@hisold My bank stopped issuing #girocard cards with #magstrip 10+ years ago as magstrip was phased out and #NFC was phased in as well as #PSD1 being introduced.

• Even before that merchants rarely accepted magstrips and those who did asked for #ID as soon as purchases [i.e. fuel at a gas station) exceeded like €100 because unlike #Chip + #PIN the payment processor does not guarantee them that the payment will be accepted and the amount guaranteed.

That's the main push factor: Alongside lower processing fees and faster processing, the Chip+PIN & #NFC systems actually request a blockage of the amount and will automatically decline without incuring fees if the balance / limit is below that amount - sometimes even before the PIN has been entered (it'll just not show it until the PIN is entered so fraudsters can't just abuse this as a means to check balance.

• There's a nice podcast with #JohnBoseak where he explains how stuff used to [and allegeldy still does] work in the #USA re: #CreditCards. Given that I worked for a #PaymentProcessor in the past this is some basic knowledge re: #security, because one needs to understand how stuff like CNP ("Card not Present") works and how the system is architected to the point that even if someone were to hack the database of said payment processor, they'd never find any CCs or the CVVs stored there at all.

It's also insightful because #fraud would be way more rampant if the card issuer, payment processor and card system operator [i.e. AMEX, VISA, MasterCard] didn't all run their own AFE [Anti-Fraud Engine] each automatically assessing risks within less than a second for every transaction.

• That's why one can get their #CC blocked when using a #VPN and why fraudsters need the location of their victims because if I had a CC and used it regularly and someone were to try to swipe a skilled copy of that at a Walmart or Best Buy on the East Coast of the USA less than 24 hours of my last use in Germany, that would automatically get declined as fraud and the person at the cashier will call security because noone is travelling that quickly that far.

But that's just some cold OSINT based off #TechSupport and peeking behind the curtains professionally...

• There's way more but I can't go into details on that.

Rest assured if you have a CC you can be as certain that someone tried to abuse it as I'm certain my bank blocked fraudulent money orders against my account because of AFEs working - it's just > 99% of all fraud attempts get blocked instantly and merchants rate-limited or kicked off the system when they do something suspicious.

• Same reason why one can't frame someone for a crime by just wiring obviously illicit funds to their account: AML (Anti-Money Laundering) will catch that and unless the account holder were to ask "Where's the money/transaction?" #FinCEN et. al. won't even bother calling the account holder up simply because "oops I wired money to the wrong account. Can you please send it back?"- #scam is a well-known method to turn unsuspecting people into money launderers.

So yeah, that "#magstrip" may be just lacquer but unless it's specifically advertised otherwise only holds the CC & CVV as well as service codes [i.e. chip+pin only] to tell the terminal "Don't accept magstrip, mandate Chip+PIN"]...

• Outside the #USA, this is the norm due to #PSD2 exceeding #PCIDSS by quite a lot!

Only underdeveloped countries like the #US still use #Magstrips and #credit and not Chip+PIN & #debit!