Will New Chip-and-PIN Credit Cards Stop Identity Theft?
This post contains references to products from our advertisers. We may receive compensation when you click on links to those products. The content is not provided by the advertiser and any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and have not been reviewed, approved or otherwise endorsed by any bank, card issuer, airline or hotel chain. Please visit our Advertiser Disclosure to view our partners, and for additional details.
If you were one of the 70 million Target customers whose credit card information was compromised this past holiday season, you may have found yourself thinking, "There's got to be a better way!" as you combed through your statements looking for fraudulent activity. (See also: How to Avoid Credit Card Fraud)
As a matter of fact, there is, and it's been in place in Europe for a decade. It's called Chip-and-PIN technology, and it will vastly improve credit card security for in-person transactions.
MasterCard and Visa made headlines recently when they announced that they will be shifting to the Chip-and-PIN system (also known as EuropayMasterCardVisa or EMV), with a deadline of October 2015.
The security improvement is certainly good news, and it will also be beneficial for the United States to finally join the rest of the world in using this well-proven technology — but the news isn't all positive. Here is all that you need to know about this major infrastructure change to credit cards. (See also: An Intro to Bitcoin)
How Chip-and-PIN Technology Works
The cards you currently carry in your wallet have a magnetic strip on which your credit card information is stored. Unfortunately, it's relatively easy to capture and copy the information on these magnetic strips, making security a serious issue. Add in the fact that our current swipe-and-sign technology assumes that you have signed the back of your card and that the clerk will check your signature to make sure it matches the one on the card, and it's pretty clear that your credit card information is vulnerable.
Microchips on chip-and-PIN, or "smartcards," on the other hand, offer another layer of security. Like magnetic strips (which will still be present on the new smartcards), these embedded chips also have the credit card information encrypted on them. When you swipe one of these cards on a chip-and-PIN reader, the terminal verifies that the card is authentic by checking the chip, and it asks the customer to enter the 4-digit PIN.
According to Kate Cox of The Consumerist, "the chips cut back on card fraud because their existence makes cards significantly harder to clone: even if you get all of the information from a card's magnetic strip, as through a skimmer, without the chip actually being present, the card data is useless in a physical transaction."
This means that chip-embedded smartcards are harder to clone — even if a swindler were able to get both your credit card information and your PIN. (See also: 10 Things to Do If You Lose Your Wallet)
October 2015 Marks the Beginning of the Liability Shift
One of the reasons why the United States has been so slow to adopt this technology is because of the cost and effort required to set up the huge infrastructure necessary for a technology change of this size. Jaikumar Vijayan of Computer World reports that the upgrade to the new point of sale (POS) terminals will cost billions overall:
POS systems capable of reading EMV cards can cost hundreds of dollars apiece. Retailers like Target can expect to pay tens of millions of dollars just swapping out the hardware. In addition, they will also need to spend on software, testing and deployment.
Those costs mean that many smaller retailers and banks may feel as though they cannot afford to make the switch. However, the deadline given by MasterCard and Visa for the changeover to chip-and-PIN technology is actually the time frame for a "liability shift" for fraud.
Currently, in the case of card fraud, it is up to the credit card company to determine who is liable for the costs. In October 2015, the liability will shift to whichever party has the lesser technology. Carolyn Balfany, MasterCard's EMV expert, recently explained this liability shift to the Wall Street Journal:
If a merchant is still using the old system, they can still run a transaction with a swipe and a signature. But they will be liable for any fraudulent transactions if the customer has a chip card. And the same goes the other way — if the merchant has a new terminal, but the bank hasn't issued a chip and PIN card to the customer, the bank would be liable.
Creating this liability shift was an ingenious method for Visa and MasterCard to ensure adoption of the technology, since it gives all merchants and banks the incentive to invest in the new system at the same time, making the transition much smoother for everyone.
Unfortunately, any change of this size is unlikely to be completely free of issues.
Internet Transactions Still Risky
The first concern is the fact that while chip-and-PIN technology greatly improves security for in-person transactions, it does nothing to make your Internet or phone purchases any safer. This is concerning considering the fact that swindlers "look for the path of least resistance" according to Balfany. That is why half of all credit card fraud occurs in the United States but only a quarter of all credit card transactions do. As other markets moved to EMV cards and technology, fraudsters simply moved to easier markets for gathering information — specifically the United States.
Likewise, once our in-person transactions are much more secure, it's a safe bet that data thieves will start working on the less secure angle of Internet purchases. (See also: Keep Your Credit Card Safe While Shopping Online)
It's a Big Change in a Little Time
Another potential issue has to do with the amount of time it takes to make a major change like this. While MasterCard and Visa have done their part to incentivize this switch, it is highly unlikely that smartcard technology will be a fait accompli by October of 2015. Jaikumar Vijayan reports that, "Canada first began moving to EMV in 2003. More than 10 years later, only about 85% of the country's POS systems can take EMV cards — and that's in a country with a more centralized payment system and far fewer POS systems, compared to the U.S."
Basically, there may be some growing pains as we implement this technology. In addition, while the chip-and-PIN technology is proven in other markets, that also means it's an older technology. There is the possibility that we are just now adopting a technology that will become obsolete as we shift to more secure mobile and online payment options that are just now becoming available.
The Bottom Line
While we are late to the chip-and-PIN party, it is good news that the U.S. market is finally getting proactive about making our credit card information more difficult to steal. However, no matter how smart our technology becomes, it will always be up to the consumer to keep a close eye on their statements and their credit reports — because swindlers, much like nature, will always find a way.
Have you ever been the victim of credit card fraud? Will you feel more secure with this new technology?