I always assumed that chip/pin being used was at least checked by the credit card company. The machine should be telling them if it supports chip/pin, and the cc company independently knows all the information about your card, so... urrrrgh.

What's also interesting about our chip readers here in the US is that they only do chip + signature for credit cards, so they're not adding anything if someone physically has your card (I've had the ones they auto-reissue, which Chase claims they cannot stop in their system, stolen from my mailbox).

The card company checks whether the card and terminal are EMV capable. But, the whole card system is not built on absolute security but on risk-management and fraud detection, that is somehow balanced with customer convenience. In effects this means that only thing that is absolutely needed for transaction to be authorized is card number, what other data have to be provided and what checks have to pass is function of trustworthiness of various parties involved (mainly of the merchant).

(for example, the EMV standard explicitly handles various failure modes like "PIN-pad is broken", "card holder does not remember PIN" and so on, and allows configurations that accept such transactions)

Agreed. I think for it to truly work it would require support from the terminal in the form of letting the processor know if the terminal does or doesn't support chip & pin.

If the terminal doesn't support it the processor always lets it through. If the terminal does support it the processor only lets it through if using chip and pin. Then again, maybe there won't be non chip and pin terminal much longer so that won't matter.

It's easy. Make card number ranges that must have chip and pin.

> Sure it could check for the actual chip, but credit card fraudsters aren't creating fake cards that include the chip so that wouldn't help either.

Should that read 'credit card fraudsters are creating fake cards that include the chip' ?

No, what he wrote makes sense as written in this context.