(no title)

Sending money to an arbitrary different account isn’t going to happen from the terminal reader itself.

Banks don’t have wide open protocols where anyone can submit a credit card transaction and have it go to arbitrary accounts.

Remember that credit card companies eat the cost of the fraudulent charges. They’re not going to make it easy for those to occur.

> Kind of, but if you control the card reader you could charge more for the transaction without showing the amount, for instance.

Not supposed to be possible on a certified terminal. The certification tests this particular case (the transaction is a hash of the keys, amount and a few other things. The display of the swipe/tap/insert screen and the pin-entry are under control of the certified kernel, so the userspacve application has no control of the amount that is displayed).

> And maybe even send the money to a different account.

Not from the card reader.

Does anyone still use the magnetic strip? I think it's been over a decade since I've seen a credit card without the chip, and terminals have been able to read the chip since forever. I think the last few times a store tried to use the magnetic strip on my card (because the chip failed to read due to a bad contact), the transaction was simply rejected due to not using the chip.

> unless it's changed recently

In Europe it's changed 15-20 years ago, when EMV-capable terminals became required, and acceptance of magnetic stripe cards got phased out soon after.

Since Apple Pay became a thing a decade ago, we don't even get US tourists confused by inability to swipe their cards anymore.

“which you should always prefer to avoid card skimmers” could use a disambiguation comma between “prefer” and “to”; I misread it several times before the intended meaning clicked.