It's called "inciting to riot," and yes, it's been a crime for decades. Duh.
And lost a cast member over it (Isaac Hayes). They Parker and Stone say "no sacred cows," they mean it.
(5) "Troll" is lingo --- you may have people who enjoy trolling, who have absolutely no idea what the word 'Troll' means.
And, generally speaking, what it really means is "someone who says something that I don't like." I wonder if this study even bothered to define the term, and if so, if it's a measurable definition.
The "builder" building the wall is the contractor, who may or may not be the guy putting bricks on top of each other. If it's not, the guy putting bricks on top of each other is his employee, who gets paid by the hour. The contractor eats the cost of bad workmanship, and it it's not the first time, probably fires the employee for incompetence. If he expected his bricklayer to fix it on his own time, he'd be fined, possibly even jailed, for violating state and federal labor law.
The only relevant question is, are you a contactor working on a contract that allows this, or are you paid by the hour? If you're an employee of the company, what your boss proposes is a crime.
EMV will not alter how secure banks are in either direction. That is irrelevant. It removes the merchant - the retailer - from the equation. That removes the biggest weak spot in the system today.
Everything you say is different than my 30 years experience in retail (most of it in an IT position, responsible for things like PCI compliance). Our merchant service tells us that when 80% of our equipment is EMV capable, we no longer have to worry about PCI. EMV isn't required for PCI compliance because PCI compliance isn't required with EMV.
Given conflicting stories between our merchant service compliance officer and some random guy on the internet, I know which I believe.
The chip and pin system is called EMV, for Europay, MasterCard and Visa. The heart of EMV is chip cards, which allow for the card reading pad to encrypt the transaction before it leaves the pad, using keys from both the card (the chip part) and the merchant service. The cards have to be set up by the merchant service with their key; the merchant at no point has access to that key.
The EMV standard also includes NFC - Near Field Communications. It is similar to RFID, but not the same thing. The main difference is that RFID has a range of a meter or two, while NFC has a range of a centimeter or two.
The are separate standards. One is part of the other. I don't think there is a requirement that merchants deal with NFC, but I haven't see any EMV equipment that doesn't include it.
EMV is two factor. The PIN is one, but all the card data is also encrypted on the pad, and the merchant never sees it. The customer can't produce usable card data without the actual card. If the PIN is entered by the card holder at the table, the waiter has no opportunity to steal the card.
This will reduce the sort of fraud you refer to. But that's a happy side effect. The real target is, well, the Target type breach. If the merchant never sees the card information, you can't steal 120 million card numbers from the merchant. The only place to get that kind of payoff is to break in to the bank's computers, and that is, so far, rather more difficult.
What you say simply isn't true, for brick & mortar stores (which is the only place this applies to). There are specific rules and procedures the merchant is required to follow - swipe the card, and if you can't, make a physical imprint of it (many merchants won't bother, they'll just decline any card that won't swipe), to prove you had a physical card in the store, and get a signature. Sometimes, there are other requirements, like checking ID, for high risk industries or merchants that have had problems in the past, but those two things protect the merchant in most cases.
What the article refers to (and the summary, at least, don't really explain very well) is that after October 2015, merchants that do not have chip and pin equipment (specifically, EMV compatible) in place are automatically responsible not only for the amount of the transaction, but for all costs associated with investigating and remediating fraud. This is a change from now, where those costs are carried by the merchant service if the merchant is PCI compliant, and by the merchant if he's not. (This is the only time that the difference between swearing you're compliant and being compliant matters.) EMV removes PCI compliance from the equation entirely, because the merchant never sees the card information at all, and cannot store it. The only place to steal millions of card numbers at once will be from the merchant service, which is more difficult, at least.
Generally speaking, under US law, with the current system, it is the merchant service - the bank - that eats the cost of most fraud. Only stupid merchants who don't follow the rules lose out. (In brick & mortar retailers. For online transactions, yeah, the merchant is pretty much hosed, because they never have a physical credit card in their hands.)
I usually just write "Please check ID" in the signature box on my cards,
I've always found that an amusing form of stupidity. Your contract with the card issuer requires you sign it. Period. Any cashier who is aware enough of the rules to know to check the signature will likely know it has to be signed. I've seen credit cards refused because someone wrote "check ID" on the back instead of signing it - and rightly so, as they are required to do so.
The signature (on the card, and on the transaction, both) has nothing to do with security. It is a signature on a legally binding contract.
The most sophisticated fingerprint scanners can be defeated with gummy candy. Mythbusters got past one - a brand new design, which included checks for pulse, etc., with a Xerox of the correct fingerprint. The "is it a live finger" feature they defeated by licking the Xerox.
And if you steal someone's card, the odds are, their fingerprints are all over it. The average person can build a fingerprint kit for about $10, if they have access to Google.
Even before the Target breach came to light, they were asking for them and the plan was to start rolling out in October of 2015.
No. The plan was, and is, to have EMV fully implement at the retail level by October 2015. That has been the plan for at least two years. Most merchant services are pushing, hard, to get in in place by the end of this year. The incentives are considerable.
However, even then the credit card issuers wanted to make the PIN optional and up to the issuing bank or CU. This would essentially make them chip and sign by default. The retailers want mandatory PINs.
Retailers want as little liability for things beyond their control as possible, and mandatory PIN helps that. Once you have EMV compatible hardware in place, you no longer have to worry about PCI compliance (because the merchant has nothing to steal, no matter how thoroughly their network is compromised).
The Target breach was a large enough embarrassment to light the fuel under the motivational bonfire.
The Target breach has absolutely nothing whatsoever to do with this. The push to move to EMV chip and pin technology in the US has been going on for years. The requirement for merchants to switch as announced at least two years ago.
Er, dude, in the US, t he card processors are liable for fraudulent transactions (assuming the merchant follows the rules). That has been the case for decades.
Which means that profits and security are intimately linked.
It's taken this long because it has only been in recent years that the fraud has been more expensive than the upgrade. That is a side effect of the recent rash of huge breaches involving tens of millions (or more) of card numbers at a time, exploited by large organized crime groups.
The big security advantage of the EMV chip and pin system is that it eliminates the merchant as a source of card number theft. The EMV pads encrypt all the account info before it leaves the pad, and the merchant never sees it. That way, you can break in to Target's network and steal 120 million transaction records, but you get zero usable accounts (or any other info, unless you're the NSA tracking "terrorists" through "metadata" or something). All but one (IIRC) of the really big breaches have been of merchant networks, not banks, so this really is a big improvement.
Also, in the US, the PIN on a debit card is already encrypted on the pad, and the merchant never sees it. I gather this is not necessarily the case elsewhere.