Hate standing in line at the grocery store? That wait might be getting a bit longer, at least for the next few months.
Blame that new credit card that your bank sent you earlier this year.
Starting Oct. 1, retailers were required to begin supporting a growing list of EMV credit cards at their checkout lanes. These new cards, often referred to as smart cards, differ from traditional cards because they hold tiny computer chips that make it more difficult for scammers to steal the credit-card information of consumers as they pay for their purchases.
Security experts say that EMV cards – the “EMV” stands for Europay, MasterCard and Visa, the three companies that created the chip-card standard – are more secure than are the magnetic-strip cards that consumers in the United States have long used.
But this technology requires consumers to use their credit cards in a new way. Instead of swiping cards and then signing, consumers will have to insert the chip end of their EMV cards into the new card readers that retailers were supposed to have installed by the Oct. 1 deadline. They will then wait a few seconds for the new readers to verify their purchase – and create a unique transaction code that is never used again — and, once that happens, provide their signature to close the transaction.
While the new cards are safer than magnetic-stripe versions, they are also causing confusion among some consumers who haven’t yet mastered the art of dipping and signing instead of swiping and signing. It sounds like a small change, but the new technology is boosting the time it takes to complete a transaction — albeit by only about 20 seconds — and resulting in longer check-out times at department and grocery stores.
“We are all consumers first, and we’re all going to feel the impact of the EMV conversion,” said Keir Breitenfeld, vice president of product strategy for fraud and identity solutions with Experian. “While the new system is more secure, there will likely be headaches and hiccups, especially in the checkout line as people get used to a few extra steps to make their purchase.”
Even Netflix — maybe — has been impacted by the EMV cards. Reed Hastings, founder and chief executive officer of the streaming giant, in October blamed disappointing subscriber growth on the EMV cards. He said that a high number of consumers let their subscriptions to Netflix lapse as their old, non-EMV cards expired.
That may or may not be true, but if Netflix is worried about the transition to chip-based credit cards, it stands to reason that ordinary consumers might fret about it, too.
Not secure enough?
And the worst part? Credit-card and security experts say that while the new chip-and-signature credit cards are more secure than traditional magnetic-swipe cards, they still have security holes. That’s mostly because they’re not chip-and-PIN cards.
The new EMV cards still require consumers to sign for purchases after they dip them into the new card readers. That’s the problem. It’s not all that difficult for thieves who have stolen a chip-and-signature card to forge a consumer’s signature. After all, how many cashiers check your signature when you’re buying a bag of groceries?
Chip-and-PIN EMV cards, which would require consumers to insert their credit cards and then enter a four-digit PIN upon checkout, would be even more secure, and it’s a system that European countries have long used. But retailers and banks are holding off on chip-and-PIN because they don’t want to further confuse U.S. consumers still struggling to adjust to chip credit cards.
Online fraud to rise?
The new cards also offer no protection against online fraud because online transactions obviously don’t require consumers to dip the chip ends of their EMV cards into a special reader. Scammers can simply find consumers’ EMV card numbers, expiration dates and security codes to complete fraudulent online transactions, just as they do now with traditional magnetic-strip cards.
Many financial pros say that they expect online credit-card fraud to increase now that more secure chip cards are in the market.
“The EMV protection with in-person transactions will force the fraudsters elsewhere,” said Wade Barnes, senior vice president and director of retail banking with Baltimore-based 1st Mariner Bank. “Online is a perfect hiding place for crooks.”
Consumers who want to protect themselves while shopping online need to make purchases on Web sites that are encrypted, Barnes said. Encrypted sites start with “https://” (not just http://) and will have a green lock or green-colored URL on browsers. Barnes recommend that consumers only do business with Web sites that ask for the security code on the back of their credit cards. Providing the security code adds one more level of protection to online purchases.
Adam Elliott, co-founder and president of ID Insight, said that the massive roll-out of the new cards presents an opportunity for the savvier of scammers. Some thieves have worked out schemes to have new EMV cards sent to the wrong addresses, making sure that the cards end up in the hands of fraudsters and not their intended recipients.
“Unfortunately, fraudsters are also well aware of the EMV roll-out, and are modifying their strategies to take advantage of the situation for financial gain,” Elliott said. “Mass reissues of tens of millions of cards are attractive targets for criminals and their sophisticated change-of-address and card-not-present schemes.”