I've had a USAA Chip & Pin card for quite a while now. With the exception of petro station pumps in the UK, it has been working fine. Recently, I've noticed that Walmart card readers are treating the card as a Chip & Signature card instead of Chip & Pin. Is this a Walmart decision or did USAA change something?
There are several discussions going on about USAA's decision regarding Signature vs. PIN.
Customer Validation is a joint decision between the card and the merchant termiinal. The terminal asks the card, "what's the first way you want to validate that the right person is using this card?" If the card says, "I want him to sign" and the terminal has a signature pad, that's what happens. If the card says, "I want him to sign", but the terminal does not have a signature pad, then the terminal says, "can't do that. what is your next method?" They keep trying until eventually they find a way to validate the customer or they give up.
Early USAA MasterCards behaved like European cards. They defaulted to asking for a PIN as the first choice. The MasterCard that I received in August defaults to first asking for the Signature. When I was in the UK last September, every merchant had a signature printer, so I was always given a slip of paper to sign. Even the lady selling Edinburgh city bus tours had a printer hanging off her shoulder.
On the other discussion thread, a member reports having the same experience in Canada except when using the card at a gas pump. The pump had no signature pad, so it asked him to input a PIN.
My own USAA MasterCard has a series of CVM's. Signature comes first, and then it wants to try an on-line, encyphered PIN, an off-liine encyphered PIN, and finally an off-line plain text PIN. So, I am confident that the USAA card has a PIN. Knowing what the PIN is, of course, is another matter.
Thanks for the additional details - I wasn't aware of the negotiated verification process. My question was really around what has changed with Walmart in the US.
I have one of the early issue EMV World Mastercards from USAA and have always been asked for a PIN in the UK. In the US, when Walmart enabled the PIN readers on their terminals, they wouldn't allow signatures. Attempting to swipe the card through the strip reader resulted in a "stick it in the slot" message. Sticking it in the slot resulted in an "Enter PIN" message. No request for signature.
Now - Sticking the EMV card in the slot results an a terminal signature request. So, something has changed on the Walmart side as my card hasn't changed.
I have a certain amount of empathy for USAA. While they probably have an above average membership when it comes to international travel, the non-international members are still substantial. With the US history of sign = credit, PIN = debit, the transition to EMV was never going to be easy.
What's annoying is the lack of communication from USAA about the change in verification for the early users. By definition, those users had to request EMV cards, which means they know exactly how they are supposed to work. An email stating that USAA was changing the verification method in the US would be nice, as well as some comment about how that may or may not change how the USAA cards work outside the US.
This thread is both illuminating and disappointing. I have a USAA chip & pin card issued in January 2014 which is genuine chip & pin (used overseas). In January 2015 I received a card for a new account and it is chip & signature ONLY, per the comments above.
According to the USAA rep I spoke with, there is NO PIN associated with the chip on the new chip cards (there is a pin you create on-line to withdraw money using the magnetic stripe at an ATM).
This "new policy" is a step back from the true security of the chip & pin and is a retreat from the USAA tradition of being the leader in customer security. The "theater" of stating that USAA cards possess "chip technology" is contradicted by the policy to revert to reliance on the weakness of swipe & sign (only, now it is insert-the-chip & sign). it saddens me that USAA has gone the way of other financial institutions by forcing its customers to read-between-the-lines ("chip technology" vs "chip & pin") and to force the customer to learn-by-using that the new cards are as weak as the old swipe & sign cards.
While it might be more difficult to forge the new cards, due to the presence of the chip, it is just as easy to fraudulently use the card (if it is lost or stolen), and it is just as easy to duplicate the magnetic strip. The genuine chip & pin card has coding in the magnetic strip that tells a chip-or-swipe terminal that there is a chip on the card. And the terminal then demands that the chip & pin be used to complete the transaction with a pin. Not now.
This was a poor decision by USAA and a breach of trust by stepping back and waiting to see if the customer noticed. That is what the competition does. It is not part of the USAA tradition of excellence. Shame.
Oh, my. I certainly HOPE there is a PIN associated with USAA MasterCards. The Customer Validation Methods on my card say to ask for signature first, but if the merchant terminal cannot do a signature, then to try three types of PIN. In practical terms, this means only unattended terminals, like at gas pumps, will ever want a PIN, since all US merchants are set up for signatures.
There definiteiy - or was a PIN assigned. My USAA World Mastercard has a PIN and it worked just fine up until about a month ago. The card hasn't changed, but in the US (or at least at Walmart) it now uses signature verification. When I get back to the UK, if I find signature verification there as well I won't be happy at all.
You mention that in the past WalMart asked you to input a PIN, but the most recent time WalMart asked for a Signature.
Did you still insert the card, rather then "swiping" it?
I ask because most of the card machines I see in large retail operations obviously have a place to insert the card, but they always put up a message, "Please swipe your card." When I insert my card, absolutely nothing happens. i.e. those retailers are not yet capable of processing an EMV card, even though the hardware is in place.
That brings up the idea that maybe the card machine could be programmed to say, "I have a PIN pad for debit cards, but I do NOT have a PIN pad for credit cards." If that were the case, then a card set up for "PIN preferred" would keep trying until it got to the "Can you do a Signature?" validation method.
Will also be interesting to see what your card does when you return to the UK.