Submitted by jimmysofat6864 t3_10oplmf in explainlikeimfive
I found it weird that a wireless technology happens to be faster than a payment method that has actual physical contact with the payment reader. It just seems like it's the other way around. Like most things are faster when they have a direct wired connection or in this case physical contact but somehow when paying, inserting the chip takes longer than the contactless payment method. Why is that?
While many other countries typically have limits on tap to pay, the US has no such limit.
I've tapped for thousands of dollars before, with no fuss.
I suspect this is because the US adopted it later when doing live authorizations was more feasible/the norm. I believe NFC was adopted much earlier in Europe and other areas when live authorization was less common, so the limits were implemented. This is just a guess, though.
yeah I think about a decade ago there was like $10-$20 limit in poland per transaction and visa contacted bank during payment every 4-5 taps
not sure how mastercard worked
today I'm not certain about the limits - for sure more than $100 - but is it a hard limit or default to be changed in bank app, I have no idea
don't usually spend more in physical stores
In Canada, it's $250. But it is usually set by banks and credit unions so it can vary from country to country. It's a hard-limit.
I'm in Norway and there doesn't seem to be a limit on how much you can pay with contactless. But above $50 it requires your pin. No such requirement when using your phone.
This is false. Tap absolutely still checks with the bank in the vast majority of cases. I am not sure of the technical reasons that it is faster, but I do know it’s not because of this.
I agree.
Having worked on contactless technology, it's the same speed as when you dip the EMV chip.
Yes, I tap all the time (with my card, not with my phone) and every time I do I'll get a notification from my banking app letting me know a payment has gone out and to who, usually within seconds of paying. In order for that to happen, the card reader must be communicating with my bank.
I was starting to get worried. Most of the time a card is rejected is because the limit has been reached. Imagine running a business and accepting that when people run out of funds / credit the business has to eat the cost.
In the UK, card rejections are almost always to force a PIN entry - after a certain amount of time/uses of contactless payment by card.
Doesn’t happen when using phones (due to the use of tokens I think)
Yeah this. I work with contactless payments. When you load a card on your phone, the phone doesn't even have your credit card information. It has a token which is associated with your credit account and software which talks to your CC network (VISA or MasterCard or whoever) via the payment terminal. There is no way to pay without the CC network being in the loop. The built in token on your credit card works similarly.
The vendor can check with the bank during contactless transactions, but there is no obligation to do so.
Yeah that's not true in my experience, contactless does confirm and the payment immediately reflects in your credit/debit balance. Sometimes banking app in phone even gets the notification before the payment terminal passes the payment.
The payment can be cleared in real time, but doesn’t have to be. And if the payment is cleared in real time then a contactless payment will take just as long as a chip and pin transaction (minus the human faff).
If contactless doesn’t verify authenticity what’s stopping criminals from scamming retailers and using fake contactless cards with accounts that don’t exist at checkout?
In an offline EMV transaction (i.e. bank isn't contacted) they verify that the card is genuine, they don't verify funds are available in the account. If the card is used fraudulently then the bank eats the cost in the UK, not the merchant.
What stops it is that they do, in fact, verify authenticity and even places a hold on your account immediately. They're talking complete bollocks.
The reason why contactless has limits is because of the lack of a pin. If you steal a card, you can use it up to certain amount of times for a certain amount of money before you need to do a pin transaction. The limits are there to stop a genuine but stolen card being used too much without a PIN.
The threat of being caught after the fact. The scammer has to perform the scam in person and will most likely be on CCTV.
not to mention the fact that if you put the chip in you actually have to select which account you're using and then put in your pin, which of course will take more time than just tapping the card to a screen
What do you mean by select which account you are using?
when you insert your card it asks if you're using chequing or savings, when u tap its directly from chequing
Interesting, I have never experienced that. Here in the UK a debit card is associated with a single account, and savings accounts don’t have cards (typically).
In the US checking accounts and savings accounts are usually tied together and use a singular debit card. You can open just a savings account though.
Really? I’m from the US and I’ve never seen that before.
Thats only for debit
?? the point still stands
I think OP is in the US, we don’t really have chip and PIN here per se, transactions are authorized real-time with the bank. We only need a pin if it’s a debit transaction, but most transactions are handled through the Visa or Mastercard network, even if a direct withdrawal from a checking account.
In the US, you may get credit or debit choices. Not always though, some just default to taking it as credit, without a PIN required.
That's not how it works
it is in canada, didnt realize this sub was for americans only
Despite your sarcasm...anywho just state the locale & then everyone learns
This only started happening to me after I moved out of the US. When I lived in the states the debit card was only tied to a checking account. In Canada the card lets me choose checking vs savings
Until 2020 savings accounts in the US were limited to 6 or fewer transactions per month. So debit cards would never have been tied to them for payment.
It would still be common for some (particularly non-visa/mc debit cards) to provide the option. Mine did back in the late 2000s.
It's all based on software. Most software that were developed for machines that only accepted insert and swipe were developed badly with "inefficient" code. It was also made pre-2000 era.
Now these software connects to payment gateways that are older than my grandpa. Thus, the development and re-engineering for that code is difficult and very tedious (languages are old and outdated, no documentation and devs back then didn't like to leave comments for some reason so we gotta figure out what entity works with what). Also, any major iterations will likely need to get re-certified. No one wants to work on that.
So most of the time, companies would port w/ minor changes to the code such as optimization, compatibility, to the new device. However, since Contactless Payments were developed in the 2000s w/ the addition of NFC on mobile devices shortly after, the development of that code is much more optimized for modern devices.
Tap and chip have the same level of safety (from the merchant's end), technically, the chip is safer to prevent fraud, but when it's tap any chargeback will have a liability shift (all chargebacks goes to MC/Visa/Amex instead of the merchant [at least in Canada]). From the customer's end, there's no difference. Tap is simply more convenient.
Also, if you want to know the safest and convenient way to pay: Apple Pay / Google Pay.
The reason why I always encourage people to pay with their digital wallets is because of traceability. What u/BaggyHairyNips mentioned is right. When you register your card with Apple Pay/GPay, you don't just save your card on there. Apple/Google creates a token from your card (basically puts all of your cardholder data [number, exp date, name, CVV as of recently] and encrypts all of that and hashes it out) and pays everything with that token. This not only guarantees that the card is not a fraud for the merchant (as you can't have a stolen card on a digital wallet [unless you stole the phone and know the password]) as well as from the consumer's end, you have instant traceability (Apple/Google will have their own transaction history on the phone) so you don't need to wait till the transaction settles EOD to figure out if something went wrong or not.
Also, do note that this is kinda the order for the regions the most advanced in payment security to the least (note that this is mostly based on eCommerce, as security for Card Present is similar around the world):
Europe (requires SCA, 3DS)
Canada (most merchants adopted 3DS)
Asia
USA (lack of 3DS implementation for some key merchants)
Africa
​
Source: I work for a Fortune 500 in the payment industry.
>and devs back then didn't like to leave comments for some reason
Sonny those extra bytes ain't free dag'nabit. You whipper snappers these days just think bytes grow on trees or somethin'.
I worked for a company that made an acquisition in 1982 that required the death one of the legacy computer systems. The reason we killed the better computer system is that it only had a single digit space for production facilities, and the merged company had ten.
I find it odd that USA still uses and sometimes require to swipe the card and sign the paper when in Brazil even escorts have cc machines with contact less tech. Some are very small and uses the seller phone for Internet.
Absolutely, USA is very behind in payment processing. The main reason why is due to large infrastructure, slow adoption, small adoption rate. Basically, because of how big some clients are and because those clients want reliability over security and convenience, they only update when they HAVE to. So basically, they gotta update to only meet PCI compliances.
It's so weird that paying at a restaurant is a 2-step process. You get the bill, give them the card, they auth it, then you add your tip and they clear the tip at EOD when they settle the transaction.
Over in Canada, we just add tip on the terminal / or write it on the receipt so that the server writes total + tip in the terminal and pay it as a whole. At EOD, the merchant settles the batch and done.
Things are gradually changing in the States. The last two restaurants I visited, the wait staff took payment with a mobile payment terminal. Tap phone/watch, select tip, done. At least where I live, using a mobile payment terminal seems to be catching on.
[removed]
Dipping the EMV chip credit card and tapping a contactless credit card takes the same time in my experience. This is the bank process. It may seem slower only because they make you pull the card out once the entire charge slip printout is done, whereas you can remove the tapped card before the slip is printed for example.
There's a possibility that the protocol is different elsewhere and EMV processing really needs the card to be in until charge slip printout. But that's a design flaw if so from when banks didn't think it's needed optimize.
That’s odd because sometimes I can be using the chip and it takes about 8 seconds and when I do contactless it usually finishes in 3 seconds based on my experience.
We're talking about the same exact card, right? In that 3 seconds, the charge slip is already being printed out, whereas it takes 8 for the dipped chip?
I suspect the app on the terminal reading the EMV takes its sweet time to talk to the card since it knows the card is just there. Whereas with contactless, the an imperative to optimize the communication. TL;DR bad programming of the app.
Both should work more or less within the same time window. Or at least not take 5 frigging seconds longer.
Yea I’m taking about exact same card. It takes longer for a receipt to print out via chip compared to using contactless or mobile payment.
I've got 2 semi-educated guesses on why this is.
Using the chip there's a decryption process to get the data off the chip. The terminals in use aren't exactly using high-end processors, so the decryption could take a bit longer. With the contactless payment it's just exchanging a small amount of data without the encrypt/decrypt taking up time.
The time it takes to contact the payment processor and get authorization. I've noticed a significant difference between a Wal-Mart and a Smith's (Kroger) in my town. Both of them don't take contactless payments so this is with the chip. The Wal-Mart takes ~10 seconds to return an authorization, but the Smith's takes about 3 seconds. Same card, even looks like the same PIN-pads on the self-checkouts. Could be faster network/Internet speeds at the store, could be differences in how they process the payments (I wouldn't be surprised if Walmart has some centralized setup to handle that rather than each store "calling" the credit card service)...hard to say, but there are a lot of variables beyond just chip vs NFC.
Contactless and contact methods have different processing flows.
See Page 9 for Contact and Page 21 for Contactless. You don't need to know the exact specifications, but look at the pink box between the card/device and the reader. For Contact, observe there are 3 round trip communications; for Contactless, there are 2.
Although the flow is different, the time taken to communicate between merchant, payment processor, issuer are all in the milliseconds, 1 trip increases the time by maybe 5 milliseconds, no one would really notice it.
The amount of data being transmitted is tiny so the communication speed is not an issue. Contactless wins because you just have to position the card reasonably close to the reader. For contactless you have to align the card in a slot and insert which takes longer.
Yea but even with with the chip in the machine it takes about 5 seconds before the transaction completes where on contactless I can hover it over the reader for half a second then it processes in 1-2 seconds then it's done.
Au contraire, "communication speed" absolutely is an issue. IT is the payload size("amount of data") that is not an issue. Communication speed (data transmission Round Trip Time aka RTT) doesn't change based on payload size - it is a constant based on the laws of physics.
A RTT across the continental US will take minimally 70-80 ms (plus remote processing time, which is the actual time hog since database lookups are S-L-O-W compared to data transmission) whether you send a single 64-byte packet or thousands of 1500-byte packets (to be more precise the larger packets take slightly longer in parts of the network that are not packet switched, but the difference is on the order of a few milliseconds, unperceiveable by humans).
See what /u/saywherefore said above for the most likely explanation based on actual response times.
But it's the same card, confirmed by OP. I'd understand if it's say credit card EMV vs Apple Pay. But if it's same card, it should be undergoing the same process in talking you the bank. The only difference would then be isolated to the actual tech (or how the app coded the communication with the tech). So the argument made by top answer regarding validity of the card shouldn't be a factor.
saywherefore t1_j6g38dm wrote
The time is not spent by the machine communicating with the card. When you do chip and pin the card machine is communicating with the bank or credit card provider, and checking that the card is genuine and can afford the payment. This takes non-negligible time. In a contactless payment the vendor doesn’t check the card and just takes a risk that it isn’t genuine. The transaction will be settled up at the end of the day. This is why there are generally limits on the value of transaction that you can do contactlessly; it protects the vendor from being left out of pocket for a large sum.
Edit: this answer is Eurocentric. I understand that the technology may be different in other places, though in that case I doubt there would be a noticeable difference in speed.