Cards with EMV Chips

Hate standing in line at the grocery store? That wait might be getting a bit longer, at least for the next few months.

Blame that new credit card that your bank sent you earlier this year.

Starting Oct. 1, retailers were required to begin supporting a growing list of EMV credit cards at their checkout lanes. These new cards, often referred to as smart cards, differ from traditional cards because they hold tiny computer chips that make it more difficult for scammers to steal the credit-card information of consumers as they pay for their purchases.

Security experts say that EMV cards – the “EMV” stands for Europay, MasterCard and Visa, the three companies that created the chip-card standard – are more secure than are the magnetic-strip cards that consumers in the United States have long used.

EMV Chip
EMV Chip

But this technology requires consumers to use their credit cards in a new way. Instead of swiping cards and then signing, consumers will have to insert the chip end of their EMV cards into the new card readers that retailers were supposed to have installed by the Oct. 1 deadline. They will then wait a few seconds for the new readers to verify their purchase – and create a unique transaction code that is never used again — and, once that happens, provide their signature to close the transaction.

While the new cards are safer than magnetic-stripe versions, they are also causing confusion among some consumers who haven’t yet mastered the art of dipping and signing instead of swiping and signing. It sounds like a small change, but the new technology is boosting the time it takes to complete a transaction — albeit by only about 20 seconds — and resulting in longer check-out times at department and grocery stores.

“We are all consumers first, and we’re all going to feel the impact of the EMV conversion,” said Keir Breitenfeld, vice president of product strategy for fraud and identity solutions with Experian. “While the new system is more secure, there will likely be headaches and hiccups, especially in the checkout line as people get used to a few extra steps to make their purchase.”

Even Netflix — maybe — has been impacted by the EMV cards. Reed Hastings, founder and chief executive officer of the streaming giant, in October blamed disappointing subscriber growth on the EMV cards. He said that a high number of consumers let their subscriptions to Netflix lapse as their old, non-EMV cards expired.

That may or may not be true, but if Netflix is worried about the transition to chip-based credit cards, it stands to reason that ordinary consumers might fret about it, too.

Not secure enough?

And the worst part? Credit-card and security experts say that while the new chip-and-signature credit cards are more secure than traditional magnetic-swipe cards, they still have security holes. That’s mostly because they’re not chip-and-PIN cards.

The new EMV cards still require consumers to sign for purchases after they dip them into the new card readers. That’s the problem. It’s not all that difficult for thieves who have stolen a chip-and-signature card to forge a consumer’s signature. After all, how many cashiers check your signature when you’re buying a bag of groceries?

Chip-and-PIN EMV cards, which would require consumers to insert their credit cards and then enter a four-digit PIN upon checkout, would be even more secure, and it’s a system that European countries have long used. But retailers and banks are holding off on chip-and-PIN because they don’t want to further confuse U.S. consumers still struggling to adjust to chip credit cards.

Online fraud to rise?

The new cards also offer no protection against online fraud because online transactions obviously don’t require consumers to dip the chip ends of their EMV cards into a special reader. Scammers can simply find consumers’ EMV card numbers, expiration dates and security codes to complete fraudulent online transactions, just as they do now with traditional magnetic-strip cards.

Many financial pros say that they expect online credit-card fraud to increase now that more secure chip cards are in the market.

“The EMV protection with in-person transactions will force the fraudsters elsewhere,” said Wade Barnes, senior vice president and director of retail banking with Baltimore-based 1st Mariner Bank. “Online is a perfect hiding place for crooks.”

Consumers who want to protect themselves while shopping online need to make purchases on Web sites that are encrypted, Barnes said. Encrypted sites start with “https://” (not just https://) and will have a green lock or green-colored URL on browsers. Barnes recommend that consumers only do business with Web sites that ask for the security code on the back of their credit cards. Providing the security code adds one more level of protection to online purchases.

Adam Elliott, co-founder and president of ID Insight, said that the massive roll-out of the new cards presents an opportunity for the savvier of scammers. Some thieves have worked out schemes to have new EMV cards sent to the wrong addresses, making sure that the cards end up in the hands of fraudsters and not their intended recipients.

“Unfortunately, fraudsters are also well aware of the EMV roll-out, and are modifying their strategies to take advantage of the situation for financial gain,” Elliott said. “Mass reissues of tens of millions of cards are attractive targets for criminals and their sophisticated change-of-address and card-not-present schemes.”

Did you enjoy this article? Yes No
Oops! What was wrong? Please let us know.

Ask a Question

  • John

    I see you’re rabbiting the usual story about chip-and-PIN cards being more secure. That’s obviously the standard line but the reality, taking into account human weakness, seems to be very different.

    As a man, if I steal a card that says “Mrs Jane Doe” on the front it’s pretty obvious to anyone that I’m not Mrs anything, so you’ve got the first line of defence against fraud. If I do manage to forge the signature anyone paying attention can figure my name probably isn’t Jane, so you’ve got another line of defence. Thirdly, it takes a little time to practise forging signatures and a lot of the time a graphological analysis can show when a signature is forged, so for larger purchases it’s easier to prove a fraud took place.

    Now consider PIN cards. Many people have a wallet full of cards and most of us can’t remember 17 different PINs. The fact some banks will advise that you can “just set them all to be the same” is truly terrifying (and yes, I was personally advised that by a bank advisor, although for some reason they declined to put it in writing). It’s easy enough to see people entering their PIN even from a distance and without particularly trying to, so anyone inclined to try their hand at “shoulder-surfing” isn’t going to have too much trouble figuring a four-digit number. Then all it takes is application of a large heavy object to steal the victim’s purse or wallet and you’re off on a spending spree.

    This is where the initial issues really come into play. If you’ve stolen a someone’s collection of cards and I managed to get one PIN, there’s a fair chance all her PINs are the same. You can try them all in an ATM to find out for sure, and then go shopping. And since the retailer often doesn’t even look at the card (it’s very common in the UK for the customer to put the card in the reader, enter the PIN, remove the card, and the retailer never even sees the name on it) all the lines of defence against fraud are bypassed. Admittedly they all require the retailer to actually care, but at least they exist. And, since all the would-be fraudster has to do is enter 1234 into a reader they don’t even have the delays associated with forging a signature.

    Another weakness with the PIN approach is that I suspect most people would disclose their PIN if faced with a credible threat of violence. Nobody can teach a thug how to forge their signature.

  • AnimeGod

    The biggest problem I have run into is that the pin does not work. The auto default pin to the card failed. Tried to repin the card via the so called phone number which is a joke at best. Steal a card, call the toll free number and make a new pin code without any verification. That was the most shocking discovery I found.

    After failure of trying to change the pin, went to the bank to get them to repin the card. They did it and still it failed. Went back again and still the card failed. I have had the new Chip and Pin Credit Card by MasterCard and I can tell you it sucks beyond belief. I have another appointment at the bank again to try and get them to make the pin work. The bank seems unwilling to scrap my card because they are 3 months backlogged to switch out cards of their customers. So, I have had a Credit Card that I can not use for the last 2.5 months.

    The old method of swipe card, was secure enough if merchants and people follow the security protocol. Person must present a valid DL or government/ Military ID to complete the transaction with the card. Not really hard, just show your ID before you swipe and there is no problem.

    Online purchases are different but Paypal or limit cards is the way to go. I personally hate Paypal because they want to directly link to my personal bank account. That is just begging for fraud and theft to wipe you out. Paypal is not fool proof by a long shot. The limit cards are cards which you load up with X number of dollars. It contains no personal info but does require you to enter a pin if you use swipe the card with the new readers. Most are bank generated which means they are local created cards which make it very hard to commit fraud on because they carry a different set of numbers set to the local bank. Thus, they are treated like gift cards by the Visa and MasterCard. They cost at my bank $1.75 and you can load it from $50 up to 25k. I just do $500 to $1000 at a time. I do direct bank wire transfers for purchases over $2k which is about as secure as you can get. When the card gets low, I just go back to the bank and reload it or empty it and transfer the balance to a new card if think there is a high chance of someone trying to illegally use it.

    As for the New Chip and Pin cards, They suck do not work well and I can see it being an easier path to fraud and theft than the old method because of the protocols and how the banks do the pin in general. Never mind that a good 1/3 of the cards simply just do not work right. Nothing worse than standing at the grocery store having rung up $300 and the card refuses to work. Only to hear the merchant say 1 in every 3-4 has the pin problem. I get the Pin invalid or simple card declined- Pin error when I have tried to use it. I have talked to several other merchants who all say they see a high number of pin issues and have worked out methods to by pass the chip for now.

    After all the calls for better security, Visa and MasterCard have created a system that is less secure than the old system and that is a fact!

  • Anti-Chip Card

    Has anyone had an issue with your chip card not working while paying at a store that does not have a chip enabled payment system? This has happened to me so many times since I received my Chase chip card where the magnet strip seems to be demagnatized but it is not! I am beyond frustrated and can’t find any information or resolution with my bank or online! I have gone into my local branch on 5 different occasions to get 5 different replacement chip cards with no success – each does the exact same thing. This has also happened to my husband as well as a work colleague. I am seriously considering changing banks due to this huge inconvenience. I have desperately needed to pay for something on several different occasions and am left stranded with this useless chip card! If anyone has any resolutions or information on this issue please help. Thank you!

  • Stan

    It takes two or three tries for me to pay for groceries with my chip-enabled Visa card. I (and the people waiting in line behind me) got frustrated and now I don’t even try any more. I pay cash. Too bad the bank is losing my credit-card business.

  • Shawn Burton

    Me too, I’m also having problems with this new chip system. My bank’s ATM seems to read my debit card’s chip just fine, however, most of the store’s card chip reader seems to have a lot of trouble reading the chip and even though my card also has the traditional magnetic strip and the merchants machine dose too, it won’t let me use it until after the third or fourth time of trying to get the machine to read the chip. Its really annoying me to the point that I’ll start only using my debit card at my bank’s atm and then all the stores I go shopping at, pay them in cash only. They really need to fix the chip readers they have. Why force customers to use something that is not gonna work? doesn’t make any since.