The Atlanta Journal-Constitution
Chip cards set to roll out for U.S. shoppers
Microchips make credit cards virtually impossible to counterfeit,
KANSAS CITY, MO. — American shoppers, adept at swiping the stripe, soon will learn to dip the chip in malls and strip centers across the land.
We’re talking about credit cards, specifically high-tech ones with microchips inside to make plastic money more secure. Chip cards are everywhere overseas and final- ly emerging here in response to massive credit card data breaches such as the one at Target in 2013.
Expect to find chip cards in your wallet by year’s end as card issuers roll them out, if one’s not there already. Chip cards have a small gold or silver rectangle on the front of the card just above the first four digits of the card’s number. It’s not the hologram of a dove found on many stripe cards.
It will help if someone shows you how to use them. Shoppers shouldn’t slide a chip card through the machine at checkout lines. They should insert, or dip, the chip card into a slot — and let it sit.
“When you put it in there, it kind of clicks. You can feel it,” said Bobbie Kuhns, who used her chip card recently at a Wal-Mart.
More of us would be dipping chip cards already if this seemingly simple change weren’t so disruptive, and it certainly creates potential pitfalls such as leaving your card behind.
Experts, however, say retraining consumers will be worth it. Chip cards are nearly impossible to counterfeit even
with stolen account information, in contrast to normal credit cards.
“America got a big wake-up call with Target, and everybody in the industry is very keen on fixing this problem,” said Carl Bradbury, director of consumer cards at Commerce Bank.
And if a chip card is lost or stolen, a second security measure can render it useless. Few American-issued cards, however, are set to deploy this second safety step, and that has some security advocates howling.
“We’re just not taking advantage of the technology given to us,” said John MacAllister, a semiretired consultant to the payments industry.
Big-store chains, notably Wal-Mart, are leading the retail industry toward chip cards.
Crooks have pretty much figured out the old credit cards that just swipe. And they’re creating financial mayhem.
A report from the Federal Reserve Bank of Kansas City last fall put the total for credit and debit card fraud at $3.8 billion.
Thieves have lots of ways to steal account information, and it’s relatively easy to put the coded information onto the stripe of a blank card or recode an existing card with the new information.
Stripe cards are vulnerable because every time you swipe one, it gives up key information crooks need to do their dirty work. Hackers have found many ways to intercept or steal this information, collecting data on millions of cards and cardholders.
Microchips make credit cards virtually impossible to counterfeit.
Chip cards do more than spew the standard account information that stripes deliver. The chip also generates and sends out a “cryptogram” that changes with each sale and is needed to complete the transaction with the bank that issued the card.
Even counterfeiters holding vital account information for a chip card would have no chip, no cryptogram and no chance for fraud.
“So far, the bad guys haven’t been able to crack this, and in Europe they’ve been going at it for a couple of decades,” Commerce’s Bradbury said.
Thieves still have a reason to steal account information on chip cards because so many merchants still don’t have chip card readers and allow shoppers to swipe the card’s stripe rather than dip its chip.
Merchants will want chip readers come October.
That’s when a new rule imposed by credit card companies Visa and MasterCard hits. It has to do with who’s liable when thieves get away with fraudulent transactions using a counterfeit card.
Visa has declared that banks that fail to get chips into customers’ cards by Oct. 1 will be on the hook for fraudulent transactions that involve using a counterfeit stripe card. Similarly, merchants who let customers swipe the stripe of a chip card after Oct. 1 will be stuck for those transactions that turn out to be counterfeit frauds.
Currently, banks generally are on the hook for fraud when counterfeit cards are presented to merchants, and merchants generally are on the hook for online credit card fraud, which means no card is physically presented to the merchant.
Still, not all consumers will have chip cards in hand by the October deadline.
The chip is only half the security. And many say it’s not enough.
Overseas, for example, consumers who dip the chip typically enter a four-digit number to confirm the charge. This PIN, or personal identification number, adds a second layer of security.
A lost or stolen card becomes useless because the finder or thief won’t have the PIN to enter.
Given a choice, consumers “absolutely” should look for both a chip and PIN with their credit cards, said Odysseas Papadimitriou, founder of CardHub.com, which compares features of cards.
“And most importantly, you want the merchants to start accepting them,” he said.