If you have a credit card, you’ve already received a spanking new one with a highfalutin computer chip embedded in the front, or you will. Such chips are designed to reduce credit card fraud, though they won’t eliminate it.
Beginning October 1, 2015, by law, retailers will be required to use credit card readers that check the chips of such cards, or they will have to accept liability if someone counterfeits your card. Until now, the bank issuing the credit card was liable.
As before, consumers still won’t be liable in most cases for credit card fraud. If your physical card is stolen, federal law limits you to $50 as long as you report the fraud within 60 days of receiving your statement, though credit card companies typically waive this. If your information alone is stolen, you have zero liability.
You may already have used the “smart” part of your “smart credit card,” also called a “chip card” or an “EMV card.” EMV stands for Europay, MasterCard, and Visa, the three companies that created the technology. Among big retailers, Walmart has been at the vanguard in taking advantage of these cards. Target and Home Depot have done so for some time as well.
Other large retailers, including Lowe’s and Best Buy, have also stepped up. Small retailers, however, are moving more slowly. According to the consulting firm Mercator Advising Group, only 19% of all merchants will have invested in new credit card terminals by January 1, 2016.
These smart cards may help reduce fraud, but this comes with a price. Using the card is slightly less convenient. Instead of quickly swiping the card through a credit card reader, you have to insert it, the right way, until the transaction is over. Experts estimate this takes about an extra five seconds.
The new cards work by producing a unique code for each transaction. Counterfeited credit cards are virtually useless since the code changes each time the card is used.
Most credit card fraud losses results from counterfeiting—$3.0 billion out of a total of $3.8 billion in the US last year, according to the consulting firm Alite Group.
Crooks sometimes make counterfeit credit cards by stealing information stored on your credit card’s magnetic strip with the help of credit card skimmers they install in places such as ATMs and gas pumps. The magnetic strip holds your account number, the expiration date, and the security code on the back, or CVV, for Card Verification Value. Other times they steal the same information by hacking into merchant databases. They then use machinery to manufacture the physical credit cards.
Typically crooks use the bogus card a few times, initially for a small test purchase, then for big purchases, until they abandon it and move on to the next one.
The new chip-embedded cards, on their back, still have a magnetic strip, also called a magnetic stripe or magstripe. You can thus use them with retailers that haven’t upgraded their equipment. Retailers aren’t required to upgrade, but many that don’t will likely find lollygagging more costly, in terms of fraud losses, than if they had done so earlier. Big-ticket merchants such as jewelry shops and electronics stores are more vulnerable than lower-value merchants such as delis and coffee shops.
Other countries such as Canada, Australia, and Brazil have been using smart cards for some time. With these countries, it took two to three years before most retailers invested in the new technology. The Payments Security Task Force of the Federal Reserve System estimates that 60% of credit cards from top issuers in the US will be converted to smart cards by the end of 2015, rising to 98% by the end of 2017.
The new cards are a step in the right direction. But many observers feel that the smart new credit cards aren’t smart enough. For transactions above a certain limit, they still require only a signature, which is virtually useless. The new cards provide no extra protection for online purchases or against the physical theft of a credit card.
A more secure option, which some countries in Europe and Africa have adopted, is to require punching in a PIN, or personal identification number, as you do when making a debit card purchase. This would prevent the use of stolen credit cards or credit card information that’s stolen online. But it would be less convenient still, requiring even more time to complete a purchase, not to mention the possibility of forgetting your PIN.
Reid Goldsborough is a syndicated columnist and author of the book Straight Talk About the Information Superhighway. He can be reached at firstname.lastname@example.org or reidgold.com.