Credit Cards With Chips: They Are Not as Safe as You think
Magnetic stripe credit and debit cards are slowly fading away as they make room for the new EMV cards. EMV, which stands for Europay, MasterCard and Visa, is an international standard for cards that is used to process chip-card transactions.
So far, roughly 120 million Americans have received a chip card according to Smart Card Alliance. Financial institutions are making the transition primarily as a way to thwart card fraud. Unfortunately, criminals have done everything they can to commit acts of fraud and get their last bit of fun in before the new cards are fully rolled out. The most recent LexisNexis True Cost of Fraud study found that 42% of merchants who do business online have seen an increase in fraud over the last year. The evidence of this spike can also be seen in the amount of data breaches that have taken place over the last couple of months at retailers such as Target.
Gerri Detweiler, director of consumer education at Credit.com and author of Debt Collection Answers: How to Use Debt Collection Laws to Protect Your Rights, spoke with The Cheat Sheet to tell us more about the EMV cards and why they might not be so safe.
The Cheat Sheet: Why do credit and debit cards now include a chip?
Gerri Detweiler: The United States is finally catching up with Europe by switching over to cards with EMV smart chips instead of magnetic stripes. The real question is why did it take so long? The answer, of course, is cost. It will be very expensive for retailers and issuers to change over. But with a wave of data breaches and rising fraud losses over the past several years, the industry was essentially forced to finally upgrade its infrastructure with new terminals and to replace existing cards.
Even consumers who don’t effectively bear any liability for fraud if their card is compromised can become frustrated and upset if their card has to be replaced with a new one. As a result, they have to update automated payments.
CS: Will there be any changes to who is liable for fraudulent purchases?
GD: After October 1, 2015, liability for fraudulent use will shift to merchants who haven’t upgraded their terminals or to issuers who haven’t issued chip-enabled cards to customers. (Gas stations have until October 2017 to comply.) Consumers are still protected from most losses due to fraudulent use under federal law and as well as card companies’ zero-liability programs.
CS: How is the chip and PIN different from the chip and signature card? Is one safer than the other?
GD: Chip cards are certainly a vast improvement over cards with magnetic stripes. But there are two potential problems with the way they are being implemented in the U.S. The first is that issuers in the U.S. have largely chosen to go with chip and signature as opposed to chip and PIN, which is what is used in Europe and other parts of the world. A PIN is an additional and important level of security. But Americans tend to have many more cards than Europeans and no issuer wants to see their card go unused because cardholders can’t remember their PINs. (I’m sure retailers also don’t want customers walking out of stores for that reason either.) So instead, most have gone with chip and signature.
The second problem is that some consumers are under the false impression that these new cards are fraud-proof. But they primarily prevent one type of fraud: card cloning. That’s where someone makes a copy of a card and uses it for in-store purchases. They don’t stop “card not present” fraud, which involves someone stealing your card information and using it for online purchases, for example. So consumers still need to be careful to monitor account activity, set up alerts, and report possible fraudulent use quickly.