stevehockey1

stevehockey1 t1_j6jyp0m wrote

Absolutely, USA is very behind in payment processing. The main reason why is due to large infrastructure, slow adoption, small adoption rate. Basically, because of how big some clients are and because those clients want reliability over security and convenience, they only update when they HAVE to. So basically, they gotta update to only meet PCI compliances.

It's so weird that paying at a restaurant is a 2-step process. You get the bill, give them the card, they auth it, then you add your tip and they clear the tip at EOD when they settle the transaction.

Over in Canada, we just add tip on the terminal / or write it on the receipt so that the server writes total + tip in the terminal and pay it as a whole. At EOD, the merchant settles the batch and done.

3

stevehockey1 t1_j6hc1sn wrote

It's all based on software. Most software that were developed for machines that only accepted insert and swipe were developed badly with "inefficient" code. It was also made pre-2000 era.

Now these software connects to payment gateways that are older than my grandpa. Thus, the development and re-engineering for that code is difficult and very tedious (languages are old and outdated, no documentation and devs back then didn't like to leave comments for some reason so we gotta figure out what entity works with what). Also, any major iterations will likely need to get re-certified. No one wants to work on that.

So most of the time, companies would port w/ minor changes to the code such as optimization, compatibility, to the new device. However, since Contactless Payments were developed in the 2000s w/ the addition of NFC on mobile devices shortly after, the development of that code is much more optimized for modern devices.

Tap and chip have the same level of safety (from the merchant's end), technically, the chip is safer to prevent fraud, but when it's tap any chargeback will have a liability shift (all chargebacks goes to MC/Visa/Amex instead of the merchant [at least in Canada]). From the customer's end, there's no difference. Tap is simply more convenient.

Also, if you want to know the safest and convenient way to pay: Apple Pay / Google Pay.

The reason why I always encourage people to pay with their digital wallets is because of traceability. What u/BaggyHairyNips mentioned is right. When you register your card with Apple Pay/GPay, you don't just save your card on there. Apple/Google creates a token from your card (basically puts all of your cardholder data [number, exp date, name, CVV as of recently] and encrypts all of that and hashes it out) and pays everything with that token. This not only guarantees that the card is not a fraud for the merchant (as you can't have a stolen card on a digital wallet [unless you stole the phone and know the password]) as well as from the consumer's end, you have instant traceability (Apple/Google will have their own transaction history on the phone) so you don't need to wait till the transaction settles EOD to figure out if something went wrong or not.

Also, do note that this is kinda the order for the regions the most advanced in payment security to the least (note that this is mostly based on eCommerce, as security for Card Present is similar around the world):

Europe (requires SCA, 3DS)

Canada (most merchants adopted 3DS)

Asia

USA (lack of 3DS implementation for some key merchants)

Africa

​

Source: I work for a Fortune 500 in the payment industry.

48