which affected Home Depot stores in both the United States and Canada and ran from April to September.
Hopefully they are going to invest in better monitoring - five months to notice a breach is not good.
I learned recently when receiving my latest round of replacement cards that the US’s half-assed version of Chip & PIN is called Chip & Signature, and it offers as much security as… signature.
Amusingly, the only Point of Sale that has ever told me I must use the chip when attempting to swipe my card is Walmart.
My understanding, which may be incorrect, is that “the lesser technology bears the burden”, so if the bank supplies the customer with a chip card, and the business does not have the equipment to support chip, and there is fraud, the business eats the fraud.
If the business does have chip readers, and the customer uses it, then the bank eats the fraud.
I do not know who bears the burden if they both support chip, but the customer swipes anyway (like self checkout, etc). My guess is that the business still supports the technology, even if the customer chooses not to use it, so the bank would bear the burden then as well.