After years of use in other countries around the world, chip-enabled credit cards are coming to the USA. Credit cards with only magnetic strips are being phased out ahead of an October 1, 2015 deadline.
If you have a credit card, you’ll probably get a replacement with a chip at some point soon. The entire country won’t switch to chip cards by October 1, but retailers and banks that don’t will assume more financial liability.
To use a chip-enabled credit card, you insert it in the bottom of a payment terminal and leave it there for the duration of the transaction. Importantly, the card needs to remain in the reader until the transaction finishes, not swiped like a magnetic strip.
While you’ll encounter payment terminals with support for both the magnetic strip and chip on modern credit cards, you can’t necessarily just use the magnetic strip. Try to swipe a chip-enabled card on such terminals and you’ll probably be asked to insert the card and pay via the chip method.
Credit cards with chips use the EMV standard, which stands for “Europay, Mastercard, and Visa.” EMV is a global standard allowing chip cards to interoperate at point-of-sale systems and automated banking machines. (Despite the name, American Express and Discover are also participating.)
Know that the old magnetic strip isn’t going anywhere anytime soon. A chip-enabled credit card has an EMV chip as well as a magnetic strip. If you ever find yourself somewhere that only accepts magnetic strips — either in the USA or elsewhere in the world — you’ll still be able to use your card.
The magnetic strip can easily be cloned by swiping it, and that magnetic strip data can be copied to another card and used to make fraudulent purchases. A chip card works differently — it has a small computer chip in it. When the chip card is inserted into a payment terminal, it creates a one-time transaction code that can only be used once. In other words, chips can’t be duplicated as easily as magnetic strips. Any payment details would be stored with the one-time code. If the USA had transitioned to chip cards earlier, the disastrous Target breach could have been averted. All those leaked credit card payment details wouldn’t have been so useful to criminals.
US banks have been issuing chip cards over the past year ahead of an October 1, 2015 deadline. After this date, a “liability shift” will take place. Any retailers that choose to accept payments made via a chip card’s magnetic strip can continue doing so, but they’ll accept liability for any fraudulent purchases. Any credit card issuers (this means banks issuing credit cards by Visa and Mastercard, for example) that don’t issue EMV credit cards will be on the hook for any fraudulent purchases, too.
In effect, Visa and Mastercard are telling banks and retailers that they can continue using the old system at their own financial risk. Not everyone will be transitioned over by October 1, but everyone who hasn’t will assume additional liability — that will encourage them to migrate as soon as possible.
This doesn’t affect your own personal liability — if your bank doesn’t issue you a credit card with a PIN before October 1, they’re assuming liability. That’s their problem, not yours. These details are all between retailers, banks, Visa, and Mastercard. But they explain why chip cards are getting rolled out so quickly.
Many other countries switched from magnetic strip transactions to a “chip-and-PIN” system. You insert the chip card in the bottom of a payment terminal and enter a numerical PIN code on the terminal to authenticate yourself. It’s a bit like paying with a debit card and PIN — no signature is necessary.
The USA, however, will largely be switching to a “chip and signature” system. You’ll now be inserting the chip card into the bottom of a payment terminal, and you’ll then have to sign your signature — just like you do with a standard credit card today.
As we all know, credit card signatures are not secure at all — few people ever check to make sure a signature matches the one that appears on the back of a card. If someone gets a hold of your chip-and-signature card, they can still use it to make a purchase at a chip-enabled terminal. Annoyingly, these chip-and-signature cards won’t necessarily be compatible with the EMV systems in other countries where chip-and-PIN cards are expected.
One credit card issuer explained why chip-and-signature was adopted over chip-and-PIN:
“We don’t really think we can teach Americans to do two things at once. So we’re going to start with teaching them how to dip, and if we have another watershed event like the Target breach and consumers start clamoring for PIN, then we’ll adjust.”
The chip-and-PIN system would require customers remember a PIN for each of their credit cards. The initial switch to chip cards in the USA won’t require a new verification method — just a new way of using the card at payment terminals and the same old signature.
While retailers would probably prefer chip-and-PIN, banks don’t want to use chip-and-PIN. When you insert the card into an ATM to withdraw money, you need to enter the PIN. If this is the same PIN you’re constantly entering when using your card, it’s easier to eavesdrop on and capture. If the PIN is something you only enter at ATMs because you use a signature when making most payments, that protects banks from fraudulent ATM transactions.
Chip cards don’t eliminate the problem of fraud. In particular, these cards still have numbers, expiry dates, and three-digit codes on their backs. Someone could copy this information and use it to make purchases online. A chip-and-signature card could be used at a point-of-sale terminal along with a forged signature. The magnetic strip can still be used in the old way at many terminals around the world.
But, although chip cards won’t eliminate all fraud, they will make fraud more difficult. This will also help prevent future breaches of payment systems — like the one that happened at Target — from being so damaging.
Some chip-enabled cards may also support contactless payments using NFC. This tap-to-pay functionality works similar to the way you’d pay with Apple Pay or Google Wallet on a smartphone — tap the card on the reader. NFC payments like these don’t require a signature or PIN, so they only work for small, inexpensive purchases.