It's not about paying by cash but paying by card offline. How is this going to be implemented I wonder.
On planes they often accept credit cards even when there's no internet. I assume this is a trust in-credit-based system because they don't accept debit cards, i.e. if you are worth being trusted with a card you can have your sandwich now and we will take care of the bank processing once we are on the ground. So maybe this will be like we trust you enough with basic goods that once we get a connection things will be sorted out situation?
The EMV standard has long supported an offline transaction flow. AFAIK it was the default almost everywhere in Finland circa 2011, contactless there was almost always instantaneous. Digging into why that was compared to the invariable wait when using contactless in the UK revealed this flow.
The card has a variety of risk counters on it that allow it to securely decide whether an offline transaction can proceed, at least some of which are also exposed to the terminal which can have its own separate policy. I imagine internally the banks and payment gateways have a huge variety of internal related tuneables.
Yes the EMV standard has offline card payments baked into it, and most banks in the EU and UK used to use offline transactions for contactless.
Your experiences in the UK are almost certainly linked to the card issuer you were using (was it a Monzo card by any chance), and nothing to do with it being the UK. The vast majority of the legacy banks have always used offline transactions for contactless.
However there has been a bit of shift towards online transactions, driven by EU rules likes strong customer authentication, which requires regular pin entries determined by cumulative spending and duration limits (which ever is hit first). It’s a lot easier to reliably meet the requirements of SCA using online transactions.
As for how offline transactions work. It’s reasonable simply. The terminal asks the card to sign the transaction using the cards private key. Now there is an extremely complicated set of rules around how liability shifts in the event of a fraud claim, depending on many factors like the type of transaction, if a pin was entered and validated by the card, if the card ask to go online and the terminal ignored the request, they type of merchant, the exact region your in etc etc.
But regardless of all that nonsense. The technical process is very simple. The terminal has the transaction cryptographically signed using symmetric encryption with a private key that is only known to the card and the issuer of the card. That signed transaction can later be presented to the issuer so the merchant gets paid.
Given it’s a symmetric key, you may wonder what happens in the event of a dispute between the issuer and the merchant, where the issuer claims they received a forged transaction. To which the answer is, the issuer sends a signed and sealed letter to card network operator saying they have double checked the transaction signature, and believe it to be forged. And if anyone doesn’t believe them, they can sue em (this is not at all a joke, it’s literally the documented and contractual process used by the major banks and card networks).
A lot of internet payments work this way already anyways, not many gateways require auth before capture, processors/payfacs just do it because it gives lower interchange and reduces risk.
I think metro trains in countries like The Netherlands and Singapore use this approach where in you tap your cards and entry and exit and you are billed usually somewhere at the end of the day.
Exactly like that most likely, I am old enough to remember those machines where credit cards left their mark on the receipt, that is why their numbers are higher than the card.
What’s fascinating (apart from the sound those things made is still in my head) is that the very nature of the technology meant who could and could not get credit varied. At first (1950 diners card onwards) only well off could use it at limited establishments (ie restaurants) and they would postal deliver lists of cars - initially white lists of valid card owners and later hot lists of delinquent card owners. Stick your privacy issues in the restaurant food bin there!
Calling a call centre to verify every transaction is too expensive so only purchases over certain limits came in following BofA/Visa - and that stated that way till the late eighties when larger stores started using back office to talk to Visa network etc. but even so the ability to do live updates and verification was too much and there were weird cacheing tricks
So banks could easily approve or be liable for transactions they would prefer not to approve - so they only gave credit to the rich at first, and then to those who paid back regularly. This info was shared and became credit reference agencies - because the credit card companies shared it initially like casinos but the abuse and mistakes brought legislation
I think what i am saying is our consumer credit culture was not designed, it just grew.
When I was working retail (almost 20 years ago :[ ) we imprinted more often because of a failed magstripe, than a computer outage. In the event the card couldn't be swiped, you could key the number in, but the printer would create an extra-long signature slip instead of the normal kind, and we'd imprint the card onto it, as proof the actual card was there. This was I assume to prevent us from having to pay a higher 'card not present' interchange fee, and in terms of fraud, made it really obvious if someone was doing something shady like typing in card numbers without the card or cardholder being present.
We did sailing charters growing up and had one of these on the boat, I was in charge of it and the sound & feel of the CH-CHUNK is seared into my memories like nothing else. We never got any declines, but I always wondered how that reconciliation process actually worked out.
When I got my first account to accept credit cards in the 90s, they sent me a kachunka machine along with a bunch of window stickers, all of which were kind of silly since it was for a magazine and I almost never took payments in person (it was also a challenge to persuade banks that the fraud risk was low since magazine subscriptions required a stable mailing address over the course of a year—as it turned out, the only instance of fraud I ever had was a subscription plus back issue order sent to Hungary—still kind of weird to think someone would engage in crime to get issues of a magazine about typography).
Just because an imprinter was used doesn't mean the transaction was necessarily "offline". Depending on merchant's policy, the cashier would call their processor, give them some transaction details and receive an auth code for the transaction which would be written on the imprinted ticket, thus authorizing the transaction at the POS just the same way it's done today (except with humans and phones, instead of an electronic handshake).
I used those machines to charge cc’s at a major ski resort in California in 2004. At the end of the day I would enter all the details in an online terminal and process the charges for real.
this is what first came to mind for me too. I'm in my 40s and still saw them used semi-frequently during my life. In ~2015 I actually paid using one in a taxi, that was the last time.
In the past embossed credit and debit cards were both accepted on planes. That's why they were embossed in the first place: for offline processing which in even more distant path was the only option. Later CC machines and offline chip/stripe transactions co-existed with online transactions.
Normally (at least in Europe) you couldn't get an embossed card, even a debit one, without proving your credit worthiness. The possibility of offline transactions assumes overdraft — the same as with check books.
When online transactions appeared, banks started to issue Visa Electron and Maestro cards which didn't work offline, could explicitly prohibit overdraft and were easier to get.
But nowadays all boundaries gradually disappeared. Nothing is embossed, Visa Electron doesn't exist, bank issue debit cards with credit codes. It's all much simpler and more confusing at the same time.
Ironically, the few embossed cards I still have are from debit or prepaid issuers, presumably in a plot to make them look more "official", so at this point we've looped around completely and I've started associating it with a dated/tacky look. (They also take up twice the space in my card wallet and often lose their cheap metallic paint over time, annoyingly spreading glitter across my pockets.)
star/plus/cirrus etc - pure debit-only networks - aren't accepted on a plane
debit cards that are on one of the credit card rails (visa, mastercard, etc) are very common. those work because they're just a normal visa transaction
Edit: OK maybe there's different level of trust and some take a leap of faith :) In my experience debit didn't work but it appears that its not the same everywhere.
Restaurant POCs have an offline mode. They had to ask my zip code so I suppose it just counts as a "card not present" transaction that goes through later. Does present the question of whether that data is temporarily stored unencrypted or if it's immediately encrypted to be sent to the bank when it comes online
I, for my sins, have had to read PCI certification standards, and they're required to be encrypted, or not stored at all. Not that every implementation follows that, of course, but that's the expectation.
I work for a POS company and we support offline payments. The SDK(s) we use for our card readers give us an encrypted block of data that we can store and retry when back online. We don’t support “Card Not Present” when offline, we always tokenize cards if we enter them manually (HPP) which we can’t do when offline.
What would asking for the ZIP code help if it can't be validated on the spot? If the terminal submits the transaction in batch later, it's too late for that to catch a stolen card.
Providing an incorrect ZIP code also makes the transaction more likely to be declined than not providing one at all for card-not-present transactions (and is also allowed), so it really makes no sense for a merchant to do that.
On every flight I've been on recently, Internet was available to passengers. Surely a few KiB (I assume that this is what a credit or debit transaction requires) could go over this system?
Often this is indeed trust-based, but the trust isn't due to you having a card issued by a trusted bank (most airlines accept debit cards too), but rather due to passengers being extremely visible and well-identified:
In-flight credit card fraud is an incredibly bad idea, given that most countries check your ID at least at some point during getting on the plane, and seats are usually assigned as well. (Doesn't mean that nobody tries, of course [1]).
Sometimes airlines also use ACARS (basically airline-specific telex over VHF, HF, or satellite) to send the card number to their backoffice for authorizations of large amounts, such as business class upgrades.
These days, of course, Internet connectivity is getting more common, and with that the problem will likely go away.
Not that I disagree, but it does make me wonder if this would be one rare instance where American Express which I know is notorious for siding with their customers (at least for a time? - my father worked as an accounts payable accountant at a big hotel in Orlando near Disney World and he said American Express was notorious at not paying even with signature if their customer claimed it was fraud) would still side with their customers. Leaves one to wonder if they even take Amex on flights.
I still remember them taking my card which I think was a debit card on a flight and shoving it into carbon copy paper and basically billing me whenever we landed. This was late 2000s. From Puerto Rico to Florida.
> paying by card offline. How is this going to be implemented I wonder.
Paying offline used to be the norm for credit cards, from their introduction in the 1960s until some two decades ago.
Wikipedia: [...] until always-connected payment terminals became ubiquitous at the beginning of the 21st century, many merchants accepted all charges, especially those below a threshold value or from known and trusted customers, without verifying them by phone. Books with lists of stolen card numbers were distributed to merchants who were expected in any case to check cards against the list before accepting them, as well as verifying the signature on the charge slip against that on the card.
I’m a millennial and even I remember when all card payments were offline.
I remember a bar I worked at had trouble because some customers had begun writing wrong signatures and the receipt had been rejected by the bank the following week.
I took a Spirit about a year or two and accidentally gave them an old card for payment. They didn’t bill til a day after landing and it got denied. I settled it on a later flight but they definitely lose some money from this.
Essentially, you (the merchant) just write down their card number, and how much they paid you, and then later you send that list to your bank who sends it to the credit card network.
There is no big technical hurdle. There is a big social hurdle in convincing your bank and the network that you should be allowed to do this. Also the card number gets copied by a little pressing machine onto carbon paper or something like that, not just written down.
Being able to spend money you don't have is not a new thing, and poses no technical problems. American readers will know you can easily do that with a cheque. It's your responsibility not to do that, and that's one reason why the bank wants so much personal information to open an account, so they can send the police over to break your kneecaps.
In Norway, the card terminals usually go into an "accept with signature" mode if they are temporarily offline. So they print a receipt that the customer has to sign. (This is for BankAxept debit cards, which are standard in Norway.)
In a grocery store line once, I remember a distraught customer whose card was declined due to insufficient funds. The store manager came over, yanked the ethernet cable from the payment terminal, and told the customer to try again. "Accepted with signature."
Airlines typically are already in possession of your credit card, so most likely it's just "if he stiffs us, we can always find the carrier they registered with"
I got my first Credit Card in 2000 (I think that was 2000 or may be 2001). Credit Card swiping devices were rare and many a store just use that Imprinter thingy, and I sign on the carbon papers. That was an offline process. This was in Bombay (INDIA).
> It's not about paying by cash but paying by card offline. How is this going to be implemented I wonder.
Considering that the card has memory on it, you can store there how much balance you have when you do an online payment. The bank can send back your available balance, so you cannot spend offline more than you have.
You could store money digitally on a card. Moneo did that until 2015 and it was used in France as a wallet for paying meals in school canteens for tertiary education. That system was phased out just as I left university.
I remember writing an app in Java to read the balance on a card with my laptop which had a built-in smartcard reader, because I was too lazy to go to a station. Everyone in the classroom then promptly asked me to check their balance... and a few asked if I could top it up somehow.
Think about credit cards before online processing - the old paper machines that imprinted your card onto carbon paper.
The merchant was guaranteed payment. You, on the other hand, were indebted to the bank. The concept of a “credit limit” was the line over which the bank insisted you not step, lest you incur fees galore.
Credit cards were originally an offline payment method. The merchant would create a receipt that included a contact paper imprint of the card (which is why the card has raised lettering) and would present it to the bank for reimbursement.
My Garmin watch has Garmin Pay, which works even if I don't have my phone with me. I think I just presumed that there is a bank balance cached somewhere in the app so that an attempt to spend up to a hard limit or that amount will work.
Mobile/wearable wallets are usually online-only, since you can add one card to many devices, so offline limits would be really painful to synchronize (or alternatively banks would be taking a big risk by allowing more than one or two devices and duplicating limits).
Using a card-to-card transfer of some sort of credits/units, with eventual online settlement. Using chip cards, obviously. The tech for this existed since at least mid '00s.
I mean that is what mondex was and oystercard is today. Closest we can get on the us is a prepaid refillable gift card. I Keep hoping for digital cash, no dice so far
A "debit" card could have 1000 crypto wallets, each with $10 in them. If you want to pay $90, it forks over keys to 9 of the wallets, and they get drained by the merchant as soon as they have a connection.
Offline, without double spending risk? Absolutely not, or at least not without a lot of extra headaches.
For that, you'll need at least some trusted hardware (generally an antithesis to trustless crypto schemes) and/or a clever incentive system (e.g. with senders staking a multiple of their balance as collateral, and never being quite sure if receivers are really offline, or only pretending to be, ready to claim their stake once they get publicly verifiable proof of double spending).
I don't think they do, people move around and swap seats. I expect they just find the losses small enough to write off. I was once travelling shortly after being issued a new debit card, but still had the old one in my wallet and used it by mistake and I wasn't charged. They never tracked me down for the cost of that packet of crisps!
Some context might be useful here. I spent some time living Sweden not too long ago and Swedes practically don't use cash. It's usually not said out loud, but cash is often considered to be dirty and criminal, to the point that most don't have any at all. Digital payments are very convenient and deeply integrated, so long as you have a local ID which allows you use the local payment system Swish etc.
This worked nicely until the tensions in Europe lead to more cyberattacks rolling in and suddenly you have people not being able to buy food, medicine, and so forth. Not too long after, there was a government advisory urging people to keep some cash reserves in case a larger cyberattack happens, but cultural habits at large are hard to change. This is of course a coarse simplification of the context, but might help understand this incentive a bit better.
> "It's usually not said out loud, but cash is often considered to be dirty and criminal ..."
Are you sure this isn't impression you've gotten from isolated reactions involving a small number of individuals, perhaps just a single individual? I can't relate to the sentiment at all, having lived here for just over three decades and experiencing the popularity shift from cash to debit card. I can, in fact, not recall a single time ever that someone has divulged the opinion that they consider cash "dirty and criminal".
More than anything else the Swede's favor of debit card is the convenience. Second to that I would say is the security of not immediately losing funds if you misplace the card or it being stolen - it feels less risky carrying a debit card, in particular if you're the type who prefers having more than a few "tens" on you in case you'd need or want to buy something.
I'm Swedish and if someone insists on doing a transaction using cash when Swish or card is available, I'd immediately start to wonder if it's for some kind of more or less shady reason, probably tax evasion at the very least.
I’d say he’s correct, people under 60 that uses cash are considered, if not criminal, at least suspicious, like they have something to hide. Or simply wackos.
I haven’t used cash for the last 15 years or so. Except for when I had carpenters at home who wanted to get paid in cash (to avoid taxes, so called black money).
Tradespeople sometimes request cash payment or provide a good discount for cash payments (well above any fee they would be charged). I guess where you are no one considers this dubious (really???) but at least in discussions with family the feeling is that the request for cash only payment is dubious.
We also have a local retail establishment that is cash only. I think it's looked at dubiously.
I personally have experienced it. Someone wanted to split payment on something between cash and a check so they could report the value of the item was lower because it would save them taxes every year. Again, the use of cash was I think a bit dubious.
Note: Cash allows you to avoid all sorts of obligations (tax / family support / debt collection and garnishment etc etc), ineligiblity for banking (europe is pretty strict in some cases for example with folks with no legal status with banking) and is still used in things like the drug trade. Even if everyone around you considers large cash transactions reasonable that might be naivety or they may simply not have been exposed to larger cash transaction activity.
I come from the UK where not accepting cash is only ok in hipster areas of London (or, was at the time).
When I joined my gamedev studio I had colleagues asking me why I had cash, and many of them didn’t even recognise what it looked like (there was a switchover of the notes a year or two prior).
There was an insinuation that I would use it for drugs. So, I suspect that the parent is right here.
Swedish banks (even the Riksbank linked above) regularly refuse to turn cash into digital money unless you can ”prove” where you got it from. It’s not sufficient to say (with immense credibility) that you worked hard all your life and saved it. Entire inheritances are regularly wiped out due to this, when high denomination bills are obsoleted by the Riksbank. So I’d say it’s not only a common sentiment but also government policy.
You are right I think. I lived in Finland and rarely used cash. Even people selling their clothes at pop up second hand markets seemed to be able to take card. It has nothing to do with criminality, just culture. Germans use cash a lot and it's harder for me now I live outside the eurozone to go there.
> Are you sure this isn't impression you've gotten from isolated reactions involving a small number of individuals, perhaps just a single individual?
Swedish here. The impression is common. Sweden is a small country and has long had a fairly cohesive culture. The culture has decided that digital payments are the way. Deviation from the collective way is always suspect.
Depends. Very long time ago I was approached by a group of seemingly friendly people asking for direction, then I felt sharp object to my belly and they told me to walk slowly towards cash point. They said they'll stab me if I don't withdraw all money I can. So I did. When cards were not popular, I would have small amount of cash in the wallet and anything more substantial hidden in a sock or elsewhere. Thieves would take what would be comfortable for me to lose. I guess it can be the same with cards - have a card with small amount and actual card hidden, but it is not as easy to hide as cash. Then you have whole other kettle of fish - banking apps. There's been instances of people being forced to do transfer at knifepoint. For that reason I don't use any apps, apart from throwaway bank account - again with small balance just in case. Shame more banks are restricting web access, which I think is most secure.
Not sure its considered criminal and dirty. I agree its more a convenience thing. There is no need ever to have cash (other than when payments systems are down but then lots of stores systems in general are down). I don't even think I have seen any cash for many years.
This is something I've heard from multiple locals, not something I inferred myself. As you can see, even here in the comment section you have people both for and against the idea. The notion definitely exists, how widely it's held exactly, hard to say. In my experience, that explanation came up often enough to catch my attention.
I'm pretty sure the younger generation is intimidated by cash and think maybe only criminals and boomers use it? I am middle-aged and keep a couple of hundred dollars on me of petty cash for day to day activities. If someone “holds me up” it's not a lot, but it's great for keeping my day-to-day purchases anonymous. I'm all for making cash “an option” for every purchase or at least those under say $10k, not everything needs to be tracked or known.
It is interesting how the European cash culture is so very different between the countries. In Austria I struggled to find places that would take any kind of digital payments. Germany wasn't as bad, but was pretty bad. My experience is about 3 years old.
We hardly use cash in New Zealand, over 85% of transactions are electronic. There’s a lot of places that don’t accept cash anymore because cash handling is annoying and risky.
That said, nobody thinks of cash as dirty, just annoying. Also our payment system has always been able to work offline, because it started rolling out in the 80s.
Since when does EFTPOS work offline? It works off the internet, but not "offline", if the phones are down, EFTPOS is down. It happens with relative frequency, given the weather. Or trucks hitting boxes, or diggers cutting cables. Shit happens.
Regarding places not accepting cash: NZ First (political party) is proposing to protect the right to use cash and make all businesses accept cash for up to $500 items.
> The Cash Transactions Protection Bill would mandate businesses in trade accept cash payment for goods valued up to $500.
I've visited New Zealand a few times en route to Antarctica. The only time I've ever needed to take out cash was for the Christchurch bus service. I was in MIQ on the way in, but they gave us free reign on the way out because Antarctica was considered virus-free (and according to immigration NZ, it counts as the Ross Dependency). There was obviously a lot of push for contactless payments in 2021. I get the impression that the pandemic helped really cement it, although it sounds like the UK where we've had widespread contactless for almost 20 years.
To add some more context to your comment. One of the big attacks was in 2021 with the Kaseya ransomware attack that caused one of the larger grocers (coop) to essentially be unable to operate. Made national news as they had to give away product for free in some places.
> And yes, we use cash so seldom that most people cannot from memory recall what the bills/coins look like!
It didn't help that the Riskbank replaced all bills and coins during a relatively short time period, and did it badly. People used up/deposited their old and didn't get new.
The new coins and bills have unnecessary denominations and bad design that made cash bothersome to use.
They introduced an unnecessary 2 SEK coin, that is almost indistinguishable from the 1 SEK coin — especially if you are unused to them.
They also introduced an unnecessary 200 SEK bill, that was just too big to be useful for small purchases. Several times I've seen people at ATMs withdrawing 100 SEK over and over again, just because they wanted the more useful 100 SEK bills.
> Digital payments are very convenient and deeply integrated, so long as you have a local ID which allows you use the local payment system Swish etc.
Just to reiterate how ubiquitous Swish and BankID are here: 99.9% of Swedish residents age 18-67 have BankID (8.6M users), while Swish has 8.7M private users, and 93% of those users send or receive money via Swish at least once per month.
Physical attacks are also possible, this site focuses on software so much of the time, while acts occur in the physical world. Cyberattacks are grey areas, but based on some of the undersea cable cutting and factory fires Russia has been performing, physical attacks are very much on the table if you can obscure the source.
It's funny. I live in rural USA and I overheard a girl say she wouldn't date a guy who uses a card as it wasn't very manly. He needs to use cash apparently. Where I live cards are seen as controlled by "them" and allow the government to spy on you and come after you for taxes.
Wouldn't say it's dirty or criminal, it's just convenient to use card, but if you buy a car it would be a bit weird if you insist on cash. It's mostly old people paying with cash these days.
How do you pay for things that are just one or two euros? In my local boulangerie they don't accept cards for less than 5€, so if I just want a baguette I need to have cash.
That was a thing in Sweden as well, but it's illegal to charge an extra fee when using cards since 2010. So to answer the question, everyone just uses cards even for small purchases, and often those "cards" aren't physical cards but Apple or Google Pay on the phone.
If you ignore supermarkets, basically no place sells stuff in that low of an amount. Using Stripe as an example, transaction fees are 1.5%+1.8kr. I’m hard pressed to find a place that sells items with a price below 20kr, and even cheap crap from china costs at least that when buying online. So unless your business has an unexpectedly large amount of low price transactions, it’s not a big issue.
In the UK most small shops had this same 'minimum spend' requirement for card. It disappeared a few years ago (maybe during Covid) and now I haven't come across minimum spend in a long time. That was one of the last things that made me always keep some cash on hand. Now, I genuinely cannot remember the last time I used cash - it's been at least 2-3 years, probably longer.
Oh it's easy: they don't use Visa / Mastercard, but their own domestic system called Swish, which is much cheaper for businesses and of course completely free for individuals.
Similar instant payment systems have really blossomed across the world, especially in recent years. One by one, countries are finally figuring out that there's no reason to rely on American brands for all of the payment processing.
How do kids get pocket money in Sweden? I can't imagine grandparents handing over prepaid debit cards to 8 years old to go buy candy at the neighborhood store?
Swedbank offers debit cards to kids as young as seven [1]. Depending on the kid's age (and what the parents configure), there will be different limits on how much the kid can spend.
Swish is the de facto standard for sending money between individuals [2], and that's what grandparents tend to use to send money to their grandchildren.
It's fee-less (for person-to-person transfers use at least) and it connects your bank account with your phone number. So if anyone wants to send you money, they can just open Swish and enter your phone number (or scan a QR code) and send you some. You also have to sign the payment with the BankID app, which is the de facto standard for authentication [3].
And when I write de facto standard I really mean it. 99.9% of Swedish residents age 18-67 have BankID (8.6M users), while Swish has 8.7M private users (93% of which use Swish at least once per month).
In Canada there's MyDoh, which is specifically a debit card you can give to kids including in that age range. One of the major Canadian banks runs this. Can only imagine that it's more advanced in Sweden.
More or less exactly so. There is another downside to it: When money is just a piece of plastic which you touch the cash register with and get what you want, how to you learn to appreciate money? Coins and paper money is also excellent for counting, as they naturally come in different valuations.
When counting money is just arithmetics and never cash, something is missing, and it's very clear in many young kids. Money is just points in a game, suddenly you're out, and then you can't get what you want anymore.
Where I grew up, (sadly) it's not been common since at least 50 years for 8 year olds to go buy candy at a neighborhood store by themselves. Parents had to drive us everywhere.
I haven't used a banknote in more than 15 years.
During this time I can't recall a single time I saw anyone using a banknote either.
Here in Malmö where I live, especially since COVID, you'll be searching more and more to find stores that take cash (besides supermarkets and kiosks and the like). I would say more than half of them don't accept cash any longer. Speaking of restaurants or pubs, my estimation would be that 2/3 have signs that say "no cash". Maybe more.
You can't do simple things as taking public transport if you want to pay by cash. You can't pay in the bus. You can't buy in the machine. It's all card or app only. You'll need to search around for an equivalent of a 7-11 kiosk to be able to buy a ticket using cash. Depending on where exactly you are when you need that, it may take as much walking than you wanted to save by taking public transport.
If you took a daily trip to the Danish side (Copenhagen) and need to come back home, I'm not even sure if it's possible to get back if you need to buy a ticket and only have cash on hand. Only Skånetrafiken sells that particular ticket and only via machines that don't take cash.
Handling cash became more expensive than taking card payments. It's also more complicated in terms of logistics and payments take longer. With this set of incentives, it's understandable why the shift happened.
Not saying I particularly like this development. Just reporting my anecdotal experience.
If your local hairdresser gives you a cheaper price when paying cash, wouldn't you assume tax evasion? (criminal).
Someone selling a used bike, or other items of similar value, on second hand market and not accepting Swish would maybe not directly be considered criminal, but would for sure raise an extra eyebrow about the origins of the goods.
Otherwise correct, nobody would blink if you use cash for other daily purchases like ice cream or groceries, even if unusual.
> but cash is often considered to be dirty and criminal, to the point that most don't have any at all.
Is it because it's considered dirty and criminal, or is it because it's a pain in the ass to deal with, and most people have no reason to bother with regularly withdrawing it, and then carrying it around?
It's funny how these attitudes vary across the EU. Here in Spain the government is trying to move everyone to digital payments so they can keep an eye on the flow of money, but normal folks are transacting as much as possible in cash to hide from the tax man...
I live in the US and never use cash. I use a credit card and automatically pay the entire balance every month so I don't pay any interest but get 2% cash back. I pay rent using a app on my phone and a checking account.
it's really visa lobbying to destroy the (somehow worse than visa) easy credit new players. they give credit like candy because being online and low value only it's easier to avoid (or swallow) fraud.
forcing their hand to accept offline sales mean they can't decide on the spot, and now those 5k credit lines which they only allow transactions for sub 100 purchases at a time will be wide open for offline fraud they can't detect, and which visa already know how to handle/sustain.
this will probably be lobbied elsewhere soon. i predict Netherlands is next.
When everybody in the industry decided the implementation was more trouble than it’s worth. (Offline-capable chips, that is; embossers were 80% solemnization ceremony and 20% data entry aid, just like signatures as "cardholder verification", and are a non-starter from a security perspective.)
The mindset was one of ubiquitous Internet connectivity, which is cheaper than maintaining a complex stored-value or offline limit based solution.
Of course, this assumption does not include some externalities in case of large scale outages, maybe due to cyberattacks…
There's a term I saw all over someone's Google calendar schedule, pre-pandemic "DNS without asking". Now I realize it means "Do not schedule without asking" but my mind thought "Domain Name Service without asking" ... how in the hell would you do that?
I guess this is similar: how do you make trustworthy decisions that seem to inherently depend on the network, in the absence of a network? Before the internet, we had phonebooks instead of DNS, and we had cash instead of cards. Did the phonebook have every number? No. Was every piece of cash not counterfeit? No. But it's "good enough". Portable reference sources and tokens. The references are issued periodically and the tokens have evidence of exhaustion, their decay over time. A dog-eared dollar with a bunch of phone numbers on it, half-torn ... the merchant doesn't have to accept it.
How do you do these things digitally? Periodic issue seems pretty straightforward ... if you have a network. Token issuance, similarly, needs at least occasional communication with other nodes in the network.
So there's a local dwell capability.
Is this part of the same reaction we saw with Denmark starting to have emergency stores within 50 km of every Dane? Is this motivated by a need to prepare for war?
>The possibility to pay by card when the internet is not working – ‘so-called offline payments’ – is an area that ‘the Riksbank believes needs to be improved considerably, particularly in light of the geopolitical unease in the world,’ according to the announcement
We know exactly how to do these things digitally. Many European countries have had stored-value payment schemes in the 90s. Japan still does today.
It's a completely solved problem, but it's a more complex (and as such more expensive) solution than just assuming ubiquitous connectivity and a backend that never goes down, which is how we got to where we are.
> Is this motivated by a need to prepare for war?
Preparing for cyberattacks seems like a prudent move, no matter the adversaries' motivation. But yes, the context here is pretty obvious in Europe.
> We know exactly how to do these things digitally. Many European countries have had stored-value payment schemes in the 90s. Japan still does today.
But how do they prevent people double spending the same amount? Say someone has 100$ and boards on a plane. During the trip, this person buys a bag of potato chips sold for 90$. At the same time, his bank account is automatically charged 90$ for a bill.
With credit cards, handling this case is baked into the system. As far as I am aware, direct debt has no equivalent.
> The online function shall apply to physical payment cards and accompanying PIN code when purchasing essential goods such as food, medicine and fuel.
Is this a typo where they meant to say “the offline function”?
If I’m reading this right, the goal is to allow food, fuel, and medicine purchases with card + PIN in offline mode.
Seems like a reasonable goal. I wonder what the technical details will look like. Will there be a periodically updated list of cancelled cards/accounts distributed to endpoints? Even a hashed list of all cards cancelled before their expiration date within a country is a reasonable amount of data for modern storage systems.
Or would they simply rely on the ability to track down account owners by their originally registered contact info in the event that someone gets an invalid transaction through during an offline period?
> I wonder what the technical details will look like
It’s already a thing, the EMVCo standard predates ubiquitous internet connectivity. Mass transit systems typically use it, airlines used to for in-flight purchases before the advent of reliable WiFi.
It is somewhat common to maintain a denylist of known fraudulent cards, but as you note the main mitigation is on the bank to track the card down. One of the key things you need to figure out with an offline payment system - and what I imagine is needed here - is a consensus on who has the liability for offline transactions and what the dollar limits are.
The card itself knows its balance and is authorised to approve transactions up to a limit fully offline.
The UK already does this in some shops for low value items for NFC payments. You can tell the offline transactions because they immediately say 'approved' rather than taking a few seconds.
If it turns out the card approved something 'wrongly', for example because you had previously reported the card lost to the bank, then the bank refunds the transaction and claims the value back from the merchant. That's why many merchants have their terminals set to require online payments.
Your card doesn't know the balance, it doesn't work like that.
Offline transactions mostly died off when the limit in the UK for contactless was raised to £100. At £20/30 (the original limits) issuers/merchants risk accept some payments not being valid (and the total limit before you had to chip and pin was fairly low top).
And worth saying, the merchant has some control on the terminal but mostly the decision of offline/online is down to the issuer and configured on the card.
EMV (chip cards) can have a small amount of local smarts, so it is typical for example to insist on going online for a large transaction or if the card has performed too many offline transactions since last going online. The card maker decides these rules, so the bank gets to ensure the cards it issues to customers meet whatever requirements it has decided upon, balancing fraud risk against problems with loss of connectivity or services being down.
So I doubt they'd bother doing some sort of ad hoc revocation technique.
I'm not sure what they have in mind for supporting offline payments, but I think that Japan's FeliCa-based [1] electronic money systems (Suica, iD, etc) are pretty impressive. They are most typically used to pay for transportation, but also widely accepted at stores, vending machines, etc. Balances are stored on the card, and it's very fast to use and seems secure for the most part. Recently it's also available on any smartphone or smartwatch with NFC. Japan was pretty slow to adopt touch payment for credit cards, so for a while it was my favorite form of payment.
Transit cards have a pretty low charge limit compared to credit cards - Suica balance is limited to ¥20,000 for example (although for cards that are backed by a credit card, I think the limit is higher). And now that Japan has fully embraced credit card touch payments, FeliCa-based systems are losing market share to Visa, Mastercard, etc.
But it really shines for applications requiring speed (i.e. a turnstile in Tokyo station) or offline payments (a vending machine in a park somewhere).
In Germany, there is the Electronic Cash (or newer versions called Girocard) which is similarly smartcard-based for the offline use case, but pairs with a regular debit card for online use [1]. Apparently, not that many people use the offline functionality.. it also has a somewhat low daily limit (though I think those are in place for some online transactions such as getting cash as well).
>although for cards that are backed by a credit card, I think the limit is higher
I have a Suica thats integrated into a credit card, and it still has a ¥20,000 limit - the Suica balance is separate from the card balance, it just has a configurable auto top-up setting.
Interestingly, if I'm out of the Suica zone, sometimes auto top-up won't trigger. If I recall correctly this happened to me once in Fukuoka, presumably because there's some level of integration above just accepting payments that Hayakaken hasn't achieved. Never had a problem with Passmo interop though.
I've never heard of a suica with a higher limit, but it's possible they exist or that other compatible cards have higher limits.
I was actually thinking of other non-transit e-money cards like iD and WAON (my fault that wasn't clear from my comment). For an iD card linked to an SMBC credit card, your iD spending limit is the same as your credit limit [1] - which can be upwards of ¥10M. I don't know how or why anybody would spend that much in iD transactions, but I bring it up because it shows that SMBC seemingly has as much trust in iD security as they do for Visa's online transaction processing.
Tourist in Japan here. Suica is great. I prefer it over my Visa tap 'n pay just for speed. It's instant vs. a few seconds which isn't much, but it's nice.
Topping up a Suica every now and then vs. having many international transactions might also work out better for some. My bank (ING) gives me those fees back so it makes no difference to me.
At one point my US credit card categorized Suica top ups as travel expenses, which earned double points. So basically just tried to do all of my spending on my suica card, and racked up a ton of points in the process. Eventually they fixed that - but I had a good run for a couple of years.
Taiwan's EasyCard and iCash are their local equivalents. Seems to be common in that part of East Asia to have public transport cards that can also work for small expenses.
I wish other governments would take note as its a nice way to avoid the Visa/MC/Amex fees for at least some expenses.
Personally, I dream of an open-hardware, FLOSS wallet, also usable on POS like a bank smart card, confirming crypto transactions like legacy/traditional ones on its own display.
Internally, the signature part isolated like a smart-card, "embedded signature" hardware as a measure against double (multiple) spending, and reasonable limits on offline transactions with both parties offline (e.g., €10k/month).
The "embedded signature" hardware part is a bit vague because technologically it's not clear how to do something like that in a "secure enough" way, but it's a necessary part and the limit somewhat lowers the risk.
For use: mounted as a smartwatch or a pendant with a retractable lanyard, like ski-pass holders.
Back in the day, we used these machines to take a paper imprint of the card. You would get a copy and give it to the bank. There was a phone number you could ring to check if the card was valid. I never phoned the number.
Similarly in the UK we had the concept of a 'cheque guarantee card'. Present your Barclays plastic card along with a paper cheque up to some value (£50 rings a bell; I was too young, it was my mam doing the transacting) and that cheque is guaranteed by the bank.
This was before my time, but older folks have told me that in the early days of credit cards here in Australia (70s and 80s), for larger purchases at department stores (which were virtually the only merchants who accepted credit cards back then), it was common for the checkout person to phone your bank to get authorisation for the transaction, before you could walk out the door with the merchandise.
Readit News
On planes they often accept credit cards even when there's no internet. I assume this is a trust in-credit-based system because they don't accept debit cards, i.e. if you are worth being trusted with a card you can have your sandwich now and we will take care of the bank processing once we are on the ground. So maybe this will be like we trust you enough with basic goods that once we get a connection things will be sorted out situation?
The card has a variety of risk counters on it that allow it to securely decide whether an offline transaction can proceed, at least some of which are also exposed to the terminal which can have its own separate policy. I imagine internally the banks and payment gateways have a huge variety of internal related tuneables.
Your experiences in the UK are almost certainly linked to the card issuer you were using (was it a Monzo card by any chance), and nothing to do with it being the UK. The vast majority of the legacy banks have always used offline transactions for contactless.
However there has been a bit of shift towards online transactions, driven by EU rules likes strong customer authentication, which requires regular pin entries determined by cumulative spending and duration limits (which ever is hit first). It’s a lot easier to reliably meet the requirements of SCA using online transactions.
As for how offline transactions work. It’s reasonable simply. The terminal asks the card to sign the transaction using the cards private key. Now there is an extremely complicated set of rules around how liability shifts in the event of a fraud claim, depending on many factors like the type of transaction, if a pin was entered and validated by the card, if the card ask to go online and the terminal ignored the request, they type of merchant, the exact region your in etc etc.
But regardless of all that nonsense. The technical process is very simple. The terminal has the transaction cryptographically signed using symmetric encryption with a private key that is only known to the card and the issuer of the card. That signed transaction can later be presented to the issuer so the merchant gets paid.
Given it’s a symmetric key, you may wonder what happens in the event of a dispute between the issuer and the merchant, where the issuer claims they received a forged transaction. To which the answer is, the issuer sends a signed and sealed letter to card network operator saying they have double checked the transaction signature, and believe it to be forged. And if anyone doesn’t believe them, they can sue em (this is not at all a joke, it’s literally the documented and contractual process used by the major banks and card networks).
Here,
https://en.m.wikipedia.org/wiki/Credit_card_imprinter
Calling a call centre to verify every transaction is too expensive so only purchases over certain limits came in following BofA/Visa - and that stated that way till the late eighties when larger stores started using back office to talk to Visa network etc. but even so the ability to do live updates and verification was too much and there were weird cacheing tricks
So banks could easily approve or be liable for transactions they would prefer not to approve - so they only gave credit to the rich at first, and then to those who paid back regularly. This info was shared and became credit reference agencies - because the credit card companies shared it initially like casinos but the abuse and mistakes brought legislation
I think what i am saying is our consumer credit culture was not designed, it just grew.
Gave me a bit of a surprise when he cashed in the paper copy two years later and I hadn't been to Australia since...
Deleted Comment
In the past embossed credit and debit cards were both accepted on planes. That's why they were embossed in the first place: for offline processing which in even more distant path was the only option. Later CC machines and offline chip/stripe transactions co-existed with online transactions.
Normally (at least in Europe) you couldn't get an embossed card, even a debit one, without proving your credit worthiness. The possibility of offline transactions assumes overdraft — the same as with check books.
When online transactions appeared, banks started to issue Visa Electron and Maestro cards which didn't work offline, could explicitly prohibit overdraft and were easier to get.
But nowadays all boundaries gradually disappeared. Nothing is embossed, Visa Electron doesn't exist, bank issue debit cards with credit codes. It's all much simpler and more confusing at the same time.
star/plus/cirrus etc - pure debit-only networks - aren't accepted on a plane
debit cards that are on one of the credit card rails (visa, mastercard, etc) are very common. those work because they're just a normal visa transaction
Edit: OK maybe there's different level of trust and some take a leap of faith :) In my experience debit didn't work but it appears that its not the same everywhere.
What would asking for the ZIP code help if it can't be validated on the spot? If the terminal submits the transaction in batch later, it's too late for that to catch a stolen card.
Providing an incorrect ZIP code also makes the transaction more likely to be declined than not providing one at all for card-not-present transactions (and is also allowed), so it really makes no sense for a merchant to do that.
In-flight credit card fraud is an incredibly bad idea, given that most countries check your ID at least at some point during getting on the plane, and seats are usually assigned as well. (Doesn't mean that nobody tries, of course [1]).
Sometimes airlines also use ACARS (basically airline-specific telex over VHF, HF, or satellite) to send the card number to their backoffice for authorizations of large amounts, such as business class upgrades.
These days, of course, Internet connectivity is getting more common, and with that the problem will likely go away.
[1] https://www.sunderlandecho.com/news/pair-spared-jail-after-a...
I still remember them taking my card which I think was a debit card on a flight and shoving it into carbon copy paper and basically billing me whenever we landed. This was late 2000s. From Puerto Rico to Florida.
Paying offline used to be the norm for credit cards, from their introduction in the 1960s until some two decades ago.
Wikipedia: [...] until always-connected payment terminals became ubiquitous at the beginning of the 21st century, many merchants accepted all charges, especially those below a threshold value or from known and trusted customers, without verifying them by phone. Books with lists of stolen card numbers were distributed to merchants who were expected in any case to check cards against the list before accepting them, as well as verifying the signature on the charge slip against that on the card.
https://fragrant.mobiletransaction.org/wp-content/uploads/20...
I remember a bar I worked at had trouble because some customers had begun writing wrong signatures and the receipt had been rejected by the bank the following week.
Essentially, you (the merchant) just write down their card number, and how much they paid you, and then later you send that list to your bank who sends it to the credit card network.
There is no big technical hurdle. There is a big social hurdle in convincing your bank and the network that you should be allowed to do this. Also the card number gets copied by a little pressing machine onto carbon paper or something like that, not just written down.
Being able to spend money you don't have is not a new thing, and poses no technical problems. American readers will know you can easily do that with a cheque. It's your responsibility not to do that, and that's one reason why the bank wants so much personal information to open an account, so they can send the police over to break your kneecaps.
https://en.m.wikipedia.org/wiki/Proton_(debit_card)
In a grocery store line once, I remember a distraught customer whose card was declined due to insufficient funds. The store manager came over, yanked the ethernet cable from the payment terminal, and told the customer to try again. "Accepted with signature."
So it's not _just_ blind trust.
I think something similar to this https://en.wikipedia.org/wiki/Credit_card_imprinter
Deleted Comment
Considering that the card has memory on it, you can store there how much balance you have when you do an online payment. The bank can send back your available balance, so you cannot spend offline more than you have.
I can't think about anything simpler than this.
I remember writing an app in Java to read the balance on a card with my laptop which had a built-in smartcard reader, because I was too lazy to go to a station. Everyone in the classroom then promptly asked me to check their balance... and a few asked if I could top it up somehow.
The merchant was guaranteed payment. You, on the other hand, were indebted to the bank. The concept of a “credit limit” was the line over which the bank insisted you not step, lest you incur fees galore.
"Starbucks does not use two phase commit":
https://www.enterpriseintegrationpatterns.com/ramblings/18_s...
phone auth was added later for "online" auth, then machines that automated it
It's basic life goods and everything is still signed for, tracked and registered. Besides, banks love to collect interest.
They physically imprinted your card numbers on some special paper with a mechanical device. Wild.
And even paper based.
A "debit" card could have 1000 crypto wallets, each with $10 in them. If you want to pay $90, it forks over keys to 9 of the wallets, and they get drained by the merchant as soon as they have a connection.
Offline, without double spending risk? Absolutely not, or at least not without a lot of extra headaches.
For that, you'll need at least some trusted hardware (generally an antithesis to trustless crypto schemes) and/or a clever incentive system (e.g. with senders staking a multiple of their balance as collateral, and never being quite sure if receivers are really offline, or only pretending to be, ready to claim their stake once they get publicly verifiable proof of double spending).
If it became common I imagine it would stop being so quickly as fraud would rapidly catch up.
This worked nicely until the tensions in Europe lead to more cyberattacks rolling in and suddenly you have people not being able to buy food, medicine, and so forth. Not too long after, there was a government advisory urging people to keep some cash reserves in case a larger cyberattack happens, but cultural habits at large are hard to change. This is of course a coarse simplification of the context, but might help understand this incentive a bit better.
Are you sure this isn't impression you've gotten from isolated reactions involving a small number of individuals, perhaps just a single individual? I can't relate to the sentiment at all, having lived here for just over three decades and experiencing the popularity shift from cash to debit card. I can, in fact, not recall a single time ever that someone has divulged the opinion that they consider cash "dirty and criminal".
More than anything else the Swede's favor of debit card is the convenience. Second to that I would say is the security of not immediately losing funds if you misplace the card or it being stolen - it feels less risky carrying a debit card, in particular if you're the type who prefers having more than a few "tens" on you in case you'd need or want to buy something.
Tradespeople sometimes request cash payment or provide a good discount for cash payments (well above any fee they would be charged). I guess where you are no one considers this dubious (really???) but at least in discussions with family the feeling is that the request for cash only payment is dubious.
We also have a local retail establishment that is cash only. I think it's looked at dubiously.
I personally have experienced it. Someone wanted to split payment on something between cash and a check so they could report the value of the item was lower because it would save them taxes every year. Again, the use of cash was I think a bit dubious.
Note: Cash allows you to avoid all sorts of obligations (tax / family support / debt collection and garnishment etc etc), ineligiblity for banking (europe is pretty strict in some cases for example with folks with no legal status with banking) and is still used in things like the drug trade. Even if everyone around you considers large cash transactions reasonable that might be naivety or they may simply not have been exposed to larger cash transaction activity.
I do like and carry cash.
When I joined my gamedev studio I had colleagues asking me why I had cash, and many of them didn’t even recognise what it looked like (there was a switchover of the notes a year or two prior).
There was an insinuation that I would use it for drugs. So, I suspect that the parent is right here.
https://archive.ph/v7TRe
Swedish here. The impression is common. Sweden is a small country and has long had a fairly cohesive culture. The culture has decided that digital payments are the way. Deviation from the collective way is always suspect.
Depends. Very long time ago I was approached by a group of seemingly friendly people asking for direction, then I felt sharp object to my belly and they told me to walk slowly towards cash point. They said they'll stab me if I don't withdraw all money I can. So I did. When cards were not popular, I would have small amount of cash in the wallet and anything more substantial hidden in a sock or elsewhere. Thieves would take what would be comfortable for me to lose. I guess it can be the same with cards - have a card with small amount and actual card hidden, but it is not as easy to hide as cash. Then you have whole other kettle of fish - banking apps. There's been instances of people being forced to do transfer at knifepoint. For that reason I don't use any apps, apart from throwaway bank account - again with small balance just in case. Shame more banks are restricting web access, which I think is most secure.
Cash is simply not used anymore by normal people.
Electronic payment (including between friends) just works here. It is easier and faster to pay with mobilepay than to use cash.
It is interesting how the European cash culture is so very different between the countries. In Austria I struggled to find places that would take any kind of digital payments. Germany wasn't as bad, but was pretty bad. My experience is about 3 years old.
Deleted Comment
That said, nobody thinks of cash as dirty, just annoying. Also our payment system has always been able to work offline, because it started rolling out in the 80s.
Regarding places not accepting cash: NZ First (political party) is proposing to protect the right to use cash and make all businesses accept cash for up to $500 items.
> The Cash Transactions Protection Bill would mandate businesses in trade accept cash payment for goods valued up to $500.
source in swedish: https://www.aftonbladet.se/minekonomi/a/aPrJWL/hackergruppen...
And yes, we use cash so seldom that most people cannot from memory recall what the bills/coins look like!
It didn't help that the Riskbank replaced all bills and coins during a relatively short time period, and did it badly. People used up/deposited their old and didn't get new.
The new coins and bills have unnecessary denominations and bad design that made cash bothersome to use. They introduced an unnecessary 2 SEK coin, that is almost indistinguishable from the 1 SEK coin — especially if you are unused to them. They also introduced an unnecessary 200 SEK bill, that was just too big to be useful for small purchases. Several times I've seen people at ATMs withdrawing 100 SEK over and over again, just because they wanted the more useful 100 SEK bills.
Just to reiterate how ubiquitous Swish and BankID are here: 99.9% of Swedish residents age 18-67 have BankID (8.6M users), while Swish has 8.7M private users, and 93% of those users send or receive money via Swish at least once per month.
https://www.riksdagen.se/sv/dokument-och-lagar/dokument/sven...
Similar instant payment systems have really blossomed across the world, especially in recent years. One by one, countries are finally figuring out that there's no reason to rely on American brands for all of the payment processing.
Swish is the de facto standard for sending money between individuals [2], and that's what grandparents tend to use to send money to their grandchildren. It's fee-less (for person-to-person transfers use at least) and it connects your bank account with your phone number. So if anyone wants to send you money, they can just open Swish and enter your phone number (or scan a QR code) and send you some. You also have to sign the payment with the BankID app, which is the de facto standard for authentication [3].
And when I write de facto standard I really mean it. 99.9% of Swedish residents age 18-67 have BankID (8.6M users), while Swish has 8.7M private users (93% of which use Swish at least once per month).
[1] https://www.swedbank.se/privat/kort/bankkort/bankkort-master...
[2] https://en.wikipedia.org/wiki/Swish_(payment)
[3] https://en.wikipedia.org/wiki/BankID_(Sweden)
When counting money is just arithmetics and never cash, something is missing, and it's very clear in many young kids. Money is just points in a game, suddenly you're out, and then you can't get what you want anymore.
https://en.m.wikipedia.org/wiki/Swish_(payment)
As a swede, your statement is outlandish and false.
We use cash all of the time.
I haven't used a banknote in more than 15 years. During this time I can't recall a single time I saw anyone using a banknote either.
Here in Malmö where I live, especially since COVID, you'll be searching more and more to find stores that take cash (besides supermarkets and kiosks and the like). I would say more than half of them don't accept cash any longer. Speaking of restaurants or pubs, my estimation would be that 2/3 have signs that say "no cash". Maybe more.
You can't do simple things as taking public transport if you want to pay by cash. You can't pay in the bus. You can't buy in the machine. It's all card or app only. You'll need to search around for an equivalent of a 7-11 kiosk to be able to buy a ticket using cash. Depending on where exactly you are when you need that, it may take as much walking than you wanted to save by taking public transport.
If you took a daily trip to the Danish side (Copenhagen) and need to come back home, I'm not even sure if it's possible to get back if you need to buy a ticket and only have cash on hand. Only Skånetrafiken sells that particular ticket and only via machines that don't take cash.
Handling cash became more expensive than taking card payments. It's also more complicated in terms of logistics and payments take longer. With this set of incentives, it's understandable why the shift happened.
Not saying I particularly like this development. Just reporting my anecdotal experience.
Someone selling a used bike, or other items of similar value, on second hand market and not accepting Swish would maybe not directly be considered criminal, but would for sure raise an extra eyebrow about the origins of the goods.
Otherwise correct, nobody would blink if you use cash for other daily purchases like ice cream or groceries, even if unusual.
Most of us don't use cash all the time unless you're a kid or >60. I can't even remember the last time I used cash.
https://www.riksbank.se/en-gb/payments--cash/payments-in-swe...
Is it because it's considered dirty and criminal, or is it because it's a pain in the ass to deal with, and most people have no reason to bother with regularly withdrawing it, and then carrying it around?
it's really visa lobbying to destroy the (somehow worse than visa) easy credit new players. they give credit like candy because being online and low value only it's easier to avoid (or swallow) fraud.
forcing their hand to accept offline sales mean they can't decide on the spot, and now those 5k credit lines which they only allow transactions for sub 100 purchases at a time will be wide open for offline fraud they can't detect, and which visa already know how to handle/sustain.
this will probably be lobbied elsewhere soon. i predict Netherlands is next.
These days, the needy on the streets accept our local app based payment system called Swish. Still not joking.
Sounds like GrapheneOS.
Credit cards were offline-only in the beginning. When have we lost this ability?
See https://www.google.com/search?num=10&sca_esv=5e043526353aa70...
Europe use of debit cards instead of credit cards is much higher than the US.
If you need credit, there are credit options with much lower rates than what credit cards offer.
And the reason credit card benefits suck is due to european interchange fee caps and regulation.
The mindset was one of ubiquitous Internet connectivity, which is cheaper than maintaining a complex stored-value or offline limit based solution.
Of course, this assumption does not include some externalities in case of large scale outages, maybe due to cyberattacks…
I guess this is similar: how do you make trustworthy decisions that seem to inherently depend on the network, in the absence of a network? Before the internet, we had phonebooks instead of DNS, and we had cash instead of cards. Did the phonebook have every number? No. Was every piece of cash not counterfeit? No. But it's "good enough". Portable reference sources and tokens. The references are issued periodically and the tokens have evidence of exhaustion, their decay over time. A dog-eared dollar with a bunch of phone numbers on it, half-torn ... the merchant doesn't have to accept it.
How do you do these things digitally? Periodic issue seems pretty straightforward ... if you have a network. Token issuance, similarly, needs at least occasional communication with other nodes in the network.
So there's a local dwell capability.
Is this part of the same reaction we saw with Denmark starting to have emergency stores within 50 km of every Dane? Is this motivated by a need to prepare for war?
In short, yes.
>The possibility to pay by card when the internet is not working – ‘so-called offline payments’ – is an area that ‘the Riksbank believes needs to be improved considerably, particularly in light of the geopolitical unease in the world,’ according to the announcement
https://www.riksbank.se/en-gb/press-and-published/notices-an...
It's a completely solved problem, but it's a more complex (and as such more expensive) solution than just assuming ubiquitous connectivity and a backend that never goes down, which is how we got to where we are.
> Is this motivated by a need to prepare for war?
Preparing for cyberattacks seems like a prudent move, no matter the adversaries' motivation. But yes, the context here is pretty obvious in Europe.
But how do they prevent people double spending the same amount? Say someone has 100$ and boards on a plane. During the trip, this person buys a bag of potato chips sold for 90$. At the same time, his bank account is automatically charged 90$ for a bill.
With credit cards, handling this case is baked into the system. As far as I am aware, direct debt has no equivalent.
Dead Comment
Is this a typo where they meant to say “the offline function”?
If I’m reading this right, the goal is to allow food, fuel, and medicine purchases with card + PIN in offline mode.
Seems like a reasonable goal. I wonder what the technical details will look like. Will there be a periodically updated list of cancelled cards/accounts distributed to endpoints? Even a hashed list of all cards cancelled before their expiration date within a country is a reasonable amount of data for modern storage systems.
Or would they simply rely on the ability to track down account owners by their originally registered contact info in the event that someone gets an invalid transaction through during an offline period?
It’s already a thing, the EMVCo standard predates ubiquitous internet connectivity. Mass transit systems typically use it, airlines used to for in-flight purchases before the advent of reliable WiFi.
https://en.m.wikipedia.org/wiki/EMV#Offline_data_authenticat...
It is somewhat common to maintain a denylist of known fraudulent cards, but as you note the main mitigation is on the bank to track the card down. One of the key things you need to figure out with an offline payment system - and what I imagine is needed here - is a consensus on who has the liability for offline transactions and what the dollar limits are.
The UK already does this in some shops for low value items for NFC payments. You can tell the offline transactions because they immediately say 'approved' rather than taking a few seconds.
If it turns out the card approved something 'wrongly', for example because you had previously reported the card lost to the bank, then the bank refunds the transaction and claims the value back from the merchant. That's why many merchants have their terminals set to require online payments.
Offline transactions mostly died off when the limit in the UK for contactless was raised to £100. At £20/30 (the original limits) issuers/merchants risk accept some payments not being valid (and the total limit before you had to chip and pin was fairly low top).
And worth saying, the merchant has some control on the terminal but mostly the decision of offline/online is down to the issuer and configured on the card.
EMV (chip cards) can have a small amount of local smarts, so it is typical for example to insist on going online for a large transaction or if the card has performed too many offline transactions since last going online. The card maker decides these rules, so the bank gets to ensure the cards it issues to customers meet whatever requirements it has decided upon, balancing fraud risk against problems with loss of connectivity or services being down.
So I doubt they'd bother doing some sort of ad hoc revocation technique.
Deleted Comment
Transit cards have a pretty low charge limit compared to credit cards - Suica balance is limited to ¥20,000 for example (although for cards that are backed by a credit card, I think the limit is higher). And now that Japan has fully embraced credit card touch payments, FeliCa-based systems are losing market share to Visa, Mastercard, etc.
But it really shines for applications requiring speed (i.e. a turnstile in Tokyo station) or offline payments (a vending machine in a park somewhere).
[1] https://en.wikipedia.org/wiki/FeliCa
[1] https://en.wikipedia.org/wiki/Electronic_cash
I have a Suica thats integrated into a credit card, and it still has a ¥20,000 limit - the Suica balance is separate from the card balance, it just has a configurable auto top-up setting.
Interestingly, if I'm out of the Suica zone, sometimes auto top-up won't trigger. If I recall correctly this happened to me once in Fukuoka, presumably because there's some level of integration above just accepting payments that Hayakaken hasn't achieved. Never had a problem with Passmo interop though.
I've never heard of a suica with a higher limit, but it's possible they exist or that other compatible cards have higher limits.
[1] https://qa.smbc-card.com/mem/detail?site=4H4A00IO&category=1...
Topping up a Suica every now and then vs. having many international transactions might also work out better for some. My bank (ING) gives me those fees back so it makes no difference to me.
I wish other governments would take note as its a nice way to avoid the Visa/MC/Amex fees for at least some expenses.
Internally, the signature part isolated like a smart-card, "embedded signature" hardware as a measure against double (multiple) spending, and reasonable limits on offline transactions with both parties offline (e.g., €10k/month).
The "embedded signature" hardware part is a bit vague because technologically it's not clear how to do something like that in a "secure enough" way, but it's a necessary part and the limit somewhat lowers the risk.
For use: mounted as a smartwatch or a pendant with a retractable lanyard, like ski-pass holders.
https://en.wikipedia.org/wiki/Credit_card_imprinter
https://en.wikipedia.org/wiki/Cheque_guarantee_card
It's why the letters are raised on the cards!