IIRC from some resarch I did, a decent card provider will reject a magstripe transaction from a terminal with EMV capability if a card is known to also be EMV capable... At least, it could in theory.
I live in Canada and that's what happens with all of my visa/debit chip cards. If you attempt to swipe your card and it, as well as the terminal, are chip enabled then it gives you an error and asks you to insert your card into the terminal.
That is triggered by the magstripe though. The point here is you can trick the reader by turning off that feature on the magstripe and the reader doesn't do any additional check on whether EMV should be required.
Based upon my knowledge of EMV liability, the merchant would still be clear from fraudulent charges if they had an EMV reader. If the device tells the reader it can't do chip & pin, then the buyer is the least secure part of the transaction.
Not in all cases, I believe. For instance, to use my debit card in China, where a lot of payments is still done via magstripe, I have to call my bank and ask them to enable magstripe transactions for me in their system. Otherwise, the bank will keep rejecting transaction attempts.
> IIRC from some resarch I did, a decent card provider will reject a magstripe transaction from a terminal with EMV capability if a card is known to also be EMV capable... At least, it could in theory.
That's how it works for all countries other than the US. In the US EMV capable terminals are not common so transactions in the US are typically permitted no matter if magstripe or EMV. This is why starting with October this year the US are finally making the switch to EMV and once that roll-out is complete, magstripe transactions could (theoretically) be either disabled or severely limited. For instance you might have to confirm a magstripe transaction with a text message.
They could definitely do this, but I don't think any of them do (or will for quite a while). It's perfectly acceptable for a business to continue sending magstripe transactions if they want. The business just takes the responsibility for chargebacks. This would just look like a transaction where either the reader didn't have the functionality or the merchant decided not to use it.
The business has an interest in using chip & PIN. I forget the details of the contracts they have with the banks, but the chip adds extra protection to the credit card company, and the PIN adds extra protection to the business. Which is why people are annoyed that the credit card companies want to stop at chip & signature.
