The plastic we carry in our wallets will be quite different in the near future. The big change is seemingly innocuous — a microchip embedded right above the first series of numbers on the card.
But that small metal stamp is the foundation of a system that promises more robust security for all parties involved in a transaction. Chip cards have been the norm for years in other countries, but they’re only now starting to see full-scale rollout here in the U.S. And it’s about time, too.
Old Technology in a New World
The traditional credit and debit card in this country packs its data onto the magnetic strip on the back of the plastic — an innovation that dates from the 1970s.
This isn’t particularly secure, since criminals need only possess the card and approximate the holder’s signature when making a purchase. Also, with the right equipment, it isn’t difficult to “skim,” or copy, that data directly from the stripe.
As a result, America is a haven of card fraud. According to statistics compiled by The Economist, in 2012 total losses from the activity worldwide amounted to over $11 billion. The U.S. was responsible for nearly half of that figure.
In contrast, a card embedded with an EMV chip — “EMV” stands for the members of the consortium that came up with the standard: EuroPay, MasterCard (MA) and Visa (V) — encodes the card’s information.
In most of the world, chip cards feature an important extra wall of security — a PIN number. This must be input by the cardholder in order to complete the transaction.
This “chip-and-PIN” setup is clearly more secure … at least for “card present” (face-to-face transactions where the customer presents the plastic) interactions. According to research by the Federal Reserve Bank of Atlanta, in the first year (2004) of large-scale chip-and-pin implementation in the U.K., total fraud losses stood at 505 million pounds ($767 million). By 2010, that number had dropped by nearly 30 percent to 365 million pounds ($556 million).
The difference would be more dramatic if it weren’t for “card not present” transactions, such as the ones made by phone or online rather than face-to-face — after all, without a PIN reader, it’s not possible to use the PIN for verification (solutions are being developed, but none have yet found widespread adaptation). Fraud losses for CNP transactions actually rose over the same period, to 227 million ($352 million) in 2010 from 151 million pounds ($234 million) six years earlier.
Nevertheless, the big credit card companies — Visa, MasterCard, Discover Financial Services (DFS) American Express (AXP) — have set a date of Oct. 1 for merchants to implement the technology that can process chip card payments.
After that, according to the terms of their respective merchant agreements, the costs of compensating for fraudulent card-present transactions will be paid by the party least compliant with EMV transaction standards — in other words, the merchant who hasn’t properly upgraded its system to handle the new cards.
PINned to an Upgrade
Although certain nationwide retailers such as Wal-Mart (WMT) have upgraded their systems to take chip card payments in their stores, many smaller enterprises have yet to do so. This, of course, is a matter of resources. A smaller store or chain of stores might not have the capital to buy and install the necessary equipment..
Compounding this, some merchants have complained about delays in obtaining chip card readers due to backlogs from manufacturers. Apparently, the latter can’t make a sufficient number of the machines quickly enough.
The credit card giants probably took this at least some of this into account; the full implementation is going to be slow and gradual. The chip cards the major issuers have been sending out still have that old-fashioned magnetic strip on the back of the card, in addition to the chip. So they’ll still work in terminals not equipped to handle chip transactions.
Even at the points of sale that can crunch chip purchases, a PIN will not (yet) be required — like chip technology to begin with, adding PIN verification requires extra technology in place to process the transaction. Instead, the cards being made and sent out these days are “chip-and-signature” products, requiring only an autograph from the cardholder for user authentication… exactly like those vulnerable strip-only cards.
Your Card Is in the Mail
Many card issuers are already well into the chip era. Bank of America (BAC), for one, has had the metal square on several of its card products for some time now. American Express began sending out its chip cards in 2013.
All told, around 575 million chip debit and credit cards are expected to be in the possession of cardholders by the end of this year. For cardholders, this transition will be automatic and largely painless: Issuers will replace expiring magnetic-strip-only cards with chip cards.
According to a recent article in The Wall Street Journal, by the end of this year around 75 percent of credit and 40 percent of debit cards should be chip cards.
Although these products will eventually be more secure than mag-stripe-only ones after full chip-and-PIN technology is implemented, as a card owner, you should always remain vigilant and continue to check your card activity on a regular basis. If any unauthorized charges have been made, contact the card’s issuer right away.
It’s early days yet, and there will certainly be hiccups on the way to America getting up-to-date on payment card technology. But it’s the right direction to move in, and every key party involved in credit card commerce — issuer, network operator, merchant and cardholder — ultimately stands to benefit from a safer system.