manufacture their own ICs
You can absolutely get them on Aliexpress straight from the manufacturer for a few bucks each, cheaper in bulk. They run Java, so you can just write your own software – the EMV specs are public!
What you can't get there is the cryptographic private key specific to the card number that the issuing bank embeds into it at personalization time.
EMV is a cryptographically sound (if dated and very complex) scheme, and secrecy of implementation is actually much less of a security factor than you seem to claim, despite the industry's (largely historical) obsession with secrecy.
Yes I was a little wrong here. My most recent experience in this area is dealing with messages on the issuer side. It’s been a while since I’ve done anything serious at the card config level, and don’t have a huge amount of experience with the handshakes that occur between card and terminal.
The missing nuance is that the transaction cryptogram is symmetrical encrypted, and that’s the only cryptographic blob sent over the card network to the issuer. As the asymmetric stuff only happens locally between card and terminal, and isn’t included in any data transmitted from terminal to issuer.
So the terminal can check that the card is a real card using asymmetric encryption, and that the produced transaction cryptogram was produced by that card. But none of that evidence is passed on to the issuer, only the symmetric cryptogram, which can’t be used for non-repudiation is sent to the issuer later.
Hence the experience dealing with forged transaction cryptograms, which were forged by an acquirer in a systematic manner to try and gain stronger chargeback protection because their sloppy transaction processing resulted in them processing a lot of fraudulent transactions, and then being hit with a lot of chargebacks. The process of “proving” to the network that this acquirer was forging cryptograms was sending a letter signed by legal team attesting to fact we had evidence of forgery, plus a much nastier letter sent to the acquirer in question to knock it off, and stop doing obviously illegal things. Ultimately it’s the acquirers legal counsel that acts as the enforcement mechanism here, and the obvious threat of lawsuit they’re clearly can’t win tends to be a very strong motivator for companies to tidy up their act.
> EMV is a cryptographically sound (if dated and very complex) scheme, and secrecy of implementation is actually much less of a security factor than you seem to claim, despite the industry's (largely historical) obsession with secrecy.
I may have overstated it a little. Bad habits from spending too much time dealing with PCI rubbish. The difficult thing to get across in these threads about payment networks is how much of the systems “security” really comes from clever legal contracts, and smart distribution of liability and risk. Effectively making in everyone’s interests to not do anything really silly, but the actual technical security is almost secondary to legal mechanisms that exist to ensure that participants are highly motivated to make sure that fraudulent transactions are kept to a minimum.
There are other ways too to stop "sloppy terminal processing", but as far as I understand they're not cryptographically secure in a way that would provide an unambiguous and third-party verifiable protocol trace.
I suspect that all of that is a big reason why the networks don't love offline processing if it can be avoided.
And I couldn't agree more to your last paragraph – the industry does have an unfortunate history of propping up questionable security engineering with legal threats. But I'm slightly more optimistic on EMV, at least some implementations: Decades later, we can actually have some nice things :)
Also, thanks for the anecdote! Helped me confirm a theory I had on the motivation for a particular obscure protocol feature that I have so far not found solidly explained anywhere in the literature.
No, not even that. Remember that transaction settlement is based only on what’s actually sent over the network. All kinds of stuff can happen between the terminal and card, but if that info isn’t actually sent over the network, it may as well not exist (from a settlement perspective).
So we have no reason to believe that CDA wasn’t performed. Instead we had a network participant effectively mutating presentment messages so they no longer matched the cryptogram produced by the card. We already knew the presentment were mutated because they indicated our card were approving transactions offline that they were configure not to approve. But during the dispute process, we had the acquirer claim that they had valid cryptograms, so we had no right to chargeback. In turn we actually had to go and start decryption cryptograms, and as we expected, the decrypted cryptograms didn’t match the transactions they had been sent with. The transaction amounts didn’t match up.
The sloppy processing was a little more complicated, and was a bit more complex than just badly configured terminals. The types of transactions in question where fairly complex multi-step transactions, that to process correctly required properly supporting some of the slightly more niche network features by both issuers and acquirers. Due to a lack of proper support by many issuer (although we had proper support), the acquirer took some shortcuts to reduce customer complaints, but drastically increasing their own risk exposure. Unfortunately for them an OCG had figured out they could exploit this nuance.
I doubt the OCG had any understanding of the underlying transaction mechanisms. They had just figured out if they followed a specific set of steps, they got free money (or something trivially easy to covert into money).
But to deal with the losses the acquirer was seeing. Some bright spark over there decided they would start forging network messages to try and cover their losses, and shift them onto us. Unfortunately for them, we were more technically competent than most issuers, and more importantly, really couldn’t afford to take the losses.
> I suspect that all of that is a big reason why the networks don't love offline processing if it can be avoided.
Nah the networks don’t care. They get paid regardless, and they’re never on the hook for any losses that might appear. But certainly offline transactions carry a lot of additional risks for issuers (notably it’s impossible to ensure funds will exist to cover any offline payments that might have happened), which are easily mitigated by simply configuring your cards to always go online, and thus shifting the liability on to the merchant if stuff goes wrong.
> And I couldn't agree more to your last paragraph – the industry does have an unfortunate history of propping up questionable security engineering with legal threats. But I'm slightly more optimistic on EMV, at least some implementations: Decades later, we can actually have some nice things :)
Eh, ultimately everything in this world boils down to who has the larger capacity for violence, regardless of what may be correct. Thankfully in most countries we’ve replaced violence with government, police and courts. So now it’s more a question of who has the larger capacity to hire lawyers.
Even if the technical layer supported non-repudiation, I doubt it would make much difference in a court of law. It’s extra evidence for sure, but ultimately most of these things are resolved via settlement based on what makes the most financial sense for the parties involved, which includes many more factors than just the state of the transactions are the heart of such a dispute.
When offline contactless payments first emerged in the U.K., there was a significant spike in unplanned overdraft usage and disputed transactions, as people rapidly realised it essentially worked as a free line of credit, up to £100 or £250 depending on your issuer.
This quite quickly caused issuers to push up prices on offline transactions, which made them less appealing to merchants - add to that that people were talking about them being a hotbed of fraud, and merchants err away from offering them, PCNs start dropping the capability due to lack of demand, and here we are today.
For various reasons, they're mostly used in closed-loop systems these days (think laundromats, transit systems etc.), but historically there were open-loop deployments in many European countries, and in some countries, stored-value POS payments are still very popular, e.g. in Japan.
It's a real shame that the entire world moved to online-only. Sure, it's much easier and there's less opportunity for various kinds of fraud as a result, but in terms of availability during outages or cyber attacks, it was a big unforced step backwards.
Indeed, there used to be things like "Moneo". The problem is that banks never trusted really these systems, so you were limited to, say, 50E of stored value. Also for some reason in Europe the readers of such cards have never been great, I guess because most devices were built on the cheap, so even if the transaction is offline and supposedly fast, you would have to wiggle your cards all around most readers for 2s until it's picked up.
In Hong Kong there is the Octopus card, which started as a closed loop subway card, but ended up being so loved that now you can pay litterally anything with it. It can store up to $500, and you can set it up to automatically top-up to $500 more per day linked to your bank account. Also accepting payments from octopus cards is very easy, you don't need a physical device and small businesses can just have the customer card tapped on their phone with a merchant app.
There were single-use chip cards that you bought and kept in your wallet. Plain eeprom.
I remember I built a reader for them as a teenager...
Stored-value payment cards usually contain at least a secret key and some logic that allows them to establish a secure channel to another trusted entity, such as a merchant smartcard (which can be embedded in a terminal) or a backend server (and a corresponding HSM).
It also wouldn't work as you describe, as the terminal at the point of entry doesn't know how much to charge you since it doesn't know where your journey ends.
Actual chipcards don't bill you at the end of the month either -- they reload a fixed amount through direct debit (which takes a few days) the moment your balance crosses zero. If the direct debit isn't setup for a card (because it's not a personalized card) or the debit was rejected, the card is blocked.
For business chipcards cards it works somewhat the way you described.
I'm not trying to find a gotcha, but wonder how that works with paying by phone nfc and then by card?
It usually does, it requires quite a bit of equipment and it doesn’t make economical sense to install it and not sell it to passengers. Airplanes have other means communicating with the ground and airline offices though.
That said, I still don't think that that's too common – building out cabin Wi-Fi for card authorizations only is probably not worth it, given how hard it is to get away with fraud in an environment where every seat has a passenger name to it, and that name is often verified by the airline or government at the airport or at boarding time.
The novelty was more that this was the first time I'd seen anyone buy the expensive perfume, I don't remember any more.
In the past embossed credit and debit cards were both accepted on planes. That's why they were embossed in the first place: for offline processing which in even more distant path was the only option. Later CC machines and offline chip/stripe transactions co-existed with online transactions.
Normally (at least in Europe) you couldn't get an embossed card, even a debit one, without proving your credit worthiness. The possibility of offline transactions assumes overdraft — the same as with check books.
When online transactions appeared, banks started to issue Visa Electron and Maestro cards which didn't work offline, could explicitly prohibit overdraft and were easier to get.
But nowadays all boundaries gradually disappeared. Nothing is embossed, Visa Electron doesn't exist, bank issue debit cards with credit codes. It's all much simpler and more confusing at the same time.
I didn't try it on an active card, though, and I suppose the problem solves itself by time.
"Starbucks does not use two phase commit":
https://www.enterpriseintegrationpatterns.com/ramblings/18_s...
It's basic life goods and everything is still signed for, tracked and registered. Besides, banks love to collect interest.
A "debit" card could have 1000 crypto wallets, each with $10 in them. If you want to pay $90, it forks over keys to 9 of the wallets, and they get drained by the merchant as soon as they have a connection.
If it became common I imagine it would stop being so quickly as fraud would rapidly catch up.
Offline, without double spending risk? Absolutely not, or at least not without a lot of extra headaches.
For that, you'll need at least some trusted hardware (generally an antithesis to trustless crypto schemes) and/or a clever incentive system (e.g. with senders staking a multiple of their balance as collateral, and never being quite sure if receivers are really offline, or only pretending to be, ready to claim their stake once they get publicly verifiable proof of double spending).
Take a debit card for example. It's connected to a bank account, and cannot give credit. Garmin must be taking some of the risk on board, since the bank or card provider do not.
There's also the fact that anecdotally people are reporting different spend limits. On a thread I saw one person claim that £30 was their limit and another saying "My largest payment so far on the watch has been £275"
There can be other limits in place (like those controlling whether or not a PIN has to be entered), but those are on top of the requirement to obtain online approval from the issuing bank.
I think something similar to this https://en.wikipedia.org/wiki/Credit_card_imprinter
Essentially, you (the merchant) just write down their card number, and how much they paid you, and then later you send that list to your bank who sends it to the credit card network.
There is no big technical hurdle. There is a big social hurdle in convincing your bank and the network that you should be allowed to do this. Also the card number gets copied by a little pressing machine onto carbon paper or something like that, not just written down.
Being able to spend money you don't have is not a new thing, and poses no technical problems. American readers will know you can easily do that with a cheque. It's your responsibility not to do that, and that's one reason why the bank wants so much personal information to open an account, so they can send the police over to break your kneecaps.
In-flight credit card fraud is an incredibly bad idea, given that most countries check your ID at least at some point during getting on the plane, and seats are usually assigned as well. (Doesn't mean that nobody tries, of course [1]).
Sometimes airlines also use ACARS (basically airline-specific telex over VHF, HF, or satellite) to send the card number to their backoffice for authorizations of large amounts, such as business class upgrades.
These days, of course, Internet connectivity is getting more common, and with that the problem will likely go away.
[1] https://www.sunderlandecho.com/news/pair-spared-jail-after-a...
I still remember them taking my card which I think was a debit card on a flight and shoving it into carbon copy paper and basically billing me whenever we landed. This was late 2000s. From Puerto Rico to Florida.
They physically imprinted your card numbers on some special paper with a mechanical device. Wild.
I remember a bar I worked at had trouble because some customers had begun writing wrong signatures and the receipt had been rejected by the bank the following week.
And even paper based.
Paying offline used to be the norm for credit cards, from their introduction in the 1960s until some two decades ago.
Wikipedia: [...] until always-connected payment terminals became ubiquitous at the beginning of the 21st century, many merchants accepted all charges, especially those below a threshold value or from known and trusted customers, without verifying them by phone. Books with lists of stolen card numbers were distributed to merchants who were expected in any case to check cards against the list before accepting them, as well as verifying the signature on the charge slip against that on the card.
https://fragrant.mobiletransaction.org/wp-content/uploads/20...
In a grocery store line once, I remember a distraught customer whose card was declined due to insufficient funds. The store manager came over, yanked the ethernet cable from the payment terminal, and told the customer to try again. "Accepted with signature."
Considering that the card has memory on it, you can store there how much balance you have when you do an online payment. The bank can send back your available balance, so you cannot spend offline more than you have.
I can't think about anything simpler than this.
My thinking is that in this day and and age, unless something bad really happens (war, volcanic erruption), the chances of using a card for offline transactions for an extended period of time are very close to zero.
I remember writing an app in Java to read the balance on a card with my laptop which had a built-in smartcard reader, because I was too lazy to go to a station. Everyone in the classroom then promptly asked me to check their balance... and a few asked if I could top it up somehow.
The merchant was guaranteed payment. You, on the other hand, were indebted to the bank. The concept of a “credit limit” was the line over which the bank insisted you not step, lest you incur fees galore.
imo, the mandate creates an interesting technical constraint on any CBDC standard, where the offline mode limits the effectiveness of a "turn off" of someone's money, as there will always be some feature where they can use their money to buy food and fuel. For now I am interpreting this mandate as constructive to civil liberties.
Internally, the signature part isolated like a smart-card, "embedded signature" hardware as a measure against double (multiple) spending, and reasonable limits on offline transactions with both parties offline (e.g., €10k/month).
The "embedded signature" hardware part is a bit vague because technologically it's not clear how to do something like that in a "secure enough" way, but it's a necessary part and the limit somewhat lowers the risk.
For use: mounted as a smartwatch or a pendant with a retractable lanyard, like ski-pass holders.
The bigger challenge is an offline terminal that can easy accumulate tenths of USD in case of a long outage. But then compared with cards the terminal may have better protection.
I guess this is similar: how do you make trustworthy decisions that seem to inherently depend on the network, in the absence of a network? Before the internet, we had phonebooks instead of DNS, and we had cash instead of cards. Did the phonebook have every number? No. Was every piece of cash not counterfeit? No. But it's "good enough". Portable reference sources and tokens. The references are issued periodically and the tokens have evidence of exhaustion, their decay over time. A dog-eared dollar with a bunch of phone numbers on it, half-torn ... the merchant doesn't have to accept it.
How do you do these things digitally? Periodic issue seems pretty straightforward ... if you have a network. Token issuance, similarly, needs at least occasional communication with other nodes in the network.
So there's a local dwell capability.
Is this part of the same reaction we saw with Denmark starting to have emergency stores within 50 km of every Dane? Is this motivated by a need to prepare for war?
In short, yes.
>The possibility to pay by card when the internet is not working – ‘so-called offline payments’ – is an area that ‘the Riksbank believes needs to be improved considerably, particularly in light of the geopolitical unease in the world,’ according to the announcement
https://www.riksbank.se/en-gb/press-and-published/notices-an...
It's a completely solved problem, but it's a more complex (and as such more expensive) solution than just assuming ubiquitous connectivity and a backend that never goes down, which is how we got to where we are.
> Is this motivated by a need to prepare for war?
Preparing for cyberattacks seems like a prudent move, no matter the adversaries' motivation. But yes, the context here is pretty obvious in Europe.
But how do they prevent people double spending the same amount? Say someone has 100$ and boards on a plane. During the trip, this person buys a bag of potato chips sold for 90$. At the same time, his bank account is automatically charged 90$ for a bill.
With credit cards, handling this case is baked into the system. As far as I am aware, direct debt has no equivalent.
it's okay
there's already some fraud, waste, loss, inefficiencies, accidents (packages lost, chargebacks by mistake, package arrives weeks later)
....
that said the chips have some physical protection, it's not trivial to clone them
and the chip has a variable where it stores how much more you can use without online confirmation
of course, these are cheap protective measures, but to crack it you would need more effort probably than the total credit that's assigned for offline spending
> these are cheap protective measures,
They're holding up extremely well. I'm not aware of any cryptographic or physical key extraction compromise in EMV, for example. All known bugs are protocol design oopsies, as far as I'm aware.
Both payment cards and merchant terminals (essentially also using embedded or removable smartcards) are tamper-resistant and hold symmetric keys only known to the payment scheme or issuer.
The terminal essentially creates a cryptographic secure channel between two smartcards, and they transactionally agree to decrement the balance on one, and increment the one on the other correspondingly.
The really neat thing is that this theoretically even works without the need for central accounts, and is as such very privacy friendly. (Practically, even just one key leaking would have catastrophic consequences though, and to detect whether that has happened, systems usually aggregate all transactions asynchronously and check money movements for plausibility.)
Otherwise, without the initial withdrawal from your bank account, you could spend the money twice.
That can be done using cash at a machine, with an online-authorized card transaction etc.
However, it requires that all the parties involved (issuer, acquirer, payment network, merchant) allow it, and there are certain limits. One of the linked documents[2] in the riksbank press release has more details about what they expect from these parties.
[1] https://squareup.com/help/us/en/article/7777-process-card-pa...
[2] https://www.riksbank.se/globalassets/media/nyheter--pressmed...
If that transaction brings the customer into a negative balance, it’d be between the bank and customer to figure that out. Especially if the customer has no overdraft facility and isn’t supposed to be able to go negative, and isn’t able to easily recover the payment, or the customer is considered vulnerable, then the bank will often just swallow the loss.
I wonder if that hinders tax evasion at all since there's presumably a pretty reliable paper trail of cash transactions.
They're increasingly common here in Portugal, at least.
At least in the US, individual businesses don't like dealing with credit because of the transaction fees but are kind of forced to thanks to everybody else taking credit everywhere.
Of course, the big chains love credit and are happy to pay the transaction cost because it lets them audit all the transactions and increase their control over local managers and employees. Presumably, the big chains also negotiate lower fees.
It's why the letters are raised on the cards!
Transit cards have a pretty low charge limit compared to credit cards - Suica balance is limited to ¥20,000 for example (although for cards that are backed by a credit card, I think the limit is higher). And now that Japan has fully embraced credit card touch payments, FeliCa-based systems are losing market share to Visa, Mastercard, etc.
But it really shines for applications requiring speed (i.e. a turnstile in Tokyo station) or offline payments (a vending machine in a park somewhere).
I wish other governments would take note as its a nice way to avoid the Visa/MC/Amex fees for at least some expenses.
I have a Suica thats integrated into a credit card, and it still has a ¥20,000 limit - the Suica balance is separate from the card balance, it just has a configurable auto top-up setting.
Interestingly, if I'm out of the Suica zone, sometimes auto top-up won't trigger. If I recall correctly this happened to me once in Fukuoka, presumably because there's some level of integration above just accepting payments that Hayakaken hasn't achieved. Never had a problem with Passmo interop though.
I've never heard of a suica with a higher limit, but it's possible they exist or that other compatible cards have higher limits.
[1] https://qa.smbc-card.com/mem/detail?site=4H4A00IO&category=1...
Topping up a Suica every now and then vs. having many international transactions might also work out better for some. My bank (ING) gives me those fees back so it makes no difference to me.
> Mondex was a smart card electronic cash system, implemented as a stored-value card and owned by Mastercard.
> Mondex allowed users to use its electronic card as they would with cash, enabling peer-to-peer offline transfers between cards, which did not need any authorization, via Mondex ATMs, computer card readers, personal 'wallets' and specialized telephones. This offline nature of the system and other unique features made Mondex stand out from leading competitors at the time, such as Visa Cash, which was a closed system and was much closer in concept to a traditional payment cards' transactional operation.
They’ve also supported offline transactions that entire time. Indeed offline transactions was the norm for a long time because internet connections were expensive. So payment terminals did offline transactions, then literally phoned home at the end of the day to upload all of the day’s transactions.
The transactions themselves are just signed by the cards, and stored by the payment terminals. Interestingly using symmetric encryption, because asymmetric encryption was two expensive to put into debit/credit cards when the EMV spec was originally created.
Card transactions being online by default in the EU is pretty recent phenomenon that only really happens in the past 5-10 years, as internet connections and cheap mobile data plans have become ubiquitous.
Older cards indeed didn't have it for cost reasons, and online-only cards theoretically have no strict need for it even today, but practically, a symmetric-only card is a non-starter these days for several reasons. You won't be able to ride the Tube in London or Subway in NYC with a card that does not support it, for example.
Those systems all perform online auths at the gate, they don’t rely on offline transactions at all.
Asymmetric encryption is used to prove the identity of the card itself, I.e. prove it’s a real card owned by a real issuer. But it’s not used to sign the transaction itself.
Transaction cryptograms, the cryptographic blob that’s built using data like transaction amounts, method of customer authentication etc only use symmetric encryption. The produced cryptogram itself is then also signed using an asymmetric key, but the asymmetric and symmetric blobs are distinct entities and processes separately by the card network.
Now this is the really important, and completely non-obvious part. Only the symmetrically encrypted transaction cryptogram is sent over the card network to the issuer. All of the asymmetric parts are only used locally by the terminal for validation, then thrown away. So the data produced by the card that is actually stored and eventually sent to the issuer can’t be used for cryptographic non-repudiation, because there’s no mechanism for the merchant to prove using only the transaction cryptogram, and public keys, that a specific transaction was signed by a specific card issued by a specific issuer.
This may seem very strange from a technical perspective, but only because people think that the technical elements of card networks is what prevents fraud. In reality fraud, at least between network participants, is entirely prevented using legal contracts, escrow accounts, and the simple fact that the benefit of abusing the technical measures to commit fraud is simply not worth the consequences. Being a network participant requires you to put millions of dollars in escrow, and be a large enough company that you can realistically move millions of dollars in transactions everyday. Fraud between companies at that level is solved using very expensive lawyers, the technical measures only need to provide enough evidence of tampering to stand up in a court of law, where everyone is under oath, and at risk of personal repercussions for perjury. There is no need for them to be completely fool proof, it’s much easier to just depose the engineers who were ordered to circumvent the technical controls, under threat of prison time, than it is to get every network participant to adopt some complex cryptographic non-repudiation scheme to protect against scenarios that don’t actually occur in reality.
No, there's not enough time for online authorizations at transit turnstiles. They do the online auth as fast as possible, and if it does not go through they put the card on a denylist [1].
But since it would be possible to just make up random valid card numbers on the spot, they do enforce successful offline authentication – using asymmetric cryptography.
> Asymmetric encryption is used to prove the identity of the card itself, I.e. prove it’s a real card owned by a real issuer. But it’s not used to sign the transaction itself.
In CDA, it is used to sign the entire transaction.
> Only the symmetrically encrypted transaction cryptogram is sent over the card network to the issuer. All of the asymmetric parts are only used locally by the terminal for validation, then thrown away.
That's true, but doesn't change the fact that offline authentication is an integral part of EMV. Also, the "then thrown away" part could relatively straightforwardly be changed by the networks if ever necessary. The CDA output provides actual non-repudiation.
> This may seem very strange from a technical perspective, but only because people think that the technical elements of card networks is what prevents fraud.
I'd say it's just a historically grown legacy system, and it would have been too disruptive to retrofit asymmetric cryptograms into it (with its vastly larger cryptograms and every byte of transmission data coming at a premium).
If EMV were redesigned from scratch, it would 100% just use the CDA-style cryptogram for transaction approval as well.
> In reality fraud, at least between network participants, is entirely prevented using legal contracts, escrow accounts, and the simple fact that the benefit of abusing the technical measures to commit fraud is simply not worth the consequences.
On this part I'd agree. The most important factor here is that the type of fraud that could exploit this "symmetric/asymmetric gap" requires a malicious terminal or merchant.
That's not really a common threat scenario in EMV, since fraudulent merchants could already do many other things (such as e.g. tapping commuters' wallets using a concealed POS terminal for low-value payments), and becoming a fully trusted merchant has relatively high entry barriers as a result.
I do suspect that this could change, with EMV becoming more and more accessible for very small merchants using cheap mobile terminals or even regular contactless-capable smartphones. But as I've mentioned, it's not too hard to address these issues using policy.
[1] https://content.tfl.gov.uk/aac-20141217-part-1-item12-contac...
Yes you’re correct. Although as it happens there is a very easy way to get hold of randomly generated valid card numbers. Which is Apple Pay, and is a huge problem for TfL.
But again the asymmetric crypto here is just to validate the identity of the card, and to secure the communication between card and terminal. It doesn’t actually secure the transaction itself in any meaningful way.
> That's true, but doesn't change the fact that offline authentication is an integral part of EMV. Also, the "then thrown away" part could relatively straightforwardly be changed by the networks if ever necessary. The CDA output provides actual non-repudiation.
You ever been part of a network rule change of that magnitude before? I can tell you with some confidence there is nothing easy about. I’ve seen much smaller changes take decades to implement. Making rules change is easy, getting all the participants to implement the change, that’s an entirely different kettle of fish.
> I do suspect that this could change, with EMV becoming more and more accessible for very small merchants using cheap mobile terminals or even regular contactless-capable smartphones. But as I've mentioned, it's not too hard to address these issues using policy.
Nah I doubt it’ll change. There’s already policy level protections to protect against these cases. The standard chargeback process and the removal of merchants with high chargeback rates already prevents this behaviour. Malicious merchants already exist, but they defraud people mostly through social engineering, putting people in positions where they approve transactions they don’t want to, and make it extremely embarrassing for them the victims to report the crime. From the issuers perspective the only type of fraud where are our hands are completely tied, is the variety where customers refuse to admit they’ve been defrauded. Which does happen.
The reality is that in most cases the convergence is so quick it looks like it's instantly gone, but it's not. For example, if the ATM is unable to get your current balance, it will still complete the transaction.
That's why your card has a daily limit -- that's basically the risk tolerance of the bank on how much they are willing to lose if the transactions don't get converge quickly enough.
The nicer feature of preauth is that you can confirm a lower amount. So in the case of a gas pump, they first have to make sure you have the money, without knowing how much, because you haven’t pumped it yet. Once you finish, then they know the amount, and confirm the transaction at a lower amount.
It won't. Look at China. Cash is impossible to use and crypto is banned.
Do they just accept the risk the government can see every payment?
These "cascades of misfortune" I've run into happen largely because of how we've placed certain institutions at the center of our lives and our society, or perhaps more precisely because of the "convenient" solutions of theirs that we've all been coralled into adopting.
I'm thinking of social media networks, smartphone companies and their app stores, banks and their electronic payments, etc. Everyone's opted in, and we don't realise how much we've given up as a result, with all these "convenient" alternatives, now made mandatory to replace the old and inconvenient solution.
We don't realize, that is, until you're standing at the bank teller in a city away from home, passport in hand but otherwise robbed of phone and wallet, hoping to withdraw some cash to keep you alive while you sort this mess out - only to learn that the bank is no longer able to do that for you. You can't just get your own money. You could withdraw at the ATM, but with a card of course, and that for a fee with a pretty low upper limit. But banks don't serve that purpose anymore. They're now software institutions that we are forced to have a relationship with and operate through in order to make monetary transactions.
Suddenly society has shut down. You can't log into anything without your phone and 2FA, so you're stuck without access to your favorite online services until you get a new SIM card and a fresh device. But even then, there's no riding public transit, because you don't have access to the apps they all operate through. Not that you'd be able to pay in those apps anyway, after cancelling your payment cards. And besides, you don't have anywhere you'd like to go anyway, because, aside from having basically no money to spend on food or events, there's no way to learn what's happening in this city without access to Facebook and all the company pages and events published there.
I forget now all the myriad ways that life grinds to a halt, but I do vividly remember feeling like nothing was possible. And that only because I lost one or two things which should be entirely optional in life! You shouldn't be required as a human, nor even as a member of society, to have a Facebook account, or a smartphone, or even a bank account (that last one is perhaps my most extreme take, but I stand by it).
As for the meantime: I still did have my bank's ID chip with me as a backup, so I could have used online banking to make a transfer to myself with something like Western Union, and crossed my fingers that my bank wouldn't require verification by phone for this suspicious transfer. That would have gotten me some cash at least within the course of the next day, but my friend helped me out, so it didn't come to that.
Without friends around, though, and one or two more unfortunate circumstances piled on, I really don't know. It's unsettling to realize how little it takes to be forced to sleep in the streets.
No. No, it won't. Although labeling regular electronic payments as "cryptocurrency" might become more popular.
In the UK this has definitely worked in the past - I remember many years ago there being occasions when something was wrong with the network connection(?) at my local supermarket, but still being able to make a payment in offline mode. This works because the payment terminal authenticates the PIN directly with the chip on the card. They just can't check your balance is sufficient to pay for what you're purchasing.
TfL also accepts your contactless card in offline mode: their buses operate in tunnels and other areas with a poor mobile data signal, but cards are still accepted at all times.
Or is there some sort of technological breakthrough?
https://en.wikipedia.org/wiki/Online_authorisation
In many countries in Europe, offline authorisation is more common. Cards have had a chip as standard for over two decades in European countries, and a PIN is often used for cardholder verification.
Combined, these make the risks of accepting a transaction for a small amount of money offline very low.
The limit of what can be accepted offline is known as a "floor limit" in the UK.
[0] That also means that after changing PIN on bank site, you have to visit ATM, so new PIN is actually stored on card - but that it only required for that offline mode.
I understand that it's very normal to use a CC in Sweden (and many places), but it feels grim to me that the thought towards major telecommunications breakdown is, "oh no, how will we make sure that people can keep credit card companies and banks informed that they need food and medicine if the internet is down?" I feel like "reversion" to the solved problem of offline transactions - cash payments - would be a more reasonable default assumption, and in the case of catastrophic infrastructure breakdown, simple expropriation.
https://www.riksbank.se/sv/press-och-publicerat/nyheter-och-...
Sweden has also done multiple pilots of a digital currency pressed by the state. This might be an interesting alternative to not give up control of our currency and privacy to banks and cc companies. Also supposed to work offline. https://www.riksbank.se/globalassets/media/rapporter/e-krona...
The only place really to get cash in Sweden is at an ATM, of which there are very few these days - most have been removed in the past years, and some might be very far away due to the large distances in Sweden. It should also be assumed that in the event of a critical infrastructure breakdown, the ATMs would not work either.
Chipknip (a portmanteau of chip card and knip, Dutch for purse) was a stored-value payment card system used in the Netherlands. Based on the Belgian Proton system, it was started by Interpay on 26 October 1995, as a pilot project in the city of Arnhem and a year later rolled out countrywide. Chipknip was taken over by Currence due to a restructuring on 17 May 2005, who managed it with their licensees until its discontinuation on 1 January 2015. The Chipknip was primarily used for small retail transactions, as the card could contain a maximum value of 500 euros. The money needed to be transferred from a card holders main bank account using a loading station which were generally located next to ATMs.
In part because cash is common in my part of Sweden, which is likely annoying to the bureaucrats and oligarchs. Cash is nice because a transaction does not involve a measure of creditworthiness while only leaving an indirect trail, and this 'offline' thingie they're going for probably does and besides keeping personal data available 'offline' for performing such stratifications of people it also (theoretically) allows for a phasing out of cash also in crisis and armed conflict.
Credit cards were offline-only in the beginning. When have we lost this ability?
See https://www.google.com/search?num=10&sca_esv=5e043526353aa70...
The mindset was one of ubiquitous Internet connectivity, which is cheaper than maintaining a complex stored-value or offline limit based solution.
Of course, this assumption does not include some externalities in case of large scale outages, maybe due to cyberattacks…
Europe use of debit cards instead of credit cards is much higher than the US.
If you need credit, there are credit options with much lower rates than what credit cards offer.
And the reason credit card benefits suck is due to european interchange fee caps and regulation.
Though Amex are currently in dispute with the Netherlands who believe the caps do apply to them. I don't think a final judgement has been made yet.
I really hope you're getting paid to pretend to be this gullible to the most basic of the credit-card companies schemes.
There are no benefits for any of the credit cards I could get since roughly Corona - I was using them before but all cards which had positive benefits were removed/discontinued since.
Hence I'm back using a debit, because it works the same (no benefits either way) and doesn't come with a monthly bill.
Best cashback in my country is 1% back, capped at 500€ a year, after you do 33000€ worth of purchases a year.
Theres still a very good reason to use them - buyer protection.
I use a Virgin Atlantic reward card and have it set to pay off automatically, never running up debt. It both protects me as a buyer, and has the benefit of taking ~£500 off annual family holidays, and gives me a free companion seat in the process, effectively halving the price for one of the passengers.
If there's a problem with the item, you can "return" it to the bank — after all, they own it! So in practise you can ask the shop for a refund, or you can ask the bank.
It is a stronger protection than a debit card chargeback.
As an example, I bought flight tickets from an obscure budget airline on a credit card. Months later, beyond the usual debit chargeback time limit, the airline went bankrupt — but my bank purchased that service, and isn't going to provide it! They refund immediately.
https://www.ukfinance.org.uk/our-expertise/cards/chargeback-...
You know you're paying higher sticker prices to finance that, right?
Go on Virgin Atlantics site, search for any flight, you can then apply points to that, or redeem a companion voucher. That doesn't bump the price up prior to redemption.
I dont "pay" for the points I get, as I'm not spending any extra day to day. The credit card is free.
I've seen people claim it's the worst thing to ever happen and that governments will lock money and things like that.
But personally, after looking at their objectives (offline cash-like payments for example, where only the sender and the recipient know about the transaction) I'm pretty happy about this coming out (even though it still seems early in development)
This cards are often given to underage (< 20 year) customers, to prevent them to overspend.
See, in 2008 one of my projects had a client that had a lot of venues around continental US and Mexico and those venues were having sparse internet connection (think sky resort venue, remote and internet delivered by antennas that weather could affect it). Meaning when internet was not available any card transaction was a no go. This was a problem to be solved so my client asked if there is a way to make offline credit payments. So here is my implementation: -read credit card details and deliver the goods -> store card details in a local database, encrypted -> check online connectivity -> when internet was a go try to charge the card. If it was good then all was done, details were erased from local storage, everybody happy. If it failed then retry, 5 times per day, for 5 different days. After 25 tries, blacklist the credit card. Forward the information to legal department and mark that credit card as not acceptable from now on. So if you screwed the client with a bad credit card, you screw it only for 5 days maximum. And you also had a legal department on your ass. Meaning you got a fake card, good for you, keep it up cause now you are also on Secret Service radar (most people don't know but Secret Service, not FBI, gets involved in this). In the years I got involved in this project, 8 years, the number of times this was an issue raised to legal department was like under 5. So most folks actually pay and the few that got retried had probably a temporary problem with their funds and eventually they got it back on track. For those under 5 I think all of them eventually cut a deal with legal without raising the issue further up. Sorry guys, no juicy story involving Secret Service here.
Probably this worked because the goods were kinda under $50 as price. So maximum you'd screw the company I worked for like $500. And most likely this would not work with a big retailer like Amazon where you can purchase for thousand of $ in a single transaction. But it had the advantage that it worked with all credit cards, debit or otherwise, Visa/MasterCard or whatever. If I would be on the implementation side nowadays from the Sweden bank in this article, I would probably do it like somebody else already proposed here in comments. Get the card to also contain an electronic signature which means a lot more scrutiny to get it released, which means yeah!, your privacy is fucked to Alpha Centauri and back if you try anything shady.
Aurornis•4mo ago
Is this a typo where they meant to say “the offline function”?
If I’m reading this right, the goal is to allow food, fuel, and medicine purchases with card + PIN in offline mode.
Seems like a reasonable goal. I wonder what the technical details will look like. Will there be a periodically updated list of cancelled cards/accounts distributed to endpoints? Even a hashed list of all cards cancelled before their expiration date within a country is a reasonable amount of data for modern storage systems.
Or would they simply rely on the ability to track down account owners by their originally registered contact info in the event that someone gets an invalid transaction through during an offline period?
objclxt•4mo ago
It’s already a thing, the EMVCo standard predates ubiquitous internet connectivity. Mass transit systems typically use it, airlines used to for in-flight purchases before the advent of reliable WiFi.
https://en.m.wikipedia.org/wiki/EMV#Offline_data_authenticat...
It is somewhat common to maintain a denylist of known fraudulent cards, but as you note the main mitigation is on the bank to track the card down. One of the key things you need to figure out with an offline payment system - and what I imagine is needed here - is a consensus on who has the liability for offline transactions and what the dollar limits are.
tialaramex•4mo ago
EMV (chip cards) can have a small amount of local smarts, so it is typical for example to insist on going online for a large transaction or if the card has performed too many offline transactions since last going online. The card maker decides these rules, so the bank gets to ensure the cards it issues to customers meet whatever requirements it has decided upon, balancing fraud risk against problems with loss of connectivity or services being down.
So I doubt they'd bother doing some sort of ad hoc revocation technique.
londons_explore•4mo ago
The UK already does this in some shops for low value items for NFC payments. You can tell the offline transactions because they immediately say 'approved' rather than taking a few seconds.
If it turns out the card approved something 'wrongly', for example because you had previously reported the card lost to the bank, then the bank refunds the transaction and claims the value back from the merchant. That's why many merchants have their terminals set to require online payments.
greenavocado•4mo ago
xhoantran•4mo ago
ErrantX•4mo ago
Offline transactions mostly died off when the limit in the UK for contactless was raised to £100. At £20/30 (the original limits) issuers/merchants risk accept some payments not being valid (and the total limit before you had to chip and pin was fairly low top).
And worth saying, the merchant has some control on the terminal but mostly the decision of offline/online is down to the issuer and configured on the card.
mijoharas•4mo ago
ErrantX•4mo ago
daveoc64•4mo ago
In the olden days, you'd get a Visa Electron or Solo debit card in the UK if you were under 18 or had a poor credit history.
Visa Electron and Solo were online authorisation-only card brands (also known as "immediate authorisation").
If you didn't have enough money in your account, the transaction would be declined. Visa Electron cards didn't have embossed numbers on the front, so couldn't be used with the old-fashioned card imprinters.
Visa Electron and Solo have been discontinued now, so people with poor credit can get a Visa Debit or MasterCard debit card, but with offline authorisation disabled.
That does mean those cards can't work in some places (e.g. on aeroplanes or trains).
Credit Cards generally always support offline authorisation.