But this gets filed as "infrastructure is hard". A related example: If you get a chance, try the IC card system used by the train and transit systems in Japan; they're delightful.[1] At peak rush-hour, commuters are darn near running through the (many) pay stations tapping through without breaking stride -- including display of remaining balance!
Yet, the relatively recent transit tap card system where I live is laughingly slow. At a much more modest walking pace, it's easy to pull away from the reader before it's confirmed the transaction. Seconds per commuter, for system that's considerably newer than the IC card system.
We also have contactless payment on most of our credit cards (as in built into the card, not Android/Apple Pay) and support for it on ~90% of terminals as well though so it's not much used anymore.
Prompt #1: Credit/Debit?
Prompt #2: PIN
Prompt #3: Would you like cash back
Prompt #4: The total is $xx.xx, ok?
This is time consuming, particularly for people who aren't as comfortable with electronics and pressing buttons. And on top of that, many times the terminals themselves are slow.
Pay-at-the pumps are even worse
Prompt #5: Are you a fuel perks member?
Prompt #6: Receipt yes/no?
Prompt #7: Would you like a car wash?
and they're often even slower, the buttons are often hard to press, or don't register a beep and have a delay before the machine responds, so you wind up pressing the same one twice. And most lack a 'backspace', the screens suck, man don't get me started....lol
Everyone else, yeah, pretty slow.
I am surprised that apparently only 1 vendor has figured out how to make a good chip reader, and I am sad that apparently other retailers don't care enough to buy from that one vendor.
I personally used my credit card at one of the affected stores, and I do not plan on calling in to have my card number changed. I'll just keep a close eye on my statements (that, and I have alerts sent to my phone via SMS for any charge over $0.01, so I'd know pretty quickly)
There is no way too know if you are actually doing and EMV transaction.
The EMV spec has nothing at all to do with security. PCI controls security. I can read the card data via the chip and it's all in the clear. EMV is about process integrity, and the integrity testing is ridiculous. Chip cards are harder to forge, but that's about it. The new rules about liability puts the liability for processing a forged card on the merchant, if the transaction isn't done with EMV.
What other customer information could have been affected? Kudos on the masterful PR spin — I guess by now Chipotle has had a lot of practice at this...
I haven't tried cash back as I use credit cards rather than debit cards. I've used Apple Pay in the US, Canada, NZ, Australia, Germany, Sweden, and Denmark, and it's ALWAYS preferably to using the actual card, particularly for an American.
If you have a US based bank, even with EMV the bank prefers a signature, which means you have to sign the damn receipt. This is more inconvenient than doing so in the US because:
1. The merchants aren't used to it, so it's a surprise/hurdle 2. It's not common, so you have to sign an actual receipt, not an electric display 3. They don't seem to waive the signature requirement for small purchases ($25-$50) as they do in the US. So you're signing for EVERYTHING.
Magically, if you try to use your US-card-with-a-PIN (assuming you set one up) in an unmanned scenario like in a parking garage, SUDDENLY YOUR PIN WORKS! (quelle surprise!)
I also fell in love with the convenience of Apple Pay+Watch when I was skiing in Whistler; no need to take off my gloves, unzip a pocket, reach in, find, card, use card, sign receipt. Just a quick double-tap on the side button without even undoing my glove gauntlet, velcro closure around the wrist of my jacket, or any of my 5 layers of clothes (yes, it was cold).
Paywave was the most-commonly accepted in Australia of everywhere I've been recently, to the extent that they even tap your credit card to the machine first, assuming it will work, and are surprised when it doesn't. Yet they were VERY surprised by the watch, often saying they had never seen anyone use their watch before. I'm not sure if contactless+phone would have been as unexpected or not; I never tried.
I'd be worried about the system rebooting to do a system update while I turn my back for a minute to help a customer.
If not, this isn't necessarily something you need to be very proactive about.
The file name in question (thanks, heywire) is "us.json". I'm left wondering whether and how much of an international scope there might be to this.
While the version of their web site that I'm receiving by default seems to be geo-centric to the U.S. and doesn't mention foreign locations, Wikipedia has:
https://en.wikipedia.org/wiki/Chipotle_Mexican_Grill
Chipotle Mexican Grill, Inc. (/tʃᵻˈpoʊtleɪ/)[6] is an American chain of fast casual restaurants in the United States, United Kingdom,[7] Canada,[8][9] Germany,[10] and France
For reference, Wikipedia claims Chipotle has 3,010 restaurants. So at least 75%.
Even after a decade in the US it amuses me that NASA can run a fleet of vehicles on Mars, that the country produced places like silicon valley, and that American ideology is one of entrepreneurship/innovation but as a country we struggle with changes the rest of the world has decided are worth the effort.
It makes me wonder what the US would be like if we weren't still wasting huge sums of money on healthcare and credit card fraud etc!
Of course some may say that the US is what it is because of these things...
I think the problem is inherent in early adoption. The people who buy the first version of the thing are happy to wait another couple versions before upgrading, because they already have something which is substantially similar to the upgrade. You see this with people comparing the telco situation in Ethiopia (which despite a terrible organizational model, and very little capital, is improving rapidly) to anywhere in the developed world doesn't make sense. If you have landlines and a cable TV infrastructure, 4G over the air will have less demand automatically.
According to staff at a few shops in my area when asked why they always ask if tap to pay is ok they said a lot of people still don't allow them to tap and insist on chip+pin still.
How hard is this to understand?
Who doesn't ship next day anyway?
Pissed me off to hell since the previous card was less than a year old and they should have just issued me the chipped card then.